By Jenna Andrews
With the 2016 Presidential Election weeks away, lawmakers and national security leaders are voicing concern about election security. The Department of Homeland Security has indicated that hacking attempts have been made on twenty state election systems. Concern has also stemmed from the hacking of the Democratic National Committee servers, which led to the theft and publication of emails and private data. Two successful hackings of online voter registration databases were reported in Illinois and Arizona this past summer. Senate and House Intelligence Committees have since concluded that both hacks were linked to Russian Intelligence Agencies.
New systems create new challenges
As many states move to electronic voting systems and online voter databases, election systems become more vulnerable to cyber attacks. While most states use voting machines that generate a physical record of each vote, some states, such as Pennsylvania, Louisiana, New Jersey, South Carolina, Tennessee, and Texas, have switched to electronic voting machines that leave no paper trail. States and counties that use these machines are particularly susceptible to attacks. In addition to the breach of voting machines, hackers may disrupt the election process through interfering with online voter registration records and local government websites. As election administration is constitutionally designated to the states, the United States has no uniform voting system and no centralized standards for election security.
In response to the looming threat of Election Day hacks, the Department of Homeland Security (DHS) is aiding states in spotting vulnerabilities in their election security. DHS will be conducting “cyber hygiene” assessments, including the scanning of voter registration systems, reporting systems, and other Internet election management systems to identify weaknesses. However, these assessments are only conducted at the request of the state. DHS has also published recommended procedures for states and election officials to secure voter registration databases and prevent breaches of electronic voting machines, but states are not required to follow these guidelines.
In efforts to establish uniform standards of security in voting technology, on September 21, 2016, Congressman Hank Johnson of Georgia introduced the Election Infrastructure and Security Promotion Act of 2016. The Act requires DHS to designate voting systems as “critical infrastructure,” and therefore demands increased security obligations from the department. Under this law, DHS would have to submit a cyber threat protection plan for the electoral system to Congress and work with outside agencies to develop security standards to be used in federal elections.
Will these measures be effective?
In spite of the recent cyber attacks and the warnings from national security leaders, only twenty-one states have sought aid from DHS in preparing for next month’s election. The security standards set out by DHS are not binding, and at this point Congress has not given DHS the power compel state compliance with these measures. Many state and local officials have voiced opposition to the interference of federal government with the administration of election security. There is a large concern among election officials that more federal oversight in elections would minimize state control.
As it is very unlikely that the Election Infrastructure and Security Promotion Act will be passed and implemented before the November 8th election, Congress’s efforts seem to be too little too late. With a decentralized voting system in the United States, it is doubtful that a cyber attack would disrupt the results of the presidential election, however, the likely consequence of any Election Day security breach would be widespread distrust in the election system and democratic process. As election security is solely in the hands of the states, it is imperative that election officials voluntarily follow the security recommendations of DHS and request an assessment of their election system’s safety.
Should the bill pass?
With more than half of the states using some form of electronic voting system, and rapidly increasing threats of election cyber attacks, the enactment of the Election Infrastructure and Security Promotion Act would be a positive step in securing the election process from hostile interference. The designation of the voting system as “critical infrastructure” would provide DHS with the power to create a baseline for security in federal elections. A centralized standard for election cyber security would ensure that there are no major vulnerabilities in any state election systems. As technology progresses, election laws must evolve to address new challenges, and most importantly, to preserve security in the democratic process.
Student Bio: Jenna is a staff member of the Journal of High Technology Law and 2L at Suffolk University Law School with a concentration in Business Law.
Link: http://www.nextgov.com/cybersecurity/2016/09/9-states-accept-dhss-election-security-support/131741/
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.
