U.S. election security stalls as experts demand long-unaddressed cryptographic fixes

By willowt // 2025-07-18

Mastodon

Parler

Gab

Copy

Voting systems remain vulnerable due to unresolved 2006 security flaws, including a lack of cryptographic safeguards.
A former auditor reveals how outdated machines enable vote duplication and ballot tampering.
A 2020 Michigan voting error highlighted how technical glitches amplify distrust.
New York proposes blockchain, but experts argue simpler fixes could suffice.
Hackers at DEF CON identify election risks too late to address before major elections.

In 2006, software engineer Michal Pospieszalski analyzed voting machines for the Election Science Institute and discovered a critical flaw: no end-to-end cryptographic proofs to verify votes. Nearly two decades later, Pospieszalski, now CEO of cybersecurity firm MatterFi, says this vulnerability persists, leaving American elections open to tampering. Describing the iVotronic machines — still widely deployed — Pospieszalski told Decrypt that votes “could be counted hundreds or thousands of times” because machines lack serialization to track ballots uniquely. “You could just run the same ballot through 10 times,” he said, emphasizing the ease with which duplicates could inflate totals without detection. The solution, he argues, is simple: adopt Chaumian blinded serialization, a decades-old cryptographic technique that assigns anonymous, traceable codes to each ballot. This method prevents double-counting and ensures a cryptographic tally matches physical and digital records. “The core problem is solved with software,” he said, criticizing overreliance on complex solutions like blockchain.

A case study in chaos: The 2020 Antrim County glitch

In 2020, Pospieszalski forensically analyzed a baffling vote swing in Antrim County, Michigan. The county’s ballot definitions were misconfigured, briefly reversing vote totals — reporting 2,000 votes for Donald Trump then flipping to Joe Biden before correcting. While human error caused the mix-up, Pospieszalski warned the incident worsened public trust in systems already distrustful. “Technical errors feed conspiracies when there’s no transparency,” he said. His analysis also found “ballots that were too identical to be real,” pointing to possible injection fraud though no evidence of remote hacking. The episode underscored the urgency of cryptographic safeguards. “We’re still using software from the 2000s,” said Joe Hall, Chief Technologist at the Center for Democracy and Technology, who advocates for updates to “prehistoric” systems.

State bills and DEF CON: Hype vs. hard fixes

While New York’s Assemblyman Clyde Vanel proposed a bill to study blockchain for election security, Pospieszalski dismisses such “complexity” as unnecessary. “All we need is simple, verifiable counting,” he said, criticizing lawmakers for chasing fads over proven fixes. Meanwhile, DEF CON hackers annually uncover voting machine vulnerabilities — this year finding “multiple pages” of risks — but fixes often take years to implement. “You can’t patch systems a month before an election,” said Information Technology-ISAC’s Scott Algeier, citing certification delays. The lag leaves vulnerabilities unaddressed just as foreign adversaries grow more brazen: in 2024, Russian hackers targeted U.S. election infrastructure, and Trump’s campaign faced an alleged Iranian breach.

A path forward: Legislation or market pressure?

Pospieszalski insists the answer lies in mandates, not voluntarism. “Vendors won’t act without state or federal laws requiring upgrades,” he said. He advocates for phased deadlines, pushing jurisdictions to adopt cryptographic proof systems by 2028. California’s Los Angeles County has partially implemented ballot serialization, but most jurisdictions lag. “The real test is whether legislators value security over convenience,” said Pospieszalski. Without action, he warns, “2024’s disinformation will look minor compared to what happens in 2028.”

Time running out for trust in democracy

As the 2028 election looms, the stakes are high. Experts agree: U.S. elections are alarmingly insecure. Yet fixes like cryptographic proof systems — designed over two decades ago — remain sidelined by bureaucratic inertia, vendor resistance and partisan polarization. Without urgent action, democracy’s bedrock — the integrity of the vote — will erode further. As Pospieszalski poignantly noted: “You can’t expect trust if voters don’t know whether their votes count.” The question is no longer whether changes are needed, but whether lawmakers have the will to act before the next national crisis. Sources for this article include: Decrypto.co VerifiedVoting.org Decrypto.co Politco.news