While many articles - and statements from various government officials and bodies - seem to deny that hackers could alter the results of next week's elections, claiming instead that our nation's decentralized management of low-tech voting machines makes the devices' being hacked unlikely, I believe that there are several significant cyber-risks that remain as threats to our election's integrity:
1. Hackers may be able to alter voter registration databases - and orchestrate sufficient fraudulent votes to change the course of history.
Strategically modifying voter registration databases by removing just a few hundred legitimate voters, or by adding just a few hundred unauthorized people, can alter election results and change the course of history. If he had gained 538 more votes in Florida, Al Gore would have won the 2000 election. If you think that voter registration databases are secure, consider that some were hacked earlier this year. No data is known to have been altered in those particular breaches - but are we sure? Are we confident that no other states' databases were hacked?
I should note that throughout our nation people who show up to vote on Election Day and discover that they are not listed as properly registered are allowed to cast provisional ballots - which, ostensibly, would be counted later on after research into the folks' right to vote is verified. However, if voter databases are compromised early enough it is possible that such research would actually show those voters as being ineligible to vote, and many people might not bother to "fight the system" afterward. Furthermore, if phony "people" are added to voter registration databases, some criminals might be able to vote multiple times in multiple locations using multiple names - and, because most states do not require ID when voting, it is unlikely that they would be caught.
Ironically, despite the importance that we ascribe to voting and the democratic process, voter registration databases are not considered "critical infrastructure" by the Federal Government - so securing these systems (a responsibility of State Governments) has historically been considered lower priority than many other projects. Attitudes are changing, but there is little doubt that today's voter rolls are not cyber-secure.
2. Hackers can attack transportation and communication systems.
Voting patterns of various regions are well known prior to the election. Someone could launch targeted distributed-denial-of-service (DDoS) attacks against providers of infrastructure involved in getting people to the polls, or in communicating election-related information. If people rely on carpools, car services, or bus schedules and cannot access these resources, they may not show up to vote. Note that DDoS attacks against government websites that accept online submission of absentee ballots (as some states allow) is unlikely to be effective at impacting election results, as most such ballots are submitted prior to election day.
3. Hackers can hack legitimate media venues and use them to spread misinformation.
While we have all been bombarded by Internet-borne misinformation throughout out the election cycle, misinformation on election day could have a direct impact on voters. Whether by providing incorrect explanations of referenda, encouraging people to vote for a greater number of candidates than allowed for a particular position (and thereby causing ballots to be disqualified), disseminating wrong polling station information, telling people that voting has ended before polls actually close, or though similar actions, hackers can clearly impact the election. Of course, these types of attacks are simply modern versions of old-fashioned election scams (that are usually legal) - but technology allows these scams to be perpetrated from more distant locations than in the past. Also, while there are already people spreading misinformation online - there were Twitter ads online this past week explaining to people how to vote for Hillary Clinton via text message so that they would not have to show up at the polls (an obvious attempt at voter suppression) - hackers could potentially issue the misinformation from trusted, legitimate accounts; imagine how many people would not cast valid ballots if on election day major news sites were hacked and then published articles about how to vote by text message. As I mentioned previously, suppressing just a few hundred votes can change the results of a Presidential election.
4. Hackers can feed the media (and social media venues) incorrect election results.
Another form of misinformation that can impact election results is wrong electoral results. If news reports, for example, told people on the West Coast that a particular Presidential candidate had won all the Eastern swing states, some voters might not bother showing up to vote. Phony results reports reported by mass media - especially once such lies are exposes as being false - can also contribute to people questioning the integrity of an election. Such a technique was attempted in a recent election in Ukraine, and was caught less than an hour before phony reports would have been read on television. On that note...
5. Hackers can undermine faith in the election's integrity.
Even if hackers do not successfully change the results of voting, if they attempt to do so, or even claim to have done so, or someone else claims hackers did, the loser of a modern election - especially in a race with close results -- could potentially claim that the election results were fraudulent - and that the victor won due to hacking. In our current system of voting - with ballots cast using numerous diverse systems, and with no uniform system of effective auditability - it would be difficult to prove such a claim to be false. Every single voting machine and absentee ballot would have to be inspected - a time consuming, tedious process - and, in many cases, the inspections would still not be able to prove that manipulation did not occur. In my own home state of New Jersey, outdated voting machines used statewide produce no paper-trail backups -- making claims of fraud hard to disprove.
The problem of claims of hacking undermining trust in our electoral process poses a real risk in 2016, and has been exacerbated by the behavior of the candidates from both major parties: Donald Trump has claimed that the election is "rigged" and has expressed doubt as to whether he would accept the announced results as legitimate, evidence has emerged that the Democratic primary process was not conducted with integrity, and an audio recording recently surfaced of Hillary Clinton bemoaning the fact that the United States did not rig a foreign election.
In our era of hyper-partisanship and global hacking, it would be wise for the government to create better auditability requirements for voting systems; of course, one big challenge to achieving such a goal is that voting is secret - there is not supposed to be a way to trace a particular vote back to a particular voter. Nonetheless, we can certainly do better than today.
Let us hope that Tuesday's election goes smoothly, with no cyber-attacks or even serious allegations of hacking.