Skip Navigation
Analysis

How to Keep the 2020 Election Secure

The pandemic has made the task of protecting the election from cyberattacks even more challenging.

With Elec­tion Day less than five months away, the elec­tion system contin­ues to face signi­fic­ant cyber­se­cur­ity threats and infra­struc­ture chal­lenges. In the mean­time, a global pandemic has under­scored the need for offi­cials to develop resi­li­ency plans to ensure that elec­tions can proceed in a fair and secure manner.

The Bren­nan Center has outlined recom­mend­a­tions in a new report, Prepar­ing for Cyber­at­tacks and Tech­nical Prob­lems During the Pandemic: A Guide for Elec­tion Offi­cials. Co-author Gowri Ramachandran spoke with staff writer Tim Lau about its propos­als.

How vulner­able are U.S. elec­tion systems to hack­ing, cyber­at­tacks, and foreign inter­fer­ence?

U.S. intel­li­gence agen­cies have unan­im­ously concluded that Russian offi­cials attacked the 2016 elec­tion. Given the cyber­se­cur­ity threats that remain today, the Bren­nan Center has contin­ued to encour­age Congress to provide increased elec­tion secur­ity fund­ing to states and local elec­tion offi­cials. Congress did actu­ally provide $425 million in fund­ing in Decem­ber 2019, followed by an addi­tional $400 million after the pandemic star­ted. But that is far less than the minimum of $4 billion that the Bren­nan Center believes is neces­sary to secure the 2020 elec­tion and to ensure every­one can vote safely in light of Covid-19.

Elec­tion offi­cials have been deal­ing with a massive work­load trying to conduct primary and local elec­tions in the midst of a public health crisis, and they didn’t have much warn­ing for a lot of it. As these primar­ies wind down, they will need to turn their atten­tion to ensur­ing a secure, safe, and fair general elec­tion in the fall, and that includes the cyber­se­cur­ity meas­ures we high­light. With suffi­cient fund­ing from Congress, our recom­mend­a­tions are achiev­able before Novem­ber.

How will meas­ures to address the pandemic, like social distan­cing rules, affect both voters and elec­tion work­ers?  What are the elec­tion secur­ity implic­a­tions?

Thanks to Covid-19, voters are required to do remotely a lot of the things they would normally do in person at a govern­ment office. That includes regis­ter­ing to vote, request­ing an absentee ballot, or renew­ing their driver’s license, which in many states is a way to auto­mat­ic­ally update their voter regis­tra­tion address. All of those processes are now happen­ing remotely.  This heav­ily increases the burden on elec­tion office email systems, online voter regis­tra­tion tools, and online absentee request tools. It also increases the risk and impact of a poten­tial tech­nical malfunc­tion. For example, if a voter regis­tra­tion website goes down, it may elim­in­ate the only feas­ible option for some indi­vidu­als to register, leav­ing them with no means to exer­cise their voting rights.

Addi­tion­ally, many elec­tion offi­cials and their staff have been required to work from home due to shel­ter-in-place orders. As a result, there’s a greater risk for people who are tele­work­ing to become victims of a cyber­at­tack, like a spear phish­ing campaign. Some elec­tion offi­cials may also need to remotely access elec­tion infra­struc­ture such as the voter regis­tra­tion data­base, and it’s import­ant that they do that in a secure manner.

Since the start of the pandemic, mail voting has emerged as one of the import­ant meas­ures for ensur­ing the 2020 elec­tion can happen in a safe, fair, and access­ible way. What kind of new risks does mail voting intro­duce? 

We can expect an increased popular­ity for mail voting this Novem­ber, and that requires more atten­tion to the secur­ity of mail ballot systems. For instance, elec­tion offi­cials might work with vendors on print­ing mail ballot pack­ets and send­ing them to voters. Those vendors need to follow best prac­tices, such as limit­ing access to the blank prin­ted ballots, making sure that voters’ personal inform­a­tion is protec­ted, and making sure that they receive voter data securely via an encryp­ted trans­fer. 

Elec­tion offi­cials must plan ahead of time for print­ing ballots. If orders are placed at the last minute, vendors may not have the capa­city to meet every­body’s demands. Elec­tion offi­cials need fund­ing now so that they can make purchases ahead of time and secure contracts with vendors where they’ll be able to print enough mail ballots.

Addi­tion­ally, elec­tion offi­cials must ensure that voters are able to request their mail ballots in a secure way. Juris­dic­tions that already have an online tool for voters to request mail ballots will have to secure that website, protect it from hack­ing, and make sure that it does­n’t become a vector for someone to infilt­rate the voter regis­tra­tion data­base. Mean­while, juris­dic­tions that don’t have that kind of system still have to make sure that they are able to securely and effi­ciently process all the requests that they receive elec­tron­ic­ally from voters, such as those submit­ted via email with a scanned image of the voter’s request form.

There have been attempts to under­mine the legit­im­acy of the Novem­ber elec­tion before it even happens. What can elec­tion offi­cials do to assure voters that the integ­rity of the elec­tions is intact?

Elec­tion offi­cials can make sure that voters and the media know where to go for up-to-date elec­tion inform­a­tion. A really good way to improve the public conver­sa­tion around elec­tion results is for offi­cials to have an open and trans­par­ent rela­tion­ship with the media now, not just in Novem­ber.

Finally, conduct­ing trans­par­ent, robust audits of the tallies before certi­fy­ing results is a help­ful way to reas­sure the public that the declared winner really did get the most votes.

Read the full Bren­nan Center report, Prepar­ing for Cyber­at­tacks and Tech­nical Prob­lems During the Pandemic: A Guide for Elec­tion Offi­cials