Kansas, Delaware, and New Jersey are in the process of purchasing voting machines with a serious design flaw, and they should reconsider while there is still time! Over the past 15 years, almost all the states have moved away from paperless touchscreen voting systems (DREs) to optical-scan paper ballots. They’ve done so because if a […]
Securing the Vote — National Academies report
September 11, 2018 by
In this November’s election, could a computer hacker, foreign or domestic, alter votes (in the voting machine) or prevent people from voting (by altering voter registrations)? What should we do to protect ourselves? The National Academies of Science, Engineering, and Medicine have released a report, Securing the Vote: Protecting American Democracy about the cybervulnerabilities in U.S. election […]
Are voting-machine modems truly divorced from the Internet?
February 22, 2018 by
(This article is written jointly with my colleague Kyle Jamieson, who specializes in wireless networks.) [See also: The myth of the hacker-proof voting machine] The ES&S model DS200 optical-scan voting machine has a cell-phone modem that it uses to upload election-night results from the voting machine to the “county central” canvassing computer. We know it’s […]
My testimony before the House Subcommittee on IT
September 29, 2016 by
I was invited to testify yesterday before the U.S. House of Representatives Subcommittee on Information Technology, at a hearing entitled “Cybersecurity: Ensuring the Integrity of the Ballot Box.” My written testimony is available here. My 5-minute opening statement went as follows: My name is Andrew Appel. I am Professor of Computer Science at Princeton University. […]
Which voting machines can be hacked through the Internet?
September 20, 2016 by
Over 9000 jurisdictions (counties and states) in the U.S. run elections with a variety of voting machines: optical scanners for paper ballots, and direct-recording “touchscreen” machines. Which ones of them can be hacked to make them cheat, to transfer votes from one candidate to another? The answer: all of them. An attacker with physical access […]
