Approaching mid-term elections offer a good time to ask a question. Can citizens trust the election system? That means more than knowing for certain that the ballots in a particular box were counted correctly.
A long time ago, when I covered government in a New England town, the town employed a person called the town accountant. One local election night, I watched the town accountant perform an official duty. He sat at a desk in the middle of a large, upstairs room in the Gothic Revival town hall. Various townies, local officials and reporters sat at surrounding tables. (In those days you were considered pompous to refer to yourself as a “journalist”).
Several people sat right by the Town Accountant, feeding him stacks of ballots. He tallied them on an adding machine, calling out the subtotals. Mainly I remember how fast he went. In those days, accountants used 12-button tabulators that produced paper strips showing the arithmetic. They developed very fast data entry motions.
The whole thing was done in the open, in front of witnesses. In reality, only this part of the election process was so transparent. You couldn’t tell if the ballots had been added to. For that matter, you couldn’t really tell if the accountant punched in the right numbers, he worked so fast. But the idea was clear — ballots were counted in public before a variety of eyes.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
Nowadays, localities have dozens of varieties of voting mechanisms, some with embedded PCs. They aren’t on the Internet but sometimes they are networked. Voter registration rolls are online somewhere. And results are posted online from Internet-connected servers.
A recent FireEye analysis outlined the myriad of vulnerabilities in election systems. Websites can be defaced to show the wrong numbers. Removable media can be used to fudge PC-based machines. Voter registration files can be altered such that individuals could vote in multiple locales.
Election security is a state and local issue, because the federal government doesn’t operate the elections. But with tales of real or imagined presidential election fraud stretching back decades, I think election security matters to the federal government.
FireEye’s John Hultquist, who analyzed the election system threat intelligence, outlined a couple of dangers. A locale could come up with a fraudulent tally. But he told me the more potent danger might actually stem from the ability of disrupters to introduce just enough fudge to cause uncertainty and doubt.
People might not like who got elected. But it’s worse if people feel the vote was tainted. Few phenomena bring the corrosive power of the erosion of trust.
The federal government has the resources to help, even if it lacks jurisdiction over local election apparatus. Former Homeland Security Secretary Jeh Johnson had DHS designate election systems as part of the nation’s critical infrastructure. The current secretary, Kirstjen Nielsen, told the Senate Intelligence Committee back in March (with Johnson sitting next to her) that her department would push an effort to share security information among some 150 state election officials.
The context of the hearing was whatever Russia might have done during the 2016 presidential election. But mischief can happen for a local selectman or county judge election too. Plus DHS along with the National Institute of Standards and Technology have lots of technical guidance, such as NIST special publications on cyber. It’s all available to local officials.
Politics are bad enough these days without suspecting that rascal on the other side wasn’t legitimately elected.