September 2019, ScientificAmerican.com 67HOW TO
DEFRAUD
DEMOCR AC Y
A WORST-CASE CYBERWARFARE SCENARIO
FOR THE 2020 AMERICAN PRESIDENTIAL ELECTIONBy J. Alex Halderman, as told to Jen Schwartz
J. Alex Halderman is a computer scientist who has shown just how easy it is to hack an election. His research
group at the University of Michigan examines how attackers can target weaknesses in voting machinery,
infrastructure, polling places and registration rolls, among other features. These days he spends much of his
time educating lawmakers, cybersecurity experts and the public on how to better secure their elections. In the
U.S., there are still serious vulnerabilities heading into the 2020 presidential contest.
Given the cracks in the system, existing technological capabilities and the motivations of adversaries,
Halderman has speculated here on potential cybersecurity disasters that could throw the 2020 election—and
democracy itself—into question. Halderman, however, is adamant about one thing: “The only way you can
reach certainty that your vote won’t be counted is by not casting it. I do not want to scare people off from the
polls.” What follows is based on two conversations that took place in October 2018 and June 2019; it has been
edited and condensed.THE 2016 U.S. PRESIDENTIAL election really did change
everything. It caught much of the intelligence and
cybersecurity communities off guard and taught us
that our threat models for cyberwarfare were wrong.
Thanks to the Mueller report, we now know that the
Russians made a serious and coordinated effort to
undermine the legitimacy of the 2016 election out-
come. Their efforts were, I think, far more orga nized
and multipronged than anyone initially realized. And
to my knowledge, no state has since done any kind of
rigorous forensics on their voting machines to see if
they had been compromised. I am quite confident that
the Russians will be back in 2020.
I think the intelligence community will continue totry to gain visibility into what malicious actors are
planning and what they’re doing. It’s incredible, really,
how much detail has come out of the indictments
about specific actions by specific people in the Russian
military and leadership. But it’s hard to know what
we’re not seeing. And do we have a parallel level of visi-
bility into North Korea or Iran or China? There are
potentially a lot of sophisticated nation state actors
that would want to do us harm in 2020 and beyond.
Since the 2016 elections many states have made
improvements to their election machinery, but it’s not
enough, nor is it happening quickly enough. There are
still 40 states that are using voting machines that are
at least a decade old, and many of these machines areJ. Alex Halderman is
a professor of compu-
ter science and engi-
neering at the Univer-
sity of Michigan,
where he is also direc-
tor of the Center for
Computer Security
and Society. He is a
2019 Andrew Carnegie
Fellow for his work in
educating lawmakers
and the public in how
to strengthen election
cybersecurity.Jen Schwartz is a se-
nior editor at IY_[dj_ÒY
7c[h_YWdwho covers
the ways technology
D|rZÜÒÒ«ZrÜë»CYBERSECURITY