How to protect the midterm elections from hackers
Wednesday, August 8, 2018
Some 13 weeks till Election Day, and "The warning lights are blinking red," says the U.S. director of national intelligence. "I cannot emphasize enough the vulnerability," says Sen. Marco Rubio. "We could be just a moment away from it going to the next level," says the FBI director. On Thursday, the Trump administration's national security team held a joint press conference to underscore the threat.
They're all worried about foreign countries meddling in the midterms, just as Russia did in 2016. And with good reason: Although election security hasn't been a notable priority for this administration — it has evidently held just two meetings on the topic since taking office — there's every reason to think more attacks are imminent. What's the proper response?
Precaution, not panic. In particular, three problems need attention.
One is that the nuts and bolts of the electoral machinery remain vulnerable. Americans vote at some 100,000 polling places, spread out across more than 8,000 voting districts. Each state oversees elections in its own way, and each piece of the system — registration rolls, back-office computers, even voting machines — is a potential target for hackers. Making matters worse, many states rely on outdated equipment or software; a report last year found that 41 states use databases that are at least a decade old.
Improving all this could take years. But states can in the meantime limit potential damage. For starters, they can ensure that local election officials have security training. They should also require that polling stations preserve paper records where possible, and that voter rolls and poll books have backups. Most important, they should conduct risk-limiting audits after the polls close to ensure that paper ballots match electronic results. Congress could help by forgoing petty fights over funding such efforts.
A second concern involves political campaigns. They offer troves of valuable material for foreign intruders — donor data, strategy documents, "oppo" research — yet typically have pitiful cybersecurity. In the last election, Russia compromised Hillary Clinton's campaign with trivial ease. At least three candidates have already been targeted this time around.
In response, campaigns must get more serious about digital security. Sensitive data — now the coin of the realm in American politics —should be segregated from more mundane files and access to it limited. Security measures such as encrypted messaging and two-factor authentication should be standard.
This is all basic stuff, and not difficult or expensive to attend to. Of course, there's the underlying need to get humans not to do unwise things — like clicking on unverified links or allowing themselves to be hooked by phishing expeditions. These behaviors have remained stubbornly immune to the best training efforts and the direst warnings. When they will end is anyone's guess.
That leaves a final challenge. Russia and other countries will almost certainly continue exploiting social-media platforms to push propaganda, spread hoaxes, and generally try to sow chaos and division during campaigns. Facebook last week revealed that it had removed a number of accounts and fake pages that seemed to be doing just that in advance of the midterms.
There's no foolproof way to prevent this stuff. But Facebook and its peers can do more to crack down on the bots and phony accounts that spread it, whether by verifying user identities or by improving automated detection tools. They can also open more of their data to public-interest researchers who could help detect or counter abuses. More broadly, Congress should fund advanced research into preventing such threats, and the executive branch should put foreign governments on notice that these attacks will have serious consequences.
This all may sound dire. But the fact is that the U.S. has made a lot of progress since the last election, and what problems remain have feasible solutions. With a bit of foresight, and a lot of vigilance, American democracy should do just fine.