With the presidential election fewer than 100 days away, federal intelligence authorities continue to warn of potentially damaging cyberattacks against our election infrastructure by foreign nation-states. While we have made progress protecting that infrastructure since 2016, the COVID-19 pandemic has upended American elections. Jurisdictions are now facing the need to scale up options like online voter registration and mail balloting so that voters have more ways to participate safely, and this presents new targets for foreign adversaries to attack.
But the protective measures that were deployed in the primaries can provide some important lessons on how to ensure a cyberattack does not disrupt our elections this fall.
With budgets cratering across the United States, it’s not clear that state and local jurisdictions can afford all of these measures. This is why Congress, which is considering a new coronavirus package over the next two weeks, must allocate money that local officials can use to run elections safely and securely this fall.
Here are three of the most important lessons from this spring’s primaries.
1. Deploy resiliency measures for online tools. This does not mean actual voting machines. Whether it’s increased use of online voter registration or greater reliance on web applications to request mail ballots, voters are increasingly turning to the internet to help navigate the complex election process. With more voters using these systems, their failures will affect more voters—and be more likely—than in previous elections. And indeed, we saw crashes of such systems in multiple states in the weeks leading up to their primaries, including Florida, Wisconsin, and New Jersey.
While it is likely that these failures were the result of the increased but legitimate use of these sites, it isn’t hard to imagine how they could have been intentional. Indeed, it is axiomatic in election security circles that nearly any failure that can happen through mismanagement or software bugs could also happen as the result of a malicious attack. In fact, we have seen distributed denial of service, or DDoS, attacks against online systems abroad, such as the back-to-back DDoS attacks on the United Kingdom’s two main political parties just weeks ahead of the December national election.
To protect against such attacks, election officials should partner with information technology service providers that help prevent system crashes by distributing the voter traffic across their data centers.
They should also develop backup plans in case mail ballot application and registration sites do go down. When these websites are unavailable—particularly close to a deadline—the sites should automatically redirect voters to a backup page where they can enter their information in a fillable PDF. Election officials can complete these requests at a later time. If a website failure prevents a voter from registering or requesting a ballot, these voters should be treated as having submitted their request at the time they provided their information on the redirect page. The state of Virginia uses a redirect function of this sort to serve as a fail-safe for its online voter registration systems.
Finally, officials should prepare for the possibility of hackers injecting corrupted data into the underlying systems by, say, changing the address on a voter registration file. Such an attack could make it difficult or impossible for a legitimate voter to cast her ballot, whether through the mail or at a polling place. To prevent such errors, officials should conduct periodic testing to identify vulnerabilities in election systems, update and patch all essential software, and monitor registration and ballot request activity to look for abnormal patterns. Another simple resiliency measure is to text or email voters each time a change to their record is made, similar to the protocol on many online commercial accounts. If the requested changes were not legitimate, voters can alert officials about the potential security breach.
2. Be prepared for breakdowns of polling place equipment. Many more Americans will vote by mail this year than ever before, thanks to the coronavirus. But the primaries also show that in-person voting will still be critical, with millions choosing this option to cast their ballots, whether because their mail ballot applications were not processed in time, they live in areas where mail is unreliable, they need assistance they can only get at the polls, or they just prefer this option. A cyberattack on voting equipment could be devastating.
We got a taste of what could happen if polling place electronic pollbooks or voting machines were attacked during the Georgia primary. There, the inability of poll workers to start these systems resulted in chaos in parts of the state, with lines that lasted for hours, particularly in majority nonwhite polling places in and around Atlanta.
Local election authorities must have a backup plan if polling place machinery fails. For the 41 states that use electronic pollbooks to check in voters, that means having paper backups to process voters in case those machines won’t start. And for the 21 states that use voting machines to mark ballots, it will be critical to have enough emergency paper ballots that voters can mark by hand, so that voters can continue casting ballots until machines can be fixed. Jurisdictions can also use emergency paper ballots when lines to use machines exceed 30 minutes.
Of course, it’s possible the information in both the electronic and paper pollbooks could be corrupted. In 2016, operatives working on behalf of the Russian government targeted voter registration databases in all 50 states. While they did not change any information in those databases, it could have been devastating if they had. Corrupted data could be made to show that legitimate voters were not entitled to vote because, for instance, their address had changed, or they had already voted.
Federal law creates a fail-safe for this kind of attack: provisional ballots, which voters can fill out and authorities can use later to determine whether pollbooks wrongly showed the voter was not entitled to vote. Having sufficient provisional ballots and envelopes to account for two to three hours of peak voting activity will allow voting to continue in the event of this kind of data corruption.
3. Have a backup plan for mail voting failures. Without question, the biggest visible change in how we conducted our elections since the pandemic began is the move to mail ballots. At least 41 states and the District of Columbia will provide all voters with the option to vote by mail this fall, and if the primaries are any indication, many voters are going to do just that. In Wisconsin’s primary, close to 1 million ballots were cast by mail—more than five times the number of ballots cast in the 2016 general election and the most mail ballots ever cast in any Wisconsin election. Similar increases were seen in Nebraska, Ohio, Rhode Island, D.C., and elsewhere.
Of course, mail voting this spring didn’t always go smoothly for election workers or voters. Election offices struggled to keep up with the massive increase in mail ballot applications, often sending ballots back to voters too late. In some cases, problems within the post office appeared to be the cause for delayed arrival or return of such ballots. According to an NPR analysis, more than 65,000 mail-in ballots were rejected nationwide in this year’s primary elections because they arrived after a state’s deadline.
It isn’t difficult to imagine an attack on a state’s voter registration database or the post office itself that could delay delivery or return of mail ballots, putting the ability of voters to return their ballots on time at risk. While there are many steps election offices and the post office can take to harden their infrastructure from cyberattack, a backup plan that allows voters to return their ballots quickly, without having to rely on the post office, is critical. States like Colorado and Utah, which have had significant numbers of voters cast mail ballots for years, have long offered secure drop boxes in accessible locations for voters to drop off ballots directly, rather than have to rely on the postal service. The U.S. Election Assistance Commission recommends having one drop box for every 15,000 to 20,000 voters. At least 20 states do not have any drop boxes for voters, and many more do not have nearly as many as the EAC recommends.
President Donald Trump’s reelection campaign recently sued Pennsylvania’s secretary of the commonwealth and the county boards of elections in an attempt to bar the state from using drop boxes there. (Disclosure: The Brennan Center for Justice, where I work, moved to join the case on behalf of our clients PennFuture and the Sierra Club to ensure, among other things, that the drop boxes may be installed and used by voters.)
The good news for each of these security measures is that none is technically difficult, and in each case, there is still time to implement them. At the same time, these security measures cost money, something that is in short supply in most states and counties during the pandemic. The Brennan Center has estimated that the total additional costs for making necessary changes to run fair, safe, and secure elections this year during the COVID-19 pandemic to be in the neighborhood of $4 billion, including hundreds of millions of extra election security costs.
In June, the House passed the HEROES Act, its latest proposal for a coronavirus package. It would provide state and local election jurisdictions with $3.6 billion. Earlier this week, Senate Republicans responded with their package, which included no money for elections. What comes out of negotiations between the two chambers in the next few weeks may determine how secure our elections are from cyberattack this fall.