Responding to cyberattacks on our electoral system
Irina Raicu is the director of the Internet Ethics program at the Markkula Center for Applied Ethics at Santa Clara University. Views are her own.
Last month, as part of the Democracy Project (a collaboration between the Ethics Center and The Atlantic magazine), we asked more than 20 contributors to address the impact of technology on democracy and to suggest opportunities for improvement. Four of them (lawyers, cybersecurity experts, and journalists) zeroed in on the need to upgrade voting technologies.
Last week, Bloomberg published a report detailing the fact that “Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. … In all, the Russian hackers hit systems in a total of 39 states…”
As that report’s authors and others have pointed out,
[s]uch operations need not change votes to be effective. In fact, the Obama administration believed that the Russians were possibly preparing to delete voter registration information or slow vote tallying in order to undermine confidence in the election. That effort went far beyond the carefully timed release of private communications by individuals and parties.
One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks.
Of course, we also have an opportunity now to build on this newfound knowledge and use what we have learned. The contributors to The Democracy Project highlighted some concrete, specific steps that we should take.
In an article first published by The Atlantic on May 10, security expert Bruce Schneier argued that, while voters should be able to register online, “[t]he voter rolls need to be protected from tampering.” He added, “We need national security standards for voting machines, and funding for states to procure machines that comply with those standards.”
Moreover, he wrote, “This means no Internet voting. … We simply can't build an Internet voting system that is secure against hacking because of the requirement for a secret ballot. This makes voting different from banking and anything else we do on the Internet, and it makes security much harder.”
In another article published on that same date, the deputy director of the Democracy Program at NYU’s Brennan Center for Justice, Lawrence Norden, pointed out that “a huge percentage of America’s voting machines must be replaced before the next presidential election, if for no other reason than they have reached the end of their lifespans.” He wrote that voting machines need to be more secure and generate paper records that should be sampled in an auditing process; he added,
Making our voting systems more secure doesn’t have to cost a lot of money. These two low-tech solutions would provide Americans with something security experts have been urging for years: “software independent” voting systems, or systems where an “undetected change or error in its software cannot cause an undetectable change or error in an election outcome.”
In subsequent entries in the series, Cindy Cohn (the executive director of the Electronic Frontier Foundation) also called for risk-limited audits as part of “standard election procedure” and pointedly observed that “[i]f the Nevada Gaming Commission can establish detailed audit requirements for Keno, we can certainly do the same for our democracy”; journalist and author Dan Gillmor, too, wrote that “Congress should require standardized voting systems around the nation.”
Nation-wide standardization would be a new development. As cybersecurity professor Matt Blaze explained in a recent blog post titled “How to Hack an Election Without Really Trying,”
US elections are highly decentralized affairs, with each state responsible for setting its own standards and procedures for registering voters, casting ballots, and counting votes. … In most states, the elections themselves are run by local county governments…. There are just over 3000 counties in the US.
This decentralization is both good news and bad news for election integrity and security. The good news is that there is no "one stop shopping" for an attacker who wants to compromise voting systems across the country (although it may be sufficient to compromise only a relatively small number of carefully-selected counties to tip a close race). ... The bad news is that county governments are typically funded by local taxes, with election offices competing with essential services like road maintenance and public safety for resources. More often than not, they are stretched thin, and may not even have their own full-time dedicated computer security specialists on staff.
He added that
[v]oting system software--from every major vendor--is notoriously insecure and plagued by exploitable vulnerabilities. ... But compromising a county voting office's network (as the attack last fall attempted to do) bypasses the need to even exploit these kinds of vulnerabilities. …
We generally think of election integrity as being a matter of preventing things like altered vote tallies and "ballot stuffing". That's the classic threat posed by, say, a dishonest candidate who wants to "steal" a public office. But a hostile state actor -- via an intelligence service such as Russia's GRU--might be satisfied with merely disrupting an election or calling into question the legitimacy of the official outcome.
So, will we learn from the recent disclosures and adjust our election system faster than hostile state actors will adjust so as to exploit its weaknesses to maximum effect? A parenthetic comment from Blaze’s blog post should alarm us: in discussing the vulnerabilities of voting systems software, he wrote, “See, for example, the security reviews done for California and Ohio a decade ago; not much has changed since then.” Clearly, while those vulnerabilities might not have changed, the likelihood that they (and others) will be used against us has. Policy makers need to listen to the experts, and all citizens need to demand the funding to address this key issue, too.
Photo by Joe Shlabotnik, used without modification under a Creative Commons license.