Frederica Freyberg:
We move now from the campaign trail to the voting booth. In tonight’s closer look, election security and computer hacking. In Wisconsin, voting machines are not connected to the internet. And each vote is backed by a paper ballot to verify results. Officials here say this setup as well as other safeguards provide a secure election outcome. However last summer the Wisconsin Center for Investigative Journalism determined that Russian hackers had breached the websites of the Democratic Party of Wisconsin, the state Department of Workforce Development and as well as municipal websites, including Ashland, Bayfield and Washburn counties. Elections in Wisconsin are administered by just under 2,000 municipal clerks as well as 72 county clerks work under the oversight of the state Elections Commission. Heading into the November 6th election day, how vulnerable is our ballot box? We take that question to Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society who joins us from Ann Arbor and thanks very much for doing so.
Alex Halderman:
Great to be here.
Frederica Freyberg:
Well, now given the assurances as just laid out from our Elections Commissions about the security of Wisconsin’s system, what in your belief might be specific threats or risks in this state?
Alex Halderman:
Well, Wisconsin is doing better than some states, but it still has work to do. The problem is even though you have optical scan paper ballots in much of the state, the optical scan machines are still computers. They have potentially vulnerable hardware and software and in many cases that hardware and software is out-of-date. So it’s still possible that an attacker could find a way to spread malicious code to the machines and even change votes.
Frederica Freyberg:
And so not to give anybody any ideas, but how would a malicious hacker go about getting access to these optical scanners?
Alex Halderman:
Well, even though the voting machines aren’t plugged into the internet directly, they still have to be programmed before every election with the design of the ballot, the races and candidates. And the municipalities or outside vendors create that programming on normal computer work stations before copying it to the machines. If an attacker can access those election programming systems, they can potentially spread malicious vote-stealing code to all the voting machines across a whole region. The question is how well-protected are those machines?
Frederica Freyberg:
And do you have any understanding as to how well-protected those machines are?
Alex Halderman:
Well, officials take steps to try to isolate them, but unfortunately for the kinds of attackers that we’re most worried about, hostile nation states, there are many ways to bridge the gap into machines that are normally considered locked down. That remains a threat. It’s also a threat that outside vendors that program ballots for municipalities across many states create a kind of centralized threat that would be very attractive for attackers.
Frederica Freyberg:
Are there Russians still out there working to destabilize our elections, even in Wisconsin?
Alex Halderman:
According to intelligence reports, the Russians are still at it, as are potentially other hostile nation states. What we’ve learned from 2016 and the investigations that followed is that the Russians had the capability to do a lot more damage than they did. And I’m afraid that in 2018, because we haven’t made enough progress as a nation, there’s still a lot of damage they could do.
Frederica Freyberg:
Now, Wisconsin recently, this fall, announced that it will do post-election audits on 5% of the results. And that is something that election security experts were saying was necessary. So what’s your response to Wisconsin moving in that direction?
Alex Halderman:
Well, 5% post-election audits, that’s a really important step forward for Wisconsin, because a post-election audit means basically you’re going to look at some random sample of the paper to confirm that the computer results are correct. And that’s a way to detect and potentially recover from vote-tampering attacks. Unfortunately, if you’re just auditing 5% of voting jurisdictions, the way that Wisconsin is planning to, that’s not necessarily going to be enough auditing to catch fraud in a close election. It may just be too small a sample.
Frederica Freyberg:
What about the factor of human error? Is that a concern?
Alex Halderman:
Human error is always a concern in cybersecurity. Unfortunately, it’s very hard to make sure people are always going to follow the designated precautions and processes exactly. On the other hand, in elections we also have to consider error by voters, just filling out their ballots incorrectly. Which if done on a wide enough scale can cast some doubt on the integrity of the election result, too. We have to be able to separate error by people, error by machines and error caused by an attacker.
Frederica Freyberg:
Just very briefly, on Wisconsin, how would you rate or rank or grade its election integrity?
Alex Halderman:
I think Wisconsin is doing quite a bit better than average, because Wisconsin now has paper ballots across the state and they have an audit for races that are not very close is going to be sufficient to detect fraud. Wisconsin can improve by implementing what are called risk-limiting audits, audits designed to catch error and fraud with very high probability even in the closest elections. That would be the next step and probably the most important step left for Wisconsin to take to make sure that all voters can feel safe.
Frederica Freyberg:
All right. Alex Halderman out of Ann Arbor, thanks very much for joining us.
Alex Halderman:
Thank you.
Frederica Freyberg:
Earlier we mentioned Russian hackers had breached Wisconsin’s websites, including the state Democratic Party. The state Elections Commission said access was not gained. Instead, it was the equivalent of rattling door knobs to see if they were unlocked. We asked Reid Magney of the state Elections Commission for his response to Professor Halderman’s thoughts on Wisconsin implementing so-called risk-limiting audits. Magney said, “Risk limiting audits recount a random sample of all ballots. They work best in states that have uniform, centralized voting systems and ballots like Colorado. Wisconsin sent a team to Denver this summer to observe their audits. We learned that implementing them here would require new legislation, fundamental changes to the way we conduct elections and millions of dollars for new voting equipment statewide. The expanded 5% audit approved by the WEC for November will hand recount every ballot in randomly-selected wards, representing every county and voting system in the state. In a close race the loser can request a recount to confirm or overturn the result. Any discrepancy would trigger further investigation.”
Search Episodes

Donate to sign up. Activate and sign in to Passport. It's that easy to help PBS Wisconsin serve your community through media that educates, inspires, and entertains.
Make your membership gift today
Only for new users: Activate Passport using your code or email address
Already a member?
Look up my account
Need some help? Go to FAQ or visit PBS Passport Help
Need help accessing PBS Wisconsin anywhere?

Online Access | Platform & Device Access | Cable or Satellite Access | Over-The-Air Access
Visit Access Guide
Need help accessing PBS Wisconsin anywhere?

Visit Our
Live TV Access Guide
Online AccessPlatform & Device Access
Cable or Satellite Access
Over-The-Air Access
Visit Access Guide
Follow Us