Skip Navigation
Analysis

Congress Must Protect Against Threats to Election Administration

Our election infrastructure is resilient, but it’s facing down antidemocratic attacks from abroad and within.

January 21, 2022
A masked election worker rifles through a stack of paper ballots
Associated Press

The follow­ing is adap­ted from oral testi­mony given Thursday before the House Commit­tee on Home­land Secur­ity’s Subcom­mit­tee on Cyber­se­cur­ity, Infra­struc­ture Protec­tion, & Innov­a­tion.

The Novem­ber 2020 elec­tion was widely considered the most secure in Amer­ican history. But an anti-demo­cracy move­ment, fueled by the Big Lie, poses seri­ous threats to the secur­ity of elec­tions. Taking these threats seri­ously requires expand­ing upon recent improve­ments to elec­tion secur­ity.

In 2016, one in five voters cast their vote using a paper­less voting system. But in 2020, an estim­ated 96 percent of voters used voter-veri­fi­able paper ballots. In fact, no swing state used paper­less voting machines, and routine, stat­utory tabu­la­tion audits were performed in every swing state. None found discrep­an­cies that would have been suffi­cient to alter the outcome of the pres­id­en­tial elec­tion.

In addi­tion to this crucial move away from paper­less systems, the Cyber­se­cur­ity and Infra­struc­ture Secur­ity Agency expan­ded its collab­or­a­tion with state and local elec­tion offi­cials. It provided vulner­ab­il­ity test­ing and train­ings, shared inform­a­tion, and emphas­ized public educa­tion. For instance, in the fall of 2020, some Flor­ida voters received threat­en­ing emails in the guise of a domestic far-right group that has promoted viol­ence. The intel­li­gence community detec­ted the true source of the attack, aler­ted elec­tion offi­cials, and held a joint press confer­ence to let the public know the truth: the emails were actu­ally coming from mali­cious actors asso­ci­ated with Iran.

Elec­tion offi­cials adop­ted resi­li­ency meas­ures, such as stock­ing emer­gency paper ballots in case of machine fail­ure, to ensure voters could exer­cise their rights even when there were sporadic polling place prob­lems. And in some states, the many options for voting served as their own resi­li­ency meas­ure, against the pandemic. These options allowed voters to spread them­selves out among differ­ent voting meth­ods and days. But they also meant that money from Congress was crucial.

After this success, what lies ahead? The contin­ued lie that the 2020 elec­tion was stolen is not only under­min­ing the public’s confid­ence, it is also threat­en­ing elec­tion infra­struc­ture directly, through sham partisan reviews and increas­ing insider threat risks.

Sham partisan reviews can provide unmon­itored elec­tion equip­ment access to biased, uncer­ti­fied partis­ans. In fact, decer­ti­fic­a­tion or decom­mis­sion of equip­ment has been neces­sary after multiple sham reviews across the coun­try. Ballot secur­ity breaches have been another damaging effect.

Anti­demo­cratic forces are also under­min­ing a once broadly shared commit­ment to compet­ent and nonpar­tisan elec­tion admin­is­tra­tion.

Many elec­tion offi­cials commit­ted to fair elec­tions are resign­ing or being pushed out, in the face of myriad attacks and pres­sures.

Moreover, given that almost one-third of Amer­ic­ans still believe the Big Lie, it would not be surpris­ing if some elec­tion offi­cials, or the employ­ees and vendors who support their work, them­selves buy into elec­tion conspir­acy theor­ies. Unpre­ced­en­ted amounts of money are being spent in campaigns for elec­tion admin­is­tra­tion jobs, with elec­tion deni­al­ism — for and against — being treated as a key issue.

What happens if elec­tion offi­cials and person­nel fall victim to elec­tion false­hoods? We are witness­ing the first glimpses now: In Color­ado, a county clerk with connec­tions to elec­tion conspir­acy theor­ists gave unau­thor­ized access to the county’s voting systems. Photos of pass­words for the voting machine soft­ware then ended up online. Other access breaches have occurred in Ohio and Michigan.

These secur­ity risks are alarm­ing, but they can be mitig­ated.

It should go without saying that all levels of law enforce­ment should enforce exist­ing laws against threats, espe­cially when elec­tion person­nel are intim­id­ated. Congress can work to combat doxxing and provide for phys­ical secur­ity and train­ing.

When it comes to insider threats, well-accep­ted best prac­tices already exist. They include restrict­ing and logging access to crit­ical systems, monit­or­ing through video surveil­lance, trans­par­ent proced­ures, back­ground checks, and choos­ing vendors that also employ good prac­tices. This all costs money, and Congress should provide help. 

Routine tabu­la­tion audits in which ballots and equip­ment remain in the custody of elec­tion offi­cials help to guard against a vari­ety of threats, includ­ing insider threats. In partic­u­lar, requir­ing risk-limit­ing audits of federal elec­tions has received bipar­tisan support in the past.

Our elec­tion infra­struc­ture is strong, but it is facing a grow­ing anti-demo­cracy threat from within. Congress can lead the way on protect­ing demo­cracy from that threat by invest­ing in true elec­tion integ­rity meas­ures.