COLUMBIA, S.C. (WCBD) – A USC Computer Science professor says South Carolina’s voter registration system and voting machines are vulnerable to hackers. Dr. Duncan Buell says South Carolina’s registration system is a possible target since it’s online. The FBI recently announced that Russian hackers had targeted the voter registration systems in Illinois and Arizona, with a hacker actually stealing the personal information of up to 200,000 voters in Illinois.
The South Carolina State Election Commission says the voter registration system could be hacked, since it is online and anything online is vulnerable, but it has its own in-house computer security experts and works with vendors and the state’s computer security agency to protect the system.
The Election Commission says the actual voting machines are much less vulnerable because they’re never connected to the internet or to each other. That doesn’t make them 100 percent safe, but it does lessen the chances of being hacked.
Dr. Buell says they’re still vulnerable even if they’re never online. “The vulnerabilities do not have to come directly from the internet. They can come from flash cards, they can come from CDs, they can come from what look like ordinary updates.” He says if the Election Commission has ever upgraded the voting machines by hooking them up to a computer or computers that have ever been on the internet, or they’ve used a flash drive or a CD that hasn’t been thoroughly checked, then it’s possible a virus could have been introduced into the system.
He says a 2007 study of Ohio’s voting machines, which are the same as South Carolina’s, found that it was possible to introduce a virus in one machine and have it spread all the way to the county level.
SC State Election Commission spokesman Chris Whitmire says, “The computers used to prepare voting machines have been single-purpose machines that have never been connected to the internet.”
And Merle King, executive director of The Center for Election Systems, at Kennesaw State University in Georgia, says while it may be possible to hack voting machines, it’s not likely. “What’s more important is to determine what is the probability of that hack occurring and, just as importantly, what is the probability of that hack being undetected?”
He says with absentee voting and, in some states, early voting, elections are no longer a 12-hour event on Election Day, but typically last about 45 days. “If you disrupt an election system over that period of time, there’s typically not only contingency plans and recovery plans but you have time to do so, because the election really is no longer just a day,” he says.
But Buell says, “You don’t have to undetectably change the outcome; you only have to make sure that the outcome cannot be trusted because it’s clearly not right.” He does give credit to South Carolina, though, for auditing all election returns since 2014.