Election Day 2020: The Crisis We Could Face in November
With the general election approximately 113 days away, there are mounting concerns about what will occur on Nov 3rd, 2020! Election officials face an extensive array of new cybersecurity threats arising from voting remotely to election officials working from home on unsecured systems leaving delicate data exposed to hackers. Before this health crisis, Congress approved $380 million in grant funds through the Help America Vote Act (HAVA). This may seem like a lot of money, but the question that needs to be asked is, can these funds address these three new election security concerns brought on by this new way of life?
Voting by Mail During in this Current Crisis
There is no doubt that voting by mail would make the 2020 general election much safer for one's health. However, voting by mail comes with its own set of security risks. Voting by mail is not a new concept, Colorado, Oregon, Washington, Hawaii, and Utah mail all registered voters a ballot before each election. Currently, thirty-three states, including the District of Columbia, allow for "no excuse" absentee mail-in voting, which means anyone can vote by mail. The remaining 13 states limit voting by mail, with excuses such as travel or illness. Since this concept is not new, then what is the risk?
Federal and state experts point out that this system has some gaps that need to be addressed before Nov 4th. The major one is having technology and the workforce to verify each returned ballot. Many election officials are now struggling to secure votes that are mailed in, currently many states are now relying on signature-verification software that some security specialists fear hackers could exploit this technology. The question that needs to be asked when it comes to voting by mail.... will it ever by 100% secure?
An Open Door to Hackers?
During the 2016 election, hackers from across the globe took aim at voter registration systems by stealing passwords and accessing sensitive information. Successfully accessing these systems allowed hackers to slip into voter registration lists and alter addresses, to indicate that voters incorrectly moved out of state. Not having the necessary cybersecurity defenses allowed hackers to plant doubts of tampering in the 2016 election. Election officials believe that this was just a test and that the same thing will happen in the 2020 election if we do not take precautions now!
Now that the general election of 2020 is approaching, local and state officials have reported an increase in ransomware attacks on voter registration systems. These types of attacks are like what we saw in 2016, but now that some states are considering conducting online voting for the first time, like Delaware and West Virginia, which can create a whole new monster. Experts from the top universities have conducted several tests to see if online voting could work. The study showed that platforms already facilitating internet and remote voting could, in some instances, be manipulated to alter votes. Other states like Florida, Ohio, Oregon, also use a platform as a way for citizens to mark ballots remotely and then submit them by email, fax, or mail. Research again clearly point that these system present opportunities for hackers or nation-states to compromise an election. So are inviting the fox into the hen house for this election?
Many States Still Have Outdated Election Security Infrastructure
Notwithstanding making some significant progress since the 2016 election, many states continue to face foundation challenges when it comes to their election security projects. For example, most states are using aging voting machines that are more than a decade old and, in many cases, are no longer produced. Currently, 11 states still use paperless electronic voting machines, which are especially vulnerable to hacking. They do not provide a paper record to help election officials recognize and respond to a cyberattack. Additionally, many states are using voter registration databases that are old and ill-equipped to address current cybersecurity threats.
Finally, more than half of states do not currently require post-election reports to verify whether polling machines are recording and tallying votes accurately before certifying election results. Furthermore, only two states, Colorado and Rhode Island will, by 2020, require risk-limiting audits. Risk-limiting audits can further confirm that the outcome of the election was not affected by a counting error or a malicious attack.
Cybercriminals and bad actors can create chaos in state and local voting and election systems – from disqualifying legitimate voters to corrupting data to launching denial-of-service attacks.
Many government election commissions and agencies could be better prepared to deal with election security threats, but many are not. To develop solutions and security programs to counter cyber threats to elections, we need government agencies to be more engaged with industry experts on the frontlines trying to stop cybercriminals and bad actors. Please check out how DLT and our partners in this industry can help solve the election crisis.