Artificial Intelligence and Secure Elections

Just last week one of the major Artificial Intelligence (AI) companies, Anthropic, announced the results of the use of their latest version to identify flaws in common software and develop methods to take advantage of those flaws. Working overnight, their system identified thousands of flaws in widely used operating systems such as FreeBSD and Windows, as well as other common applications, and presented the users with working code – “exploits” – that would allow them to take full control of identified vulnerable systems.

This ability of AI to identify flaws, AKA “bugs” in software is extremely valuable in developing good defect free software, but on the dark side, that same ability can be used to find ways to hack and control existing systems. Most of the current AI systems either have, or will soon have capabilities similar to what Anthropic demonstrated.

It is just a matter of time, if it has not already been done, for someone to ask an AI system to identify exploitable flaws in our election systems and to provide code that would allow them to remotely alter ballot counts and election results. By remotely, I mean worldwide. With remote access someone in North Korea, China, Serbia, Somalia, or Greenland could access tabulator systems, voter registration databases, election records, and every other part of our electronic systems, altering operations in a multitude of ways that would render any election results complete fiction. All our election systems, ranging from lowly poll pads used to check in voters at a polling location, to our voter rolls, to tabulators and election databases are vulnerable and have been known to be vulnerable for many years. An AI system would have a field day producing thousands of outcome altering exploits.

This vulnerability is not speculation or theoretical. Researchers have, on multiple occasions, demonstrated an ability to gain access to tabulator systems, and other elements of our electronic systems to alter operation, change vote selections, and otherwise corrupt election results. No part of our electronic election systems is secure. There are several reasons for this insecurity. At the lowest level, there are basic flaws in operating systems such as Windows and the election applications themselves. At a slightly higher level are failures in proper use of such protections as might exist, including use of anti-virus software, failure to use secure passwords, improper configuration of systems, and other poor operating practices.

At a next level is deliberate violation of regulations and safeguards by election officials because compliance is inconvenient, or deemed unnecessary. A prime example is the use of internet connections to systems. In nearly every state, connection of election systems to the internet is prohibited and only secure networks without internet connections are allowed. Despite being illegal, most poll pads are connected to the internet so they can access voter roll information when a voter’s eligibility is checked at a polling location.

California, for example prohibits internet connections, except for poll pads which must have a secure, exclusive use access point connection. In my own investigations, as well as that of others, virtually every poll pad examined was connected to an unsecured public access point in a school, church, or other public internet connection. Such unsecure connections can be monitored, hacked, and otherwise compromised by almost anyone with even a modest level of skill and commonly available equipment, including many laptop computers. Secure connections would require expensive equipment and installation so most officials simply ignore the requirements and count on general ignorance of the danger to dismiss compliance with the laws as unnecessary bother.

Aside from internet connections of election systems at all levels from local to state to national, creating vulnerability at every level, there is the human factor, both intentional and accidental to consider. Many of the breaches of “secure” systems have been a result of human operations such as responding to a phishing email while connected to a secure network. A major east coast pipeline was shut down as a result of such a seemingly inconsequential act. Intentional acts such as inserting a malware containing USB drive into a secure system are a major concern for cybersecurity officials.

Furthermore, outside interference with national or even smaller scale elections holds great interest for many state actors. What would it be worth to China to be able to select our next President and Congress members?

The US developed the Stuxnet virus that allowed us to disrupt Iran’s uranium processing systems. Can we be sure that someone else hasn’t developed one or even many ways to disrupt our elections? Can we ever trust our elections, especially when it is so easy to compromise them at multiple levels?

Part of the problem is an unexpected consequence of an attempt to make our election systems secure and reliable. Election systems across the country must be certified to be accurate and free of defects before they can be used. Unfortunately, certification is time consuming, difficult, expensive, and only addresses specific aspects of the software and hardware so many vulnerabilities are never exposed, or are dismissed as impossible or “that will never happen” issues.

Consider that many of the tabulator system that inspect the ballot scans, identify the selections, and report results use Windows operating systems from Microsoft. Many of these tabulator systems were certified many years ago, are considered stable systems, and have not been recertified. Therein lies a problem. Many tabulator systems were certified around 2019 when Windows 7 was the principal operating system. Most election laws require that equipment and software be recertified if any changes are made, including changes to the operating systems.

Microsoft sends out frequent updates to its operating systems to “patch” vulnerabilities that have been found. If election officials apply these patches, their systems should be recertified. But recertification will typically cost hundreds of thousands of dollars and can take more than a year to accomplish. It is far easier and cheaper to simply rely on the old certification and ignore updates, patches and other changes as not relevant to their certified systems.

Consider, though, that every patch addresses some identified problem, several of which allow remote users to gain control of the system, alter files and records, and generally perform whatever actions the remote user wishes. An unpatched system exposes all its vulnerabilities to the world at the moment it is turned on.

With modern internet “sniffing” programs, detection of unpatched systems can occur in less than a second from the time it boots up. The Windows 7 operating system is, as of January 2023, no longer supported, and from 2019 to its 2023 end of life, there were 77 security patches issued.

If the systems were upgraded to more recent operating system versions and then recertified, the problems are actually worse. Windows 10 has had over 3000 security patches issued over its life to date, with 33 of them addressing critical issues that would allow a remote user to take over the system. Windows 11, the current Microsoft system, has “hundreds” of patches since its release. As of a week ago, 167 critical problems were patched, 8 of which were classed as active exploits that enable a remote takeover. Likely several more such exploits will be discovered in the future.

This situation presents election officials with a dilemma. If they don’t patch their systems, then those systems are vulnerable to known exploits that could render their operations subject to remote control. If they do apply the patches or upgrade the operating systems, then they must incur the costs of recertification. Furthermore, if the update processes took place recently to patch to currently identified vulnerabilities, there will likely not be enough time to recertify the equipment before the next elections. Even if a system is updated, patched, and recertified today, there is no assurance that a new vulnerability won’t be found tomorrow that would once again expose the system to remote users.

Election officials generally start from the false premises that every ballot is legitimate unless proven fraudulent, and that our systems are protected from systemic “wholesale” fraud. Because we use anonymous balloting, ballot scanning, and electronic processing, actual identification of fraudulent ballots is exceedingly difficult. Even if it is obvious from other measures that massive fraud is present, the difficulty of proof, coupled with the impossibility of identifying fraudulent ballots for removal makes correction of fraudulent election results impossible. It is far easier to declare election fraud rare and inconsequential and accept whatever results are obtained.

By now, it should be obvious why we cannot trust the results of our elections so long as we use the current electronic systems. For most of our history, we have used reliable systems that, while not perfect, gave honest results that could be reviewed and corrected if necessary. We have given up these reliable systems for convenience at the cost of trust. Until we get rid of the current election systems we must accept that the outcome of any election is more likely to reflect the choices of our enemies rather than the will of our citizens.

The benefit of AI for our elections is that it can expose and make public the massive vulnerabilities of our election systems so that we can finally replace them with the systems that have worked for us for generations in order that we can once again have a government of the people, by the people, and for the people. Time is short, though. We must not delay.

Support Canada Free Press