There’s never a good time, politically speaking, to raise questions about our voting system’s vulnerability to hackers. But we can no longer avoid the issue.
Bloomberg News reported this week that the US government determined that Russian hackers penetrated the voting systems in 39 states in the weeks leading up to the November 2016 election. The hacks did not involve changing votes — typically they were forays into voter registration databases — but in at least one case, in Illinois, the hackers tried to delete voter data, Bloomberg reported.
US officials complained to the Russians, who denied involvement, but President Obama decided not to alert the public, because he didn’t want people to lose faith in the system.
To this day, President Trump’s aides suggest that Democrats who call for an investigation into Russian hacking are sore losers. But the evidence that Russia attempted to influence our 2016 election has become unignorable. In January 2017, the CIA, FBI, and NSA jointly released an assessment that Russia used cyber tools to influence American public opinion (specifically, to “denigrate Secretary Clinton”).
And the Bloomberg piece was only one of several bombshells about compromised American voting systems to land this month. The Intercept obtained an NSA document that described in detail how Russian military hackers — not amateurs — mounted a phishing attack against an unnamed voting software supplier, then used information it obtained to try the same with local government officials. What the hackers obtained was unclear — and, again, the interference seems to have fallen short of changing votes. Still, the Intercept wrote, “Russian hacking may have penetrated further into US voting systems than was previously understood.”
Finally, Politico reported the alarming story of how a curious security researcher discovered last year that Kennesaw State University’s Center for Election Systems had left unprotected, on its website, computer files essential for running Georgia elections. Expecting to download a few PDFs about the center’s work, he found himself in possession of registration databases, pollbook software, and instructions to election workers about logging in to registration systems — passwords included.
He reported the vulnerabilities to the center, but several were not fixed as of this March, so he went to the media. Georgia is preparing for a special runoff election this month that has turned into the most expensive House race in US history. If you were a hacker looking to undermine American politics, you couldn’t pick a better election.
Securing our elections from bad actors is not a partisan issue, and should not be treated as such. It is true that our decentralized, precinct-by-precinct system would make a coordinated national vote hack a massive undertaking. But given that our elections usually come down to a few predictable states, swaying even a national election is not as hard a task as it once seemed. Sowing chaos at the district or precinct level appears to be within hackers’ current capabilities.
We need to put partisanship aside, and bolster election security as soon as possible — certainly by the 2018 midterms. Speaking as someone who studies computer security and has served in technical adviser roles in election commissions and secretary of state offices in Rhode Island and Connecticut, I offer the following recommendations:
1) Establish audit capability in every precinct
That means — strange as it may sound in this digital era — reestablishing paper trails. Many precincts attempt post-election audits, but many do not. What’s more, many audits are not vigorous enough to establish with confidence that no interference has occurred. This is something we can, and should, fix immediately. In Connecticut, audits are required by law. Five percent of districts are selected and an electronic audit of the paper ballots is conducted to ensure they match the totals established by the voting machines.
Other states are moving to embrace that standard, but not fast enough. In Rhode Island, which currently lacks audits, legislators have introduced a bill to mandate them. Audits and paper trails should be universal.
2) Ditch direct-recording electronic voting machines (DREs)
This will help with the auditing problem. DREs are used in a number of states, including swing states such as Georgia, Pennsylvania, Wisconsin, and Florida. Ironically, some of these machines were acquired in the wake of the “hanging chad” debacle of the 2000 presidential election, with the goal of modernizing voting systems. But these machines often do not have voter verified paper trails (i.e., paper ballots), which makes audits impossible. DREs were a bad idea from the start, and the experiment needs to end.
3) Implement stronger safeguards for online registration systems
Many states are switching to electronic pollbooks. Poll workers can log in to them and verify that a voter who shows up at a precinct is registered and eligible. By breaking into these systems — as seems to have already happened, to some degree — and changing data, hackers could wreak havoc on Election Day. With a few clicks, hackers could unregister voters, change their mailing addresses, or misspell their names.
It would be even easier to unleash a distributed denial of service (DDOS) attack on a poll station —overwhelming a crucial server with traffic and preventing poll workers from connecting to the registration database. That could halt voting altogether. The recent news reports conclusively show that states are not sufficiently protecting these systems. We have the knowledge to do so; it’s a question of focusing on the problem and supplying the needed resources and experts. And this is yet another case where paper can be an effective defense: If poll workers have hard copies of voter rolls, they can keep working even if their database connections get blocked.
4) Discourage online voting — at all costs
A total of 32 states allow at least some voters to send back marked ballots via a web-based-portal, email, or fax — insecure means of communication. And the MOVE Act (Military and Overseas Voter Empowerment Act) mandates that all states have a mechanism to allow ballots to be sent to voters in military by electronic means. But it is all too easy to adopt someone’s identity online and thereby get a blank ballot. There must be additional measures put in place to ensure that ballots requested online are going to the right people. (Even checking signatures could help.)
As for allowing votes to be cast online, computer security experts are essentially unanimous in arguing that it should never happen. No states should allow votes to be submitted electronically, period.
5) Strengthen the chain of custody
In the context of an election, a strong chain of custody means safeguarding the ballots, as well as the election-related software and hardware used. The public should be confident that the ballots and election machines are secure from the moment of their creation until the tally is finalized at the Board of Elections. Machines must be kept under literal lock and key, given that computer scientists have demonstrated that they can install a new chip into a voting machine, and alter its software, in about a minute. When software is first installed, a “hash” can be applied —essentially, a digital fingerprint that changes if the software has been altered. This is just one example of many protections that security experts with technical expertise can implement.
6) Give states more money
To pay for these necessary changes, funding is needed at the state level. There has not been major funding for election reform since the Help America Vote Act of 2002, which disbursed $1.3 billion to 42 states, American Samoa, and the District of Columbia. This law also established the Election Assistance Commission. Although the EAC does not have federal regulatory authority, it provides a needed mechanism to assist states in identifying, evaluating, and adopting new security standards. With the right resources and experts, the states have a better chance to execute the goals I’ve outlined here.
We tend to forget our cybersecurity history. Russia has been hacking the US since the ’80s. And the more they uncover fresh vulnerabilities in our systems, the more aggressive they will be. As former FBI Director James Comey told the Senate Intelligence Committee this month, “They will be back.”
We must be ready when that happens. Right now, we aren’t.
Suzanne Mello-Stark is an associate teaching professor at Worcester Polytechnic Institute in Worcester, Massachusetts, and has served in technical advisory roles to the election commissions and secretary of state offices in Rhode Island and Connecticut.
The Big Idea is Vox’s home for smart discussion of the most important issues and ideas in politics, science, and culture — typically by outside contributors. If you have an idea for a piece, pitch us at firstname.lastname@example.org.