Bugs, cyberattacks, suspicions … the American electoral system under pressure

By
M.Zack
-

In the United States, Republican and Democratic senators rarely agree. However, the intelligence commission, made up of elected officials from both camps, Democrats and Republicans, affirmed it with one voice in the first volume of its report of more than 1,000 pages on Russian interference, published in July. 2019: Moscow intelligence services showed interest ” unprecedented “ for the US electoral infrastructure during the 2016 presidential election.

Traces of these pirates have been spotted in the computer systems linked to elections in about 20 states, but senators believe that all states have in fact been visited. Some have only been superficially probed, others have seen their first lines of defense tested, and at least two of them have actually been hacked. This is particularly the case in Illinois, where hackers could have modified the electoral rolls. A manufacturer of voting machines was also compromised: according to the American authorities, the hackers were acting on behalf of the Russian military intelligence services.

Read also: Russian, Chinese and Iranian hackers target 2016 US presidential election, Microsoft says

System vulnerability

Four years after these episodes, and as America prepares to go to the polls for one of the most explosive ballots in its history, to decide Joe Biden from President Donald Trump, many flaws identified in 2016 are still gaping – and they are against the background of new alerts to foreign interference in the election.

Article reserved for our subscribers Read also The threat of foreign interference in the US presidential election persists

Of course, at the time, no vote was changed; and computer security experts agree that an invisible and large-scale manipulation of the votes of American voters remains impossible. Their fear, as well as that of the American authorities, relates rather to the disorganization – even the chaos – that a computer attack on the electoral machinery could cause, or a dysfunction of the latter.

One of the first problems identified remains that of voting machines, commonly used in the United States. If the computer security of these devices, built and assembled by small companies often lacking in subject matter experts, was deplorable in 2016, it has hardly improved in 2020. Among the problems identified:

  • at the end of 2019, the participants in the DefCon specialized conference (among the major annual gatherings of hackers) had examined many models: they had found many flaws;
  • despite the claims of their manufacturers, voting machines are sometimes connected to the Internet, increasing their vulnerability;
  • seven states still use machines that leave no paper trail of the vote, a guarantee that all experts consider necessary to detect possible fraud. In January, researchers demonstrated that machines that were supposed to leave a paper trail did not prevent fraud: which makes their use, despite being recorded in 18% of American districts, “Extremely risky” in the event of a disputed ballot, according to the researchers.
California Democratic State Senator Alex Padilla showing off a voting machine used for the 2020 poll, in Los Angeles, September 24.

Many digital tools

These voting machines are far from concentrating the concerns of authorities and experts. Generally speaking, in the United States, voting is organized using a long chain of computer tools, all of which are vulnerable to a greater or lesser extent. Software, machines or even applications are used to manage the electoral lists, the registration of voters as well as the counting, transfer and display of the results of the vote.

This year, postal voting will take pride of place, the Covid-19 pandemic requires. Some voters will have to vote almost entirely online: their vote is recorded on a website, and accompanied by a paper ballot which is then counted. This method is obviously vulnerable, according to several reports. The Department of Homeland Security has also judged it “At high risk” and for good reason: the votes could be “Manipulated on a large scale”.

More generally, computer systems will also be used on Tuesday, November 3 for the sending of ballots, their counting, their verification and their counting. However, the software making it possible to manage the electoral lists and the signing of voters are one of the blind spots of the security of the election. The magazine Politico demonstrated, at the end of August, to what extent these tools, used in all American states, were exposed to breakdowns and attacks and exempted from any federal audit or supervision.

A limited federal state

To solidify this electoral infrastructure, the powers of the federal state are limited: the federated states are sovereign in matters of elections and jealous of their prerogatives. Admittedly, the electoral infrastructure is considered “Critical”, this allows the federal state to take a closer look. And Congress has allocated several hundred million dollars since 2018 to beef up the cybersecurity of the election. In early 2020, the cybersecurity agency organized a major exercise with two hundred officials from the federated states responsible for organizing the election to prepare them for all scenarios. The FBI can now sound the alarm if it discovers a hack attempt more easily than before.

Some States have also undertaken to change their voting machines, swapping entirely electronic systems – not very secure – with mixed systems, associating a paper trace with each vote, thus making a change in votes more easily detectable.

In an early poll in Virginia on September 18.

Still, each state has its own rules, and the voting process is organized differently in the more than 10,000 constituencies in the country. In addition, there is no federal regulatory body with coercive powers on the subject, except for campaign financing. “There are more federal rules on ballpoint pens or markers than there are on voting systems,” asked Larry Norden of the Brennan Center for Justice, an election think tank, during a congressional hearing in 2019.

From fear of attacks to fear of dysfunction

In this context, any dysfunction, caused by a computer attack or by a simple technical problem, can discredit the ballot and sow disorder. For example, a voters list crippled by ransomware (a computer virus that locks victims’ data and requires ransom to unlock them, increasingly used by hackers around the world) can hinder voting operations; a website that is slow to disseminate the results in a county or a state can sow doubt; and a voters list modified by a malicious actor may prevent some voters from voting.

In a joint statement, published on September 24, the FBI and the US cybersecurity agency stressed that they had not identified, “To date, an incident likely to modify the votes or prevent Americans from voting”, in November. The two organizations note, however, that “Cyber ​​actors continue to attempt attacks on systems that enroll voters or host voter lists, manage non-voting processes, or provide unofficial results. These attempts are likely to render these systems temporarily inaccessible, which could slow down, but not prevent, voting or the announcement of results ”.

In recent months, certain events have rekindled authorities’ fears that poorly protected links in the electoral chain could be targeted during the election. The New York Times Note, for example, that a Texan company has recently been the target of ransomware: its services are used by some constituencies to aggregate and disseminate election results.

Earlier this year, the bug of an application used to record and report the results of the Democratic caucuses in Iowa had sown the “Chaos” and delayed the announcement of the winner. Problems with voting machines and queues have already disrupted primaries, in March in Texas and Los Angeles, and in June in Georgia. In 2019, during an election in a county of Pennsylvania, the counting of the voting machines suggested that one of the two candidates had hardly obtained any votes. After recounting the paper traces, one of the two candidates won by five votes apart: the technical incident cast doubt on the election.

The mess from the White House

Because an electoral ballot should not only accurately count the votes of voters. It must also win the confidence of all, including that of the losers. This is the whole point of protecting the electoral infrastructure against pirating and dysfunctions: it is necessary to count the ballots but also to preserve the ballot from disorder and suspicion.

But what to do when these emanate from the White House? On several occasions, Donald Trump has refused to commit to leaving his post in case of defeat and asserted that the election to decide between him with Joe Biden was rigged.

Read also: Donald Trump continues his attacks on the November 3 ballot

Among the obsessions of the candidate for re-election is postal voting. According to a count of Washington post, Donald Trump has questioned more than fifty times the sincerity of this type of vote, despite the lack of evidence on the subject.

This voting method generally takes longer to be processed, and accentuates the tendency of the last ballots counted to be more democratic. However, its use is likely to be massive in 2020: while in 2016, 33 million Americans voted in this way, they could be, this year, 80 million in the context of measures taken against the spread of Covid- 19, explains the magazine Wired.

What structurally postpone the proclamation of the final results of November 3, even in the absence of piracy or digital dysfunction – and therefore, favor the criticisms emitted on the ballot by Donald Trump himself.

Article reserved for our subscribers Read also “Nobody knows if on November 4 the United States will have a president-elect. Not even on December 4 ”

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here