Thanks to Trump, the Midterm Elections Are Vulnerable to Being Hacked

The midterm elections are less than 100 days away and are still vulnerable to hacking due to the Trump administration’s refusal to protect voting booths. After the successful Russian hacking attempts in the 2016 election, no changes have been made to the way we vote, which leaves the door open for hackers to affect the midterms.

Intelligence agencies have been scrambling to try to protect the midterm elections from hackers but Trump has refused to offer any assistance. However, following the confirmed nationwide hacking of the 2016 election, experts are pushing for future elections to leave a paper trail. The threat to midterms is real, as Department of Homeland Security officials believe that every state’s voting system was cased by hackers in the 2016 election.

The 2016 silent snooping went unnoticed at first. Hackers quietly searched through the states’ servers but soon, the information was weaponized. Emails from Hillary Clinton’s campaign and the Democratic National Convention were stolen and spread across WikiLeaks and Russian intelligence. It only got worse as a leaked report revealed that Russian military intelligence infiltrated election software vendors’ systems and could have used the information they found to target local election officials. Neil Jenkins, who served on the Department of Homeland Security’s cybersecurity team during the Obama administration, said, “It looks like the Russians were setting up several different lines of effort and testing out which ones they wanted to use. [They] picked and chose what was being the most successful as they went.”

During Obama’s last months in office, he made multiple attempts to stop the election hacking, including pulling Putin aside during a September 2016 summit. So far, Trump has done nothing. The silent infiltration of the 2016 election likely supplied Russian hackers with critical information, meaning if the nation’s voting system isn’t improved before the midterms, the hackers could easily get back in and this time, they would know exactly where the vulnerabilities are for their attacks.

Computer scientist and leading expert on voting security J. Alex Halderman, who is a professor at University of Michigan, said, “Quite possibly, the kinds of probing that we saw in 2016 were just part of that planning process to have the capability in place to strike in a broader and more damaging way at a time of their choosing.” A recent Senate Intelligence Committee report revealed that Russians have been quietly planning and building up to eventually disrupting U.S. elections since 2014. So far, there have already been three attempts to hack the midterm elections, one of which was against Democratic Senator Claire McCaskill, discrediting Trump’s statements that Russia will hack the midterms to help the Democrats win.

So, exactly how easy will it be for hackers to infiltrate the midterm elections if no extra security is added to the voting process? In April, Halderman demonstrated to the New York Times how to hack the AccuVote-TSX, which is a paperless voting machine that is currently being used in 10 states. Halderman said, “If we were criminals and weren’t worried about going to jail, I think my undergraduate computer security class could have probably changed the 2016 result in Michigan.” Following a similar demonstration at the Las Vegas hacker convention DEF CON in July 2017, Virginia’s then chief administrator Edgardo Cortés said he decided to switch Virginia over to paper ballots. After watching attendees with limited knowledge, experience or tools hack voting systems, Cortés recalled that his reaction was, “Oh my God, this is out there.” 

Other state officials criticized the demonstration, such as the Louisiana Secretary of State Tom Schedler, who said the demonstration wasn’t realistic “by any stretch of the imagination.” He went on to say, “Absent the hype about Russian hacking, we have received no complaints from voters at all about the performance or accuracy of our voting machines.”

However, experts argue that paper ballots are safer than the electronic voting systems that have proven to be unsafe after the 2016 hacking. Halderman explains the benefit of leaving a paper trail during elections, saying that in the case of a hacking situation, “We’d be able to come back and say, ‘Yes, we know that something went wrong here, but this is why we know that no votes were changed.’” He went on to say, “The best assertion we can make right now is, ‘We have so far seen no evidence that any vote was changed’—which is, if you parse it carefully, a much, much, much weaker statement.”

Since the hacking of the 2016 election, Virginia and Nevada are the only two states that have switched to paper ballots. Colorado is currently the only state using a post-election audit system backed by most cybersecurity experts. 15 states still use exclusively paperless ballots for some areas, 41 states use voter registration databases and 43 states use equipment that isn’t even manufactured anymore. Finally, four states still use electronic-only voting machines statewide.

However, according to Halderman, election security “hasn’t changed in any material way” since the 2016 election. Before Obama left office, his DHS Secretary Jeh Johnson attempted to get state officials to agree to designate election systems as “critical infrastructure,” which would have freed up resources and made election security assessments a priority. The Trump administration soon took over and the chairman for the Election Assistant Commission, Matthew Masterson, attempted to make peace with the state officials who pushed back against Johnson.

In 2018, House Speaker Paul Ryan refused to reappoint Masterson but instead hired him to work on election security at DHS. The position of chairman for the EAC has since remained empty. The EAC is made up of four members and all four members must be present in order to issue new security guidelines. With Masterson’s chair empty, the group has been unable to make any improvements to election security.

In April, the Trump administration fired two of its top cybersecurity specialists, homeland security advisor Tom Bossert and White House cybersecurity coordinator Rob Joyce. Joyce is a highly trained hacker who once ran the NSA’s hacking division, but nevertheless he was removed and his position was eliminated completely. The homeland security advisor position was replaced by a Coast Guard rear admiral who has far less cybersecurity knowledge or experience.

To make matters worse, states have applied for DHS assessments of their election systems but most are on a nine-month waiting list. This means states may not have their voting systems checked for security risks until just weeks before the midterm elections. Ultimately, states could be left unaware of hacking attempts targeting their voter registration databases and the computers in their election offices.

The Democratic co-chair of the cyber security caucus in the House Rep. Jim Langevin said, “DHS is putting the personnel and the resources [to immigration] because the president has made it a priority. Likewise, the president isn’t making election security enough of a priority.” Not only is Trump ignoring the issue of election security, but he also seems to be actively attempting to stop any efforts to improve it.

In February, House Democrats introduced a bill that would give $1.7 billion in funding to election security. This money would supply funding for paper ballots, audits and even new voting machines. Also in February, the Director of National Intelligence Dan Coats said, “Frankly, the United States is under attack.” He went on to warn that Russia and other countries “are likely to pursue even more aggressive cyber attacks.”

“We have over 100 co-sponsors now,” Rep. Bennie Thompson (D-Miss.) said of the bill. He went on to say, “To date, there’s not a single Republican.” Thompson claims the Republicans aren’t taking action to implement election security because of the “absolute fear of being on the wrong side of Donald Trump.”

In March, the Senate Intelligence Committee urged states to use a paper trail and insisted funding be made available to implement post-election audits. Not long after, Congress gave $380 million in funding for election improvement but they failed to require that states use the funding on election security—which doesn’t seem like an accident. Rep. Mike Quigley (D-Ill.), who serves on the House Intelligence Committee, said, “Probably the decimal point was in the wrong spot. It should have been more like $3.8 billion.”