Almost three weeks after Election Day, Wisconsin is getting ready to recount its votes, and Pennsylvania and Michigan may soon follow suit. Green Party candidate Jill Stein has raised over $6 million to fund the effort, saying fears of a hacked election couldn’t be dismissed in light of earlier hacks of the Democratic National Committee and Clinton campaign staff. Hillary Clinton’s team signed on to the recount campaign over the weekend, citing similar concerns.
Many are still skeptical. Although Trump won Wisconsin by just over 25,000 votes, there’s still no technical evidence of vote-tampering and the results are generally consistent with polling and demographic data. As a result, it’s extremely unlikely that a few hacked precincts could have tipped the scales. At the same time, even the suggestion of an audit has set off political chaos, as President-elect Trump responded with unfounded allegations that millions of votes had been cast illegally.
The most secure election system is one where audits are routine
From afar, the political fallout makes sense. After any election, the winning side looks to claim a mandate while the losing side looks to deny one. Auditing votes has become another way to wage that fight, with Stein emphasizing previous foreign interference in the election and Trump responding with more exaggerated claims of fraud. But while the political pushback against the recount might have been predictable, it does real damage to the long-term security of the election system. Auditing a precinct’s votes — specifically, comparing the paper ballots to the electronic count — is one of the best protections we have against machines that are often still vulnerable to compromise. The most secure election system is one where audits are routine, public, and completely devoid of news value.
There are already a number of systems in place to protect voting machines, and as I wrote before the election, those systems generally work. It would be very difficult for a foreign adversary to compromise a voting machine, and if they did, there would be ample evidence that it had happened. Still, the barriers to public paper auditing mean we’re not taking advantage of some of the system’s strongest protections.
In Michigan and Wisconsin, electronic voting machines produce both an electronic and a paper record when a vote is cast, making it easy to verify the vote has been tallied correctly. That means a person’s vote can be verified immediately after it’s registered — if you pressed the button for Trump, the paper should say “Trump.” Once the election is over, the total number of paper records can also be compared with the tally in the electronic database, typically through a random sampling. (Notably, this isn’t true in Pennsylvania, which still uses some electronic-only machines despite the best efforts of security experts.)
Electronic machines are opaque and reprogrammable by nature
Comparing the total number of paper ballots and electronic ballots is a time-consuming and expensive process, but if you’re worried about the sanctity of the process, it’s money well-spent. Electronic machines are opaque and reprogrammable by nature, but that double-verification system lets officials catch any unexpected behavior early. It also allows for a lot of outside parties to verify the process, including representatives from both parties and Homeland Security alongside local election officials.
There’s still ample reason to trust the system and its results, but audits are a good way to improve it. We know that under the right circumstances, and attacker can record one vote on paper and another on the electronic ballot. The question is how closely those outside parties are watching the paper, and how rigorously it’s being matched to the electronic record. We simply don’t know the answer to that question. It comes down to whether you trust the parties involved — and trust is the last thing you want to rely on for security.
In that light, Jill Stein’s push for a recount could be a crucial tool for securing elections. The most trusted encryption programs often publish their source code for open audit, inviting anyone to come in and look for bugs — and an open call for recounts could function in much the same way. Stein’s audit isn’t likely to change the final result, just as I’m not likely to find a backdoor in Tor, but keeping the process open sends a powerful message. There’s nothing to see here. Look for yourself.
That’s not the way the system currently works, in law or in practice. We’re still nervous about the vulnerabilities in our voting system, and the idea of an audit dredges up fears of mass hacking, preventing us from taking the very steps that would protect us. As a result, there’s a huge political and financial cost for an outside party to mount an audit, and it scares off all but the most extreme of challenges. It doesn’t have to be that way — but looking at the reaction to Stein’s crusade, it doesn’t seem likely to change any time soon.