According to indictments released last week by Special Counsel Robert Mueller, Russian intelligence officers successfully breached voter registration databases during the 2016 election. This echoes the Senate Intelligence Committee's findings in a preliminary report on Russian interference in the election, which stated that Russia was "in a position to, at a minimum, alter or delete voter registration data" for a small number of states. The fact that a hostile foreign power had this capability is chilling, as voter registration databases may be our election system's greatest vulnerability.
Last month's California primary elections included a troubling incident at Los Angeles polls, where a printing error resulted in over 118,000 voters being left off registration rolls. This mistake was enough to cause confusion and endanger individuals' ability to cast a ballot -- the actual number of people who simply opted not to vote when told they were not on the rolls is impossible to estimate. What if, on the eve of this November's election, a state discovers that a cyberattack has removed millions of voters from its rolls?
A cyberattack on registration rolls has the potential to significantly damage the integrity of an election in two distinct ways. First, a targeted removal of a block of several thousand voters likely to support one candidate could effectively swing a close election. Second, a broad attack that purges an entire state's registration database could endanger the ability of an election to functionally proceed. Both scenarios threaten to do permanent damage to the integrity of and trust in our electoral system.
There are a range of measures to improve election security that states should undertake immediately to protect voter rolls. These include regular and independent backups, conducting audits to confirm tampering has not occurred, advanced training for staff with access to registration databases, building firewalls between personal and office electronic activities, and requiring many layers of authentication before a person is permitted access to a voter database.
States should also proactively consider measures that aren't directly designed to protect against an attack on voter rolls but could effectively prevent or mitigate harms. A select number of states maintain decentralized registration databases, which could make a major attack much harder. It's worth further analysis to assess whether decentralization would be an effective countermeasure, and any trade-offs of such an action.
Another possible measure is election day registration that would allow anyone purged from rolls to simply re-register. But presently, states with election day registration typically expect a small number of new registrants at polls. Before pursuing such a policy to counter an attack on voter rolls, states need to seriously examine capabilities to handle requests on a larger scale (as would likely follow a major cyberattack on voter rolls).
Third, early voting and mail-in voting could provide a timely "warning" for individuals who expected to be on voter rolls but were removed by a cyberattack. Some states already provide these options (Oregon, Washington, and Colorado hold all-mail elections, and California will institute the practice starting this year), but these systems were designed to add convenience, not serve as a large-scale remedy for a cyberattack on our election system. We need to determine how these systems would fare in an emergency situation, what challenges would emerge, and what other effects need to be expected and accounted for.
One final ominous but critical measure that all states need to undertake: Prepare for the worst. Part of good planning for both cybersecurity and elections is anticipating contingencies. It might be unpleasant, but entities overseeing elections should have plans for what to do next if a major attack succeeds.
Election officials should "war game" the effectiveness of their current planned responses. For example, provisional ballots are a common backstop when individuals face problems casting a ballot, but they are typically used by only a small number of individuals (generally between 1 and 2%). Could they be effective if deployed for a major portion of all voters? If not, what changes need to be implemented to make such a measure effective? States should also consider broadening laws that permit it to respond to public security emergencies, to account for attacks on their election systems. These types of laws can sometimes provide added flexibility to respond to unanticipated events.
Finally, we need more poll workers, and we need to ensure that everyone taking on this role is well-trained. Poll workers are the foot soldiers of functional elections. Election boards need to make sure that they have enough well-trained individuals on hand to effectively respond to a crisis.
The litany of items to undertake and policies to carefully examine in augmenting election security may be daunting, but it is a necessary undertaking, and with a broad and vigilant set of stakeholders involved, ensuring election security is a goal we can achieve. Our democracy depends on it.
- How to secure US elections from future hacking
- Paul: Putin will never admit to election hack
- Ex-WH liaison: Easy to hack election websites
- States add intrusion sensors to election systems to thwart hacking
- Russia may hack our elections. Can we stop it?
- President Trump, your top security priority should be election security
- DHS assisting with election security in Alabama
- Make our elections a lot more secure
- Reality check: Need action on election security
- Perez on Trump's approach to election security