The Editorial Board – The New York Times.
Russia’s meddling in the 2016 election may not have altered the outcome of any races, but it showed that America’s voting system is far more vulnerable to attack than most people realized. Whether the attackers are hostile nations like Russia (which could well try it again even though President Trump has raised the issue with President Vladimir Putin of Russia) or hostile groups like ISIS, the threat is very real.
The question is this: Can the system be strengthened against cyberattacks in time for the 2018 midterms and the 2020 presidential race? The answer, encouragingly, is that there are concrete steps state and local governments can take right now to improve the security and integrity of their elections. A new study by the Brennan Center for Justice identifies two critical pieces of election infrastructure — aging voting machines and voter registration databases relying on outdated software — that present appealing targets for hackers and yet can be shored up at a reasonable cost.
Last year, Russian hackers tried to break into voter databases in at least 39 states, aiming to alter or delete voter data, and also attempted to take over the computers of more than 100 local election officials before Election Day. There is no evidence that they infiltrated voting machines, but they have succeeded in doing so in other countries, and it’s only a matter of time before they figure it out here. R. James Woolsey, the former C.I.A. director, wrote in an introduction to the Brennan Center report, “I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections.”
The report identifies three immediate steps states and localities can take to counter the threat.
First, conduct regular threat assessments of voter registration systems, and upgrade them if necessary. Forty-two states now use systems that are at least a decade old and rely on outdated software like Windows XP, for which Microsoft stopped providing security updates in 2014. This makes them especially susceptible to hacks, like the global ransomware attack in May that devastated Britain’s national health service. The annual cost of performing these assessments throughout the country would be just $1 million to $5 million; the upgrades would cost more.
Second, replace old electronic voting machines that produce no paper trail. Fourteen states still use these machines, meaning there’s no independent way to confirm the accuracy of one in five votes cast nationwide. New, auditable machines for everyone would cost between $130 million and $400 million, according to the report — a pittance considering the stakes.
Third, audit the votes. This is generally done by comparing a random sample of paper records to voting machine totals and looking for discrepancies — intentional or not. About half the states perform postelection audits, but many don’t examine enough ballots to ensure that errors will be caught.
The good news in all of this is that voting in America is decentralized by design — states and localities run elections in 8,000 jurisdictions and operate about 100,000 polling places — making it very hard for any single attack to have a broad impact. The bad news is that voting systems, including the machinery, are never a high budget priority. As a result, necessary upgrades don’t happen, leading to widely varying levels of security around the country.
Congress needs to allocate more money now to help states upgrade their equipment and computer systems, and to perform threat assessments. A key player is the federal Election Assistance Commission, which sets certification standards that almost every state relies on in buying new machines. The commission, established after the 2000 election debacle, has a tiny staff and a budget smaller than a rounding error. Its work has never been more urgently needed, and yet congressional Republicans are perpetually trying to kill it.
Meanwhile, the Trump administration’s election-integrity commission is focused like a laser on the phantom fear of in-person voter fraud, a pet project of Republican politicians for more than a decade. That election security has become just another partisan battleground is sad but not surprising in these toxic political times.