Photo by Bob Foran
Photo by Bob Foran
Hacking the Vote: It’s Easier Than You Think
Professor J. Alex Halderman has made a career studying electronic voting security. His research has changed the concept of stolen elections from theory to reality.
“I know America’s voting machines are vulnerable,” J. Alex Halderman firmly stated, pausing to lift his head from the page he read to look up at a phalanx of U.S. senators, “because my colleagues and I have hacked them—repeatedly—as part of a decade of research studying the technology that operates elections and learning how to make it stronger.”
It’s not hyperbole to say a shudder swept through that august meeting room in the Hart Senate Office Building in Washington, D.C., as Halderman delivered a much-rehearsed line at the onset of a six-minute statement. Until the U-M computer science professor began his testimony before the Senate Select Committee on Intelligence in June 2017, the idea of a hacked American election felt to many lawmakers like a still-theoretical notion. Other technologists and elections integrity experts had warned members of Congress in such formal settings about abstract vulnerabilities, but state officials and election machine vendors had repeatedly insisted they had it all under control.
Halderman has little patience for such coddling. That his voting machine intrusions took place in laboratories rather than live elections made his message no less alarming to the committee.
“We’ve created attacks that can spread from machine to machine like a computer virus and silently change election outcomes,” Halderman continued. “We studied touch screens and optical scan systems.” Then, emphasizing each next word with a staccato delivery and direct eye contact, he stated: “And in every single case, we found ways for attackers to sabotage machines and to steal votes. These capabilities are certainly within reach for America’s enemies.”
After the aforementioned decade of warning lawmakers about the dangers posed by the machinery of U.S. elections, Halderman, 37, had delivered his message directly to the country’s most powerful people. Since then, he has returned to the Capitol routinely to chat with legislators and their staff as Congress passed $380 million in funding for states to modernize their equipment and security practices. In addition, Sen. Richard Burr, the chair of the committee Halderman testified before, sought his input into an election reform package that, as of press time, has yet to be introduced.
It was, he senses, his willingness to declare everything not just hackable but hacked that made heads turn during his Senate testimony. And it is those daring theatrical flourishes—combined with a congenial demeanor of genuine, limitless patience with less tech-savvy people—that has thrust Halderman to the forefront of the quest for safer elections as well as other key high-tech security and privacy issues. At the hearing, Burr, a North Carolina Republican, good-naturedly referred to Halderman as someone who “likes to break in” to election systems and followed up by telling him, “I think what you did was important.” Halderman just chuckled along rather than correcting the senator’s implication that he’d hacked live elections.
Being likable is one of Halderman’s most potent weapons in bending disparate groups of people to his will.
“The archetype sometimes of a technical person might be someone who attaches less significance to the side of cooperating and interacting with people,” says David Robinson, Halderman’s dorm neighbor during his undergraduate days at Princeton University and now a principal of a Washington, D.C.–based tech policy consultancy. “For Alex, the question of how you align everyone’s politics and incentives in such a way that you’re going to accomplish something extraordinary together is something that really comes naturally to him.”
On a paper napkin, J. Alex Halderman diagrams ways that hackers can infect voting machines with malware. | Photo by Marc McAndrews
In computer science circles, Halderman was a rock star long before he went to Capitol Hill to scare the bejesus out of everybody about the fragility of American democracy. During his first semester as a Princeton graduate student, he and his mentor, professor Ed Felten, showed how easy it was to defeat Sony BMG’s efforts to prevent CD piracy.
Not long after, Felten drew the promising young researcher into a project that would go on to inform much of Halderman’s career: electronic voting security. After the 2000 election debacle in Florida, with all those hanging chads and confusion about voter intent on paper ballots, Congress gave states more than $3 billion to modernize their voting machinery. This led to a widescale move to touch-screen balloting and computerized tabulations, yet few states or equipment vendors would give independent researchers access to assess how secure these machines were. So in 2006, Felten made contact with an elections insider willing to slip him a commonly used model.
This set up a scene reminiscent of a spy novel, with Halderman, then 25, meeting in an alley with a man in a trench coat who handed him a large leather briefcase containing the contraband voting machine. A few months later, the team posted a YouTube video showing the machine being hacked in a mock election in which Benedict Arnold wins the presidency despite voters clearly choosing George Washington.
That sort of cheeky antic became a signature feature of Halderman’s efforts to alert the public to technological insecurities. In 2010, most notably, the District of Columbia was planning to allow citizens to vote via the internet in municipal elections. Online voting is, to Halderman, a particularly terrible idea and one that he has worked against by exposing security flaws in systems used in Australia, Estonia, and Norway.
To demonstrate and test the district’s system to the public, the city held a mock election a few weeks before election day. Halderman—in his second year as an assistant professor of computer science at U-M—saw this as “a fantastic opportunity to test out attacks in a live system but not an actual election.”
His team easily broke in, altering votes without detection, and even commandeered the video surveillance of the system’s servers. In fact, the only reason anyone noticed the breach was the music on the “thank you for voting” page: His students had set the system to play “The Victors.”
District officials canceled the online voting idea and never returned to it.
Halderman, director of U-M’s Center for Computer Security and Society, in his office | Photo by Joseph Xu/Michigan engineering
One day in 2011, Halderman was at a whiteboard fielding questions from undergraduate engineering students in his “Introduction to Computer Security” class.
A junior asked why a certain approach to circumventing internet censorship in places like China wouldn’t work, so Halderman began explaining its flaws. As he did, though, an idea popped into his head. The class, he says, didn’t notice the few moments when he stopped and stared at the board, but at that moment a groundbreaking concept now known as “refraction networking” became fixed in his brain. Refraction networking provides a way to deceive censors into thinking they have successfully blocked citizens from banned websites and services while they have, in actuality, allowed access.
Four years after that brainstorm in Ann Arbor, Halderman appeared in New York City with then-United Nations Ambassador Samantha Power to explain the concept at the Internet Freedom Technology Showcase, held alongside the 2015 U.N. General Assembly meeting. Halderman would go on to helm a coalition, relying on more than $2 million in federal funding from the State Department’s Bureau of Democracy, Human Rights, and Labor, and this summer the second pilot deployment of the technique took place. Steven Schultze, a former State Department program officer in the bureau, says refraction networking is “a generational jump forward” and “the most promising of all the anti-censorship programs going on.”
Halderman, now a tenured professor at U-M and the founding director of the University’s Center for Computer Security and Society, describes his eureka moments as instances in which “the pieces snap together. You set up for it and then—aha! When you’re working on hard problems, it’s not so often when you get beautiful solutions.”
Beauty and elegance are traits Halderman clearly treasures, a product of his upbringing on a 50-acre wooded plot in Bucks County, Pennsylvania. His parents indulged his natural itch to disassemble electronics but also took him to New York often to see the opera. He opens some speeches with a portrait of his great-grandfather Maxo Vanka, a prominent Croatian-born artist, and uses that ancestry to trace his own philosophy of promoting security and privacy to Vanka’s efforts to fight fascism.
Halderman’s office reflects much of his diverse interests and views. His shelves are overwhelmed with works by the likes of Plato and Homer as well as the expected computer science texts and a Geiger counter bought at the Titan Missile Museum in Tucson, Arizona, as a “symbol of a certain era of fear, of where we don’t want to go.” One telling piece of art on his wall is a poster he made at Princeton showing a blown-up image of a key engraved with the words “DUPLICATION PROHIBITED.” “It’s the key to the room that contains a giant printer on which it was printed,” Halderman says with a smirk. “Using the information in this picture, you can replicate not only the physical key by going and cutting one but the poster of the key by printing one after getting in.”
Halderman’s long-standing love of the humanities has made him especially aware of the real-world consequences of the misuse of technology. That helps to explain the dramatic array of technological discovery. From his U-M lab, he and his students have alerted Homeland Security that full-body scanners in common use at airports can be effortlessly duped. They also have developed a now-widely used method of querying every IP address in the world in minutes. And they have persuaded the Chinese government to abandon its efforts to require that all computer users load a piece of surveillance software by demonstrating how vulnerable that made every PC in the country to hack attack.
In 2016, he took a group of students to Hamburg, Germany, for the Chaos Computer Club, billed as the world’s biggest hacker conference. There, they watched him and a Princeton colleague reveal to the world that they had figured out the technological approach taken by the National Security Agency to intercept the enormous amount of material it captured according to the documents leaked by NSA whistleblower Edward Snowden. As part of the presentation, Halderman also told the world how best to undermine the NSA’s surveillance.
“Alex chooses problems that aren’t just academically interesting but have a real-world connection,” says Zakir Durumeric, then a U-M doctoral candidate who is now an assistant professor of computer science at Stanford. “If you look at the papers we’ve written over the last couple years, we’re looking at how we can improve security today.”
A U-M student votes in the experimental election held on North Campus in a demonstration for The New York Times. | Photo by Levi Hutmacher/Michigan engineering
The only reason there’s no evidence of whether voting machines or vote tabulating equipment was hacked in the 2016 presidential election, Halderman insists, is because nobody allowed him or anyone else to check. This is the core of his advocacy regarding electronic voting machines and vote tabulators: He loves technology and believes it can improve lives, but he also urges extra caution when it comes to a process as important as selecting leaders.
In the weeks after the election, Green Party candidate Jill Stein filed for recounts of votes in Michigan, Wisconsin, and Pennsylvania. The intellectual backbone of that effort, however, came from Halderman and a clutch of computer scientists and elections experts who pushed for the chance to analyze the computer equipment used in those states for evidence of malware. After an erroneous report in New York magazine set off a frenzy by claiming Halderman felt he had “persuasive evidence that the results … may have been manipulated or hacked,” Halderman wrote a widely read Medium essay in which he asserted he never said that but was, nonetheless, concerned.
“The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania,” he wrote. “Unfortunately, nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts.”
In the end, the effort didn’t succeed. On cable news and social media, Halderman was dubbed a Stein puppeteer trying to steal the election for Hillary Clinton, and court rulings blocked recounts in Pennsylvania and halted them in Michigan. In Wisconsin, recounts were completed with negligible vote changes, but nobody was able to inspect any of the equipment.
It was remarkable, then, that just six months later Halderman was invited to testify for the U.S. Senate and received warm reception from members of both political parties in a setting that can be notoriously partisan and contentious. To prepare, Halderman spent a few days with a “murder board” of friends and colleagues drilling him with possible questions and rehearsing his opening statement. The aim was for Halderman to avoid seeming partisan.
“One thing we were careful about was trying to figure out how to keep the focus on the secure voting systems we all want instead of letting the conversation go down a rabbit hole of concern about the election just passed,” says Robinson, who helped edit Halderman’s testimony. “We didn’t want him to mention particular problems. We want everyone to have reason to trust our elections.”
On video of the hearing, Halderman appears unflappable as he explains why a certain type of inexpensive, statistically sound audit of paper ballots after an election ought to be routine and is key to double-checking the computer’s results. In actuality, he says, “My adrenaline levels were so high, my heart was beating so fast. It was all I could do to read those prepared remarks, but when I was done, it was a tremendous relief.”
The message seemed well-received, and a few states are starting to consider post-election audits. Since then, Halderman has become a media fixture. The New York Times even produced a short film in which Halderman staged a mock election between Ohio State and U-M at the Beyster Building on North Campus. Knowing that most students would vote for U-M, he demonstrated how easy it is to hack the machines and produce a Buckeyes win.
He’s still worried about the health of the democratic process, but he tinges his alarm with some optimism. Asked whether the country is any better prepared for the 2018 midterm elections than it was in 2016, he replies, “Oh, it’s more or less the same. It’s not great news. But, if anything, we’re watching more vigilantly. If the systems are probed or attacked, it’s more likely we’ll find out about it in 2018. Does that mean that attacks won’t succeed that would have succeeded before? I don’t think we have a basis for strongly increased confidence there. But there are more people watching.”
Steve Friess is a Michigan-based freelance journalist and a 2011-12 Knight-Wallace Fellow at U-M. His work appears regularly in The New York Times, The New Republic, Playboy, and many others.