In 7 Months, 90% of Americans Will Vote on Easily Hackable Machines That Leave No Evidence of Tampering
This is not how democracies handle elections.
In a federal courtroom in Atlanta in January 2024, a Princeton computer scientist named J. Alex Halderman walked up to a Dominion voting machine and demonstrated what you can do with a ballpoint pen and a $20 card reader from Amazon.
He pressed the power button with a ballpoint pen for five seconds. The machine rebooted into Android Safe Mode, giving him superuser access. He slid in a counterfeit smart card he built for less than $30 in parts. He installed malware. The malware hid itself from the machine’s audit logs. If someone had done this to a real machine in a real election, Georgia’s post-election health check would have shown nothing wrong.
All of this happened in federal court, on the record, in front of a judge.¹
Dominion issued patches to fix the vulnerabilities. Georgia’s Republican-controlled legislature refused to appropriate the money to install them. As of this month, Georgia will almost certainly run the November 2026 midterms on the same unpatched machines Halderman demonstrated in that courtroom, and the source code those machines run has been publicly available online since January 2021, when Trump supporters walked into a Georgia election office, handed computer technicians working for the campaign direct access to the equipment, and the software ended up published on the internet.²
Every attacker studying Georgia’s system since then has had the blueprints.
Three private companies control the machines that will count roughly 90% of American votes in November.³ ES&S, headquartered in Omaha, holds somewhere between 50 and 60% of the market alone, with equipment deployed across roughly 40 states.⁴ Liberty Vote, the company that bought Dominion in October 2025 when Republican election official Scott Leiendecker acquired it and rebranded it, covers another 25 to 30%.⁵ Hart InterCivic handles most of the rest. All three are private companies, accountable to shareholders rather than voters, with no legal obligation to disclose security breaches, no requirements to open their source code for outside scrutiny, and no oversight to allow independent researchers through the door.
Since 2017, security researchers at DEF CON’s annual Voting Village have put voting machines in a room and documented what they find. Every year, they have compromised every machine they tested. In 2017, an ES&S machine running Windows XP fell to a remote WiFi attack using a vulnerability that had been publicly known since 2003.⁶ In 2019, researchers found 20 known vulnerabilities in a single Dominion scanner.⁷ In 2024, Harri Hursti, who has co-organized the Voting Village since its founding and has spent two decades examining American voting infrastructure, reported multiple pages of new findings on machines currently in active use across the country.⁸ Machines from every major vendor have been in that room. The findings went to secretaries of state. The machines went back into service.
Matt Blaze holds the McDevitt Chair in Computer Science and Law at Georgetown University. He has examined voting systems for decades and testified before the House Committee on House Administration in 2020. His assessment: every current voting system that has been examined is terrible in some way and probably exploitable.⁹ He described finding the kind of elementary security mistakes you would expect a student to catch, and said he was at a loss to explain how any of these systems survived whatever process certified them as secure.
The federal government certifies voting machines through the Election Assistance Commission, which contracts the actual testing to two private laboratories, SLI Compliance in Colorado and Pro V&V in Alabama.¹⁰ The companies whose machines need testing pay those laboratories, and non-disclosure agreements bind the labs to the companies they test, so test plans and results are treated as trade secrets. The Government Accountability Office found in 2007 that the certification standards had vague and incomplete security provisions and inadequate security testing, and that the agency stored certified software copies in file cabinets.¹¹ The federal government did not substantially update those standards until 2021. The first machine certified under the new standards was approved in July 2025. Every other machine running in November has not been tested against them.¹²
When researchers have tried to examine the machines independently, the companies responded with lawyers. ES&S sent letters to election jurisdictions in 2018 warning it would sue them if they provided equipment to DEF CON’s Voting Village.¹³ Hart InterCivic sued Texas to stop counties from replacing its paperless machines with paper-trail systems.¹⁴ In Georgia, Dominion’s vulnerability report sat sealed in federal court for nearly two years while the identified vulnerabilities went unpatched.¹⁵ The Brennan Center for Justice put it plainly: vendors face fewer federal regulations than the companies that make colored pencils.¹⁶
There is a concept in election security called software independence, developed by MIT’s Ron Rivest and NIST’s John Wack in 2006.¹⁷ A system is software-independent when an undetected change in its software cannot cause an undetectable change in election outcomes. A paper trail makes a system software-independent, but a paper trail only catches anything if someone checks it, and no federal law requires anyone to check.
About 98% of votes in America now run through paper in some form.¹⁸ Georgia conducts all in-person voting on ballot-marking devices that print a paper summary of your choices. Studies show fewer than 7% of voters read what the machine printed before submitting it.¹⁹ If the machine altered your selections on the printout, you almost certainly would not notice. The paper sits there, unchecked, because risk-limiting audits, the statistical method that catches discrepancies with mathematical certainty, carry no federal mandate anywhere in the country.
Congress tried to change this. The SAFE Act passed the House in June 2019 by a vote of 225 to 184, with one Republican yes vote.²⁰ It would have required paper ballots, mandated risk-limiting audits, and banned internet-connected voting systems. Senate Majority Leader Mitch McConnell refused to bring it to the floor. He announced this the day after Robert Mueller testified about Russian interference in American elections. Similar bills died in 2020, 2021, and 2022.²¹ The federal government has never passed a law requiring a paper audit trail on a voting machine. It has never passed a law requiring anyone to check whether the count is right.
In the Senate, every Republican but one voted to keep it that way.
In October 2025, Scott Leiendecker, a Republican election official from Missouri, bought Dominion Voting Systems and rebranded it Liberty Vote.²² State election officials across the country reported no immediate changes to contracts or equipment. The machines Halderman demonstrated in federal court, the ones Georgia’s legislature chose not to patch, now belong to a Republican operative, running elections in Georgia and more than a dozen other states, seven months before a midterm election that will determine control of Congress.
Louisiana remains the only state conducting elections entirely on paperless machines, devices that produce no physical record of any kind. Every vote cast in Louisiana disappears into software a private company owns and controls.²³
Governors can fix this today using powers they already have. A state of emergency declaration requires no legislative session, no committee vote, no floor debate. It requires one official willing to sign their name to address an obvious problem with a common sense solution using powers and resources fully at their disposal.
Every state legislature that is still in session can pass a law requiring hand-marked paper ballots and mandatory risk-limiting audits before certification. Contact your state representatives and demand it. Eighteen states have already mandated risk-limiting audits.²⁴ The rest have the roadmap. And for states where the legislature is out of session, or where the votes simply aren’t there, the governor’s emergency powers exist for exactly this situation: when the normal process cannot move fast enough to meet the threat.
This is not a novel standard. Germany counts paper ballots by hand, in public, on election night, and publishes results before midnight.²⁵ Canada runs its federal elections through Elections Canada, a fully independent agency that answers to no political party, no private vendor, and no sitting government.²⁶ The Netherlands hand-counts every ballot in public view.²⁷ These countries did not stumble into these systems. They made a decision that elections belong to the public, and they built their infrastructure accordingly.
That is what democracy looks like.
And this is what we demand from our governors: a declaration that the machines counting your votes are an urgent matter of public safety, and an order to fix it before November.
That won’t give republican states free and fair elections but it can at least ensure down ballot races are valid and legitimate.
Soft Secession: 100 Policies That Pass Booklet — free downloand
Toppling Tyrants: A Field Guide to Dismantling American Fascism — physical copy / free download
Grab Them By The E.A.R.R.: How to Get Politicians to Do What You Want — physical copy / free download
Conservatism: America’s Personality Disorder — physical copy / free download
Intro to Soft Secession — physical copy / free download
Oppositional Federalism and You — physical copy / free download
More Free downloads:
Being Dangerous: Go From Activist to Operative
Soft Secession: 100 Policies That Pass
All Four Completed Model Legislation Bills
The Opposition Guide to Tax Warfare
Six-Panel Soft Secession Brochure
Works Cited
¹ Halderman, J. A. (2023, June 14). Security analysis of the Dominion ImageCast X. Princeton Center for Information Technology Policy. https://blog.citp.princeton.edu/2023/06/14/security-analysis-of-the-dominion-imagecast-x/; Atlanta Journal-Constitution. (2024). Expert shows how to tamper with Georgia voting machine in election security trial. https://www.ajc.com/politics/witness-shows-how-to-tamper-with-georgia-elections-in-security-trial/
² PBS NewsHour. (2026, March). Georgia was going to dump voting machines that Trump hates until things got complicated. https://www.pbs.org/newshour/politics/georgia-was-going-to-dump-voting-machines-that-trump-hates-but-then-things-got-complicated; Votebeat. (2022, March 2). Why the debate over a computer scientist’s Dominion report is so heated. https://www.votebeat.org/2022/3/2/22959221/alex-halderman-dominion-report-georgia-bmd-lawsuit/
³ Penn Wharton Public Policy Initiative & Verified Voting. (2017). The business of voting. https://verifiedvoting.org/wp-content/uploads/2021/05/the-business-of-voting-single-page.pdf
⁴ Beckett, L. (2019). The market for voting machines is broken. This company has thrived in it. ProPublica. https://www.propublica.org/article/the-market-for-voting-machines-is-broken-this-company-has-thrived-in-it
⁵ Spotlight PA. (2025, October). Dominion Voting Systems sold to GOP official in surprise deal. https://www.spotlightpa.org/news/2025/10/dominion-voting-systems-sale-liberty-vote-election-security-elections/; CNN Politics. (2025, October 9). Former GOP election official buys Dominion Voting Systems. https://www.cnn.com/2025/10/09/politics/dominion-voting-systems-bought-election-ballots
⁶ DEF CON. (2017). DEF CON 25 voting machine hacking village report. https://defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf
⁷ Georgetown Law Technology Review. (2019). Researchers at DEF CON release report describing vulnerabilities in election equipment. https://georgetownlawtechreview.org/researchers-at-def-con-release-report-describing-vulnerabilities-in-election-equipment/GLTR-11-2019/
⁸ Nextgov/FCW. (2024, August). Researchers race to document voting machine vulnerabilities ahead of November. https://www.nextgov.com/cybersecurity/2024/08/researchers-race-document-voting-machine-vulnerabilities-ahead-november/398768/
⁹ Blaze, M. (2020, January 9). Testimony before the U.S. House of Representatives Committee on House Administration. https://docs.house.gov/meetings/HA/HA00/20200109/110346/HHRG-116-HA00-Wstate-BlazeM-20200109-U1.pdf
¹⁰ U.S. Election Assistance Commission. (n.d.). Voting system testing and certification program. https://www.eac.gov/election-technology/testing-certification-program-tc
¹¹ U.S. Government Accountability Office. (2007). Elections: All levels of government are needed to address electronic voting system challenges (GAO-07-741T). https://govinfo.gov/content/pkg/GAOREPORTS-GAO-07-741T/html/GAOREPORTS-GAO-07-741T.htm
¹² U.S. Election Assistance Commission. (2025, July 10). EAC announces first certified voting system to VVSG 2.0. https://www.eac.gov/news/2025/07/10/eac-announces-first-certified-voting-system-voluntary-voting-system-guidelines-vvsg
¹³ Whittaker, Z. (2019, March 27). Senators demand to know why election vendors still sell voting machines with known vulnerabilities. TechCrunch. https://techcrunch.com/2019/03/27/senators-security-voting-machines/
¹⁴ Votebeat. (2024, August 19). Tina Peters verdict shows where real election security threat comes from. https://www.votebeat.org/2024/08/19/tina-peters-election-security-threat-defcon-voting-machine-vulnerabilities/
¹⁵ Votebeat. (2022, March 2). See note 2.
¹⁶ Brennan Center for Justice. (2019). Report finds inadequate oversight of private vendors critical to election security. https://www.brennancenter.org/our-work/analysis-opinion/report-finds-inadequate-oversight-private-vendors-critical-election
¹⁷ Rivest, R. L., & Wack, J. (2008). On the notion of software independence in voting systems. Philosophical Transactions of the Royal Society A, 366(1881). https://doi.org/10.1098/rsta.2008.0149
¹⁸ Brennan Center for Justice. (2024). Some good news for Donald Trump: We already use paper ballots. https://www.brennancenter.org/our-work/analysis-opinion/some-good-news-donald-trump-we-already-use-paper-ballots
¹⁹ Appel, A. W. (2024, March). Testimony regarding touchscreen voting machines. Pennsylvania Senate. https://stategovernment.pasenategop.com/wp-content/uploads/sites/141/2024/03/Appel-PA-Senate-Testimony.pdf
²⁰ U.S. Congress. (2019). H.R.2722 - Securing America’s Federal Elections Act, 116th Congress. https://www.congress.gov/bill/116th-congress/house-bill/2722
²¹ Brennan Center for Justice. (2020). Voting machine security: Where we stand. https://www.brennancenter.org/our-work/analysis-opinion/voting-machine-security-where-we-stand-six-months-new-hampshire-primary
²² Spotlight PA, 2025; CNN Politics, 2025. See note 5.
²³ WAFB. (2026, March 2). Louisiana eyes $100M voting system overhaul, cites aging machines and paper trail gap. https://www.wafb.com/2026/03/02/la-eyes-100m-voting-system-overhaul-cites-aging-machines-paper-trail-gap/
²⁴ Appel, A. W. (2024). See note 19; Stark, P., & Lindeman, M. (2012). A gentle introduction to risk-limiting audits. IEEE Security and Privacy. https://www.stat.berkeley.edu/~stark/Preprints/gentle12.pdf
²⁵ Federal Returning Officer of Germany. (n.d.). Counting of votes. https://www.bundeswahlleiterin.de/en/
²⁶ Elections Canada. (n.d.). About Elections Canada. https://www.elections.ca/content.aspx?section=abo&document=index&lang=e
²⁷ Dutch Electoral Council. (n.d.). The counting of votes. https://english.kiesraad.nl/
As a database professional, and member of CFVI (Coloradans For Voting Integrity) I can unequivocally state:
You cannot have secure and verifiable election results without paper ballots!
As a computer database professional, there is NO way a DRE machine that does not produce a paper ballot can be trusted! A database "trigger" with a time marker can "flip" the tallies of any election, and no one would know!
Paper ballots alone should be the final determining factor of any election results.
This should alert/ alarm EVERYONE!