From: abcnews.go.com, by Richard Clarke, on Aug 19, 2016, see the article HERE
After reports of alleged Russian hacking into Democratic Party computer networks, some commentators have suggested that the Russians could hack the results of the U.S. elections. Other analysts have, well before this year’s campaign, suggested that election results in the U.S. could be electronically manipulated, including by our fellow Americans. So could an American election’s outcome be altered by a malicious actor on a computer keyboard?
I have had three jobs that, together, taught me at least one thing: If it’s a computer, it can be hacked. For Presidents Bill Clinton and George W. Bush, I served as the White House senior cybersecurity policy adviser. For President Barack Obama, I served on his five-person post–Edward Snowden investigative group on the National Security Agency, intelligence and technology. And for over a decade I have advised American corporations on cybersecurity.
Those experiences confirm my belief that if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so.
The U.S., according to media reports, hacked in to the Iranian nuclear centrifuge control system even though the entire system was air-gapped from the internet. The Russians, according to authoritative accounts, hacked into the Pentagon’s SIPRNet, a secret-level system separate from the internet. North Koreans, computer forensics experts have told me,penetrated SWIFT, the international banking exchange system. Iranians allegedly wiped cleanall software on over 30,000 devices in the Aramco oil company. The White House, the State Department and your local fast food joint have all been hacked. Need I go on?
Now consider that a majority of states use some kind of combination of electronic voting and a type of paper trail, but there is no standard nationwide. In most states the data that are used to determine who won an election are processed by networked, computerized devices. There are almost no locations that exclusively use paper ballots. Some states allow direct from home voting over the internet. Others employ electronic voting machines that produce no paper trail, therefore there is nothing to count or recount and no way to ensure that what a voter intended is what was recorded and transmitted.
Some systems produce a paper ballot of record, but that paper is kept only for a recount; votes are recorded by a machine such as an optical scanner and then stored as electronic digits. The counting of the paper ballots of record — when there are such things — is exceedingly rare and is almost never done for verification in the absence of a recount demand.
The verification systems in place in most states can check only two things well. First, they can provide a basis for comparing the number of people who showed up and were allowed to vote at a location with the voter total reported at the end of the day by that precinct. Second, they can compare the total votes for a candidate reported by each precinct to the state capital against the number that the capital says it received from each location.
What they cannot verify without counting paper ballots (if they exist at all) is that your vote for Candidate A showed up in the electronic device tabulating the totals as a vote for Candidate A. The process of recording which person got your vote can — almost always — be hacked.
The ways to hack the election are straightforward and are only slight variants of computer system attacks that we see every day in the private sector and on government networks in the U.S. and elsewhere around the world. Malware can be implanted on voting machines. Almost none of these machines have any kind of malware detection software like those used at major corporations and government agencies. Even if they did, many of those cybersecurity tools are regularly defeated by today’s sophisticated hackers.
At this year’s Black Hat cybersecurity conference, the cybersecurity firm Symtantec had a voting booth to demonstrate the various ways to trick the system.
In America’s often close elections, a little manipulation could go a long way.
In 2000 and 2004, there were only a handful of battleground states that determined which presidential candidate had enough Electoral College votes to win. A slight alteration of the vote in some swing precincts in swing states might not raise suspicion. Smart malware can be programmed to switch only a small percentage of votes from what the voters intended. That may be all that is needed, and that malware can also be programmed to erase itself after it does its job, so there might be no trace it ever happened.
I have to emphasize that we have no evidence that such hacking has ever taken place in the U.S. or that it is about to occur. What we do know is that it could happen. There is nothing to stop it from happening in many parts of the country, and there is not even an effort to see if it is happening.
It does not have to be this way. Congress could create voting security standards for the election of its members and of the president. It has not done so, leaving it instead to the states to protect the integrity of the democratic process.
Minimal election security standards could be simply stated: 1) No vote recording machine shall be connected electronically to any network — including but not limited to local area networks (LANs), Wi-Fi, the internet and virtual private networks (VPNs). 2) Every voting machine must create a paper copy of each vote recorded, and those paper copies must be kept secured for at least a year. 3) A verification audit by sampling shall be conducted within 90 days on a statistically significant level by professional auditors to compare the paper ballots of record with the results recorded and reported.
There are other things that would be nice to have to provide additional levels of assurance. One of the best ideas is that the software used to run voting machines be restricted to open source applications, whose code could be publicly examined. Another proposal that makes sense is that voting machines be required to run a certified malware detection software application before, during and after the voting process.
Some states will, of course, say that there is no risk justifying these proposals. (Many of the states that will claim this will be the same states that passed voter ID fraud laws although there was no evidence of any significant voter fraud.) They will claim that it is not the federal government’s job to regulate the democratic election of federal officials. Finally, many states will protest that verifying our democratic processes would be too expensive for them. That last complaint could be answered by Congress’ paying for its own elections and for the president’s.
If someone makes the charge after this election that the results were altered by hackers, our country has almost no way of credibly refuting that claim. Thus American voters will have no way to know if they can trust the results of the election, unless it is a landslide, so large that it seems unlikely that the winning margin was purely the result of malicious activity.
In any close election, because we have not done the simple things that could protect the integrity of our democratic process, there will be room for doubt.
The democrat’s public position is that they are so sure that there is no appreciable voter fraud and/or voting machine hacking that their very emphatic dismissal of the issues is enough to convince me that they are, in fact, occurring and the democrats have the fraud and hacking mechanisms down to a science. They know that their expertise in these matters is so far superior to that of the Republicans that they don’t even pretend that fraud and hacking need to be addressed. When the democrat candidate gets more votes than are registered in a voting precinct, something is wrong and to attribute that excessive vote to some sort of bureaucratic mistake is ludicrous.
We all should be very wary of this upcoming election. If Hillary is way up in the polls come November, it’s less likely that the dems will take chances on fraud and hacking. After all, there’s no sense in taking chances when their candidate will likely win “fair and square,” but if polls are tight, look out.
They’ll be looking at selected precincts in battleground states, especially those that are using voting machines without verifiable paper trails. As Mr. Clarke stated, in a close election, a relatively small number of votes can change the outcome.
There are currently eleven states that are classified as swing (battleground) states: Colorado, Florida, Iowa, Michigan,Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, Virginia and Wisconsin. These eleven states account for 146 electoral votes, more than half of the 270 needed to win the presidency. Most likely, if any voting machine fraud is going to occur, it’ll be in one or more of these states where a relatively small number of votes could alter the winner and pick up that state’s votes.
I understand that we don’t want to create a problem where one may not exist and we certainly don’t want to call into question election results before the vote even happens, but on the other hand, the results of this election are so important that I believe that the parties could justify any means to win. Sure, the Republicans would cheat if they believe it necessary, it’s just that the democrats have a long and successful track record of election cheating, whereas the Republicans are rookies and aren’t as accomplished as the democrats.
I honestly hope that no accusations of voting irregularities show up, but I wouldn’t bet much money on it.