We Must Act Now to Protect Against Russian Cyberattacks on State Voting Systems in 2018
By Nick Knudsen
Updated 4:17 PM ET, Tue February 20, 2018
Voting is the foundation of every democratic system. The corruption or ineffectiveness of voting infrastructure is inherently corrosive to a democracy’s foundation, and can lead to degradation of faith in the accuracy of the results, to compromised elections, and even to fraudulent outcomes.
American voting systems were in fact compromised in 2016, and could be compromised again during the critical 2018 midterms unless measures are taken immediately to safeguard against attacks from Russia and/or other nefarious actors who would politically benefit from further US destabilization.
There are draft bills in the House and Senate that aim to bolster election integrity by upgrading vulnerable election infrastructure. It is critical that these measures pass with enough time to complete upgrades prior to the midterms. This article will outline: 1) why and how American elections are vulnerable to attack; 2) the solution proposed by Congress, and; 3) an overview of actions that citizens can take to apply political pressure and help ensure passage of these measures and helpful state-level measures.
The Director of National Intelligence and the heads of the NSA, CIA and FBI all testified last week before the Senate Intelligence Committee that Russia did attack the 2016 election, that the attack has continued, and that they will attack the 2018 midterms.
Dan Coats, the Director of National Intelligence, testified that “[t]here should be no doubt that Russia …views the 2018 midterm elections” as another opportunity to conduct an attack. CIA head Mike Pompeo said, “I have every expectation” Russia will meddle in our 2018 mid-terms. And recently, Secretary of State Rex Tillerson said that “the Russians are already meddling in the 2018 elections.”
One form of potential cyberattack would be a disruption of state voter databases during the 2018 elections. If databases were altered to change registration statuses, Americans could arrive at the polls on election day unable to vote. The Department of Homeland Security has confirmed that the Russians attacked the voter registration rolls of 21 states and penetrated several, including Illinois and Arizona.
But perhaps our greatest vulnerability lies with voting machines themselves. DHS has confirmed that Russia has managed to hack a major election machine vendor.
A comprehensive report of the Congressional Task Force on Election Security, (the “Task Force Report”) sponsored by House Democrats, was released last Wednesday. The report detailed how all major voting machine models have been subjected to testing via “hackathons”, to determine whether results can be manipulated remotely. All tested models have been easily hacked in a relatively short period of time.
The Report also described the complete lack of regulation faced by voting machine vendors, who typically construct their machines using component parts that are manufactured in foreign countries – parts that can create “back doors” into machines’ programming and functionality.
The most vulnerable machines are entirely electronic, leaving no paper trail whatsoever. Given all that has been learned about Russia’s ongoing intent to manipulate US elections, it is imperative that – to the extent machines are used – all machines at least leave a paper trail that can be used to audit the results and determine if there has been interference.
Yet, one in four US voters vote on a machine without a paper trail. And of those with a paper trail, a significant number rely on a print-out the voter receives, while the election supervisors do not have any paper trail with which to conduct an audit.
Proposed Congressional Legislation to Address Vulnerabilities
Conducting elections is the responsibility of states and local entities and the federal government has limited authority to mandate how they are conducted. However, states cannot be expected to combat cyberattacks from sophisticated enemies like Russia without substantial federal assistance. So, House Democrats have proposed the Election Security Act (“ESA”) to implement the recommendations put forth in the Task Force Report.
Paperless machines are the most problematic and urgent focus of Congressional election reform efforts. The ESA would provide $1 billion this year to incentivize replacement of paperless voting systems with a combination of hand-marked paper ballots, electronic tabulators (aka “optical scanners”), and automatic post-election audits using the paper backups. The bill would also provide for better communication between federal agencies and the states, as well as a hardening of security around state voter databases (which have already proved incredibly vulnerable).
The ESA is similar to a bipartisan Senate bill, the Secure Elections Act (S.2661) introduced in December, which would provide funds to incentivize states with paperless voting systems to switch to those that provide an auditable paper trail and to perform post-election audits. This bill would also require prompt reporting to states from the Department of Homeland Security regarding any cyberattacks on their voting systems. (It took DHS almost a year to report the Russian hacking that occurred to state election systems in 2016.)
Many election integrity experts and activists would likely go farther than these bills do – advocating instead for the gold standard of hand-marked paper ballots and bi-partisan hand-counting of results, with an observed, secure chain of custody for the ballots as they are processed. There is evidence that the optical scanners that read and tabulate paper ballots are in fact also hackable, so indeed hand-counting should be the long-term north star for voting in our democracy.
Still, even though the proposed bills in the House and Senate do not go so far as incentivizing hand-counting of ballots, transitioning from hackable voting machines without a paper trail to paper ballots processed by optical scanners and automatic audits of the paper ballots would be a vast improvement, as the audits go a long way to mitigate the risk that scanners may become compromised. Progress, in this case, cannot be the enemy of perfection. The clock is ticking.
What You Can Do
- Call your Senators and urge the swift passage of the Secure Elections Act (S . 2661).
- Call your House Representative and urge swift passage of the Election Security Act.
- The Center for American Progress has surveyed all 50 states and graded them on how well they have hardened their systems against cyberattack, including having voting machines with an auditable paper trail. Look up your state in the CAP study.
- Call your Secretary of State and your representatives in the state legislature and tell them it is imperative that they fix the flaws in your state’s election infrastructure prior to the 2018 midterms.
- Consider writing a letter to the editor to local newspapers stressing the urgency of hardening the state voting systems against cyberattack.
Election security should be Americans’ top priority, but more noise and outrage will be required to move the needle. Constituents who care about preserving the foundation of democracy must prioritize and push for a hardening of our election infrastructure. We have to ensure that every state and precinct employs a voting methodology that leaves an auditable paper trail. Our very democracy may be riding on flipping Congress in November, and free and fair elections are far from guaranteed. Hopefully that scares Americans – and by proxy Congress – into action.
Nick Knudsen is a writer and activist based in Portland, Oregon. Find him on Twitter @DemWrite.