Skip to content

Voting by Remote Control

Speaking of democracy and elections, security experts at the Vulnerability Assessment Team at Argonne National Labs have demonstrated a simple hack that allows them to change votes on electronic voting machines using a standard remote control — like the one you use to change channels on your TV. The hack doesn’t require any reprogramming, and leaves absolutely no trace that votes were manipulated.

That’s right, anyone can purchase the parts necessary to change votes on voting machines used by around one quarter of our nation’s voters. More than enough to steal any election.

Response from the electronic voting machine companies whose machines can be hacked? Crickets.

But wait, it gets worse! The same hack can also be done on the optical scanning machines that process paper ballots:

So, in other words, the low-rent attack Argonne has demonstrated — requiring no knowledge of the voting system software, $10 to $26 in off-the-shelf computer parts, and little more than an 8th grade computer lab education — could also be implemented not just on touch-screen e-voting systems, with or without a so-called “paper trail,” but also on the paper ballot op-scanners used to count the majority of votes that will be cast in the U.S. in next year’s Presidential election.



  1. David Freeman wrote:

    This really does worry me.

    It also pisses me off since there seems to be so little interest about the potential for real election fraud from the same organizations that were in an uproar over nonexistent voter fraud by ACORN.

    Plus, many changes have been made by Republican controlled states to suppress voter turnout among constituencies that trend Democratic. Even the nonpartisan League of Women Voters has stopped registering citizens in many states because of changes to voter registration laws. Fewer voters in a district magnifies the impact of any fraudulent actions. The 2012 election could hinge on a few districts in Ohio or Florida. A little voter suppression and a little tampering in those districts may be all it takes to swing this election.

    Sunday, October 2, 2011 at 7:20 am | Permalink
  2. rk wrote:

    It concerns me too. I imagine that nothing will be done, that this will not be reported sufficiently and nothing will happen.

    -paranoid (twice annoyed)

    Sunday, October 2, 2011 at 8:52 am | Permalink
  3. Falkelord wrote:

    This is possibly my favorite issue surrounding anything political or governmental. Here’s the thing: E-machines can be hacked. Sure, that’s a given, obviously. But what solution is there? Paper ballots are just as inaccurate and just as shrouded in problems as lever systems, chads, and pretty much any system you can dream up.

    There’s always going to be a chance of voter fraud. You can’t prevent that because there’s no 100% perfect way to do this that we know of. But instead of treating the disease, just manage the symptoms. It is not impossible or even complicated to get a photo ID to go along with your voter registration. I don’t know how they do it in other municipalities, but here in Louisiana (specifically the New Orleans area), you are required to show your Voter’s Registration Card AND a valid photo ID. They then call your name out to a proctor who marks it in a book, and you sign next to your name. Although this method is just as susceptible to fraud, is it really viable that a large group of folks will go out and get phony voter reg cards AND phony IDs just to make a fraction of an impact? No, it’s not really probable. In addition, it would be plainly obvious when those thousands of people show up to vote and find their identity has been compromised. It’s also incredibly easy to notice registration stacking (large amounts of voters registering over a short period of time).

    While I understand the problem with the ease of hacking these machines, I don’t think there’s any alternative that isn’t as problematic or controversial. Maybe one day, someone could come up with a solution, but that’s not now and probably not for a long time.

    Sunday, October 2, 2011 at 11:04 am | Permalink
  4. Iron Knee wrote:

    Falkelord, just to be clear, the hack described here is an inside hack. Someone with access to the machines (an election official) can easily throw the election and leave no trace. Your “solution” is for a different problem — an outside hack — where someone attempt to vote fraudulently. That’s a completely different problem, and in my opinion not nearly as dangerous (or even likely) as an inside hack. See

    This reminds me of something from a few years ago, when there was concern about Medicare fraud, and a big investigation was done. The findings were that there was very little evidence of patients defrauding the Medicare system, but there was lots of evidence of doctors and hospitals defrauding Medicare. Strangely, the issue suddenly became less important. In fact, the current governor of Florida was the CEO of a company that was found guilty of massive Medicare fraud, but nobody seemed to care. See

    Sunday, October 2, 2011 at 11:27 am | Permalink
  5. Falkelord wrote:

    The distinction between inside and outside hacks seems a little arbitrary though, don’t you think? You can stratify the groups as much as you want, but it’s still election fraud. Election officials aren’t required to have any prior training or experience, just a desire to “serve the community and their country on polling day.” This means that any U.S. citizen (barring certain criteria like felonies or being an officer of the law) can become an election official after just a training course.

    So is there any difference between a large group of people trying to scam the registration process and a smaller group of phony election workers who know how and plan to use the remote control hack on voting machines in large metro areas like Atlanta or Dallas? Not really.

    I do remember the Medicare thing, and you’re right, the interest kind of died off after the investigation started. My theory for that though was because as the trials begin and depositions are made and all that investigatory mumbo-jumbo, people begin to forget and move on to the hotter button topics. Then, as the trials are underway and about to be decided, interest peaks and then drops off. RE: The Casey Anthony trial. I can guarantee you not a soul gave a damn about the time between her arrest in 2008 (July?) and the last few days leading up to the trial in May. But they sure as hell cared when she was arrested and acquitted. I blame that on short attention span haha.

    Sunday, October 2, 2011 at 11:56 am | Permalink
  6. Michael wrote:

    “So is there any difference between a large group of people trying to scam the registration process and a smaller group of phony election workers who know how and plan to use the remote control hack on voting machines in large metro areas like Atlanta or Dallas? Not really.”

    Yes, there is a significant difference. Anyone with even a cursory amount of training in information security can tell you that insider attacks are (a) far more likely to succeed, (b) potentially far more devastating and, (c) far more likely to evade detection. Getting a *large* group of people to work together perfectly defraud the registration process would be extremely difficult. Loose lips sink ships and all that. Attacks that involve the coordination of a large number of cohorts frequently fail because somebody slips up.

    Furthermore, there simply has been no evidence of large coordinated external attacks. There is, however, sufficient evidence for a plausible argument that insider-based fraud has already occurred.

    Sunday, October 2, 2011 at 4:57 pm | Permalink
  7. Falkelord wrote:

    @Michael Let me re-clarify, because I don’t think you caught the argument I was going for. I’m not arguing about what evidence there is for one or the other or the plausibility of a thousand people trying to commit election fraud vs 20 election workers. My argument is that it doesn’t matter who does the “hacking” – inside or outside – the possibility of it occurring is the same across the board. This is different from the plausibility, which factors in the actuality of it happening, which, yes, I do agree it is highly unlikely that a large group of people would fail (Loose lips sink ships etc). But not only is there no requirement or screening process to prevent any size or scale attack like this from happening (read any Election Official website for any district and they require you to take a training course and be a registered voter, something that takes little effort to do and can be done without any suspicion), but that it is more than possible a group, no matter the size, could commit election fraud on any given election.

    tl;dr I’m saying it’s more than possible (because the paths exist and are definitely exploitable) but not probable (because it’s almost impossible to get more than 5 people to work together on something like this)
    You say it’s not probable (see above)

    You’ll have to excuse me, I’m a political scientist so I deal with possibilities more than probabilities on a daily basis 🙂

    Monday, October 3, 2011 at 12:16 am | Permalink
  8. Iron Knee wrote:

    But taking this into reality for a second, Michael’s argument is very important. Politicians and the media seem to exclusively focus on external hacks (like Acorn registering lots of fake voters, welfare queens, patients defrauding Medicare) and tend to ignore internal hacks (corrupt election officials, government contractors, or doctors). Even though the latter is far more widespread and costs us far more money. We send Martha Stewart to jail but the bankers walk free.

    I (finally) watched “Inside Job” last night (great movie!) and it is full of examples of this — bankers regularly hiring prostitutes and even writing them off as business expenses, but that didn’t stop them from going after Eliot Spitzer for the same thing.

    Monday, October 3, 2011 at 11:27 am | Permalink
  9. bobsuruncle wrote:

    Well, besides the fact that they are both possible (external vs internal) its also somewhat a lil frightening that the internal version can hack all the votes cast (say several thousand) vs having to get several thousand people to get to the polls and vote.

    The other problem not addressed here, but just as important is that requiring several forms of id skew the voting population in most places in favor of the repubs. Just something to think about before commuting to the notion that picture Id solves all problems

    Monday, October 3, 2011 at 12:35 pm | Permalink
  10. Iron Knee wrote:

    Requiring ID not only disenfranchises people who do not have ID (and there are plenty of them), it goes against constitutional guarantees of privacy (you are not required to carry ID in this country). And worst of all, it does nothing to stop inside hacks, which are far more likely.

    Again, read

    In it, he interviews Tony Anchundo, the Registrar of Monterey CA (a 13 year election official). Anchundo says that voters just have to trust election officials: “There is obviously going to have to be some trust and faith in the elections official, and in this case it’s me.” A few months later, Anchundo was charged with 43 criminal counts, including forgery, misapplication of funds, embezzlement, falsification of accounts, and grand theft of $80K from the county. He pleaded no contest. So if someone wanting to get elected tried to bribe Anchundo to throw some votes, do you actually believe he wouldn’t have been open to the idea? Especially if he could do it himself without any possibility of detection?

    Monday, October 3, 2011 at 1:22 pm | Permalink
  11. Michael wrote:

    “My argument is that it doesn’t matter who does the ‘hacking’ – inside or outside – the possibility of it occurring is the same across the board.”

    I know of no form of modal logic or decision theory that ignores the relative frequencies of events. Even possibility theory defines a mathematical function for reasoning about the likelihood of different possibilities. Talking about different possibilities without considering the relative likelihoods is completely pointless. I could also mention that it is possible for electro-static discharge to cause bits on the hard-drive to flip unnoticeably. However, the likelihood of this happening is so remote that it doesn’t even warrant consideration. (This reminds me, did you hear about the Irish man whose cause of death was just ruled as spontaneous combustion?)

    “tl;dr I’m saying it’s more than possible (because the paths exist and are definitely exploitable) but not probable (because it’s almost impossible to get more than 5 people to work together on something like this)
    You say it’s not probable (see above)”

    Your summary of my point isn’t quite complete. My point is that arguing possibilities without context is meaningless. It is a simple matter of economics. When shaping policies that control scarce resources (e.g., funds), you must consider cost and benefit. In the case of mandatory ID laws, the benefit is negligible (i.e., you are addressing a harm that is unlikely to occur and/or to cause sufficient damage) while the cost is arguably high. That is, such ID laws have a demonstrable bias against certain populations, primarily students, the poor, and the elderly. (Poll tax, anyone?)

    On the other hand, increasing the security against insider attacks has both a high benefit (i.e., preventing such an attack would be a very good thing) and a high cost (secure systems are expensive), but do not disenfranchise large swaths of the populace.

    tl;dr: It is better for democracy, when a choice must be made, to go with the approach that (a) costs more money, (b) ensures all citizens have a chance to vote, and (c) possibly prevents a plausible very bad event, than to adopt an approach that (a) costs less, (b) suppresses voters’ rights, and (c) has an arguably negligible benefit.

    Monday, October 3, 2011 at 9:28 pm | Permalink