Our election systems’ vulnerabilities received unprecedented bipartisan and media attention from mid-summer onward, sparked by the apparently Russian origins of hacks into the Democrats’s communications systems. If tampering with the U.S. election process was a goal, then election technologies used for voter registration and vote tabulation, and the Internet itself, were hypothesized as additional potential targets. Further disclosures added fire to the considerable smoke.
While correction of U.S. election vulnerabilities may appear to be largely a simple matter of upgrading the election technologies, including voting devices and voter registration databases, that focus alone would be window dressing. It would conceal and permit continuation of a broad array of vulnerabilities warranting reassessment and remedy. Indeed, a full cyber risk assessment of our “mission critical” election processes would highlight a broad range of soft points that include many not yet a part of public and policymaker scrutiny. Outdated technology may appear to be the easiest correction, yet it is not. Other weak links in the process will defeat secure and resilient elections processes unless they, too, are redressed—like any weak chain.
1. IT audits & security assessments of election technologies operation: While responsible businesses routinely conduct IT audits and security assessments to determine performance weaknesses so they can be corrected, two major impediments exist for election operations. In procurement and licensing contracts with local and State election offices, voting system vendors forbid performance and forensic assessments even where the systems report highly questionable tallies—such as more ballots counted than voters.
Some have threatened lawsuits when local public officials have convened forensic reviews – such as when vote tallies in Venango County, Pa., reported multiple candidates with zero votes and discovered on the server an unauthorized program that permitted remote computers to log into the tabulation server and that had been used multiple times.
These contracts also often include clauses that the voting data is owned by the vendors – not the public – and so use this argument to bolster their barriers to technical performance assessments.
Thus, the vendors have sought to clamp an iron cover of contractual legal prohibitions to bar public investigation of anomalies and irregularities. Vendors have routinely threatened lawsuits against election jurisdictions or county governments for violation of alleged proprietary and contractual rights when the election officials simply seek to ascertain the correct vote tallies from ambiguous or questionable tabulation reports.
2. Barriers to election officials’ public disclosure of anomalies and defects. Vendors have long claimed their election technologies are “secure” and “accurate” as part of their marketing hype. When officials have discovered software or hardware defects that marred accuracy or security, and related this information publicly, their jurisdictions have often been penalized with steep price rises in the cost of brand-specific election supplies essential for conducting elections. In working with the Justice Department’s antitrust attorneys who sought to unwind the merger of the two largest voting system manufacturer/vendors, numerous election officials would cooperate only on the promise of anonymity as they widely knew of the financial penalties the vendors exacted for revealed defects. Chilling election official disclosures allows vendors to continue uttering their claim – while empirically false -- that no proof has established any successful attacks against an electronic voting system.
3. Justice Department activities including staffing, guidelines on preserving election evidence and election observers. Despite widespread deployment of electronic election equipment in election administrative activities, as mandated by Federal law in 2002 and 2010, the Justice Department’s Voting Rights section has continued the same types of activities, staffing, and guidelines as preceding the digital transformation. They possess laudable election law expertise but the staff as a whole remains bereft of technical capability -- though statutory law vests the Department with enforcement of voting system standards, election security, and voting rights. Its guidelines to election offices on what elections records must be retained have not been updated since the 1990s and are well out of date for protecting the public’s right to accurate, provable election tallies free of (now electronic) ballot box stuffing.
Federal election observers who are to report on and help to preserve voting rights do not include those proficient in voting systems technical security, nor those who are expert in election cybersecurity risk management. It’s as if a search for fatal bacteria were conducted using the untrained naked eye. To shoulder and fully exercise its powers and duties to assure accurate, secure elections free from hacking and insider mischief, DOJ must ensure that scientific facts about computers and their security issues are integral to its Voting Section activities.
4. Post-election auditing of election tallies. Statistically sound post-election audit methods have been shown capable of identifying tabulation problems in election equipment. While they cannot serve as a cure-all, audits offer one excellent timely barometer that can permit election officials and the public to learn of any counting problems and empower them to correct with alternative tabulation methods before certifying results. Voter-marked paper ballots are needed, as they cannot be falsified by hacking methods. A highly respected guide to best practices for post-election ballot auditing has been generated by nonprofit experts working with noted academics, so jurisdictions need not re-invent the wheel. However, fewer than half of the States currently conduct any post-election auditing, and the processes in many who do still far fall short of assuring accurate election tallies have been reported.
Cybersecurity experts counsel their clients that it’s not a question of whether you will be hacked but when, and how seriously your operations will be harmed. Resilience is the ultimate goal – when knock-downs are not knockouts but cause only a momentary loss of unessential operations and no permanent injuries occur to critical data or systems. Election resilience must be the objective. Reaching resiliency entails far more transparency and quality assurance steps than currently authorized. While work must ensue to conduct thorough election cyber risk and resilience assessments, and to retool our processes and legal frameworks to meet digital challenges and the constant threat of electronic hacking, policymakers should not seek the quick fixes that will leave gaping holes. Nor should we hold election officials responsible for the defective insecure technologies with which they have been saddled in this cycle.
Candice Hoke is Founding Director of the Center for Election Integrity and Project Director of the Public Monitor of Cuyahoga Election Reform (2006–08); Research Team Leader for a portion of the California Top to Bottom Review of Voting Systems (2007); and pro bono consultant for structuring the Ohio EVEREST voting system review.
The views expressed by authors are their own and not the views of The Hill.