“We Were Attacked in 2016”: New Report Offers Solutions to Potential Election Hacks

Securing 8,000 voting jurisdictions and 100,000 polling places around the country.

Konkov Sergei/Zuma

Most of the attention about foreign influence in the 2016 presidential election has focused on President Donald Trump’s campaign: whether anyone in his team colluded with Russian interests, and the degree to which those interests sought to penetrate Trump’s inner circle. But recently a lesser-discussed thread has emerged as a more direct threat to our election system: The attempts by foreign actors to access state voter registration systems and the vulnerability of outdated and unaccountable voting machines.

“When we were attacked on 9/11, we took action to upgrade transportation security and protect our ports and other vulnerable targets,” former CIA Director and one-time Trump transition national security adviser James Woolsey wrote in his introduction to a new report by the Brennan Center for Justice focusing on the vulnerability of states to vote tampering.  “We were attacked in 2016. The target was not ships or airplanes or buildings, but the machinery of our democracy. We will be attacked again. We must act again—or leave our democracy at risk.”

In the report, “Securing Elections From Foreign Interference,” published Thursday, the authors argue that protecting election infrastructure should be treated as a national security issue. States and the federal government should take several steps in order to secure the databases used to track registered voters and the machines voters use to cast ballots and have their votes tallied. The recommendations would involve more than 8,000 voting jurisdictions and 100,000 polling places around the country. 

Beginning in August 2016, reports circulated from the FBI that state election registration databases were being probed for weaknesses, although the publicly available evidence, and the tactics used, could not confirm that a state actor was involved. The Department of Homeland Security was very concerned, according to recent testimony from former DHS Secretary Jeh Johnson, and encouraged state officials to work with the agency to shore up voter registration database security. More recent reporting suggests Russian hackers probed as many as 39 states’ registration systems. A recently-leaked NSA report published by the Intercept bolsters that claim.

And when it comes to voting machines, information security researchers have reported for years that too many rely on outdated and unaccountable software that in many states leaves no paper trail to facilitate an after-election audit.

There is no evidence that any vote tallies were changed, but there are indications that the hackers had tried to worm their way into voter registration systems that could have let them alter voter registration records—which could create confusion during election day. A January 6 report issued by the CIA, NSA, and FBI suggests that the point of the Russian operation wasn’t necessarily to manually change votes but rather to “undermine public faith in the US democratic process,” along with harming former Secretary of State Hillary Clinton’s chances at becoming president.

The new Brennan Center report breaks out its recommendations into two main areas: voting equipment and voter registration databases, and offers some basic solutions. 

Voting Machines: 

  • The federal government should work with states and local election jurisdictions to replace old voting machines that leave no paper audit trail. Old voting machines are not only unaccountable, but, given their age and operating systems, costly, difficult to maintain, and prone to malfunctioning. The report estimates that it would cost between $130 million and $400 million to replace paperless systems in every jurisdiction that has them.
  • Congress should help to offset those costs and assist states and local officials in making  the upgrade.
  • A paper trail is worthless unless it’s reviewed, so the report calls on more states to require post-election audits of paper trails, a policy only 26 states now have in place.

Voter Registration Data Bases: 

  • States should perform thorough audits and threat analyses on their state voter registration databases, evaluate the weak points and places where attackers could get in, and take steps to upgrade security and operating systems to prevent those attacks as much as possible.
  • No computer system is ever hack-proof, so the report suggests states evaluate their contingency plans in the event their registration systems are breached.
  • Based on estimates from places such as Ohio and Virginia where such steps have already been taken, the report estimates that such audits and maintenance nationwide would cost between $1 million and $5 million annually.

The report’s authors point out that states and counties often don’t have sufficient funds to pay for the latest technology, which is a key reason the election infrastructure in the US is so vulnerable and in such disrepair. Moreover, election law and policies are intensely political and changes to election systems often stall because of partisan infighting.

“We must recognize that we live in a world where foreign interests are vying for power on the world stage by trying to shape American politics, or even attempting to create doubts that democracy really works,” the authors wrote. “Against that backdrop, it is clear that strengthening election security is essential to protecting our national security.”

Read the full report below: