Nov. 9, 2017
It’s been almost a year since Election Day 2016, but the campaign news hasn’t stopped. Oct. 30 brought the first indictments in special counsel Robert Mueller’s investigation into possible collusion between the Russian government and the Trump campaign. On Tuesday and Wednesday, representatives from Facebook, Google, and Twitter faced congressional grilling over widespread Russian influence on their platforms. Also on Wednesday, the Wall Street Journal reported that the Department of Justice is considering charging Russian government officials for crimes related to the Democratic National Committee hack.
Amid the flurry, it’s easy to blur these conversations—especially because they all seem to feature Russia. But the election-hacking conversation desperately needs to be untangled. Whatever other revelations may come, it helps to remember that election hacking is really about three separate threats: hacking voters, hacking votes, and causing disruption or chaos.
Manipulating or hacking voters means influencing how a person will vote. The cybersecurity autopsy of the election shows pretty definitively that Russian agents attempted this. A January report from the FBI, NSA, and CIA stated that “Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls.’ ”
Tech companies are still investigating the reach of Russian-bought ads on their platforms, but it’s clear it was huge—Facebook estimates that Kremlin-linked content reached as many as 126 million users.
Many of these ads promoted divisive content, focusing on politically sensitive topics like race and LGBTQ rights. This conforms to what we know about Russian disinformation campaigns more broadly and their Soviet predecessors—they are about much more than influencing elections. As many experts have noted, dezinformatsiya is a classic Russian strategy to sow political and social discord.
Publishing embarrassing or incendiary emails can also be a part of manipulating voters. The idea that hacking and strategically releasing the private communications of campaigns, candidates, or other individuals could become a regular part of future elections makes this a nonpartisan cybersecurity concern and has sent some racing to bolster the digital defenses of campaign infrastructure. Leveling charges against those Russian agents specifically responsible for hacking the DNC is also part of deterring that behavior in future.
The second threat is of manipulated votes—essentially, that voting machines will be hacked. The Department of Homeland Security found no evidence that malicious actors successfully compromised any vote-tallying machines in 2016. However, a leaked NSA document from this summer shows that Russian hackers targeted and compromised a Florida-based voting-equipment vendor and then used the stolen credentials to target local election officials. Thankfully, the compromised vendor, VR Systems, doesn’t run any vote-tabulation equipment. However, its digital access and proximity to local election officials—who work with those who do program voting machines—is worrying.
For years, security researchers have been demonstrating that voting machines are vulnerable to attack. In 2015, it was revealed that the password to one type of machine used in Virginia was “admin.” After hackers successfully compromised machines and other voting equipment at this summer’s DEFCON security conference, Virginia announced it would decertify its paperless electronic machines ahead of Tuesday’s election. But electronic voting machines that have no paper trail are still exclusively used in five states. These are the most concerning, because there is no way to confirm the accuracy of the electronic tally after the fact.
The good news is that two straightforward steps would go a long way toward mitigating the vote-manipulation threat: establishing a paper trail for every vote cast and implementing statistically rigorous audits after every election that would compare the machine tally with the paper record. These two steps would make it extraordinarily difficult for any hacker to tamper with voting machines undetected.
Thankfully, these issues are getting legislative attention. In July, Sens. Amy Klobuchar, D-Minn., and Lindsey Graham, R-S.C., introduced an amendment to the National Defense Authorization Act of 2017. It would develop cybersecurity best practices—including for audits—and help states that follow them to purchase new voting machines that produce paper ballots. The house counterpart—the PAPER Act—was introduced with bipartisan support in September. The Klobuchar-Graham amendment probably has a better chance of passing, but it has yet to receive a vote in the Senate, and the PAPER Act is still in committee in the House.
The third election-hacking threat is the use of cyber means to cause disruption before, on, or after Election Day. Disruption has been attempted without cyber means—sometimes with elaborate schemes—but cyber capabilities could make disruption easier to pull off and, as a result, more likely to occur. An obvious target for disruptive efforts are e-poll books, digital logs used on Election Day to confirm voter identities. E-poll books were among the voting systems compromised by hackers at DEFCON’s summer exhibit.
Theoretically, tampering with voter logs by deleting or making registered voters’ names unrecognizable could cause confusion and impactful delays on Election Day. Ahead of the 2016 election, Russian hackers targeted at least 21 state election systems and successfully gained access to login credentials to voter registration systems in Illinois and Arizona. The PAPER Act, if passed, would produce studies on “best practices for storing and securing voter registration data.”
Understanding these three threats separately will help us respond as effectively as possible ahead of the 2018 elections. For one thing, knowing each threat model—what is possible and probable—is crucial for identifying low-hanging fruit, if there is any. (Remember, for hacking votes, that includes paper trails and risk-limiting audits.) For another thing, we’ll get further, faster, if we’re having the right conversations with the right people, because very different groups have power to make changes to address each threat. Facebook and Twitter may play a key role in flagging disinformation sponsored by foreign governments, but they are unlikely to handle any crisis response on Election Day. And it’s legislative bodies—state or federal—that need to overhaul our aging voting infrastructure and implement the kind of meaningful audits that should boost faith in election results.
Finally, we need to be prepared for when things go wrong. The part of our democratic system that can’t be easily patched, replaced, or switched for paper ballots is public confidence. The uncomfortable truth is that, sooner or later, hackers are probably going to succeed beyond what we’ve already seen. By no means does that mean they could alter the outcome of an election without anyone noticing. But in a future election, we could discover that hackers successfully tampered with a voter registration database or breached a vote-tabulation system. If that happens, it need not trigger a public crisis of faith. A compromised voter log doesn’t mean that thousands of key voters were brainwashed. Finding the breadcrumbs of an information operation doesn’t mean that our voting machines were hacked. After all, noncyber irregularities plague our elections year after year. While not all irregularities are created equal, we have learned how to be resilient to some, and we can learn to be resilient to new ones. They may simply be an inevitable feature of conducting elections in the digital age.