[attaboyjon]

Ok so we have a state actor with unlimited resources attempting to manipulate our elections. Our defense consists of programmers and sysadmins working for the local county making sub-40s per year in salary (no offense). The election software is written on Windows 95 running with an Access database backend. I am not kidding.

Of course we've already been hacked. I personally think the 2016 had to be hacked given that no one, even Trump, thought he would get close to winning. I know it sounds like conspiracy theory bullshit, but come on, they already got Hillary's emails from the DNC. How hard could it be to target a certain number of counties in key states?

Certainly there are other techies out there who agree with me?

[singingboyo]

I'm somewhat of the opinion that something that overt was unnecessary, and so while it definitely could have been, I'm not sure it was.

"<Nation X> directly manipulated votes" is one thing, and very blatantly illegal. "<Nation X> convinced a bunch of people to vote against their interests and divide the US" is another, and while unethical, dishonest, and certainly not good, it's not clear to me that it's actually illegal. Besides, if you convince them once, they'll probably stick with the flawed information and voting pattern, which is a better return on investment.

I'm not from the US though, so... maybe I'm not clear on how easy it would be for people to collaborate and cover something like that up.

[akiselev]

Maybe read the indictments?

https://www.justice.gov/file/1080281/download

[singingboyo]

Well, nothing in there suggests direct manipulation of voting machines, which was the core point.

I think that somewhat proves my point - it's not clear to me that 'posting comments online' or 'paying news outlets to write specific stories' are or should actually be crimes. More directly stealing documents from election networks is - and was caught.

[vertexFarm]

I think it would be more strange if our elections were not hacked--given how lax our election security is, plus how much there is for nefarious actors to gain. Maybe not hacked to the point of outright ballot stuffing, certainly not 100% of polling places are hacked, but I think contemporary election rigging is a more subtle, multi-pronged effort. The baffling way we've structured our elections makes it so only a few key areas need to be the focus of effort for attackers. We've really made it easy for them.

In any case, the likelihood that our democracy is intact and working as intended is virtually zero. There's obviously social engineering in play, if you count that as hacking. I think it counts; it's a way for a small minority to steer democracy in a way contrary to the legitimate wishes of the populace. Combined with other shady techniques, no single cause is enough to say for sure our elections are stolen. But all together I think it qualifies as rigged.

Go vote anyway, though. At least make it more difficult to spoof by increasing legit turnout. I really hope we have good participation this year.

[wowzap]

Guessing or using social engineering to get into a Campaign manager's email account is easier than executing a hack across hundreds of counties in a different country.

Palin's email account was hacked in 2008... do we think that election was hacked as well?

[zaroth]

> I know it sounds like conspiracy theory bullshit

That’s the clue you should rethink this.

[r00fus]

It didn't even need to be all the counties. Just the intersection set of (most vulnerable, least funded, key electoral battlegrounds) to run up the numbers slightly over the state MOE.

[Bartweiss]

> no one... thought he would get close to winning

The devil is in the timing, there.

Relying on pre-election polling is not a safe way to predict an election outcome, and has been badly wrong on quite a lot of occasions. Relying on pre-election punditry is even worse, since it's not only inadvertently biased but actively spun to promote certain outcomes. And relying on anecdote or acquaintance reports... sample bias aside, if you had friends or coworkers who voted for Trump, would they have admitted that openly?

Slightly better, we can look at exit polling to see how people claim they voted. At a glance, 2016 exit polling suggested far higher totals for Clinton than we saw, which is suspicious. But exit polling has systematic biases, and simple percentages have been increasingly unhelpful for several successive elections. The Kerry v. Bush exit polls, for instance, skewed towards Kerry in 28 states and Bush in 4. [1] In particular, 2016 exit polls massively oversampled college graduates in an election where a major factor was non-college Democrats breaking right. [2] Fortunately, we get enough demographic data on exit polls and vote counts to correct for some of this stuff in hindsight. It's not perfect, but what we find is that corrected exit data looks far more like the actual vote count than naive exit polls did. [3]

If we want to look for evidence of direct vote manipulation, a surprising election outcome isn't sufficient. There are much more specific things we should expect to see. Broadly, I can think of two dichotomies here: digital attacks (probably systematic and likely foreign) vs. physical attacks (probably local and domestic), and widespread versus swing-state manipulation.

For digital attacks of any kind, we'd expect to see a discrepancy in outcomes between networked electronic votes and other (non-networked or analog) votes. Fortunately, Jill Stein's recount initiative offered useful data: we have both paper and digital vote counts in Wisconsin and Michigan. The counts don't match precisely, of course, but studies found no evidence of any skew towards one candidate. Vote totals also don't appear to have had meaningful digital/paper discrepancies or departures from voter roll counts, which precludes other attacks like generating extra votes in red-leaning districts. [4]

For physical-access hacks, hard evidence would be much less obvious but statistical evidence would be much more obvious, unless we invent a conspiracy capable of traceless, coordinated physical action across the country. This is the sort of thing we did see in 2000, with thousands of votes from specific districts and even specific polling places vanishing. But the unexpected Trump vote counts were widespread and geographically consistent. Trump voters overall mirrored normal Republican demographics, but geographic results and exit poll counts alike show that the biggest changes were a rightward shift among white non-college Democrats, who are heavily overrepresented in the states which unexpectedly broke for Trump. Forging this sort of neat demographic shift ought to be basically impossible, because you couldn't plan the appropriate adjustments until after you had nationwide vote counts in hand. [5]

The hard part of manipulating a US election wouldn't be screwing up a few Symantec machines, but doing enough to change the outcomes without leaving extensive evidence of what was done. It's not enough to say that the outcome was a surprise compared to predictions or that Russia has good hackers, we'd at minimum need to see some kind of actual gap between the results and what people put in ballot boxes and told pollsters they'd chosen. I haven't seen anyone make a decent case for that.

[1] https://www.vox.com/policy-and-politics/2016/11/8/13563308/e...

[2] https://www.nytimes.com/2018/03/29/opinion/2016-exit-polls-e...

[3] http://www.pewresearch.org/2018/02/15/commercial-voter-files...

[4] https://www.washingtonpost.com/news/monkey-cage/wp/2017/06/0...

[5] http://www.pewresearch.org/fact-tank/2016/11/09/behind-trump...