Tall tales of hacked voting machines and hijacked tabulation software gain an air of plausibility by citing the essential work done by serious cybersecurity experts in recent years to document vulnerabilities in widely deployed voting technology. Until angels learn to code, all software, whether installed on a laptop, smartphone, or voting machine, will have flaws and vulnerabilities an attacker might exploit. A robust approach to cybersecurity, therefore, requires more than just finding and closing those loopholes. It means designing systems that will work reliably even if compromised—a level of resiliency that discourages hackers from attacking them in the first place. For election systems, that means ensuring that a voter‐verified physical ballot—an auditable paper trail—exists for every vote cast. Manual counts of a sample of those paper ballots, known as risk‐limiting audits, can then be used to confirm that the digital tallies are accurate.
Happily, many states have heeded the advice of experts in recent years, implementing routine audits and replacing direct‐recording electronic, or DRE, machines, an antiquated technology in which touch screens record choices without creating a paper ballot for the voter to inspect. Yet several states that have done virtually everything right, many at the urging of Republican officials previously seen as Trump allies, have found themselves at the center of conspiracy theories.
Pennsylvania, Georgia, and Michigan have successfully replaced their DRE machines—meaning every voter either hand‐marks a ballot or is presented with a printed paper record of their selections to verify—and implemented risk‐limiting audit programs. In Pennsylvania, this involved a Herculean effort: As recently as 2018, the majority of the state’s voters cast ballots with no paper trail. Michigan, meanwhile, had a slight head start, approving a major initiative to update its voting equipment back in 2017.
In practice, these changes make electronic “vote rigging” on the scale necessary to shift the outcome of a statewide election highly infeasible, especially when the margin of victory is tens of thousands of votes. Multiple hand recounts in Georgia, unsurprisingly, turned up no evidence of digital shenanigans.
Meanwhile, eight states—Texas, Mississippi, Louisiana, New Jersey, Indiana, Kansas, Kentucky, and Tennessee—still use DRE machines with no paper trail, in at least some precincts. You probably haven’t heard any vote‐rigging conspiracy theories concerning those states lately, because none of them is a battleground state, and Trump comfortably won all of them but New Jersey. In other words, voter anxiety about election security is being stoked in states that have behaved responsibly, while states that have been less responsive to expert advice get a free pass, because highlighting their shortcomings does nothing to advance a partisan narrative.
In an extraordinary display of chutzpah, Texas Attorney General Ken Paxton mounted a court challenge impugning the integrity of the results in more secure swing states, egged on by several red states that have similarly failed to fully adopt auditable paper trails. It may not have occurred to Paxton that, had his long‐shot lawsuit succeeded, the precedent established would give other states ample grounds to mess with Texas.
Numerous bills that would have imposed federal standards for voting‐machine security have been floated over the past few years, only to die in the GOP‐controlled Senate. There were legitimate reasons to object to certain particulars of these bills: Many lawmakers had qualms that they went too far in usurping state authority over election procedures, or included superfluous mandates, such as requiring that ballots be printed on recycled paper. But another factor likely played a role in dooming these proposals: Until election‐rigging conspiracy theories became useful to the Trump campaign, voicing concern about election security was perceived, at least by the incumbent president himself, as a tacit attack on the legitimacy of his 2016 victory.
It’s not just states that have been wrongly tarred: The voting‐equipment maker Dominion Voting Systems has been at the heart of the most lurid conspiracy theories, including bizarre and obviously false claims that the company’s software was designed for vote stealing at the behest of Venezuelan communists. These claims have persisted even though most swing‐state counties using Dominion machines were won by Trump, and many areas won by Biden use equipment and software from other vendors. Although no voting technology is perfect, Dominion’s has been rigorously tested and certified—during the Trump administration!—to meet federal security standards by the United States Election Assistance Commission. There is, in short, no reason to believe Dominion machines are significantly less secure than their major competitors’. Yet with many Trump supporters now convinced that Dominion equipment is compromised, some Republican state legislators have begun echoing the president’s conspiratorial rhetoric. If voter distrust persists, some of these states might well feel pressured to squander millions more in taxpayer dollars replacing machines that are virtually brand new.
None of this is to say that cybersecurity experts have become blasé about electronic threats to American elections. Many fear that a foreign adversary more interested in sowing chaos and confusion than altering the results of an election could still mount an attack that succeeded in undermining public confidence, even if manual recounts would detect tampering with a digital tally. Voter‐registration records are another avenue of attack: A malicious actor could seek to selectively alter voter rolls—in effect hacking the electorate rather than the votes themselves. Fortunately, however, widespread recognition of the need for an auditable paper trail has radically reduced the risk of direct, large‐scale “vote rigging,” which is why the Department of Homeland Security could confidently declare the recent election “the most secure in American history.”
Plenty of work remains to be done to ensure the integrity of our democratic process, but ignorant and spurious conspiracy theories, advanced by partisan hacks shamelessly posing as newly minted champions of electoral cybersecurity, hamper, rather than aid, that effort. They misinform voters about the true nature of the risks we face, and reward the very officials who have made the greatest contributions to our security with slander.