Analysis

What to do to guard against Election Day cyberattacks

The-nsa-trained-edward-snowden-to-be-an-elite-hacker

Top election-security experts are urging election officials to put contingency plans into place at polling stations in case critical systems are disrupted during voting on Nov. 8. Their warnings come one week before Election Day, at the end of a presidential race that has seen charges of politically motivated email hacking by Russia as well as a widespread internet outage of unknown origin.

In a teleconference panel Tuesday, Professors Candice Hoke and Douglas W. Jones, authorities in election technology, emphasized that voter-registration databases are most vulnerable to a possible cyberattack, and they encouraged election officials – and even voters – to take precautions.

Their deepest concern was echoed by the third member of the panel – human-rights activist, author and former chess champion Garry Kasparov: Even a small disruption to systems on Election Day could sow doubt in the election results and undermine the authority of a newly elected president. “It does not require massive disruption to create that cloud of uncertainty,” Hoke said. “A few technical events can add to doubt.”

With Russia clearly demonstrating an intent to interfere in U.S. politics in the hack of Democratic National Committee emails, all three panelists worry that whoever wins this presidential election, the real loss will come in Americans’ faith in their democratic systems. “Imagine people who will not be able to have their votes because the voter registration database was hacked,” Kasparov said. “That will create enough doubt about the U.S. elections and democracy as an institution.”

Tuesday’s panel was moderated by Bill Buzenberg, Editorial Director of PutinTrump.org.

Long-term, Hoke and Jones stressed that nationwide election infrastructure should be shored up as part of identifying elections as a key part of U.S. national security. But with one week to go until the election, these are their recommendations for what can be done right now.

What state and local elections officials can do:

  • Have paper records as back-ups for electronic voter-registration databases (so-called e-poll-books). Hoke notes that these databases are vulnerable because the software is easily manipulated. And she points out that a number of precincts, especially in major urban areas, now use electronic poll-books to access their registration databases, and those poll-books require constant access to the internet and so would be inaccessible in the event of a direct denial of service attack, as occurred Oct. 21.  “Those locations that are using e-poll-books: They need to have a paper backup of every database in every location in case their e-poll-books happen to be down for whatever reason.”
  • Have a contingency plan for what to do if systems go down at a polling station. “The DDOS attack [Oct. 21] may not have been related to the election, but if I were Russia and I wanted to test my weapon in the election, that’s what my weapons test would look like,” Jones said. “Local elections officials need well-defined fallback plans for pollbook failures,” Jones said, and he noted that this could be as low-tech as having a blank sheet of paper where every voter can sign in and write down their addresses. He acknowledges that’s a tremendous amount of work for both poll-workers and voters, creating long lines and slow voting. “But turning away a voter from a polling place simply because the hardware is messed up – that’s just a violation of a fundamental principle of democracy that says you don’t turn away voters.”
  • States should have security experts assess their system’s vulnerabilities before Election Day, and consider hiring electronic security experts to be on hand for quick action if a disruption is reported. “Retain forensic security teams around the state ready to go into action if there are questions or incidents so they can be investigated immediately and proof can be obtained,” Hoke said. “We should have forensics teams ready to go on Election Day.”

What voters can do:

  • Voters should double-check their voter registration online before Election Day to be sure the precinct’s recorded information is correct. “Every state has an online voter-registration checking portal and there are some national portals available through the League of Women Voters and the Verified Voting Foundation,” Jones said.
  • Voters should take official identification to their polling places, even if it’s not required by law. If the electronic records indicate that a voter’s precinct is different or the registration is missing, an ID would be required to cast a provisional ballot or for same-day registration. “Having it there in case there’s a mess-up is important,” Jones said.
  • If at all possible, voters should take advantage of early voting opportunities. “Encourage as many voters as possible to use early voting opportunities,” Hoke said. “If systems should go down … on Election Day, there are no alternatives. That’s the best contingency.”

The panelists urged states and voters to take these last-minute precautions seriously because they believe that the integrity of the vote and American democracy is at stake in this election.

Kasparov: “My greatest fear is that the election would not be considered valid by tens of millions of Americans because there would be so much doubt and uncertainty, and whoever wins will not be a legitimate president in the eyes of half of the country.”

Jones’ greatest fear:  “There will be a cloud of uncertainty caused by a mix of conspiracy theories from left and right and allegations of Russian involvement, and that mixture will create really entrenched distrust and entrenched unwillingness to accept the outcome, whatever the outcome is.”

Hoke: Since I’m located in Ohio … Close election totals are bad enough. Then, just a few incidents or technical events can further add to questions and doubt.”

Listen to the audio of the full teleconference

Related analysis on PutinTrump.org: Voter registries at risk of cyberattacks, experts say

(Photo via Creative Commons)

Voter registries at risk of cyberattack, experts say

1349370_0703fce74c

In light of last month’s large-scale cyberattck on internet infrastructure – as well as previous DNC email hacking that U.S. intelligence officials believe to be instigated by Russia – two top election technology experts are warning about the potential for further disruption on Election Day. Specifically, they call for election officials to have back-up voter registration documentation in paper form ready on Nov. 8. Their warnings came in interviews with PutinTrump.org, and are expected to be repeated during a teleconference with media representatives today, a week before the election.

“The most vulnerable part of the entire election system is the threat to voter registration databases,” according to Candice Hoke, Marshall College of Law professor and a widely recognized national authority on laws governing election technologies, including voting devices and voter registration databases. Hoke said another internet disruption, such as the dedicated denial of service attack (DDOS) that occurred on Oct. 21, could eliminate voter names from any registry in a specific precinct, preventing those voters from casting their ballots normally or forcing them to use provisional ballots.

“Have a back-up plan. Don’t rely on the internet or local laptops for running the election,” Professor Douglas W. Jones, said in discussing the vulnerability of elections at the local and state level. Jones agrees there are real possibilities for serious disruption if hackers target centralized voter-registration databases. Such targeting might have already happened, Jones said, but there is no way to know about it in advance or to prove it. On a widespread scale, he added, the potential effects could be “destabilizing the government or delegitimizing the presidency,” although he doesn’t think such targeting would change the outcome of the election.

An attack on voter-registration databases, Jones said, could drastically slow down voting, lead to much longer lines for voters, and require provisional ballots that may or may not be counted.  Jones is a computer scientist at the University of Iowa where his research focuses primarily on computer security, particularly electronic voting. Together with Barbara Simons, another election expert on electronic voting, Jones has co-authored a book entitled Broken Ballots: Will Your Vote Count?

Both Hoke and Jones also say hackers may be able to target election software while it is being updated, which could lead to vote “flipping” – causing the tally for one candidate to suddenly becomes the vote total being counted for another candidate under the direction of pirate software. There is no way to prove such a flip took place without a paper trail, which many voting locations no longer have.

Jones believes Russia has both the motivation and capability to disrupt the American election by creating chaos through disrupting the internet or with email leaks via WikiLeaks – allowing them to inject their own partisanship, weighing in on one side of the election. However, he said, it takes many weeks of computer forensics to prove that they are the culprits.

According to a report on CNN quoting the Department of Homeland Security, 46 states have asked DHS for assistance to bolster their election systems against cyber threats. “As rhetoric has swirled that next week’s election could be ‘rigged,’ and as the U.S. government has publicly accused the Russian government of meddling in the election by hacking Democratic political groups, concerns about attempted cyberattacks on election infrastructure have increased,” the CNN report said. Despite the charges of “rigging” the election, most experts believe it would be extremely difficult to alter or affect the outcome of national elections.

Former Russian chess champion Garry Kasparov does not believe the American election will be rigged the way the Russia’s Vladimir Putin rigs that country’s election. But Kasparov does believe the Russians may seek to disrupt the U.S. election, just as they hacked into the email systems of the Democratic National Committee, in an effort to discredit American democracy. He believes the DDOS cyberattack last month might have been a dress rehearsal for Election Day.

Kasparov will be a third panelist on the Tuesday teleconference. He is chairman of the New York-based Human Rights Foundation and author of Winter Is Coming: Why Vladimir Putin and the Enemies of the Free World Must Be Stopped.

Professor Candice Hoke founded and directed the Center for Election Integrity, and served three terms on the American Bar Association’s Advisory Commission on Election Law.  Professor Douglas W. Jones has testified before the United States Commission on Civil Rights, the United States House Committee on Science and the Federal Election Commission on voting issues. Jones was the technical advisor for HBO’s documentary on electronic voting machine issues, Hacking Democracy.

Additional sources noted inline. Photo via Creative Commons

Related reading: “Issues and recommendations for Making Elections More Secure” by Barbara Simons, David Jefferson, Philip B. Stark