With Election Day less than five months away, the election system continues to face significant cybersecurity threats and infrastructure challenges. In the meantime, a global pandemic has underscored the need for officials to develop resiliency plans to ensure that elections can proceed in a fair and secure manner.
The Brennan Center has outlined recommendations in a new report, Preparing for Cyberattacks and Technical Problems During the Pandemic: A Guide for Election Officials. Co-author Gowri Ramachandran spoke with staff writer Tim Lau about its proposals.
How vulnerable are U.S. election systems to hacking, cyberattacks, and foreign interference?
U.S. intelligence agencies have unanimously concluded that Russian officials attacked the 2016 election. Given the cybersecurity threats that remain today, the Brennan Center has continued to encourage Congress to provide increased election security funding to states and local election officials. Congress did actually provide $425 million in funding in December 2019, followed by an additional $400 million after the pandemic started. But that is far less than the minimum of $4 billion that the Brennan Center believes is necessary to secure the 2020 election and to ensure everyone can vote safely in light of Covid-19.
Election officials have been dealing with a massive workload trying to conduct primary and local elections in the midst of a public health crisis, and they didn’t have much warning for a lot of it. As these primaries wind down, they will need to turn their attention to ensuring a secure, safe, and fair general election in the fall, and that includes the cybersecurity measures we highlight. With sufficient funding from Congress, our recommendations are achievable before November.
How will measures to address the pandemic, like social distancing rules, affect both voters and election workers? What are the election security implications?
Thanks to Covid-19, voters are required to do remotely a lot of the things they would normally do in person at a government office. That includes registering to vote, requesting an absentee ballot, or renewing their driver’s license, which in many states is a way to automatically update their voter registration address. All of those processes are now happening remotely. This heavily increases the burden on election office email systems, online voter registration tools, and online absentee request tools. It also increases the risk and impact of a potential technical malfunction. For example, if a voter registration website goes down, it may eliminate the only feasible option for some individuals to register, leaving them with no means to exercise their voting rights.
Additionally, many election officials and their staff have been required to work from home due to shelter-in-place orders. As a result, there’s a greater risk for people who are teleworking to become victims of a cyberattack, like a spear phishing campaign. Some election officials may also need to remotely access election infrastructure such as the voter registration database, and it’s important that they do that in a secure manner.
Since the start of the pandemic, mail voting has emerged as one of the important measures for ensuring the 2020 election can happen in a safe, fair, and accessible way. What kind of new risks does mail voting introduce?
We can expect an increased popularity for mail voting this November, and that requires more attention to the security of mail ballot systems. For instance, election officials might work with vendors on printing mail ballot packets and sending them to voters. Those vendors need to follow best practices, such as limiting access to the blank printed ballots, making sure that voters’ personal information is protected, and making sure that they receive voter data securely via an encrypted transfer.
Election officials must plan ahead of time for printing ballots. If orders are placed at the last minute, vendors may not have the capacity to meet everybody’s demands. Election officials need funding now so that they can make purchases ahead of time and secure contracts with vendors where they’ll be able to print enough mail ballots.
Additionally, election officials must ensure that voters are able to request their mail ballots in a secure way. Jurisdictions that already have an online tool for voters to request mail ballots will have to secure that website, protect it from hacking, and make sure that it doesn’t become a vector for someone to infiltrate the voter registration database. Meanwhile, jurisdictions that don’t have that kind of system still have to make sure that they are able to securely and efficiently process all the requests that they receive electronically from voters, such as those submitted via email with a scanned image of the voter’s request form.
There have been attempts to undermine the legitimacy of the November election before it even happens. What can election officials do to assure voters that the integrity of the elections is intact?
Election officials can make sure that voters and the media know where to go for up-to-date election information. A really good way to improve the public conversation around election results is for officials to have an open and transparent relationship with the media now, not just in November.
Finally, conducting transparent, robust audits of the tallies before certifying results is a helpful way to reassure the public that the declared winner really did get the most votes.
Read the full Brennan Center report, Preparing for Cyberattacks and Technical Problems During the Pandemic: A Guide for Election Officials