Precaution, not panic, will keep elections fair
AS OTHERS SEE IT
Some 13 weeks till Election Day, and “The warning lights are blinking red,” says the U.S. director of national intelligence. “I cannot emphasize enough the vulnerability,” says Sen. Marco Rubio. “We could be just a moment away from it going to the next level,” says the FBI director. On Thursday, the Trump administration’s national security team held a joint press conference to underscore the threat.
They’re all worried about foreign countries meddling in the midterms, just as Russia did in 2016. And with good reason: Although election security hasn’t been a notable priority for this administration – it has evidently held just two meetings on the topic since taking office – there’s every reason to think more attacks are imminent. What’s the proper response?
Precaution, not panic. In particular, three problems need attention.
One is that the nuts and bolts of the electoral machinery remain vulnerable. Americans vote at some 100,000 polling places, spread out across more than 8,000 voting districts. Each state oversees elections in its own way, and each piece of the system – registration rolls, back-office computers, even voting machines – is a potential target for hackers. Making matters worse, many states rely on outdated equipment or software; a report last year found that 41 states use databases that are at least a decade old.
Improving all this could take years. But states can in the meantime limit potential damage. For starters, they can ensure that local election officials have security training. They should also require that polling stations preserve paper records where possible, and that voter rolls and poll books have backups. Most important, they should conduct risk-limiting audits after the polls close to ensure that paper ballots match electronic results.
A second concern involves political campaigns. They offer troves of valuable material for foreign intruders – donor data, strategy documents, “oppo” research – yet typically have pitiful cybersecurity. In the last election, Russia compromised Hillary Clinton’s campaign with trivial ease.
In response, campaigns must get more serious about digital security. Sensitive data – now the coin of the realm in American politics – should be segregated from more mundane files and access to it limited. Security measures such as encrypted messaging and two-factor authentication should be standard.
That leaves a final challenge. Russia and other countries will almost certainly continue exploiting social-media platforms to push propaganda, spread hoaxes, and generally try to sow chaos and division during campaigns. Facebook last week revealed that it had removed a number of accounts and fake pages that seemed to be doing just that in advance of the midterms.
There’s no foolproof way to prevent this stuff. But Facebook and its peers can do more to crack down on the bots and phony accounts that spread it, whether by verifying user identities or improving automated detection tools. They can also open more data to public-interest researchers who could help detect or counter abuses. Congress should fund advanced research into preventing such threats, and the executive branch should put foreign governments on notice that these attacks will have serious consequences.