On Conspiracy Theories and Election Hacking [Updated]

Illustration for article titled On Conspiracy Theories and Election Hacking [Updated]
Photo: iStock

Editor’s Note (8/1/2018): The original story that appeared here has been updated after editorial review. The reasons are outlined in the updated piece.


On Thursday morning, The Root published an article written by this writer asserting my opinion that the 2016 election was hacked by Russian actors and that there is evidence that votes were changed. That opinion was grounded in a reading of evidence many deemed problematic at best and, at worst, a misinterpretation of the facts. As soon as the article went live, an uproar rose from both experts and laypeople alike contradicting my claims.

Amid the ensuing controversy, the editorial team at The Root felt it was necessary to clarify some of the more controversial points in the piece for the sake of transparency and contributing to a necessary dialogue around what happened with the vote in 2016.

An archived version of the article can be found here, but here’s a CliffsNotes version of the article’s salient points:

  • I believed Vladimir Putin authorized a state-sponsored campaign to influence the 2016 presidential election and ultimately elect Donald Trump president of the United States.
  • I believed that Russian operatives attempted to hack into election systems.
  • I believed that, in at least one instance (Illinois), we know that those hackers attempted to alter or delete voter information.
  • I believed that the elections systems used by states across America are vulnerable to various methods of hacking.

Given these beliefs, my opinion was that it was foolish to believe that no votes or voter rolls were changed by Russian actors in the 2016 election. More distinctly, I contended that the evidence showed that it was “most likely” that votes and voter rolls were changed in the 2016 election. The problem with this argument, though, is that it rests on the idea that just because one cannot prove that something didn’t happen, it follows that it did.

Due to these questions, as well as errors—including mistakenly referring to Russian actors as Soviets—the article was removed from the site and the editorial staff asked me to talk to experts who were familiar with election security, specifically relating to voting machines and vote-tallying systems. I reached out to four prominent experts on cybersecurity, including professionals who monitor computer systems, create and build voter software, and report on the status of elections systems.


Each one of them agreed that my opinion wasn’t backed up by any definitive proof. More importantly, they each said there is no proof to support my belief that votes were changed. At best, they would only say that it is possible.

“I don’t think we’ll ever know,” said Gregory Miller, founder of the OSET Institute, a nonprofit advocating for open-source election software. “It’s impossible to believe, without question, that votes or tallies weren’t manipulated.”


Miller, who has testified before Congress and worked with the Obama White House on election cybersecurity, explained the difference between voting machines and tallying machines, and reiterated countless times over the course of an hour that there are no verifiable, accurate, secure, and transparent systems in America.

As it specifically relates to vote-tallying systems, which Miller called the “honeypot of the elections systems,” the experts agree that changing tallies wouldn’t be difficult at all.


Still, there were other issues with my arguments and the original piece that after speaking with these experts I was better able to parse and understand, including the following.

Illinois Hackers

The claim that Russian hackers attempted to alter or delete voter information in the state of Illinois was based on reports by Bloomberg, Illinois Senator Dick Durbin’s July 2018 press release stating that “Illinois was one of the states that Russian hackers successfully targeted during the 2016 election,” and the Illinois State Board of Elections’ confirmation to CBS Chicago that Russian hackers tried to alter or delete voting records.


However, ISBE spokesman Matt Dietrich only says it is “very likely” that Illinois is the state referred to as State Board of Elections No. 1 in Special Counsel Robert Mueller’s criminal indictment of Russian intelligence officers alleged to have attacked state boards of elections. The indictment does not specifically name the state or mention the attempt to change voter information. It simply charges that the Russians stole names, addresses, dates of birth, partial social security numbers, and drivers license numbers. This data breach reportedly affected up to 500,000 voters.

Saying something is “very likely” is not the same as something being a fact or unimpeachably true. I should have also pointed out that an indictment is an allegation, not fact.


Altered Votes?

In the initial piece, I asserted that U.S. intelligence officials “don’t specifically deny that Russian operatives altered votes,” which was a point of contention for many readers, both because a lack of denial doesn’t necessarily mean the conclusions I drew from it were correct and because officials had denied it.


In its initial January 2017 intelligence community assessment (ICA), the Office of the Director of National Intelligence did specifically deny that vote-counting machines were breached, stating “the types of systems Russian actors targeted or compromised were not involved in vote tallying.”

Then, in May 2018, the Senate Select Committee on Intelligence’s Unclassified First Installment in Russia Report said “The Committee has not seen any evidence that vote tallies were manipulated or that voter registration information was deleted or modified,” adding:

The Committee has limited information about whether, and to what extent, state and local officials carried out forensic or other examination of election infrastructure systems in order to confirm whether election-related systems were compromised. It is possible that additional activity occurred and has not yet been uncovered.


Basing my argument on the intelligence community’s vague statements mirrors the rhetoric used in conspiracy theories. If a Trump supporter had based an argument on this, I would have dismissed him as a crackpot.

To address this issue, many pointed me in the direction of Robert DeMillo, Distinguished Professor of Computing at Georgia Tech University, former Chief Technology Officer at Hewlett Packard, and one of the most respected elections systems experts in the world.


“If votes were changed, they were done in a way that is hard to detect,” he explained. “But no one has done any analysis to determine it. And the reason for the wild speculations is because the people responsible for analyzing the data aren’t interested in doing so.”

Voting Machines vs. Election Systems

Another response to the article was that it conflated the difference between voting machines and voting data and made hypothetical leaps of judgment. Miller, whose organization, Trust the Vote, has gathered Silicon Valley’s best minds to build a secure and verifiable voting system, explained this in detail.


“What your piece did not make clear to the public is that there is a difference between ‘voting machines’ and ‘election systems.’ This often leads to confusion,” Miller explained. “The voting machines are the most visible part of the process. But the transaction of the ballot that we call an ‘election system’ involves the voter registration system or poll books, the voting machines, a system for tabulating or counting votes, and the system for reporting these votes.”

Connected to the Internet?

Another criticism of the previously published piece involved the oft-repeated claim that most voting machines and vote tallying systems are not connected to the internet, which, according to the many of the people who disagreed with the initial article, means they can’t be breached. But the people familiar with voting systems explained that all voting machines can be hacked even when they don’t have a modem or web access, because almost every widely used system in America is “internet-adjacent.”


They use memory cards and electronic files that contain software that was loaded on an internet-connected computer. The central tabulators transmit results over local area networks. They accept flash drives from computers that are connected to the internet. They are configured by vendors who use internet connections, making them all vulnerable.

While most of the current reporting about election tampering is focused on hacking, Miller warned that the public’s default interpretation of the word “hack” automatically lends itself to concerns over internet security. He suggested that “disruption attack,” is a better term because the people unfamiliar with the vulnerability of entire election system assume that not being connected to the internet is an unimpeachable safety measure.


Miller explained that the reports of hacking may not simply have been attempts to access data at all. He explained how hackers may have been trolling for the digital blueprint for a GEMS server used by Georgia and county election officials across the country, which could, if acquired, have given Putin’s plotters access to thousands of vote tallying machines.

“There is a widespread belief that not being connected to the internet is a measure of security,” said Miller. “But many of these vote-tallying machines are not dedicated machines only used for counting ballots. Many of them are used for issuing fishing licenses and building permits. It would take a half-second for someone to infect a machine with a USB thumb drive.”


In Conclusion

At the time of the writing of this article, Marilyn Marks, the executive director of the Coalition for Good Governance, warned that there is only a month left to save the records if we want to find out what really happened in the 2016 election, explaining that a federal laws require election officials to hold on to data for only 22 months, at which point they can legally delete or discard the material from the last elections.


Jennifer Cohn, another leading voting expert who disagreed with the tone and hyperbole in the original article’s premise, said it best:


There is no definitive proof votes were altered in the 2016 election. Full stop.

But there’s even more we don’t know.

“We truly do not know, and we are making no attempt to find out,” Marks reiterated. “It’s because we don’t want to find out. And it’s not Robert Mueller’s responsibility. It’s not Congress’ responsibility. It’s the responsibility of the people. It’s the responsibility of the press.”


Believing that it’s likelier than not that votes were changed or voter rolls were altered is fine, but it’s important to be clear that there’s just no proof for it. Marks set the odds at 50-50. Robert DeMillo explained that he doesn’t deal with “belief” but, given the available facts, wondered why anyone would assume a person with bad intentions wouldn’t carry out those intentions.

Greg Miller wouldn’t give odds. Instead, he said this:

“Guided by what I’ve learned in my vast, 38-year career, without the deep digital forensic analysis to prove otherwise, I can’t say that it’s safe to assume vote tallies weren’t altered in the 2016 election. The people who contradict you are right—there’s not a single shred of proof to support your statement.”


“But the absurd thing is, that those people, the ones who don’t seem to care that the very fabric of this entire country has been compromised; that we can’t have faith in the most important national security asset in America—election systems—those people actually have less evidence than you do.”

World-renowned wypipologist. Getter and doer of "it." Never reneged, never will. Last real negus alive.



The password, which could not be changed, was (you might want to take a deep breath) “abcde.”

[ rages in IT professional ]