security technologist and fellow at Harvard’s Berkman Center for Internet and Society.
“American Elections Will Be Hacked.’” That’s the title of a recent article in The New York Times by our next guest, the leading cybersecurity and privacy researcher Bruce Schneier. Schneier warns, “Our newly computerized voting systems are vulnerable to attack by both individual hackers and government-sponsored cyberwarriors. It is only a matter of time before such an attack happens.” Schneier is a security technologist and fellow at Harvard’s Berkman Center for Internet and Society and author of the book “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.”
AMY GOODMAN: This is Democracy Now!, democracynow.org, The War and Peace Report. I’m Amy Goodman. “American Elections Will Be Hacked.” That’s the title of a recent op-ed in The New York Times by our next guest, the leading cybersecurity and privacy researcher Bruce Schneier. He warns, quote, “our newly computerized voting systems are vulnerable to attack by both individual hackers and government-sponsored cyberwarriors. It is only a matter of time before such an attack happens.” Bruce Schneier is a security technologist, fellow at Harvard’s Berkman Center for Internet and Society, author of the book Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
Bruce, welcome back to Democracy Now! Talk about your concerns today in this aftermath of the 2016 election.
BRUCE SCHNEIER: A lot of our voting machines are basically computers. And especially computers without any paper audit trail are vulnerable to hacking and errors in ways that can’t be corrected. And my worry is that we’re going to have an election where there is credible evidence of a hack, and we’re literally not going to know the actual results and have no way to figure it out. And that, right now, will be disaster for our system.
AMY GOODMAN: So you said your concern is “we’re going to have an election.” Do you think we had one?
BRUCE SCHNEIER: My guess is no. It’s sort of interesting to watch these three states. There’s research that shows there are statistical—
AMY GOODMAN: You mean Pennsylvania, Wisconsin and Michigan?
BRUCE SCHNEIER: Yeah, those three states. So there are anomalies in the results that seem to correlate with voting machine type. Now, that is a red flag for hacking and something we should look at, and we should definitely research this. My guess is it isn’t. My guess is there’s some confounding variable that the machine type is correlated to demographic in some way. But we don’t actually know until we do the research. My worry right now is the recount. That process was designed decades ago, when it meant counting the ballots slower and more carefully. And it didn’t mean looking at the voting machines for forensic evidence of hacking. So I’m not convinced that even after this recount we’re going to know more.
AMY GOODMAN: I want to turn to comments by Alex Halderman, director of University of Michigan Center for Computer Security and Society and one of the leading computer scientists and election lawyers calling for a recount. He indicated a hack of the vote was, quote, “plausible,” but went on to emphasize, quote, “The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence—paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania.” Your thoughts?
BRUCE SCHNEIER: So, he’s 100 percent correct. That’s the only way to know. And when there are paper ballots, if it’s an optical scan machine, where you vote on paper, and that paper ballot is your backup, you can look at that paper. And that will give you the actual vote. In states that don’t have that, that are just touchscreen machines like ATM machines, there’s going to be really no way to figure out original voter intent. There, the only thing you can do is forensically analyze the machines, the network. And while that may lead to evidence of hacking, it won’t tell you what the original votes are. Now, that process can take weeks. It can take months. It’s not a process we’re really ready for. We expect to know the winner now.
AMY GOODMAN: In Wisconsin, Clinton received 7 percent fewer votes in counties that relied on electronic voting machines compared with counties that used optical scanners and paper ballots. That was a piece in New York magazine. Your thoughts?
BRUCE SCHNEIER: So that’s exactly correct. So that is the red flag that could indicate hacking. It could indicate other things, too. There was a complex post on FiveThirtyEight.com that looked at that data and had a theory that it was demographics that was the deciding factor, and not hacking. That could be true, too. So, we have a problem right here. Right? Elections serve two purposes. The first is to choose the winner, but the second is to convince the loser. The losing side has to believe the election is fair; otherwise, it’s not legitimate. Things like this delegitimatize the election. And that’s why we need to investigate them and come up with the actual answer. And if there was hacking, we need to know about it. If there wasn’t, we need to know about it. And—
AMY GOODMAN: I want to turn—
BRUCE SCHNEIER: —Stein made a really important point. There needs to be rules in place beforehand, because now, when the election is over, battle lines are drawn. It’s Trump versus Clinton. And you’re going to pick the process that will have your side win. Rewind this a month, and it would be really easy to come up with a set of rules that everyone agrees on. So we need those rules in place before we vote, when we don’t know which way the hacking or the demographics or the miscount might go.
AMY GOODMAN: I want to turn to a report produced by Rolling Stone investigative reporter Greg Palast. He was in Ohio just before the election. Palast spoke to election law attorney Bob Fitrakis about problems with the voting machines. We hear first from Fitrakis.
ROBERT FITRAKIS: Well, machines now can actually take a ballot image, in the sequence of every single one cast, to eliminate fraud if somebody tampers with the paper ballots.
GREG PALAST: There’s only one problem.
ROBERT FITRAKIS: They’ve decided to turn off the security.
GREG PALAST: Election law attorney Robert Fitrakis represents Republicans and Democrats. He just discovered that the photo image and audit protection functions have literally been shut off.
ROBERT FITRAKIS: So they bought state-of-the-art equipment and turned off the security.
AMY GOODMAN: So that’s Bob Fitrakis in Greg Palast’s piece. Bruce Schneier, your response?
BRUCE SCHNEIER: So it’s hard to know how bad that is. If they’re photographing the paper and the paper still exists, then we’re OK, if the photograph is just a backup of the paper. If the paper is destroyed, then that’s an absolute disaster. So, not knowing more, I can’t tell. But something else is brought up in this that’s real important, that we can’t lose sight of, I think, the real issue here, which is not the hacking in those three states, but the voter suppression everywhere. And whether it is voter ID requirements or closing polling places in poor neighborhoods or reducing early voting or purging voter rolls, there’s a concerted effort in the United States to deny people the right to vote. I think that’s the real issue. And that has probably caused a lot more discrepancy in the vote versus the will of the people than machines, even though machines can be a disaster.
AMY GOODMAN: I want to turn to Michael Isikoff. We spoke to him, chief investigative reporter for Yahoo News, looking at reports that hackers outside the U.S. infiltrated two state election databases. This is what he had to say about vulnerabilities in the voting infrastructure here.
MICHAEL ISIKOFF: In 40 states, we have optical scan voting, in which there are backup of paper ballots, so there’s a safety net there. But there are points of vulnerability. In six states and parts of four others, including Pennsylvania, a crucial swing state, there are electronic voting machines, that are vulnerable, that could be tampered with. There’s internet voting for overseas ballots and military ballots in 33 states, so that’s another point of vulnerability.
AMY GOODMAN: That’s Michael Isikoff. Bruce Schneier?
BRUCE SCHNEIER: Well, he’s exactly correct. There’s really three areas of vulnerability we have to worry about. The first is the voting rolls. If someone can hack those rolls and change them or delete them, they could cause real problems on Election Day. The second is the machines. And, yes, optical scan machines are the most secure and the safest. And that’s a paper ballot that you fill in ovals, and it’s processed, and the paper is your backup. The third area of vulnerability is the tabulation and the counting. And we don’t talk about that much, but after everyone votes, there’s a system of consolidating all of those results from every machine higher and higher into a single state result. And there’s vulnerability there. So, yes, those three areas are all rife for hacking, not just from foreign powers, but from hackers everywhere. I mean, these aren’t things that are only the purview of nation states. Our computer systems are so vulnerable that even amateurs can, in some cases, do it.
AMY GOODMAN: Bruce Schneier, we want to thank for being with us, security technologist, fellow at Harvard’s Berkman Center for Internet and Society. We’ll link to your piece in The New York Times that’s headlined “American Elections Will Be Hacked.” He’s also author of Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
That does it for our broadcast. And we hope, if you’re in the area, you will join us Monday, December 5th, at Riverside Church in New York City for our 20th anniversary celebration, featuring Harry Belafonte, Noam Chomsky, Patti Smith, Danny DeVito, Danny Glover, Tom Morello, Juan González and many more. You can visit democracynow.org for details.
And we have a job opening. Democracy Now! is hiring a senior TV producer. We also are looking for interns and fellows. Go to democracynow.org.