Should Americans trust their voting tech?
- By Chase Gunter
- Feb 13, 2017
Despite finding no signs of foul play during the 2016 elections' actual ballot-casting, state officials told the Election Assistance Commission they are looking to shore up the cybersecurity of voting systems to ensure that Americans are confident in their election results.
Director of the New Jersey State Department's division of elections Bob Giles said at an EAC meeting Feb. 13 that although "cybersecurity wasn't as big a concern" entering the 2016 election because his state's voting machines were not connected to the internet, the attention garnered by Russia's reported electoral influence has led to a rethinking of his agency's cybersecurity protocols.
Giles said cyber hygiene practices such as improving password strength and multifactor authentication will be included in the state's plan to modernize its voter registration system.
"The other thing we heard a lot about this election is who is making our voting machines, and… are foreign countries owning voting machines in our country?" he said, adding that moving forward, New Jersey will partner with the Department of Homeland Security to ensure voting machine security.
Another important tool for establishing electoral integrity is an auditable record of each state's votes.
David Wagner, a member of EAC's Technical Guidelines Development Committee, said, "the number one most important thing we can do for cybersecurity is make sure the systems are auditable." He conceded election auditing "can't prove that there was no hacking, but what it can prove is that the outcome was called correctly" and that there are no patterns of voting irregularity.
Many states already have the capability to conduct state-wide audits of the results. For example, Natasha Walker, webmaster at Maryland's State Board of Elections, told FCW she was part of team that "tabulated every ballot" in the 2016 general election. Walker made clear there were no attempted intrusions of voting machines, and that the audit revealed that there were no patterns of irregular voting activity.
The Electronic Frontier Foundation, however, has lobbied for auditable paper records in all 50 states -- warning that "voting machines, especially those that have digital components, are intrinsically susceptible to being hacked." Several states' election systems still lack any sort of paper trail.
Yet while there is broad consensus that voting systems must be secure, EAC commissioner Matthew Masterson stressed that increased technical security cannot come at the expense of voters' access to casting a ballot. "It's not a tradeoff," he said. "Both have to be there."
Currently, election systems are tagged by the Department of Homeland Security as critical infrastructure, a designation that has been met with handwringing from state and local officials.
EAC chairman Thomas Hicks told FCW that he met with DHS to discuss the future of this designation, which was issued by former Secretary of Homeland Security Jeh Johnson, but said its status under the Trump administration was up in the air.
New DHS chief James Kelly has indicated support of keeping the designation. At a Feb. 7 House Homeland Security hearing, Kelly testified that DHS "should keep that [designation] in place."
"I believe we should help all the states, [and] provide them as much help as we can to make sure their systems are protected for future elections," he said.
Whether EAC is part of those future protection efforts also remains to be seen. Despite the apparent relation between President Donald Trump's unsubstantiated claims of widespread voter fraud and EAC's statutory mission, the House Administration Committee voted on party lines Feb. 7 to advance a bill, introduced by Rep. Gregg Harper (R-Miss.), that would dissolve the commission.
A former counsel for the House Administration Committee himself, Hicks told FCW there have been repeated efforts to terminate the EAC since its 2002 inception.
"It's not the first time I've seen that bill," he said.
Chase Gunter is a former FCW staff writer.