For weeks, U.S. Sen. Angus King has been telling anyone who’ll listen that the biggest, most worrisome thing about Russian interference in the 2016 election isn’t getting enough attention and has nothing to do with President Trump.
King has warned in congressional hearings, television appearances and interviews with reporters that Moscow tried and is still trying to compromise American voting systems – and that if nothing’s done it might very well change the results of an election.
“Unfortunately I don’t think there’s a wide realization of this threat,” King said in an interview with the Maine Sunday Telegram. “They were probing and experimenting and learning where there are vulnerabilities, and they’ll be back.”
This month the issue finally got on the national radar, as King and his colleagues on the Senate Intelligence Committee heard testimony from cybersecurity experts and national security officials about the seriousness of the situation, and news outlets digested the implications of a Bloomberg News report alleging that the Russians had infiltrated voter registration systems in 39 states.
While intelligence officials say there is no evidence that vote counts were changed last November, a leading expert on security threats to voting machines said this possibility cannot be excluded without a forensic audit of the results. Even voting and vote counting machines that are not connected to the internet can be and could have been compromised when they received software programming them to display or recognize this year’s ballots, said J. Alex Halderman, director of the University of Michigan Center for Computer Security and Society.
“I am more pessimistic than the Department of Homeland Security officials who (testified) about whether they would have been able to detect such an attack were it carried out,” Halderman said after testifying before the Senate Intelligence Committee, which both King and Sen. Susan Collins, R-Maine, sit on. “The most direct and scientific way to establish that there had not been interference in our election would be to look at the physical evidence and to perform computer forensics on the voting machines and other election equipment.”
KING PROPOSES TWO-STEP SOLUTION
Halderman said his team has successfully hacked widely used voting machines during security tests and has been able to reprogram them to spread software from machine to machine that allowed them to change vote counts undetected. Russia could introduce such code to devices by infecting pre-election programming.
In Michigan, he said, 75 percent of counties outsource this programming to just two companies, emailing them the ballot design to load into the machines. “It’s a path sophisticated hackers like Russia might well exploit,” he said, adding that the malware could be passed from machine to machine via the thumb drives and memory cards their software patches are delivered on.
While 70 percent of U.S. votes are made with paper ballots or backups, five states and jurisdictions in nine more do not, according to Verified Voting, a nonprofit in Carlsbad, California, that focuses on electoral security. In those jurisdictions, the group says, it is impossible to conduct a post-election audit to detect a hack or software error.
King on May 9 asked his colleagues on the Senate Appropriations Committee to have Washington devote $160 million to execute a two-step quick fix that would ensure the integrity of future elections. The money would be used to replace voting machines that do not have paper ballots or backups with ones that do and to fund post-election audits that would detect any discrepancies between automated vote counts and the paper evidence.
Halderman endorsed this approach. “Those two steps taken together would allow states with a very high confidence to be able to detect any kind of cyberattacks,” he said.
Asked whether his proposal had garnered any champions in Congress, King said it hadn’t because people were still waking to the threat and because some Republicans viewed it as an attack on Trump. “Somehow we need to make everyone understand that this is not a partisan issue,” he said. “We have got to get it through to people that the next time, the shoe could be on the other foot.”
MAINE AMONG LEAST VULNERABLE STATES
King also said he was not at liberty to say whether Maine was among the states whose election systems Moscow had infiltrated in 2016, as any information he has came from classified briefings. “All I can say is that the Russians went after a number of states, but I can’t confirm the details,” he said.
Experts say Maine is one of the least vulnerable states because all polling stations use paper ballots – which enable non-hackable hand recounts in the event of uncertainty – and same-day voter registration, which removes the possibility that people would be prevented from voting if the state’s central voter registration databases were compromised.
“In Maine we just have tabulators that just make optical scans of the paper ballots, and you still have those ballots,” says Secretary of State Matthew Dunlap, whose office oversees Maine’s elections. “If there is any question, you just have a recount. You don’t even have to do audits.”
Dunlap said that in order to minimize the effects of any hack of the state’s centralized voter registration database, his office had advised Maine’s 500 local clerks to back up their constituency’s registration information daily on a thumb drive. “That way if someone from Ukraine or Vladivostok puts a worm into our CVR, they still have their database and it’s no longer than a day out of date,” he said. “We figured even if an outside malevolent force were able to shut down our CVR, we’d still have Election Day.”
‘I’M GOING TO KEEP POUNDING ON THIS’
In such a scenario, however, one group of voters might be prevented from casting ballots: overseas residents and military personnel, some of whom rely on the central database to cast same-day ballots from abroad. “These overseas votes would be out in the cold,” Dunlap said, but added that despite high turnout in November 2016 there were fewer than 5,000 such voters, probably not enough to sway anything but a razor-thin contest for a seat in the state Legislature.
Dunlap also said the thumb drives containing the pre-election programming for Maine’s tabulating machines were sent by post, not the internet, making them impossible to hack remotely.
Dunlap and his counterpart in New Hampshire, Bill Gardner, both serve on a presidential commission charged with investigating alleged voter fraud. On Thursday, both men – who are Democrats – called on the commission to also explore Russian hacking of state election systems, and the commission’s vice chairman, Republican Kris Kobach of Kansas, said he had no objection.
In his interview with the Maine Sunday Telegram, King also expressed concern that Trump and Attorney General Jeff Sessions have shown little interest in the issue, as evidenced by Trump’s tweets and congressional testimony by Sessions and former FBI Director James Comey.
“If you’re under attack and the commander in chief and the nation’s chief law enforcement officer both say, ‘Attack, what attack?’ – how do you prepare and respond?” he said. “I’m going to keep pounding on this because we have to do something.”
Colin Woodard can be contacted at:
cwoodard@pressherald.com
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.