They didn't change a single recorded vote, so far as we know. But two years after the 2016 presidential election exposed foreign propaganda efforts to sway American voters, there's been so much talk about the nation's antiquated, hacker-vulnerable voting systems that it's starting to look as if the Russian plan is working: There are signs the fear of vote-count fraud is eroding faith in American elections.
In a survey by Unisys, a Blue Bell company that sells government and corporate computer security software, 86 percent of the 1,000 U.S. voters polled "expressed concerns over the prospect of U.S. election voting systems being compromised by outsiders," according to Tom Patterson, the company's "chief trust officer."
"Lack of trust in our voting systems," especially among younger voters, who are least likely to vote and "express the highest level of concern," threatens to "undermine confidence in America's democratic system," according to Patterson.
But what's the danger, really, if votes aren't being hacked?
Or are they? It turns out that election hacking is like disbelief in Halloween ghosts: It's surprisingly tough to really prove there's nothing out there.
"Knowing if voting machines have been exploited is a very hard question. We don't ever go back and check with everyone who voted — 'Who did you vote for?' " said Susan Greenhalgh, policy director for the National Election Defense Coalition, a group of academic, industry, and government election experts who worry that most U.S. electoral boards aren't doing nearly enough to keep the vote safe.
Aren't touch-screen computers at least an improvement over paper ballots? That's what Montgomery County still boasts on its election web page: "We are one of the earliest counties in the nation to use a direct recording electronic (DRE) machine," a specialized machine that records votes on a memory card, and forwards them to the state to be combined with other local results.
Too bad that "from a security perspective, the most problematic and risky class of electronic voting systems are those that employ direct recording electronic, DRE, machines," Penn professor Matt Blaze testified in hearings before the Republican-run U.S. Senate Intelligence Committee last year. "The design of DREs makes them inherently difficult to secure." The machines' complete dependence on their enabling software without a backup paper record "not only has the potential to alter the vote tally, but can make it impossible to conduct a meaningful recount, or even to detect that an attack has occurred, after the fact," Blaze said.
Without paper records to double-check, "if people did somehow change the vote totals, how would you know?" asked Greenhalgh. "It's not like the Department of Homeland Security does audits. We don't have a way to audit those paperless machines to know if the votes were reported correctly. Paper provides a safeguard that digital records don't."
Also according to its website: "Montgomery County voting is completely secure because it is a closed system that allows no external access to the programming."
But "just because they're not connected on the internet provides a false sense of security," as Greenhalgh put it: When results are emailed in to a central headquarters, they are protected by passwords that are relatively easy to hack.
That's why officials in California and Ohio have decertified all-electronic voting machines and gone back to paper copies, Greenhalgh added. "But you are still using them in Pennsylvania."
In February, the Wolf administration ordered counties to buy only machines with paper records. Spokesperson Wanda Murren called it "the first step in a whole package of election modernization that we're working on." But neither Harrisburg nor most county seats have bought new machines.
Since February, and a week before the midterm election, "one county has purchased new voting equipment – Susquehanna County," Murren told me. That raises the total to 16 largely rural counties with voting machines that can be audited, and 51, including Montgomery, where voting machines still can't be audited. Montgomery County hopes to buy new machines with paper backup next year, said spokesperson John Corcoran.
Blaze told the Senate he and his collaborators have tested the specific systems used in Pennsylvania and found "serious exploitable vulnerabilities in almost every component examined," usually within reach of a single corrupt "poll worker or voter. Such an attacker would be able to alter vote tallies, load malicious software, or erase" vote records, he testified. Hackers have publicized a lot of these security holes.
Besides rigged elections, we face "a much more formidable threat," Blaze told the senators: To challenge "an election outcome's legitimacy, it may be sufficient to simply plant suspicious malicious software on a few voting machines," make sure it gets discovered, and then "impair the ability of the true winner to effectively govern." .
Is a hacker-led election overthrow a risk this time? "We do not have any evidence of a compromise or disruption of infrastructure that would enable adversaries to prevent voting, change vote counts, or disrupt our ability to tally votes in the midterm elections," U.S. intelligence agencies said Oct. 19. "State and local governments have reported attempts to access" voter registration databases; so far, election officials "have been able to prevent access or quickly mitigate" those hacks.
But we're still mostly relying on the same voting systems as last time.