A well-respected security professor says that he thinks the US election was “probably not” hacked — but that the only way to check is to urgently audit the results.
J. Alex Halderman, a professor at the University of Michigan and expert on election security, wrote in a blog post on Wednesday that “the only way to know whether a cyberattack changed the result is to closely examine the available physical evidence, and that nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts.”
Halderman’s public intervention follows a report from New York Magazine that Halderman and other researchers and lawyers were urging Hillary Clinton’s campaign to challenge the results of the presidential election in three swing states — Wisconsin, Michigan, and Pennsylvania. The group, Gabriel Sherman wrote, had held a conference call with Clinton campaign chairman John Podesta laying out their argument, based on apparent discrepancies in between the number of votes in in counties that used electronic voting machines and counties with paper ballots. Cyber security exoperts have been arguing for years that election results should be audited because US ballot machines are so easy to hack.
Other experts and staticians, including high-profile pollster Nate Silver, immediately raised doubts about this supposed evidence, arguing any alleged inconsistencies can be explained by demographics.
In his subsequent blog post, Halderman said the article from New York Magazine contained inaccuracies — so he wanted to “set the record straight about what I and other leading election security experts have actually been saying to the campaign and everyone else who’s willing to listen.”
You should read his entire post. But his argument is, essentially: Given that Russia has tried to interfere with the US election (hacking the emails of Podesta, and the DNC, and attacking election offices), and the fact it has attacked elections in Ukraine, and given that voting machines can be sabotaged by any “reasonably skilled” hacker, then it’s not impossible that someone may have tried to hack the results of the US presidential election.
This doesn’t mean it happened. And there’s no actual evidence it did. But, Halderman argues, we won’t know unless we check. He writes (emphasis his):
“Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other. The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania. Unfortunately, nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts.”
The first deadline to apply for a recall is Wisconsin on Friday November 25, but The Guardian reports some senior Democrats are “intensely reluctant” to publicly call for a recount because the Clinton camp attacked Trump’s pre-election assertions the vote was rigged.
However, Clinton’s intervention might not be necessary to force a recount. Jill Stein, the failed Green Party candidate for president, has raised more than $2.7 million to pay for recounts in the three states. “After a divisive and painful presidential race, reported hacks into voter and party databases and individual email accounts are causing many American to wonder if our election results are reliable,” Stein said in a statement. “These concerns need to be investigated before the 2016 presidential election is certified. We deserve elections we can trust.”
If Stein manages to raise enough to get a recount in the three states, the outcome may well be no different. “Patterns in Trump’s vote in swing states are well-explained by demographics — not hacking,” Nate Silver tweeted, linking to an article from his site FiveThirtyEight.
“We’ve looked into the claim — or at least, our best guess of what’s being claimed based on what has been reported — and statistically, it doesn’t check out,” it argues. “At a time when the number of voters without confidence in the accuracy of the vote count is rising, the burden of proof ought to be on people claiming there was electoral fraud.”
So how do you safeguard elections from hackers? Halderman has one key suggestion: Use paper ballots.
“I know I may sound like a Luddite for saying so, but most election security experts are with me on this: paper ballots are the best available technology for casting votes,” he writes. “The paper creates a record of the vote that can’t be later modified by any bugs, misconfiguration, or malicious software that might have infected the machines.”