[MONTAGE: When was the first time you voted? People respond.] ALIA:
Bob, what was it like the first time you voted?
BOB:
Oh, I remember it very clearly. The machines were those old lever pull machines with the — you pull one big crank and the curtain closes like you're in a theater. And then there's these tiny levers you gotta pull, and it smelled really metallic, you know, like an old bus or something. And um, what I remember most was the severe sound they would make—
ALIA VOG:
I didn't vote for the first time with levers. I've only ever voted with technology, and that's why I asked Bob to talk to me about voting because ever since Breach season one, I've started paying attention. And it's really hard not to notice that our voting systems are super vulnerable.
[MONTAGE: News clips]
ALIA:
The first time I voted was in 2008 on a scantron thing. And back then it never occurred to me that my vote wouldn't count. Like, I never thought about my vote not counting. Well, okay. So my dad is very cynical. So, like, I remember when I was voting for the first time my dad was like, “Why do you care? Why are you wanting to vote? Like, it doesn't count. Like, whoever is gonna win is gonna win.” And I always thought that was really weird, um, and so I like, partly to spite him and partly because I think I really did believe that, you know, it was my duty as an American to vote, I voted. But I never thought, oh, I just shouldn't vote. My vote won't count. I mean, it's always mattered to me. It's always felt so important to me, democracy. Because my dad like showed me, you know, he took me to Iran and I was 15, and he showed me where he grew up, very few get to live well and with freedom. And I saw that and I, I think, you know, I'm realizing this right now, but I think that that was really important to me. Like seeing that life, and seeing his life could have been in Iran forever, um, and if I would have been his daughter in Iran forever, I would not be able to do what I'm doing today. And so like, to participate in democracy, the thing that defines this country, freedom to vote, I mean why would I not do that? Why would I not take this chance to have a voice? So if it can get hacked, like— does it mean anything at all? Like if democracy can get hacked, then is it real?
[BREACH THEME PLAYS]
ALIA:
Luckily I have a podcast where we explore things that can be breached, and it scares me that voting might be one of those things. But I want to look at it. I want to understand how my vote is vulnerable, because if we look at it then maybe we can fix it? Thankfully I have a co-host who will look at the scary stuff with me.
BOB:
I'm Bob Sullivan, your skeptical tech journalist.
ALIA:
And I'm Alia Tavakolian, your resident podcaster and civilian.
BOB:
You're not a civilian anymore. You are now one of the experts from the Yahoo data breach.
ALIA:
I guess you're right. Okay, okay, okay. I’m Alia Tavakolian, your resident podcaster and brand new data privacy convert.
BOB:
This is Breach.
ALIA:
We're back!
BOB:
Brought to you by Carbonite, how businesses protect your data. Season two is on its way, and we'll tackle another big data breach we’re pretty sure you've heard about.
ALIA:
It's gonna be good, y'all. But first, voting. [BREACH THEME ENDS]
BOB:
Welcome. Usually on Breach we explore history's most notorious data breaches.
ALIA:
But today we're doing a special episode of Breach, before the midterms, for any of you who are like me and really want to know how your vote can be hacked. We talked to a ton of experts. Cybersecurity experts, former government officials, tech journalists, hackers: all of whom care about voting security.
JAKE:
I mean it would make Bush v Gore in 2000 look like well ordered democracy.
ALEX:
They can potentially spread malicious software to —
HARRI:
Blockchain doesn't solve any of this, please don't even try.
KIM:
Everything is the danger.
MATT:
—you know about, uh, complex software systems, the less confidence —
BOB:
And we ask all of them where they think our vote is most hackable.
ALIA:
And what the hell we should do about it. I even went to DC with our producer Jan, to shadow the hackers and cyber security folks who put together the “Voting Village” at DefCon this past summer -
JAN:
Yeah, Producer Jan here, I joined you for the Def Con presentation.
ALIA:
We came to hear them present their findings from last year’s Def Con: namely how hackers at their conference were able to break into voting machines in about 5 minutes.
JAN:
So we got there super early -
ALIA:
And walked up to this big House of Representatives building on Capitol Hill -
JAN:
We were in this big room with green carpet -
ALIA:
And a gold chandelier with an eagle -
JAN:
And portraits of I think important white guys, but we couldn’t place them -
ALIA:
And we hung out with the Def Con team as they set up their presentation -
JAN:
And we interviewed them while they were setting up, and afterwards at the bar -
ALIA:
So you’ll hear my voice and Jan’s voice and lots of ambient noise, as we finally get some answers. Cause if anyone can help me figure out how my vote can be breached - it’s them.
[BREACH THEME]
ALIA:
If we're going to understand how our vote is vulnerable to hackers, we need to start at the beginning of this mess.
[MUSIC]
ALIA:
Okay, not that far back. We're not a history podcast. For our purposes, let's go to the moment our votes first touched technology and first became hackable.
HARRI:
So the voting machine you are using can have been hacked 15 years ago.
JAN:
Hm.
HARRI:
So the game is already over [Laughs]. So let's start from there. [Laughs]
BOB:
That's Harri Hursti. You might remember him as one of our hacking experts in season one of Breach.
ALIA:
ALIA PU: But notably, he was one of the first people to hack a voting machine, like he said, about 15 years ago - they named it after him! But notably he was the first person to hack a voting machine, like he said, about fifteen years ago.
BOB: He hacked the memory card that went into the machine. It was coined the “Hursti Hack”.
ALIA:
Fifteen years ago. Fifteen years ago was 2003. I remember—
[MONTAGE: 2003 pop culture]
ALIA:
So the president would have been— [CLIP: Bush v Gore announcement]
ALIA:
Oh, right.
[MONTAGE: BUSH v GORE]
ALIA:
Fifteen years ago we were coming off the Bush v Gore race, and the recount, and the hanging chad.
BOB:
You know, when Harri said those machines could be hacked fifteen years ago, that wasn't a random number he pulled out of the air. Most of the machines in voting precincts today are about to turn fifteen years old because they are the children of the Help America Vote Act of 2002. Kim Zetter, my journalist colleague has covered this extensively.
KIM:
Yes, so HAVA, this is the Help America Vote Act, was passed in 2002 um, by law makers in response to the Florida 2000 presidential race debacle. So they wanted to design legislation that would actually ban punch card machines, but the federal government can't tell states how to run elections.
ALIA:
But the federal government can give states a ton of money, in this case 3.9 billion dollars, to help states buy new machines.
KIM:
But the one stipulation was they couldn't spend the money on buying punch card machines. So naturally states wanted the money because the federal government had never offered them money before.
BOB:
And in this case, the message all counties heard was: we have money, we need to fix this hanging chad problem, let's get fancy touchscreen tech.
KIM:
And that created a lot of security problems.
BOB:
And many of those exact machines are the same ones you'll use to vote soon.
ALIA:
The ones Harri already hacked. So this is old news?
BOB:
It's old news that people suddenly pay attention to now because Russia interfered with our last election.
ALIA:
It's so surprising to me that the federal government can't really do anything here. That states just have the right to pick out whatever voting machines they want and whatever voting processes they want.
MAGGIE:
And this isn't like a— a right that they, um, you know, are just sort lot of uh, laissez faire about. The secretaries of state jealously guard their ability to run their own elections.
ALIA:
Here's Maggie McAlpine: an election security expert, one of the founding partners of Nordic Innovation Labs, and the moderator at the Def Con event in D.C.
MAGGIE:
Um, and again, as jealous as secretaries of states are against the federal government, it can get down to the county and even township level on how jealously they fight their own Secretaries of State on their recommendations.
BOB:
We're talking about ten-thousand different election entities with varying ideas of what security looks like and unlimited diverse threats coming from a whole slew of different kinds of adversaries.
MAGGIE:
Well, this is the US election. Who wouldn't want to attack it? The number of constituents and possible criminals, the list is literally endless, and I like, [laughs] Uh—it— domestic and foreign criminals, activists, you know, people doing it for the LOLs, um, you know, like uh, nation states uh, rogue nation states— I mean, there's just an endless list of people who have an interest in changing elections, and we're still treating it like it's like the local county fair. This isn't the county fair, this is, you know, national security issue.
ALIA:
And the one thing all these different voting systems have in common: they all touch software.
MATT:
One problem is that elections uh, from beginning to end are just full of software. Um, you know, software based systems are used in almost every component of an election.
ALIA:
This is professor Matt Blaze. He teaches computer science at the University of Pennsylvania, where he’s been working on voting technology for the past fifteen years.
MATT:
And unfortunately I'm — I'm a computer scientist, so I work with the security of software. I have to be the first to admit, we simply just don't know how to build large scale software systems that are reliably secure. So it's really important that elections not depend on software that we don't know how to secure uh, in a reliable way. Um, and software is really everywhere in the process.
BOB:
The simple act of voting is no such thing. There's a whole life cycle to your vote with hackable steps along the way.
ALIA:
This is actually something I've never understood. So I vote, and then my vote goes where? Bob, where do votes come from? And where do they go?
BOB:
[Laughs] That's actually a brilliant and profoundly complicated question, and you're not alone in wondering.
ALIA:
Oh, good. Great.
BOB:
Uh, as my journalism colleague Kim Zetter puts it:
KIM:
Our election infrastructure is a veritable Rube Goldberg mix of uh, machinery that is problematic from the voter registration databases that voters use to uh, register themselves, to the machines that voters use to cast their ballots, and the tabulation machines that are used to count those votes, and finally um, the machines and websites that are used to post the results. Um, all of that infrastructure is vulnerable in one way or another.
ALIA:
I smell a metaphor.
BOB:
“An intricate Rube Goldberg machine” of steps and processes, many of these steps involving technology, and when something touches technology it becomes hackable.
ALIA:
A Rube Goldberg machine. That's like the one where the little marble goes down a track and like hits some dominoes?
BOB:
And — and seventeen times over around the room until finally the whole point is to drop a piece of food in the dog's bowl or something, yes. Yeah.
ALIA [overlapping]:
Yeah. Super complicated machine performing a simple task.
BOB:
Right.
ALIA:
Got It. Noted. Okay. There's this whole Rube Goldberg complex system of getting our votes to and from our voting machines.
BOB:
And I'm not convinced that the voting machine is even the easiest way to hack a vote. Voting machines are getting a ton of attention, and rightly so, but that's only one step of the voting process and not even the most vulnerable step in my opinion.
ALIA:
Excuse me? Hang on. Bob? Okay. I want to know all of this: the whole system of my vote and where it's most vulnerable. So today, we're gonna break out the full lifecycle of a vote and every hackable step along the way. And we asked all our experts at which stage they think our vote is most vulnerable, and you know, a lot of their answers surprised me. We're diving in. Let's go to our first stop on this insane Rube Goldberg machine that is our voting process.
BOB:
Ready?
ALIA:
So ready.
BOB:
Let's go.
ALIA:
Let's do this
[SOUND: RUBE GOLDBERG MACHINE]
ALIA:
Step one: deciding how to vote. Wait, what?
BOB:
Step one in the lifecycle of your vote is when you're deciding to vote and deciding how to vote specifically as you're researching or hearing about candidates on the internet or talking about the issues on social media.
ALIA:
So this really surprises me as a step one, that our vote comes alive when we're deciding things on the internet.
BOB:
It's a public square. The internet is our new public square, and the place we get our information from is hackable, and was allegedly hacked by Russia’s I.R.A., The Internet Research Agency, in the 2016 election.
ALIA:
I sat down with Nick Monaco in D.C., he's a researcher who studies disinformation and state sponsored trolling, to understand how our vote can be hacked on social media. But first I needed to know what does information actually is.
NICK:
Sure. I mean, I think we're all just trying to avoid saying fake news. [Laughs] Academics will make the distinction that disinformation is um, false information that's knowingly spread. So there's an intent to deceive people knowingly. Uh, and then they'll say that misinformation, um, is information that is spread unknowingly that's false. So maybe you retweet a story that you thought was true, that would be a case of misinformation. But if you create a false story to smear someone that would be disinformation.
BOB:
Let's say you're online researching the upcoming campaign of Bob versus Alia. Obviously you should vote Bob.
ALIA:
Absolutely not, it's me.
BOB:
But then you see an article or something that looks like an article or a meme, and it's circulating with a headline like this: “Tech Journalist Bob Sullivan is a Puppy Killer.”
ALIA:
No! We at the Alia campaign would never. You have Rusty the Golden and are so sweet to him.
BOB:
Well, maybe. But let's say foreign actors who want you to win, well they don't care about that. They start circulating this information that I am funded by puppy killers. And of course the comments go crazy, “How could you vote for him? He hates puppies.” Meanwhile, on the other side, people who support me, they start rushing to my defense, and they start saying things like, “Alia, she doesn't really care about puppies. She's a cat person”
ALIA:
But I'm not.
BOB:
And there you are defending. explaining. The second that you're explaining, you're losing.
ALIA:
Ugh.
BOB:
So regardless of any of that, this puppy issue’s totally fabricated, wouldn't have been there otherwise. But now I can't get in a word edgewise about my platform because all I'm doing is defending myself against these puppy accusations.
ALIA:
And of course a lot of times it's not even humans spreading disinformation. It's bots. Software programs posing as human users. I used to be able to sniff out bots on twitter. Instead of photos, they had those little eggs for their avatars and bad grammar and no followers.
LOW TECH A.I. VOICE:
Bulb Sullivan is a very puppy killer. Yes.
ALIA:
But now they're way more sophisticated.
NICK:
They can uh, tweet and they can interact with real users, uh, so use A.I. to convert — to talk to people like a human would—
SOPHISTICATED A.I. VOICE:
Hey so like I’m really offended by your tweet. How could you vote for Bob and call yourself a dog owner? Look at this puppy’s face!
NICK:
Um, but they can be much less sophisticated. They can simply retweet everything someone else posts or like everything someone else posts.
A.I. VOICE:
You guys, Bob the tech-journalist is actually a puppy killer! Like, share, retweet.
NICK:
They can be used to promote messages. They can be used to make hashtags trend.
[MONTAGE: Voices echoing #Puppygate]
NICK:
Uh, which becomes quite interesting when you think about the fact that, you know, most news organizations now have um, incentives, uh, if not, you know, choose of their own accord to report on what's trending online. What if what's trending online is produced, you know, 90% by bots and 10% of humans are promoting it?
ANNOUNCER VOICE:
Can Bob Sullivan’s candidacy survive #puppygate? Critics weigh in.
NICK:
Uh, one of my colleagues has come up with the term “manufacturing consensus”. You think that people are talking about something or liking something or into something, but really it's just computer programs.
ALIA:
Okay, so your vote can be hacked on the public square of the internet through disinformation, misinformation and bot armies. Another effective hack is propaganda. Which is different than just fake news or spreading a particular lie to skew you one way or another on a candidate. At least in 2016, we now know Russia's propaganda campaign was to create a ton of content and memes on both sides for our most divisive issues, just to push us further apart.
BOB:
Just to start a fight like a bar fight
ALIA:
And we're definitely still vulnerable there when it comes to things that matter.
NICK:
Things that instinctively even rational people uh, and well informed people have trouble and how like immediately starting to yell about when they hear about.
If we see extreme accounts promoting really, really extreme narratives on either side. That’s, that's a thing that a lot of people don't understand. These aren't exclusively in the case of 2016 Promoting Hillary or promoting Trump. They're on all sides of an issue.
ALIA:
I hate that. It's so dirty.
BOB:
And it's too easy. How often have you heard lately “our nation is more divided than ever”? That's what the Russian I.R.A. certainly wanted us to think with their state-sponsored trolling.
ALIA:
I think it's worked.
JAN:
State sponsored trolling um, it is a hack, but of our minds? Of our own infective human pack mentality? What is it hacking?
NICK:
Right. No, I think that's a really great way of looking at it.
BOB:
Technology experts don't like the idea of us saying propaganda “hacks” the election, because they think strictly about somebody inserting malicious code into a computer and technologically manipulating it somewhere. That's what they want to— that's what they want to limit the definition of hacking to. My opinion is that there's no reason to narrow the term, and when you're hacking the electorate, you've hacked the election.
[SOUND: Rube Goldberg machine]
MATT:
Well first thing is that the voters have to be registered, right?
ALIA:
Matt Blaze, the “We can't secure software” guy again.
MATT:
All of those uh, records are maintained in computer databases, um, many of which are connected directly or indirectly to the internet, and um, subject to the same kind of data breaches that affect other kinds of internet systems. And we often don't find out that we’re not listed on the voter registration database when we should be until we show up at the polls to vote.
ALIA:
Almost every cybersecurity person we talked to zeroed in on this point as an easy vulnerability, because why go through the trouble of changing a vote, if you can just stop the right voter from getting in the booth? Here's Maggie McAlpine again.
MAGGIE:
Because with the marketing data these days we can micro target down to the neighborhood how we know a certain neighborhood’s going to vo— going to vote. We've had some elections that were decided by less than a thousand people, and the burden tends to be on the voter to say that you are registered or not. So if just ten people in the right place at the right time come in and say, well, I should be registered, why aren’t I registered? If you can keep that spike under the radar, um, you can actually change things that way.
ALIA:
Mark Kuhr, co-founder and CTO of crowdsourcing cybersecurity company Synack, isn't just concerned with deleting people's voter registration.
MARK:
But you can also, you know, potentially register people that shouldn't be allowed to vote or people that have— have been deceased, uh, from— from cemetery records or things like that.
BOB:
And the 2016 election we know the federal government says that Russians tried to access voter registration databases in at least 21 states, and in two states they were able to succeed to some degree.
MAGGIE:
And that's worth noting too, that that's just the people who know about it. Now, the life cycle on Fortune 500 companies finding out that they've been hacked is something like 300 days on average.
BOB:
So they may not even know if their registration was breached or tampered with for a long while, and by then it's too late. There's no redoing election day.
JAKE:
But the other way that your vote can get messed with, I think that something I've been saying from the— So I was um, Obama's national deputy field director in 2008.
BOB:
This is Jake Braun, executive director of the University of Chicago Cyber Policy Initiative and organizer of the Voting Village at Def Con.
JAKE:
And we spent hundreds of hours and had hundreds of people um, working on understanding how to reduce long lines on election day. They think that John Kerry lost 20,000 votes in Columbus alone because of long lines. And one of the most disconcerting things that could happen that is in line with what the Russians have already done, is just delete a bunch of people from the voter rolls or just change the names and addresses around and then all of a sudden, you know, a fifteen minute line turns into six hour long line and then you don't wind up voting at all.
ALIA:
Oh my god. You know, that actually happened to me. I showed up to vote and they said uh, you're actually registered in a different county. Had no idea. Wasted like three hours of my day.
BOB:
And so you had to then drive to the other county to vote?
ALIA:
Yes.
BOB:
Good for you that you did, yeah.
ALIA:
Well, yeah, but a lot of people don't have that ability because they have a job that doesn't allow that sort of flexibility.
BOB:
Of course. And you — throughout all of this, remember that half of people don't vote even in our most important elections. So the truth is it doesn't take very much to get another one or two percent of people to give up for any kind reason.
ALIA:
Just make it inconvenient.
BOB:
Just make it difficult.
ALIA:
And then there's how your registration is stored at the precinct. Some places have started using e-pollbooks.
BOB:
It’s basically an iPad. And that's great because it's quicker, it can help make those lines shorter, and can be updated immediately, on the fly, live.
ALIA:
But if technology can be updated live, it can be hacked live.
BOB:
Precisely. This just adds another vulnerability into the mix.
ALIA:
They looked into e-pollbooks at Def Con too.
MAGGIE:
There was one instance where we found that it had been lent by the vendor to the county that it was given to uh, taken back afterwards and none of the 65,000 I think people's personal information including social security numbers had been wiped from it, and then it had been sold on Ebay, and that's where we got it. So that — we actually had to call the, uh, I think the state FBI for that um, to tell them, before we could disclose it at Def Con.
[SOUND: Rube Goldberg Machine]
ALIA:
Ugh. Okay. Step two, you register it. So what's step three?
BOB:
Step three is you walk in and vote, and you approach a machine that today is probably electronic in some way,
MATT:
And those voting machines, whether they're the DRE touchscreen type or the optical scan type, um, again, are based on computers. They're running software. All of this depends on software. Um, now we don't know how to secure software.
ALIA:
An argument you'll hear often is, “Oh, individual voting machines are safe because they might have software on them, but they're not online or like on a shared wifi network.”
ALEX:
What people sometimes don't understand about voting machines is that they're really not as isolated from each other and from internet attached systems as they may seem.
ALIA:
This is professor Alex Halderman. He's the director at Michigan Center for Computer Security in Society.
ALEX:
So before every election, virtually every electronic voting machine in the country has to be programmed, and it has to be programmed with the ballot design. That is the candidates, the races, and the rules for counting.
BOB:
This ballot programming is done by county or state officials, or an outside company. They have to program, you know, Bob Sullivan - candidate one, Alia Tavakolian - candidate two.
ALIA:
Can you make Shonda Rhimes my vice presidential candidate?
BOB:
Sure. This is where they'd input that. And this programming is done on a central computer system, uh, a regular PC. If attackers can infect that main computer system called an “election management system”—
ALEX:
Then uh, they can potentially spread malicious software to every voting machine in the jurisdiction just by having that software essentially hitch a ride with the ballot programming that election officials copy to the machines in the field.
That's so sneaky. Just hack the main system that everyone loads onto their USB stick or memory card.
BOB:
It's like poisoning the well that everyone gets their water from and bring back to their village.
ALEX:
And in fact, there's one major election system vendor, um, that, uh, programs and services the machines in 2000 jurisdictions across 34 states.
ALIA:
Alright, now let's get into the different kinds of machines themselves.
BOB:
When you walk up to cast your vote, what's waiting for you is probably either a DRE machine or an optical scan machine. Let's start with DREs. DREs are a very common machine. You walk up to a touchscreen, make your selection, it says “thank you for voting”, and you move on. At the end of the day, the machine tabulates all votes received and prints out a receipt.
ALIA:
A few weeks ago at the Def Con event in D.C. with an audience of people who are finally listening, we got to watch live in person as professor Alex Halderman performed his own hack into a DRE machine.
ALEX:
What I demonstrated um, was a — an attack whereby just by compromising that pre-election programming, I can infect these Diebold DREs with vote stealing malware, and there's nothing that election officials would notice in that process that would be a red flag.
ALIA:
He walks up to the machine with the same card an election official would use to activate and program the machine, and followed the prompts like a normal election official would. Only his memory card had some malware.
ALEX:
Um, once my malware gets onto the voting machine, it just runs in the background and watches as the votes are uh, cast by voters, and it silently shifts a certain fraction of the vote in order to favor the attackers preferred candidate.
For this mini election, he had us vote for either George Washington or Benedict Arnold.
ALEX:
Everyone of course tends to vote for George Washington. But at the end of the election, on the voting machine that I've remotely infected with malware, Benedict Arnold always wins by a small but believable margin um, because my malware is sitting in the background and silently rewriting all of the digital records of the vote.
ALIA:
His demonstration was on a Diebold Accuvote DRE machine, which used to be the most popular touch screen voting system in the country.
ALEX:
Today it's still used in parts of eighteen states, uh, including all of Georgia.
ALIA: Harri Hursti was one of the very first to figure out how to get into two different kinds of voting machines (remember, they named it after him - the “Hursti hacks”) - but he considers the DRE especially dangerous for our votes…
ALIA:
Harri Hursti was the first to figure out how to get into two different kinds of voting machines. Remember, they named it after him, the “Hursti Hacks”. But he considers the DRE the most dangerous for our votes.
HARRI:
Because what I found was that the bootloader is looking from the memory card a certain file name. If it finds that name, it will reprogram itself with the contents of that file with no checks, balances whatsoever.
ALIA:
So this is crazy dangerous because even if someone officially reprograms or cleans or updates the DRE machine, it will look completely clean. But every time you turn the machine on, the bootloader is still there running Harri’s file. Again, this was fifteen years ago he figured this out. And these machines are still in use. Do you ever get sick of actually talking about this because this is essentially your life's work.
HARRI:
I— I sometimes get a little bit tired, but then again it is — It took 15 years before people started listening.
ALIA:
Something else I wanted to know while we were in the presence of cybersecurity and hacker folks is, what would they make a machine do once they hacked it? Once they got their malware in it. Like what's the play? Maggie said she wouldn't actually flip anything.
MAGGIE:
Why instead of switching a, you know, um, a red state to a blue state or a blue state to the red state. Let's— let’s just say orange and yellow for now. I don't really care about politics in this respect. Why wouldn't I instead say, oh, this place is usually orange. I'm going to make it a little more orange this time. And this place is usually yellow, I'm going to make it a little less ye— Or it’s not usually yellow, I'm going to make it a little more yellow this time. So now the numbers say well, it was a very passionate election. A lot of people stepped out to vote who didn't usually. But I would probably not want to do it in such a way that people would think like, would trigger a recount. Right? I just want to do a little here, a little there in a battleground state.
ALIA:
I always thought this would be a big overhaul of a hack, but Maggie made me realize it can be super targeted and specific.
BOB:
Not a million votes, but just a few hundred in carefully selected places could change an election and fly under the radar
MAGGIE:
Because like one of them falsehoods I've seen is them saying like, well it would be such a massive effort to swing a US election, and I go, that's, no, it's not simply not at all. The Electoral College, these two, that Ohio and Florida had been decided by a few thousand votes in some very well known counties and very well known down to the neighborhood areas. I would just maybe impact things there or impact things slightly away from them so that their’s are more or less important depending on how I want to do it. So, you know, um, this idea that we are, we're protected by our diversity of systems or that we're protected by our size is simply not true in the United States.
ALIA:
On to some better voting options.
MATT:
So the best thing that we've got, the best idea that anyone has uh, come up with, and that’s really regarded as the state of the art, is to use systems that don't depend on software.
ALIA:
That was professor Matt Blaze again, bringing us to our next kind of voting machine.
MATT:
And an example of a system for that would be uh, paper ballots, um, optical scan, scantron paper ballots were we recover the actual piece of paper that the voter marked, and can you know — a human being can look at that and see what it was supposed to say.
BOB:
These are the second option: optical scan machines. Think of the forms with the little bubbles that you fill in.
ALIA:
Oh yeah, like the scantron test in college.
BOB:
The reason optical scan machines are preferred is that they have paper. Your scantron ballot is a built-in paper trail.
ALIA:
Yeah. In D.C., producer, Jan and I were feeling really encouraged by the optical scan machines while talking to Matt.
JAN:
Um, can scantrons be hacked?
MATT:
Sure. Um, yeah, absolutely. Again, those— those machines are computers.
BOB:
Yeah, I know. I should have mentioned the “Hursti Hack” Harri did fifteen years ago was with an optical scan. Those machines have memory cards too.
MATT:
But uh, the advantage is that you still leave behind the piece of paper that the voter uh, marked. If you couple that with a system of audits where the, um, we take a random sample of precincts, we hand count the ballots, compare that result to what the uh, scanners um, found. We can get pretty good confidence that the software is working in any given election.
ALIA:
I thought we'd found the answer. Paper ballots that get optically scanned.
BOB:
Well, I think that's precisely the point. If you think you found the solution via technology, you just don't know how it can be hacked yet.
HARRI:
All voting machines we have today and all welding machines we are going to have in near future probably during our lifetimes are vulnerable and hackable. So let's accept as a fact, and built around auditing procedures.
BOB:
The mantra you'll hear again and again in the tech community is “there is no such thing as an unhackable technology”. But there can be an auditable system.
ALIA:
Hm, that's our mantra. No such thing as unhackable tech, just auditable tech. And they're specifically referring to an audit called a risk limiting audit.
BOB:
So it's an audit, not a recount. A recount would be all votes, it would take forever. In a risk limiting audit, they just get a small sample of votes, but the sample’s very carefully constructed, so that they can test those and see if the results seemed consistent and everything seems on the up and up. Wouldn't find every election flaw, but it would find most of them.
ALIA:
Hm. Maggie says we should totally still use computers in tech. They're way better at some things than humans.
MAGGIE:
Uh, if you've ever seen somebody even try to count to 100, most people will flub it up at some point. So humans really aren't the answer here. That's not what we're saying. We just want to use — be able to use humans to double check that the machine did its job.
ALIA:
It's crazy to me that tech people are pushing so hard for paper. Instead, all these boundary pushing, innovative, brilliant tech minds are like -
[MONTAGE: People saying “paper”]
MATT:
I know. It’s— it— it feels kind of funny to be, you know, we feel like the Luddites, but the interesting is the—the more you've studied this and the more you know about uh, complex software systems, the less confidence you have in them.
BOB:
The point is anytime you can't see on paper who you voted for, well, then you’re trusting a machine, and the machine can be hacked. And any state that has printed ballots but doesn't audit them using a risk limited audit, well, they haven't fixed the problem then.
ALIA:
Or as Alex Halderman put it.
ALEX:
That's—That’s right. Just paper alone isn't very good if nobody looks at it.
BOB:
This brings us to our next stage of the vote: somehow, somewhere, this vote of yours has to be counted.
[SOUND: Rube Goldberg Machine]
AI VOICE:
Step four, our votes are counted.
MARK:
So when you look at, you know, going to a polling station and putting your vote in, a lot of times that's an electronic machine, but then at the end of the day that gets transmitted back to uh, a central place to for the vote to be counted.
ALIA:
This is Mark Kuhr from Synack again.
MARK:
And that's where vulnerabilities can come into this — this system as well is — is on the network side. If we're able to modify the transmission of vote tallies back and forth across these systems, we could potentially influence the vote.
ALIA:
Of course, my vote needs to be sent somewhere. It doesn't just get counted at my precinct. It has to actually go somewhere to be counted. This just actually never occurred to me.
BOB:
And right now in Florida, Illinois, Michigan, and Wisconsin, they all send their votes wirelessly over cellular networks to be tabulated. And now the states will make claims to say that the voting machines themselves aren't connected to the Internet, and when the data is being transmitted, it's encrypted and authenticated. So they believe that this is safe, but not everybody does.
ALIA:
So states that use wireless cellular networks, can those be hacked?
HARRI:
So the answer is absolutely.
BOB:
Just saying that your data is secure because you sent that over a cellular network isn't really accurate because at some point it may very well end up riding on the internet or along the internet and create a vulnerability that can expose the data the same way as if it was transmitted on the internet.
HARRI:
There are so many different places where, uh, your signal can be taken over.
BOB: There are also these things called IMSI devices, known as stingrays, and they mimic cell phone towers so they can perform this “man in the middle” attack. So someone, usually law enforcement, can intercept all traffic sent via a cellular network.
ALIA:
Stingrays or not, our cellular networks can share the same routes and tunnels as the internet, which makes them infinitely more vulnerable. You know, going into this I thought the internet could fix a lot of voter disenfranchisement - sending your vote over the internet would make it easier for everyone to vote. But the lesson I keep learning from hackers (and Season 1 of Breach): if it’s easier for me to do, it’s easier for someone else to hack. They looked into submitting email ballots at Def Con too, and (no surprise) they were super hackable -
MAGGIE: Washington state had been planning an initiative to allow people to email in their ballots and they dropped it that day except for military voters.
ALIA: So, thank you internet for your cat memes. But I won’t be using you to vote.
BOB:
But somehow or another your vote gets transmitted and counted and aggregated with everyone else's vote from your state. Which takes us to —
[SOUND: Rube Goldberg machine]
AI VOICE:
Announcing the results.
JAKE:
Well, the most vulnerable part of the infrastructure is the websites that announce the results on election day. Um, we know that the Russians have um hacked websites that announce election results in the past. They did it in the Ukraine a few years back. I mean, can you imagine if it's election night 2020, and they have to take the Florida and Ohio websites down because they've been hacked by Russia, and like Wolf Blitzer is losing his shit on CNN and Russian R.T. has announced that their preferred candidate won, who knows who that is, and then of course the fringe media starts running with it as if it's real here in the United States. And then, I mean how long would it take to unwind that? I mean it would make Bush v Gore in 2000 look like well ordered democracy.
ALIA:
The election could be so secure every step along the way from point A to B to C to D to E, but then this website, this one website, just gets hacked.
BOB:
This makes me think of somebody who spent six hours making a wedding cake and drives it to the wedding and gets to the wedding and the second before they're going to put it on the table, they trip and fall and the wedding cake splatters on the floor. That's our election.
ALIA:
I've missed your metaphors, Bob. That's a great metaphor. That's exactly what it feels like. Then there’s step six, which happens after the results are announced?
[SOUND: Rube Goldberg machine]
AI VOICE:
Step six: after the results.
ALIA:
Hold on. I thought announcing the result would be the end of our crazy Rube Goldberg machine lifecycle of your vote adventure.
BOB:
But wait, there's more.
ALIA:
How?
BOB:
Well just like propaganda and disinformation can hack the inception of your vote, I think it can hack the legitimacy of your vote after everything is said and done by questioning the results. So you know, if Bob wins it's a real vote, but if the Alia wins, it's a fake vote.
ALIA:
Nick Monaco, our disinformation researcher agrees.
NICK:
Messaging around the integrity of voter information or the legitimacy of the election is something I'm really worried about. So aside from like, hard hacking of infrastructure, like a disinformation campaign that would say um, the vote's not legitimate, these people couldn't vote, their voting records were altered, even if that stuff's not true. I mean the scary part is like with a kernel of truth that would really, really empower that disinformation campaign. So that's like a nightmare scenario for me.
BOB:
So in our market, the dollar bill is the fundamental unit of capitalism in America, right? The integrity of the dollar bill is paramount. If one day people decided, what is the dollar really worth? I'm not sure. I don't trust this thing. Our country would collapse. Voting is exactly the same way. The vote is the central unit of democracy, and right now we — it is a situation as if people were saying “Ah, the dollar, I don't know. Should I really take your dollar or not?” People right now are asking themselves, “Should I really take a vote or not? Does that really matter? Does it really count? When we added them all up, is it really correct?” It's that fundamental an assault on our way of life.
ALIA:
So Bob, it's like our votes can be hacked every single day in our hearts?
BOB:
The hacking of the American heart. Yeah, I think that that's true. And I do think that not only have our votes been hacked and our minds have been hacked, but our hearts have been hacked a bit too.
ALIA:
Mm. At least the good news is more people are paying attention now. I asked Kim Zetter, who gave us this whole Rube Goldberg idea to begin with about her decade-long career reporting on this. Do you get the sense that people — that more people are listening or paying attention?
KIM:
Uh, yeah, but only because of the Russians. And I would say that the Russians are a red herring because that's not why we should be looking at this. This problem has existed since 2002, people have ignored it.
ALIA:
There were waves of heavy interest in election security during the 2000’s. Some states switched to optical scan machines.
KIM:
There were people that took the —the lack of paper trail very seriously. States like California, Ohio, Florida, they actually passed their own state laws uh, in the absence of a federal law mandating paper trails. The problem is they didn't go far enough because they didn't also mandate audits or let's say robust audits.
JAN:
Um, you said Russia is a red herring. So if Russia’s not the danger, what is — what is the danger?
KIM:
Everything is the danger. Danger is a software bug, um, that could cause the machine to not record your vote to — to lose votes, to record it inaccurately. The danger is uh, an insider in the election office, anyone who is opposed to U.S. foreign policy, anyone who has a gripe uh, with the U.S. And again, we don't have to —It doesn't have to be someone who's really sophisticated.
ALIA:
Everyone in the cybersecurity community says the same thing. [MONTAGE: People echoing “paper” and “audit” over Maggie.]
MAGGIE:
But, uh, I would say risk limiting audits — uh, paper ballots — and please don't vote over the internet are the three big ones that pretty much all the academics involved in this uh, agree with. And — oh and blockchain won't solve it.
JAN:
Blockchain won’t solve it?
MAGGIE:
[Laughing] Yes.
HARRI:
Blockchain doesn’t solve any of this, please don't even try.
ALIA:
Then if everyone agrees and there's a clear path forward, why can't we solve this?
BOB:
Alright, here's why this happens and this is what none of the technologists have told you. I started my career covering local elections all over small towns in New Jersey, in Missouri, in Nevada, and here's what happens after every single election, the mayor wins by a 102 to 96 vote, and the loser says “We need to have a recount. This vote’s too close. I shouldn't have lost.” And you know what happens in every situation like that? The people in power do everything they can to stop the recount.
ALIA:
And another reason I'm learning why we can't solve this right now is resistance from these voting machine vendors.
BOB:
Their software is proprietary information. All of these companies are private. Very few of them even have a CTO or a CSO. ES&S, one of the largest voting machine companies, just hired a security executive. And they don't like being told, “hey, your product is breakable” by the hacking community. There's a lot of resistance.
KIM:
Not just actually resistance. I would — I would say outright hostility um, against the experts who could actually help the voting machine companies improve their product. And there's been uh, just at — at — at — a very curious hostile um, pushback from them.
BOB:
That's Kim again.
KIM:
The —the white hat hacker community really does want to improve things. They want to improve cars. They want to improve voting machines. They want to improve medical devices.
BOB:
In fact, in a lot of industries, like the automobile industry, companies had been initially embarrassed when the hackers exposed their vulnerabilities, but slowly they learn to bring them alongside as experts and help make their products better.
KIM:
And the voting machine companies didn't do that. Instead they went on the offensive. They dismissed their very, you know, valuable detailed technical reports. Uh, they ridiculed them. And um, that just is so um, surprising and unbelievable to me.
ALIA:
Maybe voting machine vendors aren't getting the right tech voices in the room, but many states are waking up and reaching out for help.
ADAM:
We're working with a three right now, and we're in serious conversations with seven others. And the truth is that a lot of states are now becoming more focused on the issue. They — they are in their own ways trying to do the best they can in order to secure the vote.
ALIA:
We talked with Adam Levin, whose company Cyber Scout contracts with secretaries of state all around the country to audit their election security.
ADAM:
There are states that are very worried. There are states that are feeling pretty confident. And there are states that don't necessarily know whether they should be worried or be confident. Now contemplate this playing field, is that you as a county or municipality or a state are facing off against a state sponsored hacking organization, funded, trained, and populated by superstars in cyber security that are, let's say on the dark side as opposed to the side of democracy.
ALIA:
For Mark Kuhr, a threat that big means that, in addition to paper ballots and audits, we need to bring in white hat hackers to secure our election systems.
MARK:
If we actually apply a crowd of hackers to this problem, we're going to be able to make this asymmetric uh, threat more symmetric.
ALIA:
It's super relieving to me that there are hackers that are good at this who can actually help us get ahead and fight the insurmountable threat of attack from basically everyone. The sheer size of that threat is really freaking me out, and I'm worried we might be just freaking our listeners out. Right? Like, if we make everyone see how shaky and kind of rickety this Rube Goldberg machine is, like, won't we be achieving the adversary's goal of making them trust it less? Like that's really terrible, right? I don't want to do that. But I also want to figure out what's wrong with it.
BOB:
I think you're feeling what a lot of these hackers and cyber security folks are, which is I have confidence the system can be fixed so I can confidently point out all the dumb fixable flaws, and in exposing and fixing this everyone will have more confidence than we started with.
ALIA:
I — I grew up being told I should be so thankful for what I have, should be so thankful. I live in a country where I can do whatever I want and there's food on the table and um, my dad has a job and he is an immigrant and he has a good job and like, that's amazing. Um, and as long as I lived here, I could have that too. And like, um, I could also participate in — I — I — yeah, I mean like I get to be president of the United States if I wanted to right, like people always said that— like, that was like a thing. And I always trusted that and I trusted in our systems because I learned about our systems in school, and I was like, oh, these systems, they're so important.
And oh my God, it's so cool. That's what makes us special, America. And now I'm learning about how these systems are just like, so deeply complex and um, full of vulnerabilities and holes, and I'm like, can I trust in them? Can I actually trust in this system, the election system that I think fundamentally defines this country? Can I do that? Which leads me to the question that’s been in my heart this whole time. A question I made sure to ask every single expert we talked to. So, is democracy doomed in the digital age?
[MONTAGE: Experts saying “democracy is not doomed”]
MAGGIE:
Every time you don't vote, you make it easier for the attacker that you're one less person they have to disenfranchise, so please don't disenfranchise yourself.
NICK:
I think we've been in really, really bad circumstances before, and I think we've forgotten how bad things were. But if you look at the broad arc of history, like when we were just a tribe of humans living on earth, at what point did it occur to someone to start thinking about other people over themselves? So like at what point was it probable that democracy as a form of governance would ever, you know, be a thing in human history? That's not apparent to me. It's not apparent to me that anyone would ever think to not have an autocratic society. I mean those were dark times, right?
ADAM:
But if I have confidence in our democratic institutions, and we've survived a lot. And my belief is that we're going to survive this as well, but the truth is, look, it is a Herculean task. It is a daunting task. No one denies that. But this country has always stepped up, always. At some point, we dug down deep, and we stepped up.
NICK:
It's uh, a huge task that we're facing, but I dunno, we faced hard things before. There's more smart people on earth and there have been before.
ADAM:
Democracy’s faced off against threats and tyranny and all sorts of things in the past, and we always came through, and I have faith we're going to come through again.
ALIA:
Bob, what was it like the first time you voted?
BOB:
So voting is a big deal in my family. Like my mom would talk about her parents, and when she was old enough her and her sister and brother getting dressed up, suits, dresses, to go to the voting place. This was like graduation or something for democracy. And it smelled like an old elementary school. I remember it very clearly. The machines were those old lever pull machines with the — you pull one big crank and the curtain closes like you're in a theater, and then there's these tiny levers you've got to pull, and it smelled really metallic, you know, like an old bus or something. And um, what I remember most was the severe sound everything made. Like — like the act of voting was like — it was like bang. Bang. You pull a lever like you were starting an — an assembly line or something like that. Um, but what I do remember as I got older, when the old machines were gone, I absolutely missed them. I missed the smell of it. I missed the whole physical experience of voting. It really was satisfying in the way that doing anything mechanical is satisfying. But I also, as I got older and thought about this, that there was no way to make a mistake in these machines. The levers were so clear the — the indications of who you voted for were you know, ironclad. So, but I remember it being a really, really special — like going to church or going to a wedding or a funeral or something. And that's how it felt.
ALIA:
That's so lovely. That's so — I love that it felt like um, uh, like sort of like a sacrament.
BOB:
A sacrament. Yeah, that's the word. It felt like a sacrament.
[MONTAGE: Why do you think it’s important to vote? People weigh in] CREDITS:
ALIA:
Thanks for joining me and Bob for this special “Election Episode” of Breach. I feel like we all learned a lot. Now go vote! Breach is a branded podcast brought to you by Carbonite in partnership with Midroll and Spoke Media.You can find transcripts and show notes at carbonite.com/breach. If Cyber Security reporting were British baking, Bob Sullivan would be Mary Berry, and I’d be doing my best with a Victoria sponge. Our show is produced by me Alia Tavakolian, and produced and written by Janielle Kastner aka “Producer Jan”. With associate producers Carson McCain and Isaac Young, and researcher Stephen Gardner. Our production assistants are Caroline Hamilton, Jenna Hannum, and Kelly Kolff. When Bob and I are in the studio we’re recorded by Casey Holford. Our show is mixed and sound designed by Will Short. The songs you hear come from APM Music. Our executive producers are Alex DiPalma and Keith Reynolds, who gave us November 6th off to make sure we go vote. Special thanks to Maggie MacAlpine, Alex Halderman, Chris Painter, Kim Zetter, Harri Hursti, Mark Kuhr, Jake Braun, Matt Blaze, Adam Levin, Nick Monaco, the whole team at Def Con’s Voting Village, and the students of UGA’s Grady School of Journalism, who told us all about their first time voting.
EASTER EGG:
JAN:
I love that. I just, I had this stereotype of hackers as being a little anarchistic. And I love the idea of a bunch of hackers united to protect democracy.
MAG:
Yeah. Well, you know, I just happened to be one of the idiots who lives here, I guess, so you know, I have an interest in making sure it doesn't like explode in flames.
JAN:
I love that.