In a year when much has not gone according to plan, there is a singular event that Americans know is inevitable: The Presidential election on November 3, 2020. Barring no natural disaster, calamity or law that changes the date, this event is forthcoming.
In the lead up to the election, the attention and fervor around security is growing. In fact, social media mentions of “election security” jumped 22 percent in just the past eight weeks, according to an audit by RSA. Alongside this, media headlines on the topic are multiplying by the hour with many illustrating the potential for hacking, cyber attacks and more.
Given the escalating concern, we sought answers to the top questions swirling around election security from one of the nation’s leading experts on the topic: Ari Schwartz. He’s an American cybersecurity and technology policy expert and the former senior director for cybersecurity on the United States National Security Council Staff at the White House.
Issues Extend Beyond the Voting Machine
Despite increasing attention and concern on the physical voting machine, or the security of the network it’s connected to, Schwartz says vulnerabilities extend beyond the machine. Voter rolls and the systems providing information to voters can all be compromised by malicious actors, or just human error. Based on his experience, there’s a “long history of voters being sent to the wrong polling place” which creates confusion and frustration, and ultimately cause citizens to not vote at all.
For Schwartz, the “most worrying piece” is that a Nation State doesn’t “need to mess everything up” to be successful. While extensive research has shown how to hack or infiltrate a voting machine, the greater, more efficient threat is the power of misinformation. Schwartz says that “sowing doubt is a victory” for a bad actor. To succeed, they need to “do something loudly enough that catches attention.” Just knowing that an attempt was made leaves voters with doubt, he adds.
Compounding this challenge: Many citizens already have doubt in the process – whether it’s how to register, what information is needed to register or whether their vote counts at all. “We see questions raised [already] without having to hack anything at all,” says Schwartz.
Another mechanism that sows more doubt into the process is social media disinformation. He says this is one of great threats to the election process today and believes there is no easy solution for how to “overcome” the challenge.
Voting Amid a Health Crisis
With the backdrop of a global health crisis, there is growing attention on how U.S. citizens will vote in November. In his opinion, Schwartz says it’s a “huge mistake” to think electronic voting will work in a general election without having done scalable testing in an off-year election. He cites challenges in the 2020 Iowa Democratic Caucus as proof that even the small experiments done to introduce e-voting at scale have not proven successful.
He believes mail-in voting will become the go-to solution for states that helps “address concerns related to both electronic voting and operations of voting amid a pandemic.” He says it’s a trusted method of voting that’s “proven” to work in several U.S. States, like Oregon, already.
Public polling by the Associated Press shows growing support for this method. Six in 10 American adults now endorse the idea of allowing citizens to vote by mail-in ballot instead of in-person without requiring a reason.
There’s Hope for the Future
While pundits and media headlines paint cataclysmic scenarios, Schwartz believes states are moving “in the right direction” when it comes to securing the future of elections. “Over the last 10 years, there’s been more discussion … and over the last four years more people now know [what election security] is and what it means,” says Schwartz, citing that this is good progress.
That said, “there are too many issues out there, and the old issues don’t go away.” This reality creates headwinds for Secretaries of State who were resource-constrained before the health crisis, and now may face “budget shortfalls,” says Schwartz. The answer in his opinion is funding: “We know what states need; we just need to give them the money to do it.”
Finally, when it comes to the tools needed to secure voting technology, Schwartz says that for starters, states need to look at investing in authentication and identity management technology. He adds that endpoint detection solutions and tools for securing cloud environments are also essential in this work from home reality.
Ari Schwartz is an American cybersecurity and technology policy expert and the former senior director for cybersecurity on the United States National Security Council Staff at the White House.