Dr. J. Alex Halderman inserted a memory card infected with malicious software into an electronic voting machine. It wasn't an actual case of election hacking, but Halderman's demonstration served a purpose: To show two members of Congress, including U.S. Rep. John Katko, what can happen if hackers gain access to voting machines.
Halderman, director of the University of Michigan's Center for Computer Security and Society, invited Katko, R-Camillus, and U.S. Rep. Mike Quigley, an Illinois Democrat, to cast votes using the Diebold AccuVote TS voting machine. Halderman programmed a mock election: A presidential race between George Washington and Benedict Arnold.
There were two votes cast for Washington and one for Arnold. But the receipt printed from the voting machine revealed the effect of the malicious software. The paper showed Arnold received two votes and Washington netted one.
Halderman explained that it's an example of malware that can alter the results of an election. In this case, it changed the vote totals for the candidates.
The presentation highlighted concerns about the use of electronic voting machines. Halderman noted that there have been several studies conducted detailing security vulnerabilities that have been found with different models of voting machines. The Diebold AccuVote TS is one such machine, and it's used in 18 states.
There are two types of voting machines: Optical scan, which is the style New York uses, or direct recording electronic voting systems. The latter features a touchscreen which allows voters to cast their vote.
The difference between the two systems: Optical scan requires a paper ballot. The direct recording electronic systems do not. In a handful of states, Halderman revealed, there isn't a paper trail for ballots cast.
Halderman believes there should be paper ballots to ensure the integrity of the elections.
"We demand a physical failsafe," he said, adding later: "Paper means we have a record that's outside the reach of hackers."
There are other concerns about direct recording electronic systems. To cast a ballot, some machines require voter cards. One potential vulnerability is that voter cards could be forged.
In June, Katko and Quigley introduced legislation to address election hacking concerns. Their bill, the Prevent Election Hacking Act, would create a "Hack the Election" competition overseen by the Department of Homeland Security. The purpose of the competition would be to strengthen election systems.
"Hack the Election" would be modeled after bug bounty programs in which developers compensate outside individuals for identifying bugs.
Katko and Quigley decided to introduce their bill after the DEF CON hacking conference last year. At the convention, attendees were able to hack into five different models of voting machines.
While the bill is a priority for Katko, he said Halderman's demonstration could lead to further legislative proposals. One idea is establishing a standard that there are paper ballots for elections.
"The big thing is we gotta go back to a paper system and have a sufficient amount of spot-checking of the electronic systems," he said in a phone interview Friday.
Having paper ballots before certifying elections, Katko added, is a "really important thing to do."
There are broader concerns about election hacking and interference after the 2016 presidential campaign, when Russian hackers attempted to gain access to voter registration systems.
Katko said Russia's interference and what has been learned since the 2016 election led to him seeking — and obtaining — a seat on the House Homeland Security Committee's Cybersecurity and Infrastructure Protection subcommittee.
"The cyber attacks and vulnerabilities that we have with cyber attacks are just a huge thing," he said. "That's why I got onto the (subcommittee) this term because I wanted to get more into it, and I'm doing just that."