Hacking Our Democracy

Trump, Putin and Karl Rove are uniting to attack this year's election. I ask election security advocate Jennifer Cohn what's happening and what can be done.

Thanks for reading! If you haven’t already subscribed, please do. And thanks.

Photo by Clint Patterson on Unsplash

The risk has never been greater.

There’s no doubt that US democracy is under attack in more ways than ever before, from the threats of cyber attacks and voting machine manipulation to the Trump campaign’s and the GOP’s ever-active disinformation and voter suppression efforts. Meanwhile, Trump and his chief accomplice “Moscow Mitch” McConnell are doing almost nothing to protect or reassure us. In fact, Trump's recent actions toward Russia make it look like he’s dumped Mike Pence from the ticket and made Putin his official running mate.

To make matters worse, Trump has hired the most devious election cheat ever, Karl Rove, to help him steal the Presidency for a second time this November. (And now that Trump has brazenly commuted the sentence of 2016 dirty trickster Roger Stone who even knows what shenanigans Stone might get up to between now and November 3.)

To better understand all the threats, I reached out to Jennifer Cohn, an election integrity advocate and writer whose articles on election security have been published in the New York Review of Books, Salon, WhoWhatWhy, and other publications. Cohn is also an attorney who practiced insurance coverage and appellate for many years as a partner with Nielsen, Haley & Abbott LLP in California. Since the 2016 election, she has focused her efforts on investigating insecure computerized election systems and promoting potential solutions. If you’re not already doing it, I highly recommend following her on Twitter @jennycohn1 for ongoing updates and commentary on election-security developments throughout the country.

What are the biggest risks to the integrity of the November election?

I’m very concerned about the possibility of hacked voter registration systems. If voters are deleted or if their addresses are changed even by a single digit, this could prevent them from receiving their mail ballots and/or from voting in person at the polls. At the polls, they would receive a provisional ballot, but if their address has been altered in the voter registration system itself, this might prevent it from being counted at all. After the 2016 election, the FBI told Florida lawmakers that Russian actors had breached voter registration systems in two or more Florida counties and that they “couldn’t say with certainty [the hackers] did not manipulate [voter registration] data.” That is terrifying, and I worry very much about a repeat in 2020. 

I’m also concerned that hundreds of thousands (likely millions) of voters won’t receive their mail ballots on time or at all due to pandemic-induced mail delays and/or administrative incompetence or other problems. Pennsylvania election officials “warned before the primary that thousands or even tens of thousands of people would receive their mail ballots too late to mail back, and several court cases sought to change the deadlines.” In Los Angeles county, seventeen thousand voters did not receive their mail ballots on time to vote with them. In Maryland, “at least 1 million [mail] ballots were delayed.” Georgia voters suffered through delayed mail ballots as well. 

Voters who don’t receive their mail ballots will be forced to vote in person on election day where they may encounter many other obstacles to casting their votes successfully. Due to voter suppression, the pandemic, and poor decision-making, neighborhood polling places will in many cases be consolidated into a small number of large vote centers, many of which will replace paper poll books with electronic poll books to check in voters and confirm that they are registered and have not already voted. 

Although all electronic election equipment is vulnerable, electronic poll books are particularly risky because they often rely on a wifi connection or bluetooth. In Los Angeles County, electronic poll books supplied by Knowink, whose products are in about 25 states, caused chaos due to massive connectivity problems. Georgia also had significant problems with its Knowink electronic poll books, both during a test election and during the recent primary. 

As a Democrat, I also find it disconcerting that Knowink’s managing director, Scott Leinendecker, is a former Republican election official and that its product developer (per his LinkedIn profile) once campaigned for Ed Martin, who is now President of the Phyllis Schlafly Eagles, which opposes the Equal Rights Amendment

In December 2019, cybersecurity journalist Eric Geller reported that Knowink “uses ‘1234’ as the tablets’ default password,” which he described as a “major security risk, given that the devices (which handle voter data) often connect to the internet.”

The next largest electronic pollbook vendor in the US. is probably Tenex. In 2015, Tenex pollbooks deleted up to 4,000 Ohio voters in Hamilton County due to a reported programming error: “The big blunder was the programming error. It happened when someone with Tenex Software Solutions, the company that was paid $1.2 million to create the new system, entered the wrong date as the cut-off for voter registration.”

Despite these types of risks, electronic poll book use is on the rise. According to the 2018 Election Administration and Voting Survey, “26.2% of jurisdictions nationwide reported using e-poll books, representing a 48% increase in e-poll book usage since the 2016 election.” And according to the Brennan Center, as of October 2018, thirty-four states used electronic poll books “in at least some polling places, and six states — Colorado, Georgia, Maryland, Michigan, Rhode Island, and Utah — use[d] them statewide.”  The Brennan Center says that "All polling places using electronic pollbooks should have paper pollbooks ready in case of system malfunction," but "of the 34 states that use [them], only 1/2 require paper backups to be present in every polling place at the time voting begins."

Traditionally, electronic poll books were used only as an adjunct to the voter registration system. But a disturbing new trend has emerged over the past several years, which is to use these often internet-connected electronic poll books to encode the activation cards that are used to activate new touch screen voting machines known as universal use ballot marking devices (BMDs). This opens a potential pathway for internet hackers to disrupt not only the electronic poll books themselves, but also the voting machines. I wrote about this concern in my recent piece for Who What Why.

Moreover, the paper printouts generated by these new “BMD” voting machines put votes into barcodes. Although the printout also includes human readable text, the only part counted as your vote is the barcode, which voters can’t read. 

Proponents of these systems sometimes claim that the human readable text can in theory be used to conduct a manual audit or recount. But state laws don’t always back that up (see, e.g., Georgia), and if voters don’t notice BMD-induced changes or omissions in the text, no manual recount or audit in the world can correct that. A recent study shows that 93% of changes or omissions in the human readable text are missed by voters. This is likely especially true for down ballot races, including races for state office, which is very alarming, as state lawmakers will vote on the maps that decide who will control the House of Representatives for the next decade. They also will vote on whether to conduct an Article V Convention of States, which the GOP has been pushing for many years with an aim to amend the U.S. Constitution and thereby enshrine permanent minority rule. 

Even without these auditing issues and the potential for hacking, BMDs (like all electronic equipment) have a propensity to break down. Most of them are supplied by ES&S or Dominion Voting, which collectively account for more than eighty percent of U.S. election equipment. For in person voting, I much prefer hand marked paper ballots, which do not have to be activated, do not put votes into barcodes, do not break down, and can’t be hacked. 

In addition, I worry about precinct-based scanners because (among other reasons) voting machine vendor ES&S installed cellular modems in  Florida, Wisconsin, Michigan, and Illinois starting around 2015. These modems are a problem because they connect the scanners and receiving end systems to the internet, something which officials had led the public to believe was not the case after the 2016 election.

I’m also very concerned about election management systems, centralized county or state computers, which program all voting machines before each election and include the central tabulators that aggregate all precinct totals. Experts warn that most election-management systems probably do on occasion connect to the internet and that they likely receive updates from other internet-connected systems. Moreover, America’s largest voting machine vendor (ES&S) finally admitted a few years back that it sold election management systems containing remote access software to 300 customers. Although ES&S now claims to have confirmed that the software has been removed, it won’t say how it made this confirmation or whether its claim extends to systems supplied by Diebold Election Systems whose contracts were acquired by ES&S in 2009. 

Even without remote access, I worry about corrupt insiders having direct access to central county tabulators and about the memory cards used to physically transfer totals from the precincts to the tabulators. A swapped or faulty memory card could decide an election. In the 2000 presidential election in Florida, a memory card in Volusia county inexplicably deleted 16,000 votes from Al Gore’s vote total. A supposedly “rare memory card error” also caused problems during the high profile Georgia 6th district race between Jon Osoff and Karen Handel in 2017. 

Finally, I worry that Trump will wrongly challenge the legitimacy of mail ballots and in particular will try to turn the signature-match requirement for mail ballots into a “hanging chad” style fiasco. The Democrats will need tens of thousands of observers during the counting to try to ensure that absentee ballots are handled properly and not thrown in the trash. 

Which states are most vulnerable to vote totals being manipulated and why? 

All states are vulnerable to having their vote totals manipulated because all states use hackable electronic voting equipment: either touchscreen voting machines or optical or digital scanners. According to experts, the only way to know if an electronic vote total has been manipulated is to compare a robust manual audit or manual recount of the paper ballots to the reported electronic outcome. 

Sadly, the phrase “paper ballots” has been warped in recent years to include not only traditional hand marked paper ballots, but also machine-marked paper printouts from insecure touchscreen voting machines called universal use ballot marking devices. As I mentioned previously, a recent study shows that most voters don’t notice problems with machine-marked so-called paper ballots. Thus, many experts warn that they cannot provide the basis for a meaningful manual recount or audit. 

Unfortunately, jurisdictions with hand marked paper ballots are not necessarily much better off heading into November. Although they at least “could” conduct robust manual audits and recounts, most of them don’t. The GOP blocked federal legislation that would have required them to do so and losing Democratic candidates typically concede without a fight. 

Trump has now hired Karl Rove. What will Rove be doing? Is he now as big a threat to the 2020 election as Vladimir Putin? 

I don’t know if Karl Rove is a bigger threat than Putin, but he is a master of psychological warfare and will no doubt assist Trump’s effort to demonize Trump’s opponents. Rove loves to use peoples’ strengths against them. Examples of this include the “swiftboating” of John Kerry and personal attacks on Max Clelland, who are both decorated war veterans. During the 2004 presidential primary, Rove was also credited with starting a vicious whispering campaign that John McCain’s adopted daughter was from an affair with a black woman. 

As a member of the Bush administration, Rove is thought to have played a key role in the firing of U.S. attorneys who refused to prioritize the myth of mass voter fraud, which Rove himself (in my opinion) propagated to deflect from the GOP’s own corrupt election practices, which included voter purges, disproportionate distribution of electronic voting equipment, and perhaps electronic vote tally manipulation. The Bush administration, including Rove, kept their emails on a private server hosted by a company called Smartech, which Russia hacked in 2015. Thus, it is conceivable that Rove, who was not previously a fan of Donald Trump, is acting under some type of duress. Then again, he may just enjoy the sport of taking a sledgehammer to what’s left of American democracy. 

If anyone thinks that electronic vote tally manipulation is not a real concern, I encourage them to watch Atticus v. the Architect, which details how 6,000 votes disappeared from Democrat Don Siegelman’s vote total in the dead of night in his race for reelection as Alabama governor against Bob Riley, whose campaign consultant was friends with Rove. Rove’s client, the Alabama AG, seized the paper ballots before they could be recounted and illegally certified the outcome. When Siegelman announced his intention to run again, the wife of Riley’s campaign advisor locked him up on a bogus bribery charge after her office used threats to coerce a witness to testify against him.  I interviewed Siegelman about these events recently on my Youtube channel. Siegelman also discusses them in his new book, Stealing Our Democracy

We can expect Rove to deploy all of these dirty tricks. Rove will also relish challenging absentee ballots (e.g., based on signature match) should the need arise. I suspect he is also encouraging Trump’s effort to delegitimize vote by mail before the election, so that he can delegitimize the election outcome should Trump be defeated. 

On a related point, Smartech also had custody of the RNC’s voter vault, which included data on more than 198 million US voters as of 2016, as noted by @soychicka on Twitter. A recent report says that Russian hackers have possession of a database with information on 191 million U.S. voters, which could conceivably be a reference to the voter vault as it stood in 2015 when Russia hacked Smartech. 

Are Democrats focused enough on the problem?

I do not have strong contacts within the upper echelon of the Democratic party, but my impression is that they are not. We hear a lot from them about voter suppression, but very little about election fraud. The Democrats in the House have subpoena power, but have done little to investigate vendors like ES&S and Dominion Voting, which account for more than 80 percent of U.S. election equipment. The hearing the House conducted with these vendors was a joke. No substantive information was obtained.

How does the pandemic play into this year's election? What added risks does COVID-19 create? Is there any upside?

Traditionally, most voting has occurred in person. Due to COVID-19 and the risk of transmission at in-person polling places and via touchscreen equipment, most voting will occur by mail. As mentioned above, my greatest concerns with voting by mail are that hundreds of thousands or millions of voters will not receive their mail ballots on time and that Trump/Rove will weaponize the signature match requirement. 

Is there time to do anything about all of this before November? 

There is always time to mitigate election-system vulnerabilities. Voters and election-integrity groups can and should contact county election officials and demand backup paper poll books on election day and that all voters have the option to use hand marked paper ballots at the polls. 

Campaigns and election-integrity groups can and should organize voters as poll monitors to photograph precinct results on election night and compare those totals to the reported results. If they don’t match, this could provide the basis for an election challenge, should the need arise. ProtectOurvotes.com, Scrutineers.org, and DemocracyCounts.org are trying to organize groups of voters to do this in November, but they could use support from larger groups and campaigns. 

One thing we need, but don’t have, is a secure (to the extent possible) website for voters to report disenfranchisement, along with contact information, as it is currently more or less impossible to quantify the effects of voter suppression and mail ballots that never arrive. If we can’t quantify it, we can’t use it for an election challenge. Although the voter-protection hotline is a wonderful service that provides voters with help on election day (1-866-OUR-VOTE), it does not make its numbers public. And I doubt it takes down voter contact information. 

Organizations like Audit USA are fighting in court to ensure that digital ballot images, which scanners automatically generate, are preserved and made available to election integrity groups who wish to compare them to reported totals. We should support these efforts. 

What actions do you recommend people take now to: a) protect their vote personally, and b) help safeguard the election in their district and state?

If voters wish to vote by mail, they should apply as soon as possible to try to avoid mail delays. They should be very careful to follow the instructions precisely. Seemingly innocuous details can cause mail ballots to be rejected. If their county allows them to deposit their mail ballots in a drop box, they should do that, rather than relying on the mail service, which may be unreliable due to the pandemic and Trump’s appointment of a new postmaster general. 

If voters choose to vote in person or have no other choice, they should bring their correct ID (after checking their county election website) and a completed sample ballot with them. The completed sample ballot will help them vote much more quickly. Voters should request to mark a paper ballot with a ballpoint pen (exception for voters with disabilities). But if they must use a touchscreen, bringing a completed sample ballot will help them review the touchscreen printout for any vote flips or deletions. Deletions, in particular, will be difficult to notice without bringing a sample ballot for comparison. Again, voters should not give state races or other down ballot races short shrift. They are critical.

Voters should check their voter registration status every few months and save a screenshot as proof. 

Voters should know to contact the voter-protection hotline, 1-866-OUR-VOTE, if they encounter any problems voting. They should also report any such problems to a poll worker, local media, and on social media. Campaigns and election-integrity groups should consider distributing this information to voters on postcards or flyers.

Finally, voters should volunteer as poll workers or observers. More eyes will make it more difficult for cheating and other types of problems to go undetected. Scrutineers.org, ProtectOurvotes.com, and SMARTelections.us are great places for voters to get ideas about how to protect elections in their own community.

These are troubled times. And the election is less than four months away. The disaster we are living through will only get worse if Trump is re-elected. This ad-free email newsletter will continue to deliver news and arguments to fight back against Trump’s endless lies and non-stop corruption. All posts will be free through election day, so whether you’d like sign up for $0—or support with a paid subscription, just click here:

If you’d like to support with a one-time donation, I’ve added a “buy me a coffee” option, too:

Buy Me A Coffee