There are some rumors (as there usually are) that the 2016 election was “stolen”, though with not much data to back it up.
This was inevitable (the rumors, not the fraud), but being GQ, my question is simply whether it is even possible to definitively prove that there was fraudulent voting in the 2016 US election? I don’t mean politically, I mean, if we decided to pull out all the stops and do whatever it takes to find out, is there even a way to show this? Does it depend on how the votes were “stolen”?
As a computer forensic examiner and incident response professional and a professor of computer forensics, I can answer the question of detecting hacking. And that answer is: “Maybe”.
How’s that?
OK, so electronic voting machines may have vulnerabilities like any other computer, and a while back there was research published on one of the more common types of voting machines that showed it was jaw-droppingly easy to compromise. If someone does compromise a voting machine, a forensic examination may be able to uncover artifacts to show that it was done (whether or not sufficient artifacts can be recovered depends on a lot of factors). If you wanted to pull out all the stops and throw enough resources at the problem, you could start examining voting machines one by one to see if any were compromised. You probably couldn’t prove they were not compromised, but you may find evidence that they were. I think compromising enough voting machines to sway the election would be very difficult, but not impossible. That depends on whether they were networked, internet accessible, etc. But I suppose it’s not out of the realm of possibility for an adversary with enough resources to do so.
Another possible means of compromising the election would be to attack the servers where the voting machines report results. I have no real knowledge of how electronic votes are tabulated, but I presume the individual machines report results somehow to a central location where they are combined and counted. The server(s) that do the collection and counting could be a target of compromise. As with voting machines, you may be able to recover artifacts of compromise from those servers. Throw enough money and people at the problem, and you could potentially do a forensic examination of all those machines. You still can’t prove a negative, but if they were compromised you may find artifacts to prove that.
It would be a pretty major undertaking, and the “can’t prove it didn’t happen” aspect would mean you’d never satisfy a lot of folks who are sure an election was compromised. But, enough money and time, you could examine all the voting machines and servers and possibly uncover evidence of tampering.
Thanks. I should have said “proof beyond reasonable doubt” with the understanding that if we had video of a mustache twirling Russian hacker tampering with voting machines that would not be enough to satisfy everyone.
And, yeah, I’m not looking to prove a negative. I would accept a forensic analysis that determined “there is no evidence” as “it most likely didn’t happen”.
The answer is the same as when Trump claimed the system was being rigged against him. It’s incredibly difficult to “steal” a national election in the USA.
Correct me on any details I get wrong, but…
People present credentials in many places to prove they are who they are and are on the list (or in some place sworn in). So the total vote count is known.
In each polling area, or perhaps centralized in a bigger town, the polling results are counted by hand. There are scrutineers for each party watching, usually both the voting and the counting.
The results are phoned into the central office for the state, where they are recorded and added to the tally.
All these numbers are known. The scrutineers report their unofficial results to their parties. So how could you game the system?
-sign in extra voters? You’d have to coordinate thousands of extra fake voters with fake IDs and fake local addresses. This is impossible to organize on a grand scale, Republican boogey man claims of busloads of fake voters are just paranoia and hype.
-stuff the ballot boxes? Again, would have to be done at dozens of sites, unless one poll reported several thousand more votes than signed in voters. Supposedly, scrutineers would catch that there were hundred more votes than voters.
-miscount? Again, to avoid a wild imbalance, would have to be coordinated at a hundred sites, and scrutineers are watching for both parties.
-incorrectly report or record the poll’s totals to central office? Again, scrutineers have the correct totals and the local officials do also. Again, doing this across many polls to get the thousands of votes needed would be a huuuge conspiracy and the numbers are public, someone should notice. Ditto for adding wrong in the state office.
As you can see, if the scrutineers for both parties are doing their job correctly and all the numbers are transparent, either a hundred different polls or more have to be fiddled, or the discrepancy will stick out like a sore thumb. Plus you have to believe that hundreds of party members would rather see their party win than have clean elections. Not everyone involved in politics is a lying weasel.
This is why when third world dictators see themselves losing an election, ballot boxes are collected and counted behind closed doors in a central location and only the presidente’s officials know the numbers until they issue a press release.
Understood that it would be exceedingly difficult to do. But, my question is coming from the other direction which is assuming it happened, is it possible to detect.
I mean, right now the best evidence is that the polls don’t precisely match the outcome which is consistent with a “stolen election” scenario, but obviously not close to being evidence of one as there are much more likely explanations. But, being a data driven kinda guy, I’m just wondering whether more data even exists if we were to analyze it.
I imagine each local polling place has to get the results in to the county or state election authority somehow. The school where I voted had electronic machines (that produce a paper audit trail). I guess the workers siphon off the electronic results and then do… something. Again, I admit my ignorance of the mechanics, but I would think all those electronic results eventually find their way to some server at the county or state level. Although, I suppose the poll workers at each station could print out their local results and fax them to the election authority, where they are combined more or less manually.
IIRC, the paper that showed vulnerabilities in one type of machine showed that the votes were collected in a simple MS Access database. If someone compromised a voting machine like that, you could probably see that they got access to the machine, but I think you’d be SOL trying to determine what they did inside the database. Access (at least the versions I’m familiar with) doesn’t have any native logging to speak of, so a bad guy could potentially run a SQL statement against the database to shift votes to one candidate, without much evidence being left behind. Other voting machines with other means of collecting the data, you may have better luck.
If you gave me a voting machine running some version of a typical operating system and told me you thought it was compromised, I could probably tell you if a bad guy got on the box. Telling you exactly what the bad gut did once he got on it would be harder. Not impossible, necessarily, but harder, especially if the bad guy took careful steps to hide or obliterate his tracks.
How a stolen election could be proven would depend on how it was stolen. For instance, in a lot of places, you vote by filling in bubbles on a piece of paper, then feed the piece of paper into an electronic scanner. An attacker could conceivably hack the scanner to record some results incorrectly, but they couldn’t hack the paper in the same way, so a count of the paper ballots compared to the scanner results would reveal the fraud.
You also have to ask just what forms of manipulation would be considered fraud, versus just dirty tricks or even legitimate tactics. For instance, if you send out official-looking flyers to certain neighborhoods reminding people to vote but giving the wrong date, time, or place so some of those folks don’t show up, is that fraud? That certainly happens sometimes, but I’ve never heard of anyone being prosecuted for it. Or what if you set up a voter-registration booth but then just throw away all of the forms at the end of the day, so people think they’re registered to vote, only to find out at the polling place that they’re not? There might be laws against that one, but it’d be tough to pin down.
Thirty states use some form of direct electronic voting (DRE); fifteen have no paper trail on some or all machines.The Atlantic published an article back in August touching on both the practical security of the machines and the public perception of the reliability of electronic voting. In short, because of a lack of secure electronic verification in the voting scheme, it it possible to alter the vote count without any traceability, leaving only signs of intrusion that Bayard notes (event activity logged when the system should have been idle or disconnected, changes to user permissions or read-only files, et cetera) but no keystroke logging trail to audit. Having a paper trail ballot for the purpose of a manual recount of the vote would seem like a reliable verification but since the paper ballot is not tied back to a specific vote (on the systems that I’ve seen, at least) it doesn’t actually give an indication of how fraud or intrusion might have occurred, and of course paper ballots can be physically tampered with or stolen as well, although it takes a much broader conspiracy to do it in a systematic fashion.
There are some computer scientists and statisticians who are making the claim that there is a bias trend between counties using electronic voting machines versus those using paper ballots or optical scans. If a clear trend between counties expected to vote in similar ways could be established it would make a circumstantial case for election fraud but without direct evidence of tampering it would likely result in the same kind of challenge as seen in 2000, with the Supreme Court upholding the results of the election. If signs of intrusion are found in a systemic, widespread fashion, it would potentially put the entire vote–not just the presidential election but all congressional and state level votes–in doubt. One could make a state-by-state challenge based upon the security of different voting methods and reliability of the count, but it might almost be logistically easier (although fraught with legal challenge) to have an entirely new vote.
Vote tampering was not uncommon in the paper ballot days in local and sometimes even to influence state elections (and has often been suspected in close races like the 1960 presidential election) but the potential for systematic tampering in the US is wholly unprecedented, and it is unclear what the legal ramifications would be. Given that we’d have to arrange another emergency vote that is observable and secure this could take months to arrange, and Trump would probably have to be inaugurated as an interim measure to have a head of state and functioning government. One can just imagine the chaos that would come from a presidential administration that is in a furor to tilt whatever system is put into place to their advantage, and the continuous legal challenge and public outcry on both sides. Other possibilities are equally unpalatable, and there is no clear Constitutional process or precedent for dealing with the outcome of a potentially fraudulent election. It might go back to the states to revise how the select electors for the Electoral College, in which case, there may be a explosive increase in the cottage industry of election law.
And this is the point at which I’ll make the statement that secure, traceable electronic voting with virtually instant and verifiable counting is entirely feasible by the use of public key cryptography. A ballot could be submitted on line using a voter-issued private key and the voter’s polling location public key, and then decrypted using the attached voter public key (issued from an anonymous registry of randomly generated voter keys) and poll location private key. The vote itself, and the application used for voting (which could be an open source code transparently available to all observers) could be verified by an internal checksum to assure against tampering at either end of the chain such that the only practical possibility of tampering is against the voter themselves (false registration, voter intimidation, et cetera) or in reporting the count by the election authorities. This would be almost trivial to set up; it could literally be set up on a smartphone application or inexpensive kiosk computer at physical voting stations, and even if the hardware and operating system were accessible to compromise the vote itself and the application used for voting would be secure from unobservable modification, and could be rapidly verified against voter registration key lists. It would also eliminate the need for unscientific and unreliable exit polls, although my desire would be to not even permit counting until voting polls (online and physical) are closed to prevent spoiling.
It doesn’t deal with the Electoral College problem–a conspiracy of electors could “steal” the vote away regardless of the popular count, and right now there are reportedly six or seven electors who have stated their intention to make a faithless vote for a different candidate–but it would provide credible end-to-end verification in a transparent system for collecting and tallying the vote.
That kind of manipulation and dirty tricksterism is common in local elections (although with most voter registration being done at the DMV being able to falsify or invalidate registry is not an issue for the vast majority of voters) but would be hard to pull off systematically for a large election, where the results would only be impacted in a very close election. The bigger story is perfectly legal voter suppression which may have influenced the outcome to an extent that flipped key states, but the time to challenge that was when laws were being changed, and the supposedly pro-Clinton ‘liberal mainstream media’ virtually ignored the issue. It literally got more press from comedic personalities like Seth Meyers and John Oliver than any respected news outlet or political analysis, which should be fundamentally galling to anyone who relies on media to be informed about crucial issues.
California has the permeate absentee voter program and early voting. This is open to abuses. So called dead people voting. If the voter moves out of state and the ballot is delivered to where use to live the present occupant could vote for him. And voter identification is not required to early vote. Just a little information is asked. And the only identification I showed was my sample ballot with my name on it. I signed for the ballot before voting and if there was an investigation after the election they could compare my signature to my registration card that I signed 40+ years ago.
Another potential method with mail in and early ballots is throwing out ballots claiming that the signature on the envelope does not match the signature on the registration form.
While these could be spun into a quilt of concerns about voter fraud, the reality is that voter impersonation is vanishingly rare even in the absence of voter ID laws. It’s just not very practical to get a lot of “dead” or misplaced voters to systematically skew the vote unless you are literally able to stuff the ballot box. This is an issue with low count local elections if at all. The bigger influence is voter intimidation or inconvenience (e.g. making it harder for specific groups to register to vote or access the polling station), gerrymandering the precinct allocation to give favor to a specific party, and invalidating ballots through various means. The concern about challenging the validity of absentee ballots is why I went to vote in person for this election, but again, this could be largely addressed by a transparent public key encryption system and modern technology that permits wider voter access with end-to-end verification.
Sure, that is why there is an anonymous registry. Note that it could be made possible for the voter who retains his or her public/private key to verify that their vote is included in the final tally if so desired, but there is no practical reason to do so in terms of end-to-end verification; the verification is in matching up votes to the originally generated key list.
Well, yes and no. It’s possible to create a secure electronic voting system, and it’s possible to convince those educated on cryptography that it’s secure, but the vast majority of people are not and never will be well-educated on cryptography, and it’s impossible to convince them that it’s secure. And that’s also essential for a voting system. Realistically, I think the best we can hope for is electronically-read paper ballots.
But paper ballots are even less secure simply by virtue that they have to be handled at some point by people, and verification essentially rests on the personal integrity of ballot counters. In fact, while tampering with paper ballots in a systematic way across a country would require a large conspiracy, tampering with individual poll sites by the people entrusted to count the votes is pretty easy for a suitably motivated person, since it is often appointed position with little actual accountability. It is not difficult to imagine a scenario where corruption at individual sites could pose a significant systematic bias in overall election results, and no way to account for real ballots that are suppressed or fake ballots that are introduced into the count. By contrast, a system using public key encryption has end-to-end security; barring some revolutionary cryptographic breaking technology, the only point to affect the tally is at the level of individual voters or at the final tally locus. The former is logistically challenging for someone to affect, while the latter can be easily overseen by objective observers, and there can be a degree of transparency in the process that is simply not available with physical paper ballots.
You don’t need to be an expert in cryptography systems to have reasonable confidence in the system; you just need to know that the functionality of the system is transparent and verifiable to anyone who is knowledgeable, and that there are an array of observers with sufficient expertise across the political spectrum who have ratified the system as inherently secure. We trust our banking system to manage and transfer massive sums of money using similar systems without blinking an eye or demanding some kind of physical count of cash or bullion from the local branch. This is not a novel or radical technology. It is something we use every day, just applied to replace the archaic technology and methodology we currently use for voting.
That’s easy to say for someone who is knowledgeable in cryptography. Most people, though, when you start trying to talk about such things, tend to think that you’re trying to pull a fast one on them. And you’re assuming that the experts across the political spectrum would agree: All it takes is one person saying “I’m an expert, and I don’t trust this system” to plant the seeds of doubt, and it’s nearly guaranteed that there’d be someone with political motivation to say that.
Okay, so what of it? Only 64% of the American public is convinced that anthropomorphic climate change is valid even though 98% of scientists educated in climatology are strongly convinced that the evidence in favor is overwhelming. Only 32% concur with the idea that natural selection is a natural process guiding the evolution of species which is evidenced in the fossil record. Donald ‘von Clownstick’ Trump managed to convince a significant minority of people that the voting process is ‘rigged’ without showing any evidence or even a mechanism by which fraud could possibly be committed.
The majority of states (60%) already use some form of electronic voting in some of all voting districts, most of which use obsolescent and difficult to verify mechanisms for recording votes. The standard for adopting a new system for collecting and tallying votes should not be whatever is most comfortable to Joe the Plumber, but what would best withstand a challenge in court under the scrutiny of technical experts.
No. Most paper ballot counts are done out under the eye of scrutineers for the two parties. It’s not like the votes are hauled into a back room and “take our word for it”. This is where the massive organizations of the two major parties come into play. Scrutineers can watch everyone being checked in, their votes being deposited in the ballot boxes, and then follow those boxes into the counting room and look over the shoulder of the counters. They keep their own tallies as the votes are counted, and report them back to their party HQ. (I’ve done this for Canadian elections). Remember the people recounting the Florida ballots in 2000 with a number of people in the background looking over their shoulders?
Another advantage of tracking who’s come in to vote is to report back to HQ over the day which of your supporters hasn’t voted yet, so you can phone them, urge them to vote, offer rides and babysitting, etc.
If there’s a big difference between the number who checked in to vote and the vote tally, that will be immediately obvious.
But yes, if the voting is done by machine, it’s possible to fake the results. Every tenth vote for D the machine records as R, for example. Who would be able to tell? There were plenty of complaints through 2000 to 2012 of how easy it would be to hack this or that voting machine, but I don’t think anyone’s been caught profiting from it… yet.
And like any hacking, the theory is easier than the practical application; and the act is easier if you have equipment to test on, i.e. you are the government. The only way to tell would be to impound the machine and analyze what’s in the program. However if the program were self-erasing, or otherwise non-permanent, how would you know?
This is a side effect of ignoring warnings for more than a decade that these machines are vulnerable.
If you could quickly gather up all the voting machines after an election and have them tested by multiple sources, you might find rigging within the machines themselves. But it seems most machines are immune to this due to the makers invoking privacy of their products.
But you would also have to investigate the chain of custody of the data from those machines. There are various types and methods. The data from many machines and custody chains have already been shown to be hackable or just crudely and easily changed. But there is little done about it before the elections. So who is going to do it after the fact?
It is amazing the variety of methods used across the country. To investigate all of them thoroughly is more difficult than if one method were used. Maybe that too is a method to hack the vote.
It is time to make the system the same across the land. Have it vetted before and after.
As to the original core question. Yes. You could find out. If it were done correctly. Immediately. Stripped bare. But it does not happen. Before, during or after.
Machines were found to select Clinton for president, when the user had selected straight republican ticket. The machines were not taken out. No alternate system used instead. I never heard of them actually fixing the fault. Only when some people noticed and complained, was the “glitch” supposedly corrected for that one instance.