Using paper ballots could limit the risk of election hacks, experts say

WASHINGTON — To combat the expected Russian cyberattacks in the 2020 elections, many experts recommend a return to paper ballots to augment electronic voting.

The successful defense of the 2018 midterm elections against Russian interference after the 2016 successful Russian attacks has been both a source of optimism for intelligence agencies and an opportunity to evaluate methods to limit future interference.

Wilfred Codrington, a fellow at New York University’s Brennan Center for Justice, notes that securing elections at the local level should include upgrading voting systems.  

“First…they should replace older voting machines, especially paperless DRE’s,(direct-recording electronic voting machines) with newer ones that use paper ballots. This would ensure that, if all else failed, there would be a paper trail to check election results.”

“Second, they should implement post-election audits. The gold standard is the risk-limiting audit, which uses statistics to check ballot samples to provide election officials an over- high confidence that the reported election outcome is correct. Rhode Island just conducted a pilot this year, and it was a great success.”

But these audits require paper ballots.

Nick Halderman, a professor of computer science at the University of Michigan, reiterated the idea that paper ballots offer a much-needed, tangible record. In his testimony before the House Subcommittee on Financial Services and General Government, Halderman explained to lawmakers the benefits of a physical documentation.

“We need to replace obsolete and vulnerable voting equipment, such as paperless systems, with optical scanners and paper ballots — a technology that 30 states already use statewide, Halderman said. “Paper ballots provide a resilient physical record of the vote that simply can’t be compromised by a cyberattack.”

Illinois Board of Elections Chairman Steven Sandvoss told the Senate Armed Services Committee last month that the board noticed evidence of hacking in June 2016, potentially compromising the data of up to 76,000 voters. After the hack, the state board enhanced its security to include weekly “hygiene scans” from the Department of Homeland Security.  

But hacking attempts in Illinois and elsewhere will continue. Codrington noted that the intelligence community was not “claiming victory” in its analysis of the 2018 midterms. Instead, it was a report citing no evidence of influential hacks.

Halderman, who successfully hacked a simulated election at Michigan, said malicious hacking attempts are here to stay and also maintains the damage could have been worse. Hackers could have destroyed the data of thousands of voters, but “it hasn’t been in their interest yet.

“Our adversaries intentionally pulled their punches,” said William Carter, deputy director and fellow of the Technology Policy Program at the Center for Strategic International Studies. “They’re always looking for the enemy to defeat themselves.”

Carter also noted that there will be a significant hacking push in 2020.

“Every state is going to be under threat,” he said.  

Paul Nakasone, director of the National Security Administration, said last month in a hearing before the Senate Armed Services Committee that U.S. adversaries, even when their attacks are stymied, learn from mistakes, which could lead to more advanced assaults.