SAN FRANCISCO — The impact of Russian hacking on the upcoming presidential election was a topic in Sunday night’s debate, raising the question: Is the U.S. election hackable? Experts say at the national level, no. But there could be individual incidents that undermine faith in the system.
There’s almost no danger the U.S. presidential election could be affected by hackers. It’s simply too decentralized and for the most part too offline to be threatened, according to the head of the FBI and several security experts.
“National elections are conducted at the local level by local officials on equipment that they obtained locally," so there's no single point of vulnerability to tampering here, said Pamela Smith, president of Verified Voting, a non-partisan, non-profit organization that advocates for elections accuracy.
In testimony before the House Judiciary Committee last month, FBI Director James Comey said that while concern has been rightly focused on the integrity of state voter registration systems, the actual voting process remains “very, very hard to hack into because it is so clunky and dispersed.’’
“It is Mary and Fred putting a machine under the basketball hoop at the gym,’’ Comey said. “These things are not connected to the Internet.’’
Nevertheless, Comey said federal authorities have been counseling state officials to secure their systems, especially voter registration databases, as hackers have continued to “scan’’ the systems for vulnerabilities.
High stakes rhetoric
In Sunday's debate, Democratic presidential candidate Hillary Clinton noted U.S. intelligence officials have blamed Russia for hacking Democratic officials accounts.
"We have never in the history of our country been in a situation where an adversary, a foreign power, is working so hard to influence the outcome of the election," she said, and alluded to her Republican opponent Donald Trump's praise of Russian president Vladimir Putin.
Trump replied that he knew "nothing about the inner workings of Russia," and didn't address electoral issues.
However on the campaign trail he has said multiple times that he fears the election will be stolen. In August in Columbus, Ohio he said "I'm afraid the election's going to be rigged. I have to be honest."
His website features a page where supporters can sign up to be election observers, to "Help Me Stop Crooked Hillary From Rigging This Election!"
Experts say some local systems may be vulnerable to hacking. In some jurisdictions, local rules allow the transfer of election results using WiFi rather than putting the information on a thumb drive that’s physically taken to the central tally site. Others simply use outdated machines, said Kim Alexander of the California Voter foundation, a non-profit, non-partisan organization that promoted the responsible use of technology in elections.
“They’re in a position where they need to buy something new, but governments don’t want to spend the money on it,” she said.
Depending on the voting machine, all it might take would be one disgruntled election official plugging in a thumb drive containing malware to falsify vote tallies, said Mike Baker, founder of Mosaic451, a computer security company that focuses on infrastructure protection, including for some state and federal election networks.
So far, 33 states and 11 county or local election agencies have approached the Department of Homeland Security for cybersecurity risk and vulnerability assessments, Secretary Jeh Johnson said in a statement Monday.
But time is a factor and he encouraged election agencies to ask for help now.
“There are only 29 days until election day, and it can take up to two weeks from the time we receive authorization to run the scans and identify vulnerabilities. It can then take at least an additional week for state and local election officials to mitigate any vulnerabilities on systems that we may find,” he said.
The good news is that in the upcoming election, close to 80% of voters nationwide are in areas that will either use either paper ballots or voting machines with paper backups, both of which are considered much more secure than online only systems, said Smith.
Y2K or Pearl Harbor
The biggest question in the mind of voting security expert Joseph Kiniry is whether the 2016 election will be Y2K or Pearl Harbor.
The Y2K or millennium bug arose because programs represented the four-digit year with only the final two digits, which made 2000 indistinguishable from 1900. There were predictions of widespread computer failures and possibly catastrophic meltdowns of the world’s digital infrastructure.
Hundreds of millions of dollars and thousands of hours of work dealt with the problem and on January 1, 2000 the world woke to nothing more than a hangover, to the relief of many.
"I hope this is Y2K all over again,” said Kiniry, chief scientist at Free & Fair, a public-benefit corporation that works on creating technologies to keep elections free and fair.
But he and others worry that there’s a chance, though a small one, that it could be Pearl Harbor instead.
“Imagine lines wrapping around the block at every polling place in American on election day because the databases were compromised. Or results far different from previous elections and then two weeks after everyone thinks they know the outcome of the election, we find evidence of hacking in the machines,” he said.
Voter confidence key
While election officials worry about such possibilities, they’re loath to discuss them publicly. If voters lose confidence in the system and don't turn out to vote in the first place, it would be a greater threat to the integrity of the election system than hackers, they believe.
“It’s a tough position for us to be in. We don’t want to scare voters away,” said Alexander.
The fear is that proof of even one example of vote manipulation could be amplified through social media to threaten the electorate’s trust in the entire system.
That trust is a bedrock of American democracy and if it's lost, "that puts us in a whole different category of countries that don't have free and fair elections,” said Melinda Jackson, chair of the political science department at San Jose State University.
It might not even take that, she said.
“Already we see candidates sowing the seeds of distrust by saying the election might be rigged,” she said, citing Trump’s multiple statements to that effect.
In an absolute worst case scenario, were either Trump or some other group to question the legitimacy of the elections “we might see violence, we might see protests, we might see rioting, things that we see in other countries but not here,” said Jackson.
While that’s an unlikely Doomsday scenario, she said, "it’s not impossible."
Contributing: Kevin Johnson in Washington D.C.
Elizabeth Weise covers technology and cybersecurity for USA TODAY. Follow her at @eweise.