How researching election hacks since 2006 led to simple solutions

Jeff Elder 28 Aug 2019

Alex Halderman has dissected the world’s voting machines and reached a surprising conclusion about safeguarding elections

Alex Halderman was researching election hacking a decade before the 2016 U.S. presidential racHaldermane made it front-page news. The computer science professor at the University of Michigan brought change to India’s elections, turned a U.S. voting machine into a Pac-Man arcade game, and warned Congress twice about the vulnerabilities that await 2020’s U.S. elections.

Yet he is bringing a decidedly low-tech solution – a return to the backup of a “paper trail” for ballots – to one of cybersecurity’s biggest challenges when he speaks to the top minds in artificial intelligence at the CyberSec & AI Prague conference in October.

Halderman has researched elections in India, Estonia, Australia, and the United States and found that – as in other areas of modern life – tech can introduce as well as address cybersecurity problems. “Countries around the world are turning to computer technology and internet-connected systems to try to make elections better, but the fact is that opens up whole new categories of risk.”

In India he dissected a voting machine praised by the government but derided by whistleblowers, and found numerous vulnerabilities. Among them, hackers could simply change the LED readout of vote totals – akin to hacking the scoreboard to win the game. India has since implemented a “paper trail’ that can track each vote cast. Halderman believes that solution could benefit other democracies. 

Of all the major cybersecurity vulnerabilities – power grids, water supplies, medical institutions, municipal systems, Halderman believes election hacks are the most imminently solvable. 

“All we need to do is take advantage of physical safeguards, like having a paper record of each vote – and employing people to check those records. The main impediment is politics. That’s not so much artificial intelligence as it is common sense.” 

At times Halderman and his team have been very creative. In celebration of the 30th anniversary of the iconic arcade game, they reprogrammed a touch-screen voting machine used in the 2008 U.S. elections to play Pac-Man. “We could have reprogrammed it to steal votes, but that’s been done before. We wanted to illustrate that these machines are just computers and you can replace the software to make them misbehave.” 

With the next U.S. presidential election a little more than a year away, Halderman says the nation continues to have a very exposed voting system. Twelve states are on track to have voting machines with no “paper trail.” Because voting systems are widely connected to each other and internet-connected, those vulnerabilities could reach well beyond those jurisdictions.

“We need stronger national leadership,” Halderman says. “The federal government has provided no real standard, and very little financial support to address this issue. That puts states and municipalities on the front lines of international cyberwarfare, and that’s not a situation they want to be in.”

Other fascinating speakers from the overlapping worlds of cybersecurity and artificial intelligence are coming to the capital of the Czech Republic on Oct. 25 for CyberSec & AI Prague. Attendees will represent the world of cybersecurity, and engineers will likely build both their knowledge base and professional networks. Students are also invited to submit their own ideas to be displayed in a “poster session” – and grants to support travel are being considered on a limited basis.

--> -->