The list of precautions the state has taken to keep computer hackers from hijacking the November election stretches to two single-spaced pages: a cyber security team, a new outside election consultant and an encrypted internet transmission system.
Minnesota Secretary of State Steve Simon and his staff say they feel confident that they have taken every reasonable step to prevent hackers from upending the election. Yet, memories of a hack in 2009 that shut down the Secretary of State’s business website never quite fade. And now a foreign-led hack of Democratic National Committee computers is reigniting previous concerns about the upcoming election.
“If the [voting] system is connected to the internet or if the system is connected to a network that’s connected to the internet, there’s a cascading risk,” said Mike Johnson, who spent 15 years directing cyber security for Bremer Bank and now teaches at the University of Minnesota’s Technological Leadership Institute.
Across the country, in the aftermath of the extraordinary attack on the DNC computers, cyber security experts are newly assessing the vulnerability of the nation’s voting system. Some say the technological weaknesses are significant enough to disrupt the presidential election.
Authorities contend that it is unlikely hackers would infiltrate individual voting machines to tilt the outcome in favor of one candidate, but they say digital hackers could tap into each state’s election system and wreak havoc in some places where there is a tight race between Republican Donald Trump and Democrat Hillary Clinton. Even creating doubt about the final results could throw the election into chaos.
Election officials around the country are rushing to check and double-check the safeguards in their voting systems.
In Minnesota, Simon created a cyber security team when he took office in 2015. Then he hired an outside consultant to review voting safeguards so the state could implement tougher measures before Election Day.
“When you see something like the DNC hack, it takes things from the theoretical to knowing this could really happen, someone might want to tamper with an election,” said Pamela Smith, president of Verified Voting, a nonprofit group focused on electoral integrity.
The nation’s rapid embrace of new internet technology has outstripped the ability to build in proper safeguards, experts say.
“What’s happened the last three or four years, with everything being transferred by the internet, it’s not a very big leap to say you could hack a voting machine,” Johnson said.
What it would take to change the outcome of an election is unclear. Nationally, roughly 25 percent of votes in the November election will be cast without a paper trail, Verified Voting estimates. Older electronic voting machines designed without built-in hacker protection are at the greatest risk, Smith said.
But other outside risks could have significant consequences. An attack seemingly as small as shutting down websites that locate polling places or upsetting voter registration could be disruptive or disenfranchising. So, too, could what Johnson calls “front-end influence,” when hackers release information to tarnish a particular candidate.
“You do things to affect an election like negative publicity and misinformation,” Johnson explained. “The DNC hack was pre-election trying to influence public opinion and influence the direction of voters.”
The ability of groups like Anonymous, a loose collective of “hacktivists,” to successfully hack government and business computers signals a risk for manipulation.
Internet voting is another concern. Military personnel in combat zones are allowed to vote online, but those votes cannot be checked for accuracy, Smith said.
The cyber theft of personal and credit card data from tens of millions of customers at Target stores across the country in December 2013 laid bare the inability of big institutions to block determined hackers.
“Target spent millions on security,” said Chad Boeckmann, CEO of Secure Digital Solutions, a Minneapolis company. Yet the Minneapolis-based retailer was undone by a small heating and air conditioning contractor who had limited access to its computer system. Once hackers gained access through the contractor’s tiny portal, they programmed their way into the rest of Target’s network.
“We’re adopting the internet into our lives at an alarming rate because we haven’t adopted security as part of the core design,” Boeckmann said.
Minnesotans got a taste of the chaos a computer hack can cause in 2009, when foreign hackers took over the Secretary of State’s home page and replaced it with unauthorized content and links. Officials had to take down the site for a day and never were able to identify or prosecute the hackers.
The state’s voter registration and elections systems have never been hacked, Simon said. Reliance on paper ballots offers the best insurance that elections are not compromised, he said.
Voters in Minnesota mark a paper ballot and then insert it into an optical scanner. After the polls close, the tabulator prints out a vote count that is checked against the number of physical ballots cast. Then county officials use an encrypted internet system to send vote tallies to the state. Even that brief journey through cyberspace gets double-checked against the local results.
“It turns out that old-fashioned paper is a good way to ward off problems,” Simon said.
The paper trail served Democrat Al Franken well in 2008. He narrowly won election to the U.S. Senate after a recount that reversed an earlier result that showed Republican incumbent Norm Coleman had barely held onto his seat.
Franken praised Minnesota’s reliance on paper ballots and vote verification audits.
Democratic Sen. Amy Klobuchar said that because the Minnesota electoral system has so many safeguards, it is tough for her to imagine how it could be compromised. “That being said, cybercrime and hacking [are] happening every day.”
Republican Rep. Tom Emmer, who narrowly lost a gubernatorial election to Mark Dayton after a recount, is as worried about federal cyber security edicts as he is about computer hackers.
“Just concentrate on it at the local level and the rest of it will take care of itself,” Emmer said. “I don’t think you can organize this vast nationwide, worldwide conspiracy to do that sort of thing.”
Minnesota Republican Party chairman Keith Downey, who previously consulted in the development of three state voter registration and balloting systems, is more worried about voter fraud and a failure to require photo identification.
“That is by far a bigger concern than someone hacking into the equipment or the voter rolls,” Downey said.
Hamline University political scientist Joseph Peschek said voter skepticism abounds this election cycle, particularly after the DNC hack revealed party leaders working against Sen. Bernie Sanders’ bid for the presidential nomination. Trump himself has raised concern about losing due to the election being “rigged,” particularly after recent court rulings tossing out voter ID laws.
“Those are two different issues,” Peschek said. “But they meet up in a general suspicion of the way things work.”