In the United States, Republican and Democratic senators rarely agree. However, the intelligence commission, made up of elected officials from both camps, Democrats and Republicans, affirmed it with one voice in the first volume of its report of more than 1,000 pages on Russian interference, published in July. 2019: Moscow intelligence services showed interest ” unprecedented “ for America’s electoral infrastructure during the 2016 presidential election.
Traces of these pirates have been spotted in election-related computer systems in some 20 states, but senators believe that all states have in fact been visited. Some have only been superficially probed, others have seen their first lines of defense tested, and at least two of them have actually been hacked. This is particularly the case in Illinois, where hackers could have altered the electoral rolls. A manufacturer of voting machines was also compromised: according to the American authorities, the hackers were acting on behalf of the Russian military intelligence services.
Four after these episodes, and as America prepares to go to the polls for one of the most explosive ballots in its history, to decide Joe Biden from President Donald Trump, many flaws identified in 2016 are still gaping – and they are against the background of new alerts to foreign interference in the election.
Admittedly, at the time, no vote was changed; and computer security experts agree that large-scale, invisible manipulation of the votes of American voters remains impossible. Their fear, as well as that of the American authorities, relates rather to the disorganization – even the chaos – that a computer attack on the electoral machinery could cause, or a dysfunction of the latter.
One of the first problems identified remains that of voting machines, commonly used in the United States. While the computer security of these devices, built and assembled by small companies often lacking in subject matter experts, was deplorable in 2016, it has hardly improved in 2020. Among the problems identified:
- at the end of 2019, the participants in the DefCon specialized conference (among the major annual gatherings of hackers) had examined many models: they had found many flaws;
- despite the claims of their manufacturers, voting machines are sometimes connected to the Internet, increasing their vulnerability;
- seven states still use machines which leave no paper traces of the vote, a guarantee that all experts consider necessary to detect possible fraud. In January, researchers demonstrated that machines that were supposed to leave a paper trail did not prevent fraud: which makes their use, despite being recorded in 18% of American districts, “Extremely risky” in the event of a disputed ballot, according to the researchers.
The many digital tools
These voting machines are far from concentrating the concerns of authorities and experts. In general, in the United States, voting is organized using a long chain of computer tools, all vulnerable to varying degrees. Software, machines or even applications are used to manage the electoral lists, the registration of voters as well as the counting, transfer and display of the results of the vote.
This year, postal voting will take pride of place, the Covid-19 pandemic requires. Some voters will have to vote almost entirely online: their votes are recorded on a website, and accompanied by a paper ballot which is then counted. This method is obviously vulnerable, according to several reports. The Department of Homeland Security has also ruled “At high risk” and for good reason: the votes could be “Manipulated on a large scale”.
More generally, computer systems will also be used on Tuesday, November 3 for the sending of ballots, their counting, checking and counting. However, software to manage the electoral lists and the registration of voters is one of the blind spots of election security. The magazine Politico demonstrated, at the end of August, to what extent these tools, used in all American states, were exposed to breakdowns and attacks and exempted from any federal audit or supervision.
A limited federal state
To solidify this electoral infrastructure, the powers of the federal state are limited: the federated states are sovereign in matters of elections and jealous of their prerogatives. Of course, the electoral infrastructure is considered “Critical”, this allows the federal state to take a closer look. And Congress has allocated several hundred million dollars since 2018 to beef up election cybersecurity. In early 2020, the cybersecurity agency organized a large exercise with two hundred state officials responsible for organizing the election to prepare them for all scenarios. The FBI can now sound the alert if they discover a hack attempt more easily than ever before.
Certain States have also undertaken to change their voting machines, swapping entirely electronic systems – not very secure – with mixed systems, associating a paper trace with each vote, thus making a change in votes more easily detectable.
Still, each state has its own rules, and the voting process is organized differently in the more than 10,000 constituencies in the country. Moreover, there is no federal regulatory body with coercive powers on the subject, except for campaign finance. “There are more federal rules on ballpoint pens or markers than there are on voting systems,” Larry Norden of the Brennan Center for Justice, an election think tank, worried during a congressional hearing in 2019.
From fear of attacks to fear of dysfunction
In this context, any dysfunction, caused by a computer attack or by a simple technical problem, can discredit the vote and sow disorder. For example, a voters list crippled by ransomware (a computer virus that locks victims’ data and requires ransom to unlock them, increasingly used by hackers around the world) can hamper voting operations; a website that is slow to disseminate the results in a county or a state can sow doubt; and a voters list modified by a malicious actor may prevent some voters from voting.
In a joint statement, issued on September 24, the FBI and the US cybersecurity agency stressed that they had not identified, “To date, an incident likely to modify the votes or prevent Americans from voting”, in November. The two organizations note, however, that “Cyber actors continue to attempt to attack systems that enroll voters or host voter lists, manage non-voting processes, or provide unofficial results. These attempts are likely to render these systems temporarily inaccessible, which could slow down, but not prevent, voting or the announcement of results. “.
In recent months, events have rekindled authorities’ fears that poorly protected links in the electoral chain could be targeted during the election. The New York Times notes, for example, that a Texas company has recently been the target of ransomware: its services are used by some constituencies to aggregate and disseminate election results.
Earlier this year, a bug in an application used to record and report the results of the Iowa Democratic caucuses sowed the “Chaos” and delayed announcing the winner. Voting machine problems and queues have already disrupted primaries, in March in Texas and Los Angeles, and in June in Georgia. In a 2019 election in a Pennsylvania county, the counting of the voting machines suggested that one of the two candidates had received virtually no votes. After recounting the paper trail, one of the two candidates won by five narrow votes: the technical incident cast doubt on the election.
The mess from the White House
Because an electoral ballot should not only accurately count the votes of voters. It must also win the confidence of all, including that of the losers. This is the whole point of protecting the electoral infrastructure against piracy and malfunctions: you have to count the ballots but also preserve the ballot from disorder and suspicion.
But what to do when these emanate from the White House? On several occasions, Donald Trump has refused to pledge to leave his post in the event of defeat and claimed that the election to decide between him with Joe Biden was rigged.
Among the obsessions of the candidate for re-election is postal voting. According to a count of Washington post, Donald Trump has questioned the sincerity of this type of vote more than 50 times, despite the lack of evidence on the subject.
This voting method generally takes longer to be processed, and accentuates the tendency of the last ballots counted to be more democratic. However, its use is likely to be massive in 2020: while in 2016, 33 million Americans voted in this way, they could be, this year, 80 million in the context of the measures taken against the spread of the Covid- 19, explains the magazine Wired.
What structurally postpone the proclamation of the final results of November 3, even in the absence of piracy or digital dysfunction – and therefore, favor the criticisms emitted on the ballot by Donald Trump himself.