This has been nagging at me since shortly after Election Day. As late as summer 2020, there was lots of concern about Russia and/or China hacking our election. There was much hand-wringing over the fact that Mitch McConnell refused to hold votes in the Senate on any legislation intended to provide funding for election cybersecurity. People were certain that it was leaving the door wide open to massive tampering and fraud.
Then the election happened, Biden won, Trump started in with his stolen election and voter fraud BS… and suddenly every election cybersecurity expert being interviewed assured us that this was the most secure election in U.S. history.
So how did that happen? How did we go from election hacking being almost a guaranteed certainty, to the most secure election ever?
It almost feels like Y2K all over again, with fears over just how bad it was going to be, and people working their asses off to minimize the damage, and then Y2K passes with hardly a whimper and you don’t know if it was because the fear was overblown to start with, or whether all that work that people did to mitigate it actually made a difference.
The conspiracy theorist in me suspects that there was quite a bit of election tampering, but in favor of Trump. And then the actual turnout by Biden voters (or anti-Trump voters) was too much for even the Russian tampering to overcome. Trump was probably assured that he would win a second term, so when he didn’t win, it had to be because the Democrats committed even more voter fraud. But as I said, that’s just my pet conspiracy theory.
I suspect all the noise over the summer just made election officials hyper-vigilant about election security, where in past elections, it was just taken for granted.
Generally, the U.S. presidential election IS secure. It is a very decentralized process, many precincts use many different methods, etc. ensuring that a single hack cannot change everything.
The winning side has incentive to portray it as secure and the losing side has incentive to portray it as not. Prior to November 2016, many Trumpers and Trump himself were grumbling that Hillary and the D’s would rig the election, yet suddenly once they had surprisingly won, they did a 180 and now it was “the election was fair, get over it”.
The obvious – nobody has any idea if 2020 was “the most secure election ever.” Absence of evidence not being evidence of absence and all, Dominion voting machines could very well have been hacked to such an expert degree that we’d have no idea. Maybe. It’s at least in the realm of possibility. And in any other election year, cybersecurity experts wouldn’t be staking their reputations on such unproveable claims.
It’s one thing to say, “We have no evidence or indication that the election was anything but secure,” and another thing entirely to say, “This election was definitely not hacked, it was the best election ever in terms of security.” And I think most of the cybersecurity experts out there know this, because nobody becomes an expert in cybersecurity without learning the importance of weasel words. But this was not a normal election year, and they were willing to bend a little bit to quell an insurrection.
In 2016, there were some attempts at hacking into election systems by Russia, and in at least one case (Illinois), they succeeded, although they apparently did not affect the vote itself.
Election authorities throughout the country, alerted by reports of actual attempts in 2016, had four years to react, and take measures to prevent it from happening again; it appears that they succeeded.
I noticed that a lot of these expert statements were some variation of “We have no evidence of election fraud changing the outcome of the election.”
Not “We have no evidence of election fraud.” The qualifier leaves open the possibility of significant election fraud that didn’t change the outcome of the election. If Trump got sixty million legitimate votes and fifteen million fraudulent votes, he still lost.
Since the OP didn’t cite an example I’ll post what I’m assuming he’s referring to, and what immediately came to my mind: “The November 3rd election was the most secure in American history.” But I want to point out that this statement was 4 paragraphs and I have no issue with any sentence other than the one I highlighted.
Declaring 9 days after the election that it was the most secure in history is a political decision, not a technical one.
One thing that’s more secure now is the voting machine technology. Here in north Texas, in past years I would cast my vote on this electronic tablet-like thing, which I had to trust was registering my vote correctly. There was no paper ballot trail to check.
But this time, we have new machines where I take a blank paper ballot to the machine, make my choices on its computer screen, then when I finalize everything, it printed my choices on my paper ballot, and I could read it to verify that what I voted for was actually what got printed out. That solved a huge security hole that the experts had been complaining about for years.
At the time I voted, I hadn’t heard of Dominion yet, so I didn’t look to see who made these machines. Is that what the Dominion machines did, or were they the machines that would count the votes that were on paper ballots?
Changes in voting methods, in some cases (i.e., Pennsylvania) since 2016, have increased security and made systems more difficult to hack. This Ballotpedia article lists the types of ballots and hardware used in each state. From the article:
The following types of voting equipment are in use in the United States or have been used in recent years:
Optical scan paper ballot systems : Voters mark their votes by filling in an oval, box, or similar shape on a paper ballot. The paper ballots are scanned either at the polling place or at a central location.
Direct recording electronic (DRE) systems : DRE systems employ computers that record votes directly into the computers’ memory. These interfaces may incorporate touchscreens, dials, or mechanical buttons. The voter’s choices are stored by the computer on a cartridge or hard drive. Some DRE systems are also equipped with Voter-Verified Paper Audit Trail (VVPAT) printers, which produce paper records that can be preserved to be tabulated in case of an audit or recount.
Ballot-marking devices and systems (BMDs) : A BMD “allows for the electronic presentation of a ballot, electronic selection of valid contest options, and the production of a human-readable paper ballot, but does not make any other lasting record of the voter’s selections.” Initially used primarily to accommodate voters with disabilities, BMDs are used by all voters in some locations.
Of the four methods in use (counting DRE with VVPAT as separate from plain DRE), only plain DRE does not give the voter a chance to verify a hardcopy version of their ballot. Plain DRE would appear to be the only system vulnerable to hacking that can’t be detected by a hand recount. I know in AZ state law requires that every county audit their election by hand counting certain randomly selected groups of votes and comparing them to the electronic tally. In all cases the errors have been in the single digits, and usually and error in the hand count. Assuming that all other states/counties have similar requirements it seems unlikely that a hack could succeed.
Also according to the article, the only states that have basic DRE (without VVPAT) at all are Kentucky, Mississippi, New Jersey, Oklahoma, Tennessee, and Texas. In all cases DRE is only used in some cases, with hand-marked ballots and BMD also used.
With the vast majority of votes being cast with verifiable (and routinely audited) paper backup, I don’t think it is unreasonable for experts to assert that this election is the most secure in recent memory.
The “hack” would still not survive a hand recount of the paper ballots. Georgia was one of the states where the Trump people alleged hacking into Dominion machines. The hand recount dispelled this falsehood entirely.
This is extremely unlikely. There have been a number audits and hand recounts (like in Georgia) that found no evidence of hacking. It’s a borderline CT.
[quote=“kenobi_65, post:5, topic:931788, full:true”]
In 2016, there were some attempts at hacking into election systems by Russia, and in at least one case (Illinois), they succeeded, although they apparently did not affect the vote itself.[/quote]
Russia absolutely did not succeed in affecting the balloting or vote-counting in the 2016 presidential election.
The Illinois hack was “merely” unauthorized access to a voter-rolls database and completely unrelated to the 2016 balloting. Bad enough as it is, but not a danger to accurate balloting.
…
In the popular press, two very different things are conflated by the common terms “hack” and “hacking”:
Russian (and other) misinformation campaigns on social media during the run-up to the 2016 presidential election. Note this was general sowing of discord – some was pro-Trump, some was pro-Hillary.
The actual flipping of cast votes – remote control of voting machines, falsifying the tabulations, flipping counts from one candidate to another, etc.
IMHO, treating these two things as kind of the same thing is a major mistake. In thread after thread on other message boards, social media discussions, etc. “Misinformation spread” and “voter-roll info theft” get conflated with “vote-flipping by wire”. The discussions are therefore muddled and accomplish little.
Sure. But cybersecurity experts have to exist in a world where conspiracies that take months to be discovered are real. Making broad proclamations 9 days after an election when recounts and audits were still ongoing was a political decision. Later on in that statement, CISA said " There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised." That’s how cybersecurity people usually talk.
There’s a non-zero possibility that there’s a vulnerability in the way we do audits and recounts that Russia has figured out but we haven’t. That’s so far outside the realm of possibility that the general public shouldn’t be worried about it (CT territory, as you say), but it’s the exact realm of possibility that cybersecurity people should be and probably are looking into on a regular basis. I’m sure the scope and timescale of the SolarWinds hack seemed unimaginable to many until it was too late.
That’s fair criticism. My point still stands, however – because election officials learned that, in 2016, Russia was poking around at some election systems, they took steps to make their systems more secure.
These hacks aren’t really comparable. A successful hack like SolarWinds leaves little to no trace of the hack when it’s done. That’s what makes it difficult to detect (when done well). A ballot hack, by it’s definition, leaves behind a trace so large that it changes the result of a major election. It is relatively simple to check for these kinds of hacks and almost impossible to hide. As mentioned by others, these dangers were brought forward in 2016 and fixed by 2020.
It’s more likely that there are aliens at Area 51 then the election was hacked in any meaningful way.
I think there are least two things wrong with this. First, it was Trump’s head of election security (Republican Chris Krebs) who said it was the most security in history and he was on the losing side. Second, Trump himself said there was massive fraud in 2016, millions of illegal votes, and he said that after he won.
On the broader question in the OP, one thing that changed in NJ was the move to all mail-in ballots. Before, we pressed buttons on a big ballot machine and didn’t really know how our vote went – there was no paper backup. When we moved to all mail-in, we knew exactly how our ballots were marked.
And, as others mentioned, there were massive recount efforts in several states where they recounted paper ballots and the totals were so close as to be equal. If there were big security issues, they would have shown up there.