Out of fifty states in the nation, nearly half of them (21) were notified this week about hacking attempts which allegedly took place in the run-up to the 2016 election. It makes for some delicious looking headlines, but the substance of the story doesn’t quite merit all the hyperbole, at least from we’ve been told so far.

One of the chief points in the report which raises the heat level is the list of affected states. They include Florida, Pennsylvania, Ohio, Wisconsin and Virginia. These, as you will recall, were some of the most closely contested races and ones which produced results favorable to President Trump which took most pollsters by surprise. The news is also producing an outcry from Democrats wondering why it took nearly an entire year for us to hear about it. (Associated Press)

The federal government on Friday told election officials in 21 states that hackers targeted their systems before last year’s presidential election.

The notification came roughly a year after U.S. Department of Homeland Security officials first said states were targeted by hacking efforts possibly connected to Russia.

The states that told The Associated Press they had been targeted included some key political battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia and Wisconsin.

The AP contacted every state election office to determine which ones had been informed that their election systems had been targeted. While not all responded immediately, the others confirming they had been targets were Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Illinois, Iowa, Maryland, Minnesota, Oklahoma, Oregon and Washington.

So does this suddenly “vindicate” all of the Clinton supporters who still think that there’s no way that Trump could have possibly won? Were the reported election results fraudulent? Not even remotely. In fact, the report specifically states that this, “does not mean that sensitive voter data was manipulated or results were changed.” They go on to compare it to burglars circling the neighborhood looking for unlocked windows and doors, but not actually getting into anyone’s home.

Well… almost, anyway. Oddly, there are at least some indication that the Illinois voting system was “breached” by hackers, but there’s still no claim that they were able to change the vote totals. (And before you get too excited, Clinton carried Illinois by 16 points so it’s not as if it would have changed anything anyway.)

So why did it take an entire year to get this report out? While DHS is saying that they need to do a better job in communicating with the individual states, it doesn’t seem possible to do this in real time without essentially cutting your own throat in terms of investigating the attacks. As soon as the word gets out that you’re aware of an attempted breach, the perpetrators are alerted and can start trying to cover their tracks. Also, much like old school espionage, tipping your hand too quickly can tip off the bad guys as to where you’re getting your information and how.

So even if hackers connected to the Russians (or anyone for that matter) have been snooping around the system but thus far failed to get in, it seems as if it’s only a matter of time. The black hats are perpetually ahead of the white hats in the encryption world because, much like a physical structure, it’s always going to be easier to destroy than create when it comes to cybersecurity. So what do we do? Perhaps it’s time to take a more serious look at a suggestion made by both Glenn Reynolds and Michael Barone this year. Go back to paper ballots. That’s not to say we need to have them all stuffed into literal boxes by hand and counted that way, but every voting machine should be producing a paper trail which the voter can review before exiting the booth. And paper ballots can’t be hacked. (Okay… you technically could alter paper ballots one at a time but you couldn’t conceivably influence a national election that way and not be caught.) Regular audits of the paper ballots in areas with dubious looking results would be far more reliable and trusted by the public than any magical data manipulation surveys going on with no opportunity for public inspection.