This article originally appeared in the October 2020 issue of Security Business magazine. When sharing, don’t forget to mention @SecBusinessMag on Twitter and Security Business magazine on LinkedIn.
Thomas Jefferson once said, “We do not have government by the majority. We have government by the majority who participate.”
Jefferson was not referring to elections – he was referring to those who vote in them. Jefferson was prescient. What he recognized is that all eligible citizens have the right to vote, but not all exercise the right to vote.
Historically Low Turnout May Change
In the 2016 presidential election, nearly 56% of the U.S. voting-age population cast ballots – an increase compared with 2012, but less than in the record year of 2008. That level of participation puts America well behind other developed democracies, which is something that would likely disappoint Jefferson.
By many estimates, the voter turnout in the 2020 presidential election is expected to increase – even amidst the pandemic. The issue is whether all votes will be counted, whether voting will be secure and whether foreign influence will spread misinformation or, worse, actually interfere with vote tabulations.
Fear of Election Interference
Prior to the 2016 U.S. presidential election, cyber attackers that are believed to be Russian operatives allegedly succeeded in compromising websites or voter registration systems in multiple U.S. states. Though the attackers apparently did not make changes to votes or voter rolls, the discovery raised concerns about election security.
The Iowa Caucus in February 2020 did not help matters after a days-long scandal resulted from an app malfunction. Reportedly, the issue was not due to a hack or cyberattack, but a software issue. Whatever the cause, such events undermine faith in the process and must not be duplicated leading up and including the general election.
What Do Security Professionals Think?
This was the topic of a recent study conducted by the global tech organization known as the Information Systems Audit and Control Association (ISACA), which surveyed more than 3,000 IT governance, risk, security and audit professionals in the United States to discern confidence levels about the security of the election. The study, conducted in early and mid-2020, revealed concerns among security professionals.
Respondents identified the following as the top threats to election security:
⦁ Misinformation/disinformation campaigns (73%)
⦁ Tampering with tabulation of voter results (64%)
⦁ Hacking or tampering with voter registration rolls (62%)
⦁ Hacking or tampering with voting machines (62%)
Impact of COVID-19
COVID-19 adds a new layer of security complications; in fact, 56 percent of respondents are less confident in election security since the pandemic started. Respondents say they believe that funding, legislation, technical controls and election infrastructure are all inadequate, including 63 percent who are not confident in the resilience of election infrastructure, and 57 percent who believe that funding is not sufficient to prevent hacking of elections.
Bear in mind that these survey results reflect mere perceptions, not necessarily reality. Of course, it does not helps that Congress has stalled three separate election security bills – including proposed legislation which required campaigns to alert the FBI and Federal Election Commission about foreign offers of assistance, as well as legislation to provide more election funding and ban voting machines from being connected to the internet.
The Pathway To Gaining Confidence In The Process
The ISACA survey found that respondents believed the following actions could help ensure voter confidence and accountability:
⦁ Educating the electorate about misinformation (65%)
⦁ Using electronic voting machines with paper audit trails (64%)
⦁ Increased training for election and election security personnel (62%)
Security technologies – such as AI – can help too. For example, researchers at the University of Notre Dame are using AI to develop an early warning system that will identify manipulated images, deepfake videos and disinformation online. One feature of the system is designed to flag and monitor logos belonging to legitimate news sources that are being used on fabricated news stories. The intent is to mitigate the spread of disinformation – particularly from foreign intervenors.
In the meantime, the federal government is providing state and local officials with additional tools – endpoint detection and response software – to help defend the nation’s election systems from cyberthreats. Recently, the U.S. Department of State offered “a reward of up to $10 million for information leading to the identification or location of any person who works with or for a foreign government for the purpose of interfering with U.S. elections through certain illegal cyber activities.” The goal is to prevent unauthorized persons from accessing election and campaign infrastructure, including voter registration databases and actual voting machines.
Because of the pandemic, the likelihood is high that mail-in voting will increase substantially in this election. Some have suggested that will lead to an increased risk of fraud. While more mail-in votes may mean a corresponding increase in the risk, fraud from mail in voting is historically minuscule. Over the past 20 years, more than 250 million ballots have been cast by mail nationwide, resulting in a mere 143 criminal convictions for election fraud. That is a fraud rate of 0.00006%. Even with more mail-in voting, and a perception of greater risk, the likelihood of mass fraud remains very low.
Indeed, for the crime of counterfeiting a ballot to work just for a single ballot, a foreign country or domestic criminal would need to match everything perfectly from the ballot's size, style, weight and more, which can change every election cycle and which differs not only state to state, but even county to county. That means there are thousands of jurisdictions – each with their own ballot and own methods. Also, in about half the states, ballot envelopes bear a tracking bar code or tally mark that is unique to each voter. Even further, about 15 states require signatures to be matched against voter registration. Any surge of duplicate ballots arriving from the same voter is readily detectable and, again, highly unlikely on a meaningful scale.
So, while everyone should be worried about election security and the risk of foreign interference and misinformation, we should all be active, vigilant and informed. Or, as Jefferson would say, participate.
Timothy J. Pastore, Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. Reach him at (212) 551-7707 or by e-mail at email@example.com.