1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Democracy in danger: Vulnerable electoral systems

October 16, 2018

Manipulated elections undermine confidence in democracy. Yet digital electoral systems are frighteningly vulnerable to attacks. The solution is surprisingly simple.

https://p.dw.com/p/36Pnl
Numbers and letters on a computer screen
Image: picture-alliance/dpa/A. Marchi

After a close election, the defeated more and more often shake their heads in astonishment: Could this really be the outcome? Why were the predictions so far off? Did everything actually go right?

For years, concern has been growing that political opponents or foreign powers could manipulate voters or even entire elections.

Even if it is not possible to influence the outcome of an election, attempts at manipulation will at least cause frustration and uncertainty.

These doubts are poisonous for any democracy, as they erode the foundations of our political system — namely the need for a basic confidence in the legality of electoral decisions and a respect for the wishes of the majority.

They can raise questions about democracy itself — and that in a time when it faces powerful adversaries, including autocrats, populists or other opponents of pluralism.

Trendsetting congressional elections in the United States

Such discussions will certainly arise again after November 6 when Americans go to the polls to elect 435 members of the United States House of Representatives and one third of the Senate.

The losers will likely feel a sense of insecurity, particularly in such a divided nation, whose electoral system has frequently come under criticizm. 

US-President Donald Trump in Virginia
US President Donald Trump doubted the reliability of the US elections despite his election victoryImage: Reuters/C. Allegri

For years, the US has feared interference in its elections by foreign powers. But since the last presidential election, there has been mounting evidence that Russia has been attempting just that.

Russian trolls have systematically spread crude false reports on social networks; hackers launched a cyber attack on the Democratic National Committee's server and published opponent Hillary Clinton's unflattering emails.

In addition, there is solid evidence of manipulation attempts, as the Cambridge Analytica scandal showed.

Read more: UK plans maximum fine for Facebook over data breach

Read more: Facebook data breach: Irish authority investigates security failure

The political consulting firm had deliberately manipulated US voters via Facebook and indirectly influenced the Brexit vote.

It is "almost certain that systematic fraud and voter deception took place," Whistleblower Christopher Wylie said at a hearing in the European Parliament. "Facebook's system allowed it to happen."

These attempts at manipulation prompted the former director of research at Cambridge Analytica to become a whistleblower. 

"If we allow cheating in our democratic process, and we allow this amount, what about next time and the time after that? This is a breach of the law. This is cheating. If you cheat on an exam, you've got to fail. If you cheat in the Olympics, you lose your medal. You shouldn't be cheating", explained Wylie before a British committee of inquiry.

Easily manipulated voting machines

However, attempted influence is different from actual manipulation of election results. J. Alex Halderman, a professor of computer science at the University of Michigan, has repeatedly demonstrated how susceptible current voting machines in the US are to this. In one instance, Halderman put the Pac-Man game on a voting computer to demonstrate just how vulnerable the system is.

At a hearing in the US Congress, Haldermann warned of the system's vulnerability. 

"Our highly computerized election infrastructure is vulnerable to sabotage and even to cyberattacks that could change votes," said the computer security expert.

Despite those cautionary words, the insecure voting computers Accuvote TS and TSX will again be used in almost 20 states in the next congressional election.

One bad system replaced by another bad system

With the introduction of election computers, the Americans wanted, among other things, to react to the year 2000's embarrassing election drama. Republican George W. Bush won the election by a tiny majority, just pipping Democrat Al Gore to the post.

A woman voting at a computer
Pac-Man for President? The voting computers used in the USA are particularly easy to hackImage: picture-alliance/dpa

Still, it took some time to come to that conclusion even after the heated election was over, because many of the punched cards used at that time were not clearly punched. For 36 days and 36 nights the USA and the whole world looked to the election helpers in Florida who examined the unclear punched cards with magnifying glasses.

Even after Bush's narrow election victory was certain, the result remained controversial. After all, Bush's lead was only 0.008 percent with around 6 million votes cast in Florida. The unreliable punched card system invalidated more than 100,000 votes because they could not be attributed beyond a doubt.

As a lesson from the debacle, Florida introduced a computer-based voting system in 2004. Around a third of all registered voters will vote digitally in the 2018 congressional election. The rest will make their crosses the old fashioned way or use the hole-punch system.

Hacking is child's play

Defcon 26, one of the world's leading hacker fairs, which took place in Las Vegas in August, showed how easy it is to hack election procedures by computer. The organizers announced a competition for young hackers to be the quickest to crack the security technology of the election authority's websites.

Voters are registered on the websites of the election authorities and informed about the nearest election office. In addition, the results are also transmitted there on election day.

Read more: The top ten mistakes that make life easy for cyber-criminals

Exact copies of the Florida, Iowa, Michigan, New Hampshire, Ohio, Pennsylvania, Virginia and Wisconsin electoral sites were created for the competition. It took 11-year-old Audrey Jones just 10 minutes to hack one of the pages and penetrate the page structure. There he could have changed the names of the candidates or the number of votes at will. According to the organizers, more than 30 children were able to hack the copied websites in less than half an hour.

Europe is also threatened 

This isn't just a US problem; European systems are not immune to attacks or manipulation either. And the machinations of Cambridge Analytica are not the only evidence of this. In France, too, thousands of internal documents of the candidate Emmanuel Macron were distributed in the 2017 presidential election shortly before the run-off. The perpetrators had hacked internal information such as emails, invoices and contracts from Macron's election campaign team and put them on the net.

Mark Zuckerberg appearing before the US Congress
Facebook CEO Mark Zuckerberg made only vague promises to the US Congress (photo) and EU ParliamentImage: Getty Images/AFP/B. Smialowski

EU Commission President Jean-Claude Juncker, in his speech on the state of the European Union in mid-September, warned of possible manipulation of the European elections next year.

"We must protect free and fair elections in Europe. That is why the Commission is today proposing new rules to safeguard our democratic processes against manipulation by third countries or even private interests," he said. 

Serious security gaps in the last German elections

Germany is also afraid of possible manipulation and cyberattacks. Each day, thousands of hacker attacks on companies, infrastructure and government institutions show how justified this concern is. There have also been successful cyberattacks on Germany's parliament, the Bundestag, and the federal data network. In those attacks, the hackers had worked their way so deep into the system that the entire Bundestag IT had to be replaced.

Read more: Hackers attack RWE website amid Hambach Forest evictions

Read more: Two Russians probed for hacking anti-doping agency WADA

The Russian military intelligence service GRU — or more precisely the hacker group "APT28" associated with GRU — is behind the attacks, according to the findings of the United Kingdom's National Cyber Security Centre. The agency published a list with a total of 12 Russian hacker groups said to be backed by GRU.

According to estimates by British, Dutch and US security authorities, these groups are also responsible for the cyberattacks on the World Anti-Doping Agency (WADA), the Organisation for the Prohibition of Chemical Weapons (OPCW) and many other institutions.

A Cold War rages in cyberspace

Despite the dangers, many areas of political life are inadequately protected, as the authorities have regularly pointed out. Darmstadt computer science student Martin Tschirsich demonstrated last year how easy it is to manipulate an election in Germany.

Without much effort, he found "PC-Wahl" — a supposedly protected software program used in German elections to evaulate the results — online. He found not only the corresponding operating instructions, but also the corresponding passwords on the net.

A hand placing a ballot paper in a ballot box
Paper ballots might be slow and analog but they are perhaps more reliable Image: Getty Images/AFP/J. Nackstrand

Thus, the resourceful student gained access to the sensitive code of the software — and could have caused chaos. But Tschirsich instead informed the authorities about the serious security weaknesses. They intervened and took the software out of circulation.

Paper: Analog and slow, but reliable

Almost any software will be hacked sooner or later. A totally secure system will probably never exist. That's probably good news for despots and autocrats, for whom free, fair and secret elections are undesirable but a strong democracy needs a reliable electoral system.  

Therefore, even in the digital age, according to hacking professor Halderman, there is no way around the fact that, in addition to the electronic vote, there must also be a classical analog vote on paper. This is also supported by the current US president.

"It's old-fashioned, but it's always good to have a paper backup system of voting," Trump said at a press conference in early 2018.

Of course, there are still countless possibilities for manipulation. Additional ballot papers can appear or regular ballot papers can disappear somewhere. The digital transmission of the analog results to the central election commission is also susceptible to manipulation. In case of justified doubts, however, there would always be the possibility of a recount.