It was overlooked by the news networks, but there was a significant step forward in advancing public understanding of how to secure voting systems in yesterday’s Senate Intelligence Committee hearing. California Senator Kamela Harris opened her questioning with an old cyber security riddle:
Q: How is not being hacked like being hacked?
A: Either way you don’t know.
This has been at the root of public misperceptions of election system security: since you can’t point to a successful vote-changing hack, we must therefore be secure. In fact, most the of the Senate committee seemed hell-bent on propagating this idea by coaxing
No Senator, I don’t know if votes were actually changed in the November election
from witnesses who in fact have never tried to find out.
Alex Halderman tackled both sides of this fallacy with his opening statement. First, he pointed to a supervised hack of a Washington DC election that, over 48 hours changed every vote.
Even more importantly, he recommended risk-limiting post-election audits as a mandatory cost-effective and mathematically sound method of verifying election results:
Specifically, if the reported outcome (usually the set of winner(s)) is incorrect, then a risk-limiting audit has a large, pre-specified minimum chance of leading to a full hand count that reveals the correct outcome. A risk-limiting audit can stop as soon as it finds strong evidence that the reported outcome was correct. (Closer elections generally entail checking more ballots.)
An important bottom line from yesterday’s hearing was an answer to the question whether you can ever know that an election was hacked. You can, if you look.