Will tech fix election vulnerabilities before November?

Will tech fix election vulnerabilities before November?
© Greg Nash

Imagine this headline on November 7, 2018, post Midterm Election Day: "Tech Companies Succeed where Election Meddlers Fail."  Unlikely as this headline may seem, that is the measure by which tech companies will be judged after the election.

America's democracy faces a daunting challenge: fending off cyber-attacks launched in 2016 across a variety of social media platforms, interfering with the integrity of our electoral process. Since then, tech companies have faced more than seven Congressional hearings, new privacy legislation in California, and criticism in the media, compelling them to take action against “bots” and coordinated disinformation campaigns online.

Despite these steps, tech still faces the specter of federal regulation — which will only intensify if Democrats in Washington perceive tech’s efforts as too little, or too late.


With the midterms closing in and Democrats seeking to capitalize on over 40 toss-up GOP seats and take control of the House, the stakes for tech companies are sky-high.

Since the 2016 election, Democrats have placed a high priority on election security and integrity. Early on there was hope that Congress would act in a bipartisan way to protect the most sacred of our Constitutional rights. While this effort failed, the expectations are that a Democratic majority in 2019 will take action.

In response to concerns about election meddling, tech companies have taken steps to secure their networks against similar tactics. Silicon Valley companies are on a hiring spree for security consultants, white hat hackers, and content reviewers. “Bug bounty” programs have paid out tens of millions of dollars to freelancers who participate in crowdsourced security testing.

While these steps are intended to limit companies’ exposure to breaches or manipulation, they also serve as proof points to demonstrate that the industry takes seriously the threats posed by misuse of tech platforms — a message that will need to be amplified in Washington.

Despite the steps companies have taken so far, malign activity is still making its way into Americans’ social media feeds.

Earlier this summer, Russian accounts launched a cyber-attack aimed at three Democratic congressional campaigns. Networks of accounts originating in Iran were dismantled after companies discovered “coordinated inauthentic behavior.” These new examples of foreign actors manipulating social media to sway American audiences reinforces concerns that the upcoming election is still vulnerable to these tactics.

Industry will need to clearly communicate to policymakers how it is stepping up to address these challenges.

Evolving tactics to hack or imitate social media accounts, create “deepfake” videos that put an agitator’s words into the mouth of a public figure, and spawn bot accounts that act like real commenters will continue to challenge companies and generate concern among lawmakers.

Regardless of whether they stop hackers in this election-cycle, tech companies need a long-term, comprehensive plan to stop interference the United States' democratic process, or the spread of disinformation from internal and external sources. Until they address this problem — to the satisfaction of their users and lawmakers — they will face a significant threat to their business models from Washington.

Nadeam Elshami is policy director at Brownstein Hyatt Farber Schreck, a lobbying law firm whose clients include Synack, a hacker-powered cybersecurity company. He was formerly chief of staff for House Minority Leader Nancy Pelosi (D-CA). He has 25 years of experience in Congress, including negotiating policy on behalf of Democratic leadership and forming bipartisan relationships that helped move key pieces of legislation through a gridlocked Congress.