The science behind election security

How one professor is working toward more secure voting technology.
Students voting in a line of touchscreen voting machines

Bredt Family Professor of Engineering J. Alex Halderman has spent the past decade making the technology behind American voting systems more secure, largely by uncovering and helping to patch software vulnerabilities in equipment like voting machines and ballot scanners, and by advocating for best practices and technological advances. 

Along the way, he has run up against the limitations of our elections systems and even resistance from technology vendors and election officials. Ironically, his work has also been used to prop up false theories about fraud in the 2020 presidential election.

Headshot photo of Prof. J. Alex Halderman
Prof. J. Alex Halderman

Here’s an overview of some of the key ways Halderman’s work has helped to strengthen our democracy, as well as some of his thoughts on the pursuit of science that’s so deeply tied to the volatile world of politics.

In some cases, the vulnerabilities you’ve uncovered have persisted for years without being addressed. Why does that happen?

Halderman: Security issues are a fact of life for any technology company, and responsible companies today plan for them and have procedures for rolling out fixes effectively and efficiently. That kind of vulnerability lifecycle management is still underdeveloped in the elections field.

One reason for that gap is that the election technology sector is 15 to 20 years behind the leading tech sectors in terms of security.  It’s a small market, it’s a relatively stagnant market, and it’s not very competitive. So it’s just not an exciting place to be working as a technologist.

In addition, the election systems management infrastructure in many states is just really poor. They don’t have the investment they need to do things like install software updates on a timely basis. Our elections can also be very complex. Other countries tend to have only a few questions on each ballot, while ours might have 30 or 40. That makes every election more challenging to plan and administer.

We’ve all seen the tenor of U.S. politics become more heated, particularly in the run-up to the 2024 presidential election. Has that affected your work, or the way you talk about your work?

Halderman: I don’t think it’s changed how I work, but it’s made communicating about my work more challenging. It’s more important than ever to be precise and to think about how things might be misconstrued and make sure that what I write is heading off misconceptions.

But there’s not much that I can do to change what people are going to say about the science. It’s my job to be figuring out what’s true and to be communicating that to the public accurately. Of course, it hurts and it’s personally offensive when my work is the convenient vehicle for telling lies. But the people who want to tell lies about the last election are going to tell lies with or without my work.

I think I would do a much bigger disservice to the public and the truth if I were to discover problems and not talk about them. It’s important for people to know that these risks exist, because otherwise we’re going to continue to under-invest in our election administration and infrastructure. Our state and local officials need further support from the public, and the way you’re going to get that is by letting the public know why they need that support.

As you mentioned, this intersection of science and politics can be an exceptionally difficult place to work. Why do you keep at it?

Halderman: I guess it’s in part because I’m an eternal optimist. I really think that election security is a problem that we’re going to be able to make great progress on through persistence and the application of science.

I like to compare American elections to the commercial aviation system. Air travel today carries so much less risk than it did just a few decades ago. And that’s because we’ve engineered a complex system for safety and security that has been incredibly successful.

Elections are vastly simpler than aviation, we just don’t have an adequate level of engineering resources going into them. If that changed, then I think election security, like aviation safety, could be one of this country’s proudest success stories.

Four election vulnerabilities

Halderman’s work has made the United States election system more secure. Below are four examples of the impact of his work, which is ongoing.

Generating a paper voting record – Georgia

Challenge
In 2017, Georgia was one of only a few states that still used paperless electronic voting machines statewide, which Halderman has underscored as a major vulnerability. Such systems don’t give voters a way to ensure that their selections were recorded accurately. In addition, they provide no physical record, which could be needed to rule out suspected electronic fraud.

Solution
Halderman’s research helped spur a lawsuit filed by the Coalition for Good Governance, a nonpartisan, nonprofit advocacy organization, and a handful of individual Georgia voters. Halderman testified as an expert and demonstrated on the witness stand how the machines could be hacked to steal votes. As a result, Georgia replaced its machines with new ones that produce a paper record. Manufactured by Dominion Voting Systems, the machines were installed in time for the 2020 presidential election.

Patching software vulnerabilities – Georgia

Challenge
Rather than using hand-marked ballots like most states, Georgia’s new system uses a machine to print voters’ completed ballots, which encodes the selections in a barcode that voters have no way to verify. Halderman examined these machines after a federal court granted him access in 2020. He found software vulnerabilities that hackers could use to make the machines print incorrect barcodes. He also found that the hacking could be done remotely, without physical access to the machines.

The risk increased after January 7, 2021, when confidential election machine software and data from Coffee County, Georgia was illicitly copied and disseminated. The data was gathered by workers who were hired by attorney Sidney Powell in an unsuccessful effort to find evidence of fraud, and admitted into the county election office by a local official. Powell later pleaded guilty to election interference charges arising from the incident.

Solution
After Halderman’s court testimony and 96-page report, Dominion Voting Systems developed a patch for several of the software vulnerabilities he discovered.

However, Georgia election officials have not implemented the fix. Secretary of State Brad Raffensberger, who has announced that the machines will not be updated until after the 2024 presidential election, described the risks Halderman identified as “theoretical and imaginary.” While a second report from the national security nonprofit MITRE argued at the time that physical security was sufficient to prevent access to the machines, the Coffee County incident later showed that such access is, in fact, possible.

Making voting machines more reliable – Michigan

Challenge
In November 2020, election officials in northern Michigan’s Antrim County published incorrect vote totals in their initial counts, which were later corrected. Halderman investigated at the request of the Michigan secretary of state and attorney general and found no evidence of fraud. Instead, he discovered that a chain of human errors led to an incorrect ballot scanner configuration, producing the erroneous results.

Solution
Since the investigation, Halderman’s team has devised a better system for testing election equipment, a process known as logic and accuracy testing. Traditionally it’s done by casting test votes—often one for each candidate. While this worked well with 20th-century mechanical machines, Halderman says it’s not always adequate for more complex electronic systems.

His team developed a software application that generates a set of test votes to thoroughly test the system’s configuration in the smallest possible number of ballots, making the process comprehensive but still manageable for election officials. It has recently been piloted in several Michigan counties and Halderman is hopeful that it will be ready for use statewide before November 2024.

Securing voters’ privacy – 21 states

Challenge
Many municipalities publish ballot-level voting results online–either as ballot scans or lists of votes cast–to promote transparency. The data is randomly shuffled to protect voters’ identities.

However, Halderman’s team found a vulnerability in the shuffling algorithm used in certain Dominion Voting Systems ballot scanners, which they detailed in a paper published in August 2024. The flaw could enable the un-shuffling of posted ballot information to reveal how other people voted.

Solution
Halderman’s team reported the flaw to federal authorities and Dominion, which developed a software patch in response. His team also developed an open-source software tool and detailed instructions to help municipalities sanitize the data so that it is safe to make public.

This content was previously published in two parts by the Michigan News Service and by Michigan Engineering.