“We Were Attacked in 2016”: New Report Offers Solutions to Potential Election Hacks

Securing 8,000 voting jurisdictions and 100,000 polling places around the country.

Konkov Sergei/Zuma

Let our journalists help you make sense of the noise: Subscribe to the Mother Jones Daily newsletter and get a recap of news that matters.

Most of the attention about foreign influence in the 2016 presidential election has focused on President Donald Trump’s campaign: whether anyone in his team colluded with Russian interests, and the degree to which those interests sought to penetrate Trump’s inner circle. But recently a lesser-discussed thread has emerged as a more direct threat to our election system: The attempts by foreign actors to access state voter registration systems and the vulnerability of outdated and unaccountable voting machines.

“When we were attacked on 9/11, we took action to upgrade transportation security and protect our ports and other vulnerable targets,” former CIA Director and one-time Trump transition national security adviser James Woolsey wrote in his introduction to a new report by the Brennan Center for Justice focusing on the vulnerability of states to vote tampering.  “We were attacked in 2016. The target was not ships or airplanes or buildings, but the machinery of our democracy. We will be attacked again. We must act again—or leave our democracy at risk.”

In the report, “Securing Elections From Foreign Interference,” published Thursday, the authors argue that protecting election infrastructure should be treated as a national security issue. States and the federal government should take several steps in order to secure the databases used to track registered voters and the machines voters use to cast ballots and have their votes tallied. The recommendations would involve more than 8,000 voting jurisdictions and 100,000 polling places around the country. 

Beginning in August 2016, reports circulated from the FBI that state election registration databases were being probed for weaknesses, although the publicly available evidence, and the tactics used, could not confirm that a state actor was involved. The Department of Homeland Security was very concerned, according to recent testimony from former DHS Secretary Jeh Johnson, and encouraged state officials to work with the agency to shore up voter registration database security. More recent reporting suggests Russian hackers probed as many as 39 states’ registration systems. A recently-leaked NSA report published by the Intercept bolsters that claim.

And when it comes to voting machines, information security researchers have reported for years that too many rely on outdated and unaccountable software that in many states leaves no paper trail to facilitate an after-election audit.

There is no evidence that any vote tallies were changed, but there are indications that the hackers had tried to worm their way into voter registration systems that could have let them alter voter registration records—which could create confusion during election day. A January 6 report issued by the CIA, NSA, and FBI suggests that the point of the Russian operation wasn’t necessarily to manually change votes but rather to “undermine public faith in the US democratic process,” along with harming former Secretary of State Hillary Clinton’s chances at becoming president.

The new Brennan Center report breaks out its recommendations into two main areas: voting equipment and voter registration databases, and offers some basic solutions. 

Voting Machines: 

  • The federal government should work with states and local election jurisdictions to replace old voting machines that leave no paper audit trail. Old voting machines are not only unaccountable, but, given their age and operating systems, costly, difficult to maintain, and prone to malfunctioning. The report estimates that it would cost between $130 million and $400 million to replace paperless systems in every jurisdiction that has them.
  • Congress should help to offset those costs and assist states and local officials in making  the upgrade.
  • A paper trail is worthless unless it’s reviewed, so the report calls on more states to require post-election audits of paper trails, a policy only 26 states now have in place.

Voter Registration Data Bases: 

  • States should perform thorough audits and threat analyses on their state voter registration databases, evaluate the weak points and places where attackers could get in, and take steps to upgrade security and operating systems to prevent those attacks as much as possible.
  • No computer system is ever hack-proof, so the report suggests states evaluate their contingency plans in the event their registration systems are breached.
  • Based on estimates from places such as Ohio and Virginia where such steps have already been taken, the report estimates that such audits and maintenance nationwide would cost between $1 million and $5 million annually.

The report’s authors point out that states and counties often don’t have sufficient funds to pay for the latest technology, which is a key reason the election infrastructure in the US is so vulnerable and in such disrepair. Moreover, election law and policies are intensely political and changes to election systems often stall because of partisan infighting.

“We must recognize that we live in a world where foreign interests are vying for power on the world stage by trying to shape American politics, or even attempting to create doubts that democracy really works,” the authors wrote. “Against that backdrop, it is clear that strengthening election security is essential to protecting our national security.”

Read the full report below:

 



IT'S NOT THAT WE'RE SCREWED WITHOUT TRUMP:

"It's that we're screwed with or without him if we can't show the public that what we do matters for the long term," writes Mother Jones CEO Monika Bauerlein as she kicks off our drive to raise $350,000 in donations from readers by July 17.

This is a big one for us. It's our first time asking for an outpouring of support since screams of FAKE NEWS and so much of what Trump stood for made everything we do so visceral. Like most newsrooms, we face incredibly hard budget realities, and it's unnerving needing to raise big money when traffic is down.

So, as we ask you to consider supporting our team's journalism, we thought we'd slow down and check in about where Mother Jones is and where we're going after the chaotic last several years. This comparatively slow moment is also an urgent one for Mother Jones: You can read more in "Slow News Is Good News," and if you're able to, please support our team's hard-hitting journalism and help us reach our big $350,000 goal with a donation today.

payment methods

IT'S NOT THAT WE'RE SCREWED WITHOUT TRUMP:

"It's that we're screwed with or without him if we can't show the public that what we do matters for the long term," writes Mother Jones CEO Monika Bauerlein as she kicks off our drive to raise $350,000 in donations from readers by July 17.

This is a big one for us. So, as we ask you to consider supporting our team's journalism, we thought we'd slow down and check in about where Mother Jones is and where we're going after the chaotic last several years. This comparatively slow moment is also an urgent one for Mother Jones: You can read more in "Slow News Is Good News," and if you're able to, please support our team's hard-hitting journalism and help us reach our big $350,000 goal with a donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate