EDITOR'S NOTE: Justin Sherman, a student at Duke University, is a fellow at the Duke Center on Law & Technology at the School of Law, and a Cybersecurity Policy Fellow at New America.
Two weeks ago, Politico reported
on a Florida-based election software company that may be unwittingly involved in election security problems in North Carolina. The company was targeted by Russian hackers in 2016 and this effort may have given the hackers remote access to a computer in Durham County that managed a voter list management tool.
Now, North Carolina officials are delaying
approval of new voting machines for use in the 2020 elections—due to uncertainty over the ownership of the machine suppliers in question.
This underscores something that’s only recently come to the forefront of American attention: The abysmal state of election security in the United States.
Many countries still use paper ballots to count votes. But in the United States, this isn’t required by law. Many states use electronic devices to count votes in elections. And their security is terrible. At a 2018 conference, security expert Rachel Tobac showed
how easily one can gain administrative access to an electronic voting machine, in-person, in under two minutes. Dozens of kids,
at the same event, were likewise able to quickly gain illicit access to replica voting websites.
There is no evidence to date of Russia or any other country changing American vote tallies, but hacks
into voting systems are undoubtedly intended to undermine public trust in electoral processes.
Much work is needed to fix this situation. The National Academies of Sciences, Engineering, and Medicine wrote
last year that the U.S. should switch completely to a paper ballot system to “prevent bad actors from corrupting our electoral process.” Voting machine companies are now pushing
for better voting machine security as well.
But the problems with U.S. election security don’t stop at voting machines.
The 2016 election underscored the ease with which malicious foreign actors can hack into campaigns and steal sensitive information -- for example, both the Democratic National Committee and the Republican National Committee were hacked. In light of this, the Federal Election Commission recently approved
a nonprofit run by former campaign managers for Hillary Clinton and Mitt Romney to provide free cybersecurity services to political campaigns.
Ahead of another sure-to-be contentious election, it’s imperative the United States ensure the security of its electoral processes for all candidates. However, the situation is still dire. Many campaigns remain vulnerable; some even decline to comment
on whether they’ve taken basic cybersecurity measures.
This is all compounded by the risk of foreign influence campaigns into American elections. Misinformation propagated
by Russian bots ran rampant on Facebook, Twitter and other social media platforms during the 2016 election cycle. The same problem cropped back up
around the 2018 midterms. Yet many American citizens are not aware of the extent to which fake news from foreign actors can still spread online and social media companies still fall short when it comes to quickly and decisively handling such content.
What can we do? Many election decisions in North Carolina and elsewhere are made locally, so citizens can help their country by being vocal about these election security issues on the local and state levels.
Yet much of this comes back to federal-level action, and action on the part of campaigns and companies. This is where political pressure from the public really comes into play. Protecting elections and American democracy is an issue far bigger than party, and it’s important for the public to communicate that to their representatives.
Partisanship that brushes aside the state of U.S. election security is toxic and only serves to hurt our national security and contribute to diminished trust in public institutions.