Let’s Hack an Election
Sometimes the best way to solve the threat is to think like the attacker.
You don’t need to target a voting machine to hack an election. Yes, the United States’ nearly archaic voting system is very, very tempting, but there are a few other powerful, indirect ways to cause chaos on election day and get your candidate elected. There are also ways to ensure that hacking and interference don’t happen. Unfortunately, the United States is much more vulnerable to the first scenario than we are prepared for the second.
So let’s hack an election. Then figure out how to stop it.
On September 17th, FBI Director Christopher Wray testified before the House Homeland Security Committee and stated that Russia is actively interfering in the 2020 presidential election “primarily to denigrate Vice President Biden and what the Russians see as an anti-Russian establishment.” It’s not a new revelation, but rather another confirmation of what we know is already happening before our eyes. Yes, intelligence officials in a dark room somewhere are monitoring things and election officials will monitor the actual voting system, but that’s about the extent of it. To the general public, including me, it seems that all we want to do is tweet that the interference is happening in hopes that it magically stops.
In one of my previous articles, I wrote about intelligence officials’ concerns with the United States’ outdated voting machines opening the door for foreign intrusion. Although the manipulation of votes is unlikely without governmnet knowledge, it’s still a glaring option for hackers. So say we’re a foreign entity and we know that the Americans gave Russia a small slap on the wrist and a wink after 2016. Why not be bold this time and manipulate a vote or two? If we don’t want to be that direct, maybe we’ll take another route that will have the same desired effect.
Some people have argued that the way the United States’ voting system is set up through different jurisdictions rather than a singular voting system is advantageous because a foreign entity can’t hack one centralized server. Russia completely bypassed that theory in 2016 where we later realized that they had access to election systems in all fifty states. The scale of activity isn’t fully known because of redactions to the intelligence report, but in all likelihood, they could have changed information and votes as they pleased. But there’s another way to cause chaos on election day without ever coming close to a voting machine. Richard Hansen, founder of the Election Law Blog stated, “…infrastructure includes not only just the election itself, but think about a power grid. If someone could come in maliciously and take down the power grid in a major Democratic city, in a swing state, that would have a devastating effect on our elections. And it wouldn’t be attacking any voting equipment, but it would still affect how the vote goes.” The US power grid isn’t nearly as secure as we would like to think and this is a very possible scenario.
The second, more powerful and rampant tactic of interference is what David Karpf from Wired calls “hacking of the media.” He stated, “Instead of reaching voters directly through digital propaganda, outside actors can try to interfere by influencing the news narrative.” This is a proven tactic that has happened recently in 2016 when Wikileaks released John Podesta’s hacked emails which then dominated headlines and were amplified by bots on social media. It also happened in France in the lead-up to the 2017 election when a cyberintrusion of President Emmanuel Macron’s staffers led to a subsequent leak of stolen data. If you are a hacker, why not take advantage of American’s distrust in the media?
We know that interference in our elections is happening. We know hacking doesn’t just mean targeting voting machines, but can include other points of indirect influence. We also know that simply tweeting that it is happening will not stop it. But within the past five years, there have been numerous case studies in Europe that show there are ways to successfully combat outside interference and hold secure elections despite the threat. The United States can take a page out of their playbook.
James Lamond and Talia Dessel from the Center for American Progress compiled a report on how other European democracies responded to the Russian threat in their elections. We’ll look at two of them here to show some of the steps taken:
In the 2017 presidential election in France, anti-immigrant and pro-Russian candidate Marine Le Pen was the benefactor of a multifaceted Russian campaign to get her elected. However, the French government took the threat seriously, and in the end, the interference campaign was unsuccessful. What did they do to stop it? The National Cybersecurity Agency (ANSSI) held cybersecurity seminars for all political parties, a special commission was set up to serve as a campaign watchdog, there was a bipartisan rebuke of Russian meddling, and Le Monde, a reputable newspaper, created platforms to verify election information.
Another example was Germany’s national election in 2017. Because Chancellor Merkel was the “driving force” behind sanctions against Russia, the Bundestag was on high alert for interference. So instead of reacting after the event had already taken place, they took numerous and wide-ranging prevention measures. In the lead-up to the election, the government significantly upgraded their cybersecurity infrastructure as well as setting up multiple task forces to monitor all possible interference points. Arguably the most important factors in keeping the elections safe were the education of German voters and the media. The government routinely updated the public about disinformation and the media played an important role in their reporting — easing the process because of the general trust in the media by Germans.
What do these examples have in common? Governments who not only acknowledged the interference was happening or would happen, but they took early prevention measures to ensure that their elections were safe. United States Congress hasn’t passed a substantial election security bill even after 2016 — an opposite reaction to the steps taken by Europe. Election infrastructure is only piece of the puzzle, and a seemingly lesser threat to the widespread disinformation campaigns and the “hacking of the media” going on the in the US.
The two easiest steps that the United States could take are to upgrade the security of voting machines across the country and form an independent commission that has no political ties to monitor the election. Combating rampant disinformation among all media platforms, such as Germany did, seems out of reach at the moment.
Being proactive is the only way to stop election interference, but the United States’ historic reactionary posture once again amplifies the threats facing society.