Will Democrats' 'virtual caucuses' in Iowa be crashed by Russian hackers? We'll see

Another day, and yet another opportunity arises for Russia to continue finding ways to exploit American democracy and openness.

The Iowa Democratic Party just announced a new way for registered members to participate on the state’s caucus night. The goal is to make sure “that every Democrat in Iowa, regardless of physical condition, weather, job schedule or personal reasons, has a way to help select the party's nominee for President of the United States.” An online “virtual” caucus — that counts. If there were ever an opportunity for mischief, this will be a supreme test.

So, will the Iowa experiment be a groundbreaking exercise or a monumental disaster? In the words of a famous Zen master, “we’ll see.”

If there is anything the last two years of investigations, data breaches and privacy assaults has taught us, it’s that there is no such thing as perfect security. Everything is vulnerable. Everything. How vulnerable depends upon the persistence and resources of the adversary. With enough time and money, anything can be hacked.

ADVERTISEMENT

Is there any doubt Russia will attempt to influence the Iowa Caucus results? Not in my mind. This is the next fertile ground waiting to be plowed by evolving Russian tactics. But I said influence, not interfere. Words mean things. Except when they don’t. The indictment of twelve Russian intelligence officers brought two words to the forefront — interference and influence. The special counsel investigation and Congress have wrangled as to whether Russia “interfered” in our election. Or was it “influenced”?

The nuance might seem like a distinction without difference, but it matters. There are a variety of ways Russia and their intelligence officers could meddle in the process and muddy the waters. The goal isn’t to stop the voting or cause disruption. The true goal of almost all malign influence operations emanating from the Kremlin is to seed doubt and foment discord.

As Iowa and the Democratic National Committee look to new ways to increase participation, they should look to West Virginia and Estonia for some important lessons. West Virginia became the first state to use online voting that made use of blockchain technology. Estonia, on the other hand, has been using online voting since 2005.

Blockchain was introduced in 2008 when the mysterious Satoshi Nakamoto published a white paper, “Bitcoin: A Peer to Peer Electronic Cash System.” While originally created to support the new cryptocurrency, additional uses were devised around 2014 and the number of blockchain solutions began increasing rapidly. Don and Alex Tapscott, authors of the book “Blockchain Revolution,” defined it as “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.” In a democracy, there a few things with more value than the vote.

West Virginia’s experiment was designed to help overseas voters and deployed military service members. The convenience of using a mobile phone to vote securely has appeal. Imagine soldiers firing up their smartphones, authenticating in a few seconds, and casting a vote to defend the very freedom for which they are deployed. It beats the laborious, and frustrating, process of mailing absentee ballots.

Depending on where a solider is stationed, it might take as little as four days from South Korea, or as long as 25 days from Cameroon. Current hotspots like Afghanistan and Iraq aren’t much better, at 20 days for both theaters.

Estonia’s move was more prescient. Two years prior to a sustained cyberattack attributed to Russia and the removal of a bronze statue, Estonia had moved online for much of the government services, including voting. According to the official Estonia government site, 30 percent of Estonians use ‘i-Voting’ and 95 percent of public services are online 24/7.

In an apparent reference to the problematic voting systems being used, especially in the United States, the site claims “Internet voting, or i-Voting, is a system that allows voters to cast their ballots from any internet-connected computer anywhere in the world. Completely unrelated to the electronic voting systems used elsewhere, which involve costly and problematic machinery, the Estonian solution is simple, elegant and secure.”

This is made possible by the issuance of a government-approved ID card or mobile ID. While fairly easy in a country of 1.3 million, it becomes more problematic in a country of 330 million with 50 states, 3,142 counties or equivalents, the District of Colombia, five territories and 19,429 municipal governments.

Which leads us to how Iowa will roll out this new way of participating in caucuses online.

ADVERTISEMENT

In order to take this important electoral event virtual, the Iowa Democratic Party (IDP) hopes to prevent virtual caucus members from also participating in the in-person precinct format — to prevent double-voting. The two methods under review are by phone and smartphone. You can do the old-school call-in, or the new-school login via a mobile app. A system also is being created to allow a paper trail regardless of participation method.

Yet, the move to online voting isn’t close to being widely adopted. Security fears, and new methods of manipulation, are stalling many efforts. Even computer scientists aren’t fans of cyber voting. Ron Rivest, a computer science professor at the prestigious Massachusetts Institute of Technology, summed up his opinion quite succinctly: “My recommendation is to have all voting be done on paper.”

A couple of decades ago, in the urge to be environmentally friendly, grocery stores began asking “paper or plastic” of their shoppers. That morphed into “paper or plastic” as a form of payment — cash or credit. 

Will Iowa be the vanguard of a new, more modern voting system in which digital identities are secured on a national ID card and backed up by a paper trail?

As the Zen master said, we’ll see.

Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. He previously worked as a senior adviser in the U.S. State Department Antiterrorism Assistance Program and as senior law enforcement adviser for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.