5 ways to address election system weaknesses

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Unlocking digital potential: Strategies for modernizing government services
Presented By Adobe
Download Now
Unlocking public sector potential
Presented By NTT DATA
Download Now
By Eric Hodge
 

Connecting state and local government leaders

By Eric Hodge

|

Vulnerable systems can undermine voters' confidence in the security of the process and expose sensitive voter data.

Over the past few months, a steady stream of information has surfaced about Russian efforts to hack the 2016 presidential election. The attacks were specifically focused on voter databases and voting software, with attempts to alter or delete voter information in Illinois and Arizona and intrusions into campaign databases. Experts believe that the goal was to change the outcome of the election.

In the past, the voting process wasn’t seen as a target for hackers. Most cyber criminals go after credit card data or Social Security numbers in order to steal peoples’ identities for financial gain. The 2016 presidential elections revealed a new way of thinking. Election hacking wasn’t driven by the desire to make money, but by an effort to meddle with election results, directly by targeting voter data and indirectly through leaks of confidential information to the media.

Elections that are vulnerable to hacking will undermine confidence in the security of the voting process, eroding voters’ faith and confidence in our democracy. More insidious still is the potential theft of sensitive voter data, which typically includes full name, address, date of birth, last four digits of Social Security number, voter history, activity status, felony convictions and military status. This detailed personal data would be a gold mine for cyber criminals bent on exploiting the election process or perpetrating identity theft.

With the next mid-term elections just a year away, states must move immediately to prevent future tampering. To address election system vulnerabilities, state election officials must develop a plan that focuses on five areas:

1. Secure databases. First, a state board of elections should lock down databases where voter information is kept so voters feel secure in the state’s ability to protect their identities. This can be difficult, however, as election processes, which range from counting the votes to making sure the voting machines are secure, may not be well controlled. Voting management and voting machine technology vary greatly from state to state or even county to county within the same state, creating a broad range of potential vulnerabilities. Securing voter databases will require a statewide effort with strong guidance on best practices.

2. Implement secure voting procedures. States must ensure that votes are counted accurately and completely. Security analysts have warned for years about the security risks of touch-screen voting machines, and in the last election the Russians made progress toward hacking voting machines and systems. If a state has not taken clear, public measures to ensure the public that the selection they make in the voting booth is being recorded and reported properly, then confidence in our elections will suffer.

States should start with an inventory of the people, processes and technologies they have in place in all their counties. Examine current privacy and security procedures and identify any vulnerabilities. From that baseline, states can establish a roadmap for effective policies and procedures to protect against security breaches.

3. Shore up election audit processes. States must be able to ensure that their vote totals can be reviewed and audited. In the 2016 elections, there were recounts in five different states and allegations of voter fraud in two others where  the recount process and the accuracy of voting machines were called into question. The inaccuracy and unreliability of the auditing process allowed for enough doubt that both parties started to question not only the credibility of the original vote count, but the electoral process itself.

In every state, voting machines should be secured and sealed at the end of the day, and paper ballots or data cards should be transported in a sealed box to a secure location by an approved state official. States need a proven chain of custody, with everything recorded, audited and handled much like a financial transaction or court document. In smaller jurisdictions today, it’s not uncommon to see ballot boxes left open, old ballots kept in unsecured storage areas or even homes where it’s possible to tamper with them. Tightening up those processes, and in some cases the technologies, is key to making sure the vote is accurate and that any recounts will find the same number of votes as the first count.

4. Properly vet any new voting management systems. When new systems are introduced into the election infrastructure, new avenues of attack can come with them. Some states have deployed voting management systems that were compromised in 2016. When a state makes a change or an addition, it is important to assess the new technology for any new vulnerabilities that attackers can exploit. Proper security procedures must be a priority during the implementation process. 

5. Educate. Most of the time, the easiest part of the system to exploit is the human being that sits in the middle of it. John Podesta, who led the Clinton campaign, fell for a phishing scam, and Wikileaks obtained and published his emails, exposing the party’s strategies and embarrassing exchanges. If a state focuses on its systems while neglecting to educate everyone in its network about how to recognize a hacker’s ploys, it is inviting the same consequences that befell the Democratic presidential campaign.

The Russian attack on the 2016 presidential election highlighted the vulnerabilities of our election process and procedures. Hacking elections is a threat we’ve never had to deal with before and something most states were clearly not prepared for. With the mid-term elections only a year away, states still have significant work to do to prevent future tampering. 

NEXT STORY: Protecting systems from rogue root users

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.