Computer science professor says we need to do a recount to make sure election wasn’t hacked

The 2016 presidential election may have been hacked. And if so, there’s only days left to save it.

On Tuesday, New York Magazine reported that a group of computer scientists and election lawyers were urging the Clinton campaign to challenge the close results in three swing states. In a post on MediumTuesday night, one of those experts—University of Michigan professor, J. Alex Halderman, a cybersecurity expert— responded to the article, saying it “incorrectly describes the reasons manually checking ballots is an essential security safeguard,” but then goes on to explain why he and others do feel strongly that the ballots need to be checked:

Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not…. [But] the only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania. Unfortunately, nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts.

Halderman then goes on to detail how easy it could be to hack the American election, suggesting it isn’t just something out of a conspiracy novel. Halderman has himself already hacked voting machines to illustrate their vulnerability. Here’s the three steps to rigging an election. (Yes, there are only three steps.):

First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close.

Hackers wouldn’t need to hack every voting machine—just those in critical swing states like Wisconsin or Pennsylvania where a small margin is expected. They’d likely scope out voting sites early, then spread malware into the machines that could tip results towards their desired candidate. Subtlety is key. Smarter hackers, Halderman notes, will set the malware to remain dormant during security tests, provide false information during counting, then auto-delete when polls are closed. (Think of Volkswagen and the way it programmed its cars to change their emissions when undergoing environmental testing.)

Hackers would need to infect voting machines before they were distributed to polling locations around the city. City officials use removable media (like a flash drive or memory card) to upload the ballot to each machine. Doing so on an infected machine would allow malware to “hitch a ride,” he says, to every other machine in the area, even without an internet connection.

As Halderman details in his post, there’s no centralized security for protecting voting machines—each state chooses their machine and security separately. It’s almost the perfect crime, but there’s one way to know without question whether a voting machine’s results were accurate: the paper ballot that voters cast.

“Just as you want the brakes in your car to keep working even if the car’s computer goes haywire,” Halderman writes, “accurate vote counts must remain available even if the machines are malfunctioning or attacked.”

70% of Americans, Halderman says, live in places that maintain paper records of votes, but no states are actually planning to verify results. He urges candidates to push for a paper recount, particularly in swing states with narrow margins:

The deadlines for filing recount petitions are soon — for example, this Friday in Wisconsin (margin 0.7%), Monday in Pennsylvania (margin 1.2%), and the following Wednesday in Michigan (margin 0.3%).

It puts Hillary Clinton in a particularly awkward position, however, given her criticism of Donald Trump’s refusal during the debates to say that he would accept the results of our election.

The security of our voting system needs to be updated, regardless of who won the election, but anti-rigging analyses both safeguard against future attacks and relieve Americans questioning the integrity of their vote. The integrity of the country ahead of a Trump presidency, however, is still unclear.