5 Questions on the Midterms with Cyber Security Expert Steve Bellovin

November 06, 2018

In 2008, Steve Bellovin volunteered to be a poll worker in his New Jersey town. It wasn’t just because of his interest in the history-making contest between John McCain and Barack Obama, but also because he wanted to see the technology of voting up close.

Bellovin, a computer scientist whose expertise is in cyber security, is the Percy K. and Vida L.W. Hudson Professor at the Engineering School and a member of the University’s Data Science Institute. Now that many election districts have moved from paper ballots and old-fashioned voting machines to electronic voting, he is far more worried about bugs in the computer codes of electronic voting machines than he is about cyberattacks. These new machines are susceptible to software malfunctions, as well as external security risks, he says.

Q. What is the status of our election voting security?

A. The short answer is pretty bad, but not as bad as it was. Voting is what we engineers call a systems problem—there are many, many different moving parts involved in voting. If you want to worry about security of a system you’ve got to worry about all of the different parts and how they interact and interconnect. In voting, the piece that gets the most attention over the years is how you actually cast your ballot, because that’s where there’s the highest potential for error.

Q. Your latest blog post is titled “An Election Disaster Foretold.” What were you referring to?

A. The 2018 Texas general election is going to be a disaster, and that’s independent of who wins or loses. To be more precise, I should say who appears to win or lose, because we’re never really going to know. Despite more than 15 years of warnings, Texas still uses Direct Recording Electronic (DRE) voting machines, where a vote is entered into a computer and there is no independent record of how people actually voted. My concern with electronic voting machines is ordinary bugs in the code. In Texas early voting, some people’s votes are being changed by the voting machines.

Q. What can be done?

A. It’s a really hard problem to deal with. It’s not like, say, an ATM system, where they print out a log of every transaction and take pictures, and there’s a record. In voting you need voter privacy—you can’t keep logs—and there’s no mechanism for redoing an election if you find a security problem later. There’s a strong constituency for these DRE machines—advocates for the disabled, people with motor impairments—because these new technologies allow them to vote without assistance, both from a privacy aspect and a dignity aspect. But we computer scientists are saying, “don’t you want your vote to actually count correctly?” That has been a persistent battle between two forces who both want the right thing to happen for different things.

Q. You’ve been concerned with election security for years. Is there more attention to the issue today?

A. A lot of interest was stimulated by the 2000 election with the butterfly ballot in Florida which made people aware of technological vulnerabilities [and which led to a recount that ultimately threw the election to the U.S. Supreme Court.] Congress passed the Help America Vote Act, formed the Election Assistance Commission. There are about 10,000 different voting jurisdictions in the country. That’s one of the reasons why it’s so hard technologically. But you can’t easily rerun an election without really overwhelming evidence of massive error. The courts just won’t do it and the people won’t accept it.

Q. What is the safest method of voting?

A. Paper balloting—really. A recent National Academies report noted longstanding concerns about machines, which are vulnerable to software malfunctions and other security risks. They recommended that votes should be cast only by human-readable paper ballots, and that recounts should be done by human inspection of the ballots. We need the paper trail if there is need for an election audit.