Assessing the Case That Our Election Might Have Been Hacked

Rage against the (voting) machine.Photo: Anadolu Agency/Getty Images

When a candidate loses a tight race in our democracy, there’s a standard ritual that typically ensues: The defeated politician will deliver a gracious concession speech, while his or her supporters begin the sacred task of figuring out how and why the election was stolen from them.

As with most of the products of motivated reasoning, these theories don’t usually hold up well under scrutiny. And so, when Hillary Clinton’s narrow losses to Donald Trump in a series of key swing states were followed by mutters about hacked voting machines, it was easy to dismiss such concerns as sour grapes.

But while there was nothing unusual about Democrats proceeding directly to the first stage in the grief cycle, there was plenty that was unusual about the 2016 election: It’s not every year that the Democratic National Committee, the email account of the Democratic nominee’s campaign chair, and the voter-registration systems in two U.S. states are all hacked — and not just hacked, but, according to the federal government, hacked at the request of senior officials in a foreign government that has (allegedly) tried to sabotage other nations’ vote-counting infrastructure in the very recent past.

Add this to the fact that the results on Election Day in three pivotal swing states departed radically from what polls had predicted, and you have a recipe for reasonable concern.

And those concerns were further heightened when Gabriel Sherman reported the following on Tuesday:

Last Thursday, the activists held a conference call with Clinton campaign chairman John Podesta and campaign general counsel Marc Elias to make their case, according to a source briefed on the call. The academics presented findings showing that in Wisconsin, Clinton received 7 percent fewer votes in counties that relied on electronic-voting machines compared with counties that used optical scanners and paper ballots. Based on this statistical analysis, Clinton may have been denied as many as 30,000 votes; she lost Wisconsin by 27,000.

In light of all this — along with the extraordinarily high stakes of November’s election — the idea that states should double-check their voting machines’ results by consulting the paper receipts those machines produce may seem unassailable.

However, there are real costs to conducting such an audit, both literal and figurative: It could cost millions of dollars to perform these recounts, and while they’re being conducted, the president-elect’s ability to carry on staffing the next government could be compromised.

For Hillary Clinton to take the country down that road by petitioning for a recount, she’d want the case for believing a hack had occurred to be pretty strong.

As of this writing, there is only one specific piece of publicly available evidence that the election was hacked: In Wisconsin, Clinton performed significantly worse in counties with electronic voting machines than she did in those with paper ballots.

But anyone who is familiar with the phrase “correlation is not causation” should understand that this, by itself, tells us nothing. Clinton voters, across the nation, were clustered in far fewer counties than Trump voters were. If a couple of Wisconsin’s more diverse and highly educated counties happened to use paper balloting — while a few of its less-educated, more-white counties used electronic voting machines — that could potentially account for the entire discrepancy.

And, according to FiveThirtyEight’s Nate Silver and Nate Cohn of the New York Times, it does.

On Wednesday morning, J. Alex Halderman — one of the computer scientists encouraging the Clinton campaign to request recounts — defended his case in a post on Medium. In that piece, Halderman does not mention the Wisconsin data, and distances himself from some unspecified “incorrect numbers” in Sherman’s report.

Rather, Halderman argues that an audit is warranted because our voting system is far easier to hack than most people realize. In other words, he contends that the risk of a hack is so high, the mere discrepancy between the polls and the Election Day results in Wisconsin, Pennsylvania, and Michigan is enough to justify a recount:

America’s voting machines have serious cybersecurity problems. That isn’t news. It’s been documented beyond any doubt over the last decade in numerous peer-reviewed papers and state-sponsored studies by me and by other computer security experts … I’ve demonstrated this in the laboratory with real voting machines  —  in just a few seconds, anyone can install vote-stealing malware on those machines that silently alters the electronic records of every vote … It doesn’t matter whether the voting machines are connected to the Internet. Shortly before each election, poll workers copy the ballot design from a regular desktop computer in a government office, and use removable media (like the memory card from a digital camera) to load the ballot onto each machine. That initial computer is almost certainly not well secured, and if an attacker infects it, vote-stealing malware can hitch a ride to every voting machine in the area.

The vulnerability of our system, combined with Russia’s alleged involvement in pre–Election Day hacks, leads Halderman to this conclusion:

Were this year’s deviations from pre-election polls the results of a cyberattack? Probably not. I believe the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked. But I don’t believe that either one of these seemingly unlikely explanations is overwhelmingly more likely than the other.

Halderman makes a persuasive case that in an age of cyberwarfare, the United States should not be relying on electronic voting machines, period. Our democracy should not have an underbelly that soft. He provides plenty of evidence that an American election really could be hacked.

However, there still isn’t direct evidence that an American election really was hacked. On that score, his entire case appears to be: Trump outperformed his polls in some pivotal states.

But the polls weren’t just wrong in states with electronic voting: Trump outperformed polls across the entire Midwest, including in Minnesota, which exclusively uses paper ballots (granted, these ballots are then scanned into a voting machine, which Halderman suggests makes them vulnerable to manipulation, as well).

Now, it’s totally reasonable to believe, as Halderman does, that Michigan, Pennsylvania, and Wisconsin should recount their paper ballots, for the sake of due diligence. And it’s more than reasonable to think that America should take steps to insulate its voting system from the threat of cybersabotage.

But exit polls suggest that Trump won late deciders and inspired unusually high turnout in white, rural areas. Considering those facts, it isn’t all that surprising or mysterious that he beat his poll numbers in states with lots of rural, white voters. Which is to say: Systematic polling failure does appear “overwhelmingly more likely” than a perfectly executed, multi-state cyberattack as an explanation for the surprise on Election Day.