The United States Are

In the final episode of Ken Burns’ The Civil War series, Shelby Foote remarked that the Civil War “made us an ‘is'”  – we now refer to the United States as a single entity,  rather than the original plural construction “The United States are…” The comment was notably ironic in the 1980’s, and is probably more so now.

The “are-ness” of the United States came up in another context this week – the possible hacking of a close 2016 presidential election.  In a recent New York Times article a US justice department official argued that hacking a US election would be difficult, because individual state voting mechanisms are disparate and unconnected.

Perhaps, but it’s a dangerous attitude. First of all, good security practice never presumes that a hack is impossible.   Second, the independence of state voting mechanics may be irrelevant.  There are only a handful of states – perhaps just one or two – that will determine a close election.  (Thanks, electoral college.)  We need look no further than the year 2000, when Florida and the Supreme Court determined the presidential election – the latter definitely, and the former probably – in favor of George W. Bush.

Instead, it would be prudent to assume that hackers determined enough to attempt electoral manipulation are also smart enough to dismiss the specious “state independence” argument, and identify single-point-of-failure security weaknesses, such as the recount processes of one or two swing states.

Could the recount process of a single crucial state be hacked?  I don’t see why not, although I wouldn’t care to estimate the odds.   For speed and nominal accuracy, a recount procedure is likely to deploy an ad-hoc mix of computers, spreadsheets, databases, emails, and internet connectivity (rather than, say, hand calculators, paper-and-pencil, and the U.S. Postal Service)   Under the pressures of time, improvised process,  and people unused to secure operations, ironclad security is far from guaranteed.

It’s a genuine concern when government officials project a sanguine attitude about electoral security.  We don’t protect valuable systems by assuming that everything is tasty – we protect them by thinking like a hacker.   Even if the possibility of a true electoral hack is low – and I suspect it is, because an unusual confluence of opportunity and technique is required – it’s not sensible for government security officials to assume this is something that cannot or will not happen.

One thought on “The United States Are

  1. Having worked every election since 2006 for the Union County Board of Elections, I can state that the ONLY outside connection is the reporting of results via the internet. So, the posted results might be tampered with, but the official certification of the vote takes place days later at a BoE meeting.

    No “voting machine” here is connected to the outside world. The elections are overseen and results tallied and verified by equal numbers of Ds and Rs at each and every step of the way. The only hack possible is through physical interaction with the two people (a D and an R) transporting the results back to the BoE. Vanishingly small chances of tampering there, IMO.

    Other Ohio counties using different “voting machines” have similar safeguarding procedures. But all of them have an after-the-fact certification process as called for by the Ohio Revised Code.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s