Elections are decentralized, most voters will use paper ballots and voting machines aren't connected to the internet.
With Russian hackers worming their way into Democratic political organizations and voter registration records in at least two states and Republican presidential candidate Donald Trump raising the specter that the election this year will be “rigged,” election officials are working overtime to reassure the American people that that’s a very—very—unlikely scenario indeed.
“There is so much worry about this and it’s really damaging if it keeps people from voting,” Tom Hicks, a commissioner at the Election Assistance Commission, told TIME. “The truth is, the voting process is the most secure it’s ever been.”
Merle King, the executive director for the Center for Elections Systems at Kennesaw State University and one off the preeminent election experts in the country, added that the prospect of the election being hacked by cyber ne’er-do-wells is “totally improbable.” “It just can’t really happen,” he said.
One reason is that our election system is highly decentralized. There are more than 9,000 polling places from sea to shining sea, each of which is overseen by its own staff and equipped with its machines—either paper ballots or one of several brands of electronic voting machine. Each precinct reports its results independently. There is no centralized, federal election board. There is no national voter database. There is no U.S. election infrastructure that can be infiltrated or hacked.
Another reason it’s unlikely that hackers could affect the election results is that more than two-thirds of voters—roughly 70% of voters, based on TIME’s calculations using 2012 voter turnout numbers and precinct data from Verified Voting—will use paper ballots on November 8. Those votes will be either counted by hand or scanned by an optical reader and are therefore not very susceptible to cyber intrusions. (There are other problems with paper ballots, of course—See “Chads, hanging”—although those issues aren’t new.)
The other, roughly 30% of voters who will use electronic voting machines are more vulnerable to traditional hacking. But even then, there are several safeguards in place. For one, voting machines are not connected to the internet, so hackers would have to physically access a voting machine in order to compromise it. While nearly every cybersecurity researcher in the country agrees that’s not technically difficult—many of these machines are more than a decade old and no more sophisticated than an arcade game—getting alone-time with each machine does create a formidable logistical challenge. Any hacker with national ambitions would likely have to recruit a passel of co-conspirators to fan out around dozens of precincts, a scenario that could raise suspicions among both workers and members of the voting public.
Even if a group of hackers were able to pull off such a stunt, many electronic voting machines—those serving roughly 10 million voters, again based on 2012 turn out numbers—have built-in back-up systems in place. Many provide a paper receipt for each vote cast, which can be verified by the voter and election officials if results are suspicious, or significantly different than exit polls.
From a hacker’s perspective, that leaves those electronic voting machines that do not provide a paper back-up as the prime targets. And, from an election official’s perspective, that’s a significant concern. Roughly 28 million Americans, again based on 2012 turnout numbers, will use electronic voting machines that do not have a paper back-up. Those machines are used primarily in Louisiana, Georgia, South Carolina, New Jersey, Delaware and Pennsylvania.
“That’s a weakness in the system,” said Malcolm Harkins, the chief security and trust officer at the cybersecurity firm, Cylance. He says that if sophisticated hackers had access to the right data—for example, information about which registered voters were most likely to cast a vote at which polling place, and how those those voters voted in 2008 and 2012—they could zero in on the most vulnerable precincts in swing counties in swing states. “You would have to do a significant amount of research, go after the right databases, and it would still be a little bit of guess work,” Harkins said. “But, theoretically, it would be possible to determine, say, that the seven schools that are polling places in counties A, B, and C are pivot points for that state. It’s improbable, but it’s possible.”
“But at this point, the question is one of risk assessment,” he cautions, “How worried should we be about a hacker affecting the result of the election? It would be very high impact, if it happened, but it’s very low probability.”
King, the election expert at Kennesaw State University, put it more bluntly. “It’s very far-fetched, actually,” he said. The more more worrisome threat, he added, is that these criminals affect Americans’ perception of the integrity of the election results. “If there was something that came up, even on a small scale, that compromised people’s perception of the legitimacy of this election,” he said, “that would be the worst outcome—that could be really terrible.”
As of now, public confidence is an uphill battle. According to recent Washington Post-ABC News poll, 63% of American voters believe that votes in this year’s presidential election will be counted accurately. That’s down from about 70% in 2004.