By Alexa Corse
As Election Day gets closer, one issue looms large for voters
and election officials alike: cybersecurity.
Hoping to quell fears about foreign hackers and repel potential
threats, many states and counties are beefing up their plans to
deal with cyberattacks. They're shoring up systems to protect their
voter databases and hiring security experts to assess the strength
of their defenses. They're coordinating with social-media
organizations to stamp out deliberately fraudulent messages that
could mislead voters about how to cast a ballot. And they're
banding together to share information and simulating how to respond
to potential emergencies.
One simulation-based exercise, held by the Department of
Homeland Security in mid-August, gathered officials from 44 states,
the District of Columbia and multiple federal agencies, the DHS
says.
"There absolutely is more emphasis on contingency planning"
since 2016, says J. Alex Halderman, a professor of computer science
at the University of Michigan.
State election officials say voters should feel assured that
voting systems are secure. And U.S. intelligence officials
emphasize that there is no evidence that hackers changed any votes
in 2016. But some officials say their biggest concern isn't that a
foreign adversary like Russia would alter ballots. They're worried
about elections losing legitimacy.
"I do worry that we will never have another uncontested
presidential election," says Connecticut Secretary of State Denise
Merrill, a Democrat. "The seed of doubt has been sown."
Shane Schoeller, the county clerk in Greene County, Mo., says he
feels as though there is little room for error or setbacks.
"You're either renewing that confidence or you're taking that
confidence away as that election is conducted," says Mr. Schoeller,
a former Republican speaker pro tem of the Missouri House of
Representatives.
Here are some of the cyber concerns that election officials are
wrestling with.
1. Hackers could try to tamper with voter records and
potentially sow confusion about who's allowed to vote.
Many states require that voters register in advance and provide
information such as name, home address and party affiliation. Those
details are stored in voter-registration databases.
The databases generally aren't connected to the machines used to
tabulate votes. But some experts worry about whether hackers might
try to break into the databases and alter the data, making it seem
as though some people aren't allowed to vote -- potentially leading
to big confusion at polling places.
In a bipartisan report issued earlier this year, the Senate
Intelligence Committee concluded that Russian-affiliated hackers
accessed voter-registration data in a handful of states during the
2016 election cycle. There is no evidence any such data was
altered, the report said.
A spokeswoman for the committee declined to comment on its
continuing investigation. Moscow has denied hacking and using
fraudulent social-media accounts to undermine the 2016 and 2018
elections.
For the midterms, Matthew Masterson, a senior cybersecurity
adviser at the Department of Homeland Security, says he's helping
state and local officials secure voter data. That includes official
databases, as well as copies of the data, which may be put on
tabletlike devices called e-poll books, sometimes used by poll
workers to check in voters.
In addition, many states are moving to bolster the security of
their voter-registration systems. For example, Vermont and
Minnesota have added two-factor authentication, which uses a second
passcode to enhance security, say officials from both states.
Meanwhile, states have a low-tech alternative available if poll
workers can't verify someone's eligibility: The voter fills out a
provisional ballot that includes some personal information, and
officials figure out the voter's eligibility later, often after
Election Day.
Still, some observers worry that there may be a problem with
provisional ballots that hackers could try to exploit. Those
ballots may take a while to fill out, which could lead to longer
lines at polling places, says Joseph Lorenzo Hall, chief
technologist at the nonprofit Center for Democracy and Technology.
Some voters may not be able to wait, or may not be willing to
provide personal details on the form, Mr. Hall says.
"Say it's a hotly contested midterm election" in a small
congressional district, says Mr. Hall. If bad actors were to
improperly modify the records for, hypothetically, 10% of a bloc of
voters, he says, those people might not complete a provisional
ballot and leave without voting -- which, he worries, theoretically
might swing the race to a certain candidate.
2. Paperless voting machines could fail -- and there aren't
always paper backups that could provide a paper record of votes
cast if technological issues arose.
Paperless machines -- which at least one county in each of 13
states will use for most voters this year, according to the
Verified Voting Foundation -- were once considered state of the
art. But now security experts are recommending paper ballots or
machines with paper backups to counteract any potential bad actors
who might try to tamper with the machines' software.
"You have to have a way of checking that the software has not
been hacked and that there's no errors," says Marian Schneider,
president of Verified Voting, a Philadelphia-based nonprofit that
has long advocated for a "paper trail" of votes.
The Senate Intelligence Committee's bipartisan report endorsed
that idea. Many voting machines "do not have a paper record of
votes as a backup counting system that can be reliably audited,
should there be allegations of machine manipulation," the report
said.
In March, Congress allocated $380 million for states to upgrade
their election systems. And some states are already moving away
from paperless machines. Even before that federal funding was
available, Virginia fully retired its paperless, touch-screen
electronic voting machines ahead of its November 2017 election.
Other states, such as Pennsylvania and Louisiana, have begun the
replacement process.
Some state election officials emphasize that electronic voting
machines generally aren't connected to the internet and thus are
less susceptible to remote hacking. Officials also say it's common
to conduct various tests before and after elections on many types
of voting machines, along with restricting physical access to the
machines and installing protective seals on them.
Still, at the DEF CON computer-security conference in Las Vegas
this summer, hackers penetrated some voting machines and other
election equipment as part of a demonstration. Some makers of
voting machines responded, saying it was unrealistic that malicious
actors would have so much access during an election.
State election officials from several states that use paperless
voting machines say they are taking postelection security
measures.
For instance, Louisiana Secretary of State Kyle Ardoin says
officials confirm that the number of people who checked in on
Election Day matches the number of votes cast, among other
measures. A spokesman for Mr. Ardoin adds that there have been very
few discrepancies, and that in those cases, officials didn't find
any evidence of deliberate tampering.
3. Malicious social-media accounts could spread false voting
information online, such as fake instructions on how to vote.
Election officials want to use social media to educate voters --
and want the bad guys to stay off it. U.S. intelligence officials,
for instance, charge that Russia has used fraudulent social-media
accounts to spread divisive political messages during the 2016 and
2018 election cycles.
So, several state election officials say they are beefing up
their crisis-communications capabilities. For instance, some
officials say that, unlike in 2016, they now have contacts at
Facebook and Twitter they can call to report posts containing
deliberate disinformation about how to vote.
Spokesmen for Facebook and Twitter say they will work to remove
any reported posts that violate their rules, such as deliberately
spreading disinformation about how to cast a ballot.
In 2016, for example, some Twitter accounts spread messages
encouraging Democrats to vote by text, which isn't allowed in any
state. Those messages included photoshopped images that looked
similar to genuine material from Hillary Clinton's campaign.
The company worked to remove those tweets after news reports
identified them. It later said those posts didn't have "obvious
Russian origin."
A Twitter spokesman says the company also regularly advises
election officials -- as well as candidates, among others -- about
best practices, such as using strong passwords.
Ms. Corse is a former intern for The Wall Street Journal. She
can be reached at reports@wsj.com.
(END) Dow Jones Newswires
September 18, 2018 22:21 ET (02:21 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Twitter (NYSE:TWTR)
Historical Stock Chart
From Mar 2024 to Apr 2024
Twitter (NYSE:TWTR)
Historical Stock Chart
From Apr 2023 to Apr 2024