It’s widely believed that Russian hackers were behind the recent attack on the Democratic National Committee’s e-mail servers. While the consequences of the attack for this year’s presidential election remain to be seen, it’s not hard to imagine how hackers could influence or disrupt our elections—and that could undermine our national stability and security.
That’s why the government should take the advice of security experts who say it must intervene to protect the voting system from cyberthreats.
As Bruce Schneier, a technologist and lecturer at Harvard’s Kennedy School of Government, argued recently in the Washington Post, the government should act quickly in the wake of the DNC hack. “If foreign governments learn they can influence our elections with impunity,” he wrote, “this opens the door to future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.”
The Secretary of Homeland Security, Jeh Johnson, seems to be listening. On Tuesday he told reporters that he’s considering designating the election system “critical infrastructure,” a move that would require cybersecurity protections for voting machines to be beefed up. Homeland Security coordinates the government’s effort to make sure that our critical infrastructure is resilient and secure from dangers including cyberthreats. There are 16 critical sectors, including finance, energy, and health care.
Adding the voting system to the list would not be straightforward. There is not one system but 9,000 jurisdictions that collect votes, tally them, and report the results. They do this in a wide variety of ways, some using electronic voting machines and others using paper ballots. The good news is that none use Internet-based voting.
Some states that electronically deliver blank absentee ballots have, however, been using the Internet “for the return of voted ballots via e-mail attachments, by digital fax, or through a Web portal,” according to Verified Voting, a group dedicated to safeguarding elections against digital threats.
Schneier notes that in recent years more and more states have adopted electronic voting machines and some “have been flirting” with Internet-based voting, despite repeated warnings against it from him and other security experts. Voting machine manufacturers have “thrown up enough obfuscating babble that election officials are largely mollified,” he writes. Internet voting must not be allowed, he argues, and we must go back to more secure methods, including electronic machines that produce a voter-verified paper trail (not all of them currently do).
As the DNC hack illustrates, it’s not just about voting machines. Hackers could mess things up by taking a variety of different avenues. Some have argued that the Secret Service should also get involved, to protect the cybersecurity of presidential candidates in addition to their physical security.
The DHS did not give specifics about what it would mean if the voting system becomes part of the nation’s critical infrastructure. Hopefully it gets more specific soon: November is just around the corner.