Skip Navigation
Analysis

Addressing Insider Threats in Elections

There is an active effort to recruit rogue election officials to sabotage elections across the country.

Elec­tion offi­cials were some of the biggest heroes of the 2020 elec­tion. After a gruel­ing year that saw a pandemic, unpre­ced­en­ted disin­form­a­tion efforts, and the highest turnout in over a century, they stood up to pres­sure from polit­ical actors seek­ing to over­turn or cast doubt on the elec­tion results in key states. This collect­ive, bipar­tisan effort helped avoid a consti­tu­tional crisis last year.

But the effort to sabot­age our elec­tions has only intens­i­fied, which is why Congress and state and local govern­ments must take crit­ical steps to protect against insider threats.

Plot­ting an inside job

Unfor­tu­nately, almost one-third of Amer­ic­ans still believe the false narrat­ive that the 2020 elec­tion was stolen. Given this fact, we should­n’t be shocked that among the more than 8,000 local elec­tion offi­cials — and tens of thou­sands of addi­tional public and private sector employ­ees that support their work — there are some who will also buy into these conspir­acy theor­ies. In fact, there has been an active effort to recruit and convince elec­tion offi­cials to facil­it­ate these conspir­acy theor­ies and push the goals of elec­tion deniers.

There is reason to worry these efforts could gain trac­tion and follow­ers in the elec­tion offi­cial community. Follow­ing the threats, harass­ment, intim­id­a­tion, polit­ical pres­sure, disin­form­a­tion, and general exhaus­tion that elec­tion offi­cials faced in 2020, many are choos­ing to leave the elec­tion admin­is­tra­tion field alto­gether. In Pennsylvania, for example, nearly a third of all county elec­tion offi­cials left their posts between the begin­ning of 2020 and June of this year.

And in many cases, the people seek­ing to fill these open posi­tions are those who have been most activ­ated by the conspir­acies surround­ing the 2020 elec­tion and the most determ­ined to abuse their author­ity to ensure a differ­ent outcome in 2024. At least 10 candid­ates running for secret­ary of state and 8 running for attor­ney general have received former Pres­id­ent Trump’s endorse­ment because they backed his false claims that the 2020 elec­tion was ille­git­im­ate.

Regard­ing the endorse­ments, Trump’s spokes­per­son stated that the former pres­id­ent “notices when people are fight­ing for the truth about the Novem­ber elec­tion results.” In Wayne County, Michigan — home of Detroit — a new offi­cial respons­ible for certi­fy­ing results stated that he believes the 2020 elec­tion was inac­cur­ate and that he would not have certi­fied results. In Pennsylvania, elec­tion deniers recruited their follow­ers to run for local posi­tions that super­vise polling places and over­see vote count­ing.  

What happens if such people are entrus­ted with admin­is­ter­ing our elec­tions? We are witness­ing the first glimpses now. In Color­ado, a county clerk with connec­tions to prom­in­ent elec­tion conspir­acy theor­ists gave unau­thor­ized access to the county’s voting systems. This access allowed the unau­thor­ized person to copy the hard drives of Domin­ion voting equip­ment — a vendor targeted by many 2020 elec­tion conspir­acy theor­ists — and share the copies publicly to spread disin­form­a­tion. The secret­ary of state decer­ti­fied the county’s voting equip­ment and ordered the county to replace the machines before the next elec­tion, in part because the unau­thor­ized person leaked pass­words for the voting system soft­ware.

In Michigan, a town clerk who shared elec­tion conspir­acies on social media and who took office in 2021 refused to allow a vendor to perform routine main­ten­ance on a voting machine because the clerk falsely believed the main­ten­ance would erase old data that could prove the machines were rigged. When a cent­ral compon­ent of that machine went miss­ing, the state police opened a crim­inal invest­ig­a­tion into the clerk to locate the since-found equip­ment and determ­ine whether the equip­ment had been tampered with.

In Ohio, an indi­vidual inside a county commis­sion­er’s office connec­ted a private laptop to the county network, in an attemp­ted breach that state offi­cials believe a govern­ment employee likely facil­it­ated. While the connec­tion did not allow access to voting systems, and no sens­it­ive data appears to have been obtained, network traffic captured by the laptop was nonethe­less shared at a confer­ence hosted by prom­in­ent elec­tion conspir­acist Mike Lindell — the same confer­ence where inform­a­tion from the Color­ado breach was released. Offi­cials in both counties had previ­ously discussed base­less claims about the 2020 elec­tion with asso­ci­ates of Lindell.

These incid­ents may turn out to be canar­ies in a coal mine.

Stop­ping insider threats

Lawmakers and elec­tion offi­cials must act now to prevent such attempts to sabot­age elec­tion admin­is­tra­tion in 2022 and 2024. While insider threat risks have not received much atten­tion in recent years, they have been a cent­ral focus of secur­ity efforts in other sectors, and best prac­tices, such as these from the Cyber­se­cur­ity and Infra­struc­ture Secur­ity Agency, exist to prevent and respond to this activ­ity.

Among other things that can be done to both secure elec­tion systems from insider threats and build public confid­ence that those systems can be trus­ted, states and counties should take the follow­ing actions (and, where appro­pri­ate, provide the funds neces­sary to support such mandates):

  1. Restrict access to elec­tion systems. Elec­tion offi­cials should ensure that an indi­vidual only have access to crit­ical systems — both phys­ical and digital — if access is neces­sary for that indi­vidual to perform their offi­cial respons­ib­il­it­ies, and only to the extent that those respons­ib­il­it­ies require it (this is known as the “prin­ciple of least priv­ilege”). In addi­tion, elec­tion offi­cials should require all indi­vidu­als that access crit­ical systems to first complete a back­ground check. A recent regu­la­tion in Color­ado, for example, restricts voting system access to indi­vidu­als who have passed a back­ground check and are an employee of the county clerk, voting system provider, or secret­ary of state’s office. 

    Where possible, offi­cial proced­ures should require two people and/or bipar­tisan teams to be present when access­ing elec­tion systems, ballots, and elec­tion records. Elec­tion staff should also be on site with private vendors at all times.
     
  2. Estab­lish trans­par­ent proced­ures and monitor for inap­pro­pri­ate activ­ity. Trans­par­ency proto­cols helped offi­cials in Color­ado identify the source of leaked voting system inform­a­tion. A state invest­ig­a­tion found that the county clerk gave an unau­thor­ized person a key card, and this card was logged when the indi­vidual entered the elec­tion facil­ity. The clerk had also blatantly flouted another trans­par­ency meas­ure by turn­ing off video surveil­lance of the voting machines before the breach. But if the inform­a­tion obtained from the breach had not been discussed so publicly, it’s possible the state would have missed this activ­ity. 

    Elec­tion offi­cials must adopt and actively review trans­par­ency proto­cols to ensure that every person who accesses elec­tion systems is author­ized to do so. Fund­ing should be provided for elec­tion offi­cials to install key card access to facil­it­ies that hold voting systems, so that a log of every entry can be created. All elec­tion offices should be equipped with and require 24-hour surveil­lance of voting systems and ballots, that can be reviewed and compared with access logs in the event of unau­thor­ized activ­ity. Where possible, that foot­age should be stored for at least two years. Both the access logs and surveil­lance data should be made avail­able to the state, and state offi­cials should ensure that local offices have suffi­cient proced­ures in place to detect unau­thor­ized access.
     
  3. Remove and prosec­ute offi­cials and work­ers who actively under­mine elec­tion integ­rity. When offi­cials do discover wrong­do­ing, these indi­vidu­als must be held account­able. States have differ­ent processes for remov­ing elec­tion offi­cials. In some cases, the entity that appoin­ted an elec­tion offi­cial may simply fire that indi­vidual. In others, state offi­cials may hold power to remove elec­tion admin­is­trat­ors or strip them of elec­tion respons­ib­il­it­ies. Offi­cials may also seek permis­sion from courts to do so. State and local offi­cials, as well as their attor­neys, should be famil­iar with the removal options avail­able and be prepared to take the steps neces­sary to protect our elec­tion infra­struc­ture from insider threats.

    Where appro­pri­ate, law enforce­ment offi­cials should also pursue prosec­u­tion against elec­tion work­ers who tamper with or allow unau­thor­ized access to voting systems and elec­tion mater­i­als. State laws may require updat­ing to address this conduct. 
     
  4. Don’t forget the vendors. Private vendors are involved at every stage of an elec­tion, from regis­ter­ing voters to count­ing ballots to report­ing results. States can act now to estab­lish stand­ards on cyber­se­cur­ity, person­nel secur­ity, and supply chain integ­rity for their elec­tion vendors. Local elec­tion offices can also build in safe­guards through contracts when purchas­ing equip­ment and services. As a rule, vendors should be held to the same or higher level of stand­ards for access and trans­par­ency as county or state employ­ees. This can include back­ground checks and the require­ment to always have a state or county employee present when vendors access crit­ical systems. This can also mean restrict­ing or elim­in­at­ing remote access by vendors.

    In contrast to other crit­ical infra­struc­ture sectors, elec­tion vendors face little federal over­sight. The Free­dom to Vote Act, which is before Congress now, would change this by estab­lish­ing secur­ity criteria that private compan­ies must meet to qual­ify as elec­tion vendors that can receive federal funds.

Some of these solu­tions require stat­utory or regu­lat­ory changes, and items 1 and 2 will certainly require addi­tional resources for elec­tion offices. Congress should take a lead­ing role in provid­ing the ongo­ing fund­ing needed to keep elec­tions secure from all threats, includ­ing insider attacks. But states should also help fill the gap.

Finally, over the next year, it is vitally import­ant that we ensure the public under­stands the stakes for elec­tion admin­is­tra­tion in upcom­ing elec­tions. Across the coun­try, candid­ates are running now to be respons­ible for the 2024 elec­tion. Twenty-six states have an elec­tion for secret­ary of state in 2022, includ­ing Arizona, Color­ado, Geor­gia, Michigan, Minnesota, and Nevada. Voters will also select local elec­tion offi­cials in many states, includ­ing Color­ado, Michigan, Nevada, New Hamp­shire, Texas, and Wiscon­sin. These offi­cials will have a crit­ical role to play in ensur­ing (or under­min­ing) the demo­cratic process in 2024 and beyond.