John Odum is the Montpelier city clerk and a certified ethical hacker.
The term โQ-Dayโ doesnโt mean much to most people, but itโs a term we may all come to know within the next decade, and it doesnโt hurt to think about it in terms of elections.
Q-Day is the hypothetical moment at which a powerful computer can break the public-key cryptography, the encryption system that secures much of todayโs digital infrastructure โ think the HTTPS in your web address, virtual private networks and secure logins. Some computers will be able to explore many possibilities at once in a coordinated way, potentially yielding dramatic increases in computing speed and enabling algorithms that break current encryption.
If โ when โ that day arrives, which could be as early as the 2030s, many existing security systems may no longer be trustworthy. Encrypted communications could be intercepted or forged, and users could be impersonated in a computer session. This is going to necessitate a transition to quantum-resistant security methods.
The changes in a post-Q-Day world arenโt so much where systems are vulnerable, but how easy it is to take advantage of those same points where we already have to watch out for vulnerability, and to what scale. Web-based user access, authentication and data handling โ these are already the places a determined hacker would target today.
The difference is that those attacks at present require more effort and targeting, and often depend on some degree of user error, through phishing or malware. If the protections provided by modern encryption, specifically transport layer security, which is a sort of wrapper around internet communications that keeps them unreadable to prying eyes, are weakened by this breakthrough in quantum computing, that barrier drops, a lot. An attacker may no longer need to trick a user or compromise a device. Instead, they could quietly intercept or alter communications in ways that are much harder to detect.
In Vermont, our election system relies on paper entrance checklists printed ahead of election day rather than electronic ones like those used in so many other states. This means they are protected from any real-time manipulation of the statewide voter database. Even if an attacker gains access to the statewide election management system through a compromised connection, any changes they make during the day will not be passed along to the polling place. Voters will still be checked in based on the paper list. Voting can proceed normally.
This doesnโt eliminate risk. Attackers may be able to alter voter records at the state level, interfere with same-day registration workflows or mess with election night reporting. They could hijack a session and introduce inconsistencies into the system that become apparent only after the polls have closed. The election can proceed smoothly on the surface, while underlying data problems accumulate quietly in the background. The problems may be small, even seemingly trivial, but they could show up with processing same-day registrations, updating voter data and entering voter participation, as examples.
But even all of these have paper backup, should a problem arise.
Weakening of transport layer security does amplify these already-existing risks because it undermines a basic assumption: that a secure-looking web session can be trusted. Without that assurance, that administrative interface becomes a more exposed and attractive target.
Itโs a different kind of challenge than what you think of as a Hollywood hack. Rather than causing an immediate operational issue, a successful attack will be more likely to sow confusion, create an increased workload for clerks, and lead to the potential erosion of confidence from the clerks themselves, their staff or poll workers. Discrepancies between paper records and the central database voter records would need to be investigated and resolved, placing greater importance on audits and reconciliation procedures. Again, stuff we already need to do.
So, to address this in a Q-Day world, the idea is that the systemโs resilience depends less on preventing all possible intrusions, although we should obviously always be doing that, and more on ensuring that any unauthorized changes can be detected, traced and corrected using the accurate and authoritative paper records. It also means clearly defined contingency plans are that much more important, so that clerks can recognize when something is wrong, disconnect and stick to manual processes.
Again, in simple, straightforward terms, the overall effect of Q-Day wonโt be introducing new vulnerabilities, but magnifying some of the ones that already exist โ ones that can be mitigated through good old-fashioned analog methods and good procedural fundamentals.
And when that all works, the whole election works.
Vermontโs reliance on paper at the polling place is our strength. It eliminates the ability of an attacker to affect actual voting in real time and ensures there is a reliable, independent record of who voted. At the same time, it places greater weight on securing physical administrative access and on maintaining strong post-election verification processes and audits.
So weโre in a pretty good place. Sure, there are always going to be tweaks any state could make to improve, but overall, itโs a good position to be in to weather the coming storm.
