Skip Navigation
Fellows

The First Step to Hack-Proofing Our Elections

Our out-of-date voting systems need an upgrade, now.

February 15, 2018

Cross-posted on Politico Magazine

Top security and intelligence officials warned on Tuesday that Russia would try to interfere in the 2018 elections again, just as it did in 2016. “We need to inform the American public that this is real, that this is not going to be happening,” Director of National Intelligence Dan Coats told the Senate intelligence committee.

They didn’t specify how we were going to stop it, but we know there is one place we know we can start: upgrading the ramshackle, out-of-date voting equipment that is more vulnerable to hacking than newer machines.

We now know that Russian influence operations in the 2016 election went far beyond Twitter bots and email hacking. Russian hackers also tried to penetrate elections systems in as many as 39 states, according to some reporting. They sent phishing emails to hundreds of election offices. There’s no reason to think that vote totals were changed by the break-ins, but it was an uncomfortably close call—and a troubling reminder of what kind of damage could have been done.

Recently, my organization, the Brennan Center for Justice, surveyed 952 election officials nationwide and found that 41 states likely will use voting machines this fall that are more than a decade old. Some are even using systems that still run Windows 2000. Officials in 33 states told us they need to replace their voting machines by 2020, and the majority don’t have the money to do so. These old machines are a problem because as they age, they become more difficult to repair and are more vulnerable to breakdowns. They are often more easily hacked than newer models because they can run on old software like Windows 2000 that no longer receives security patches, and they usually haven’t been tested to today’s more rigorous security certification standards. Neal Kelley, the registrar of voters for Orange County, California, told us that many machines in his state are so old they can’t be repaired. “The sky really is falling,” he says.

Secretaries of state, who run elections in most states, have sounded the alarm for some time. And some state governments are taking proactive steps to shore up their own systems as soon as possible. Pennsylvania’s governor just ordered that all new election machines must also produce paper backup so there would be a paper trail in the event of a hacking (though he hasn’t said how the state will pay for it). Last year, Michigan, Minnesota and Nevada all set aside money to replace older machines, and Virginia decertified the last of its paperless voting systems, replacing them with computers that read paper ballots.

But it’s not enough. The federal government needs to step in to protect the country’s election system. Right now, there are two bills in the Senate and one in the House that would send money to states to shore up their election infrastructure immediately and replace paperless systems. One of those bills, the Secure Elections Act, would promote better information sharing between the Department of Homeland Security and state and local election officials and require vendors and contractors to report system breaches. A wide array of security experts believe this is an urgent priority. Yet there is not a single hearing scheduled on this or other election system security legislation, nor a single vote on the calendar.

Secretaries of state from around the country are gathering in Washington, D.C., this weekend for their annual meeting. They have a powerful voice, and they should use it. Senators and members of Congress take their calls. They should use this gathering as impetus to demand action by their counterparts on Capitol Hill to release desperately needed dollars to upgrade our election systems.

Because time’s running out. We can’t wait until right before an election. As one official told us, “Macy’s wouldn’t roll out new cash registers on Black Friday.” Election officials need time to upgrade, check for vulnerabilities and ensure their computer systems are prepared to handle all the other chaos of Election Day.

After 9/11, we implemented new security measures at airports and ports to protect against terrorism. Russian hackers attacked our democracy in 2016. They’ll be back this year.