This story was originally published by Reveal from The Center for Investigative Reporting, a nonprofit news organization based in the San Francisco Bay Area. Learn more at revealnews.org and subscribe to the Reveal podcast, produced with PRX, at revealnews.org/podcast.
When New Jersey voters go to the polls this November to choose a replacement for Gov. Chris Christie, the technology they use will be woefully outdated and vulnerable to cyberattack.
Virginia election officials decertified a handful of that state's fundamentally insecure voting machines ahead of its own gubernatorial election this year. Some of those models will be the primary avenue through which Garden State residents select their next governor.
Looming over these decisions: reports that the Russian government embarked on a large-scale campaign of cyberattacks to infiltrate America's election system in states across the country in 2016. While there is no evidence those intrusions resulted in altered vote tallies, some cybersecurity experts believe it's likely hacking attempts will intensify.
New Jersey's voting machines aren't simply hackable - they also leave no independently verifiable paper trail. The devices record votes directly onto hard drives, which can be digitally altered. Without physical evidence of each voter's decision, it might be impossible to verify the vote total and detect fraud.
New Jersey is one of five states that exclusively use paperless machines. Ten others use some mixture of those devices and paper ballots, affecting not just local races, but potentially the presidential vote as well.
Of New Jersey's 21 counties, 18 use a voting machine called AVC Advantage. It is used widely across only one other state, Louisiana, along with two counties in Pennsylvania. And there's a good reason for that.
In 2007, Princeton University computer science professor Andrew Appel wanted to see how difficult it would be to hack vote totals on the AVC Advantage without leaving a trace.
He discovered the design of the machines' circuit boards made hacking votes relatively easy. Appel said he even watched one of his students pick a machine's lock "in about seven seconds."
Attacks like the ones tested by Appel do have some limitations. Since voting machines aren't networked together, hacking a single device only allows someone to change the votes recorded on that device. Pulling off a large-scale hack would require having physical access to a large number of voting machines.
Nevertheless, without a verifiable paper trail, it's essentially impossible to know if election attacks are occurring, regardless of how difficult they may be to accomplish.
In 2005, the New Jersey lawmakers passed legislation mandating all voting machines used in the state produce voter-verified paper ballots, but that rule has never been enforced.
The reason New Jersey lags behind some other states is largely financial. Paying for election equipment is the responsibility of county governments, and that can be prohibitively costly.
Lawmakers in California, which uses a mixture of paper ballots and paperless machines, passed a bill earlier this year providing $450 million to upgrade the security of the state's outdated voting system. A report by the state Legislative Analyst's Office noted that in one instance, county election officials were forced to purchase a replacement part on eBay because the voting machine manufacturer was no longer making new components.
In New Jersey, Assemblywoman Elizabeth Maher Muoio introduced a bill in February mandating that new voting machines purchased by the state use paper ballots. The bill stopped short of requiring that machines currently in use be replaced due to funding concerns.
"We don't set dates for replacing the machines," she said. "We're not mandating that by Jan. 1, 2018, you must replace your machines, because we don't have money attached to it."
Funding could come from the federal government, as it did when Congress gave New Jersey $16.8 million under the 2002 Help America Vote Act, which the state used to buy its current crop of machines.
Even then, there was pushback against paperless devices. Appel remembers warning election officials about the dangers, "but they went ahead and purchased these machines anyway," he said.
Funding is a problem across the country. A 2015 report by the Brennan Center for Justice at the New York University School of Law found that jurisdictions in 31 states hoped to purchase new voting machines in the next five years, but officials in 22 of those states said they did not know where money for these upgrades would come from.
Appel said state officials in New Jersey, such as Division of Elections Director Robert Giles, haven't done enough to push state lawmakers to appropriate money for the cause.
"Giles is just not interested in the possibility of recounting the paper trail. He's the one most responsible for holding New Jersey back," Appel said. "The Legislature has been willing to work on these issues and pass good bills. It just requires some amount of leadership from the executive branch, which has never been there."
Giles and other New Jersey election officials did not respond to multiple requests for comment.
The heightened awareness around election tampering inspired the organizers of the 2017 hacker convention DEF CON to launch the Voting Village, a room at the convention filled with electronic voting machines on which hackers were invited to do their worst.
DEF CON hackers found previously undiscovered vulnerabilities within minutes. For example, all of the voting machines on display were supposed to be secure from being breached wirelessly. Yet one cybersecurity expert was able to gain wireless access to a voting machine within 30 minutes by exploiting an unpatched vulnerability in its outdated version of Windows.
The news coming out of DEF CON was a wake-up call to election officials in Virginia, who ordered the state's information technology agency to commission a study on the security of its voting machines.
The agency's review found the machines were vulnerable to hacking. "In each of the systems the potential for loss of vote is significant as none of the machines appear to produce paper audit trails during the voting process," agency officials wrote.
In a memo last month, the Virginia Department of Elections decertified all electronic voting machines that don't provide a secure and auditable paper ballot record. Among them: the three machines also used in all but one New Jersey county.
While deliberate hacking is a concern, the lack of a paper trail also significantly complicates efforts to detect more innocent vote-counting mistakes. In 2011, a series of human errors in configuring AVC Advantage voting machines in Cumberland County, New Jersey, led to the wrong candidates for the Democratic Executive Committee. Luckily, only a few dozen people had cast ballots.
Some experts argue the paper trail is the single most important technology for providing election security. That's a big reason why paperless voting machines, which were popular in the immediate wake of the Bush vs. Gore election debacle and subsequent federal funding infusion, have fallen out of fashion.