Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.
You might have heard; midterm elections are only a few months off. Questions about security and integrity of the ballot casting and counting process, they persist. For what the threats actually are and what officials might be able to do to mitigate them, the Federal Drive with Tom Temin talked to chief information security officer at...
You might have heard; midterm elections are only a few months off. Questions about security and integrity of the ballot casting and counting process, they persist. For what the threats actually are and what officials might be able to do to mitigate them, the Federal Drive with Tom Temin talked to chief information security officer at Critical Insight, Mike Hamilton.
Insight by Primer AI: The new Chief Digital and AI Office has plans to make AI development and buying more agile at DoD. Get details on these efforts and also learn about use cases in the Army, the U.S. Special Operations Command and Veterans Affairs.
Tom Temin: And what are the principal threats in reality to the elections that are coming up or to any election anywhere? As you’ve pointed out, this is a local matter, but yet it has national implications.
Mike Hamilton: It does. A lot of people will, you know, talk cyber, cyber, cyber, and that’s our biggest threat. That’s a bit of a red herring. You know, hacking a voting machine is only possible if you have physical access to it. And this is with respect to statewide exercise that I’ve been involved in. The biggest issue right now that people are concerned about is disinformation, is just the ability to exploit the gullibility of Americans and send them to the wrong place or say something about the election that is patently untrue, and a number of people will believe that. And so I think that that is what the federal government and state governments and frankly, the counties that conduct elections are most fixated on right now, is how to fight back against disinformation.
Tom Temin: Well, disinformation, you mean about candidates or about the voting process itself?
Mike Hamilton: Anything, right? I mean, just all of the wild things that people throw out there, there’s a fraction of the population that’s going to believe anything you hang in front of them that confirms their pre-existing worldview, and it works.
Tom Temin: All right. Is there anything people can do about that, though, I mean, cybersecurity, you can point to specific measures, and so on. But disinformation is pretty much outside the control of well, of anybody I’ve talked to so far.
Mike Hamilton: Well, there’s an interesting story in the news yesterday about, I believe, the state of Colorado, and there is a pot of grant money that is specifically for protecting the integrity of our elections. And in Colorado, what they wanted to do was get that grant funding applied to having a bunch of people watching social media so that they can immediately counter disinformation when it pops up. And because of competition with law enforcement over grant funding, they were starved of the funds. So this really is the thing that I think states are really trying to find a solution to. And what it involves is constantly monitoring, and then pushing back as soon as you see it.
Tom Temin: All right. And what about some of the other physical threats that can happen? Or we’ve seen wildfires, gosh, where you are on the West Coast, up and down the coast, moving inland, wildfires could conceivably burn up a box of ballots, right?
Mike Hamilton: Sure wildfires, floods could take out the election infrastructure, I think one of the things that you see popping up in the media more and more is the lack of election professionals and volunteers, because they’re just being threatened all the time. You know, there are death threats. And these get very personal. And a lot of people are just throwing up their hands and saying, I’m just not going to do this. And so without people to run the elections, and with the threat of those natural disasters, we’re in a bit of a precarious position here with a lack of real fallback plans for this.
Tom Temin: Right. It’s a matter of disaster recovery. And if a paper ballot has been mailed in or dropped into a ballot box in-person on election day, whatever the means, is there a way to somehow mitigate the loss, physical loss in case of a fire or flood, such as, say, electronically recording as you count or something like that?
Mike Hamilton: Well, there’s always well, let’s have a do-over, right. I mean, if ballots are destroyed, you know, through a natural disaster, I think everybody’s going to be okay, with re-voting, you know, but frankly, if you see these things coming, and especially when we’re talking about election professionals and volunteers that are being threatened and just running away from all of this, I mean, there’s a signal there that you can use to plan and one of the ways that we vote is called UOCAVA voting, that’s the Uniform and Overseas Citizens Absentee Voting Act. And that is routinely done. It’s always been done for military. It’s a method that’s there, but we are not considering using something like that as a fallback plan, a plan B, and part of the reason for that is the academic community. When you say the words vote, and computer in the same sentence, they recoil in horror and explode into a ball of flame. So in my view, the academic community needs to get over it. There is no such thing as perfect security. There is risk management, okay, everybody drives a car. A meteorite might hit your car, and yet you still drive. There are ways to mitigate the risk around chicanery happening if you decide your fallback plan is to use this method that’s always been used for overseas military. Am I making sense?
Tom Temin: Yeah. We’re speaking with Mike Hamilton. He’s chief information security officer at Critical Insight and former CISO for the city of Seattle. So how would that work in terms of a local application of it for people that are not overseas? What does it look like process-wise?
Mike Hamilton: Well, frankly, the method that I’ve seen looks a lot like Docusign. You know, it’s not online voting, it’s basically marking a document, having that document then transmitted over to the voting jurisdiction, where it will be printed and counted. There’s a paper trail, there’s not a lot of reason for people to freak out about this. And yet, you know, we can’t get over this hump.
Tom Temin: And getting back to the issue of campaign workers being harassed and threatened and so forth, is your observation that this happens at the voting place, or elsewhere, just by people that are also voting officials, volunteers?
Mike Hamilton: No, it’s happening now. There is a county in Texas that just had all the election workers quit. They’re sick of the threats. So there’s also going to be, you know, the weirdo monitors that, frankly, intimidate voters, if you show up to vote. And again, if you had some way of marking a ballot, that doesn’t include going and standing in line for four, six, eight hours and being possibly intimidated by people walking around with guns, you know, it makes a lot of sense.
Tom Temin: Because I’m tend to be a proponent of voting in-person on election day, that’s just my old fashioned bias, I guess. And I’ve never waited more than 20 or 25 minutes, at least where I’ve lived. But recently, in the county I live in, everything went normally, the count was kind of, at least for one of the races, kind of got loused up, but they’re having a recount, and nobody’s really seriously questioning it. And it’s a good government type of area. But at the polling place, there was this gauntlet of people handing you posters that you had to walk through a narrow way. And again, people in this situation, they were all well intentioned, but I can see where a situation having people giving you materials right up to the moment you enter the door, and not having some kind of a perimeter around the place could be intimidating.
Mike Hamilton: It is, and there is a perimeter restriction there. And it sounds like that may have been violated. I’ve also read that one of the ways that we’re going to work to make this go smoothly, is to deploy more law enforcement to polling places to make sure that you know, intimidation is called out and that there is a perimeter and people are behind, you know where they’re supposed to be. Because, yeah, you shouldn’t be pelted by posters and, you know, political messaging as you walk into the door.
Tom Temin: Yeah. And with respect to what you mentioned earlier, say DocuSign type of system, where there’s a verifiable, traceable element in the transmission of that paper, the Census Bureau was successful in using internet polling, by everyone receiving it chose to do it that way, not have an enumerator come or fill out a form with a unique identifier sent only to that person, a one time one shot barcode type of situation. Seems like there’s something to learn from that process.
Mike Hamilton: Yeah, I think there’s an analogy to be made there. And frankly, the whole standing in line to vote thing is pretty 20th century, if not 19th century, and I have been cautioned that Estonia is not really the best model to use, but for the longest time, Estonia has only done their voting this way. So, you know, I think that evaluating different fallback methods, different ways that we can pull off an election, that address some of the threats that we’re looking at now, which include natural disasters, includes threats of violence, we ought to be looking at the whole portfolio of the things that we can bring to bear to pull off elections and make sure that the people that are eligible to vote can actually vote.
Tom Temin: Anything you feel the federal government could do to encourage this because voting is a matter of locals.
Mike Hamilton: Yeah. Well, I actually think that if we were going to apply this domestically and not apply this only to overseas voters and military and things like that, I think it would require legislation. I think they would need to amend the act.
Tom Temin: All right. Mike Hamilton is chief information security officer at Critical Insight, former CISO of Seattle.