Pick one word for how the Russians interfered with the 2016 presidential election. How about "distrust?" They used trolling, false stories, fake accounts, and cyberattacks to sow distrust among the American people.
And without a doubt, Russians and other adversaries are working hard now to spark anger, confusion, and conflict along economic, gender, political, and racial lines within our country.
While an effort to reduce confidence in our voting systems — the actual machines and processes we use to register voters and elect our leaders — was a factor in 2016, I believe it will be an even greater factor moving forward.
Why? Because it would be so effective. The objectives of campaigns like Russia's are to divide and demoralize the public, muddy discourse, and discredit and undermine whoever they see as opponents. What better way to do that than by delegitimizing the election results, particularly in hotly contested races where a small number of votes can make all the difference?
Luckily, we can do something about it — quickly and cost-effectively — by making "risk-limiting audits" a fundamental part of the election process. Just as most reputable businesses do audits as a matter of course, why shouldn’t we take reasonable steps to "trust and verify" our election outcomes?
After all, there are good reasons to be concerned about our voting systems. As a cybersecurity engineer with a specialty in voting systems, I'm concerned about the weak links. This includes the 14 states that rely upon electronic voting machines without paper backup, the use of wireless devices, and internet voting (most often reserved for voters who fall under the federal Uniformed and Overseas Citizens Absentee Voting Act.)
At the recent U.S. Election Assistance Commission Election Readiness Summit, Colorado Secretary of State Wayne Williams pointed to a new NPR/Marist poll saying that nearly half of the respondents lack faith that their votes will be counted accurately in the coming elections. Williams said, "There are really two goals in an election process. One, is to run it fairly and accurately. And the other, and just as important in many ways — is for the people to recognize that it has been done fairly and accurately."
It may come as a surprise, but risk-limiting audits are not particularly difficult or expensive to accomplish. In addition to the State of Colorado's experience with two risk-limiting audits, election officials from the City of Fairfax, Virginia, say they've found them relatively easy to implement.
And the states have access to funds. In March, Congress made $380 million available to the U.S. Election Assistance Commission for HAVA Election Security Fund grants to support election activities, including enhancements to election technology and other election security improvements. In addition, many in Congress have supported the Secure Elections Act, which would establish protocols for cyber threat information sharing between state election officials and the Department of Homeland Security. As a next step, I encourage the development of clear and consistent processes and standards for risk-limiting audits that can be shared across all states.
It starts with a paper trail
Access to paper voting records is essential for risk-limiting audits. “You have to have paper ballots that you can actually audit," says Secretary Williams. "Something a voter can verify. And then after the election we randomly select ballots from across every single polling place, every single voter, and every single county to say we're going to audit a certain number of ballots."
So enabling each state to work with paper ballots will probably be the single most expensive element — by helping those 14 states replace their electronics-only systems. I estimate this will be in the range of $250-300 million. But given the stakes, this is an entirely reasonable course of action.
The auditing process would happen quickly, in the hours (and at most days) following the election. By spot matching electronic and paper records with random samples, election officials can determine that the outcome is correct within a given risk level. With races involving wide margins, they can safely use relatively few samples. When the race is closer, it takes more samples to verify that the outcome is correct.
Eliminating a key element of the "distrust" puzzle
The American public must know elections are secure and transparent, and that the results are valid. Risk-limiting audits will help achieve that. The benefits are clear:
- Reports of hacked voting machines changing results can be promptly addressed, and false reports discredited.
- Audits will reassure the public that even if hacking did occur it didn’t change the election outcome.
- If hacking did change an election outcome, the audit will reveal that, too.
- Audits can go a long way toward eliminating the distrust caused by people repeatedly questioning whether voting systems have been hacked.
While risk-limiting audits are not a complete solution to foreign attacks on our electoral process, they will help increase our country's resilience against Russian and other foreign influence.
Most importantly, they will ensure confidence in a fundamental aspect of our democracy—our voting systems.
Marc Schneider is a principal cybersecurity engineer leading election security projects at The MITRE Corporation. He is a member of ACM and IEEE. Follow him on Twitter @MMarc703. MITRE operates the National Cybersecurity Federally Funded Research and Development Center to enhance cybersecurity and protect national information systems.