Russia’s meddling in the 2016 election may not have altered the outcome of any races, but it showed that America’s voting system is far more vulnerable to attack than most people realized. Whether the attackers are hostile nations like Russia (which could well try it again even though President Trump has raised the issue with President Vladimir Putin of Russia) or hostile groups like ISIS, the threat is very real.
The question is this: Can the system be strengthened against cyberattacks in time for the 2018 midterms and the 2020 presidential race? The answer, encouragingly, is that there are concrete steps state and local governments can take right now to improve the security and integrity of their elections. A new study by the Brennan Center for Justice identifies two critical pieces of election infrastructure — aging voting machines and voter registration databases relying on outdated software — that present appealing targets for hackers and yet can be shored up at a reasonable cost.
Last year, Russian hackers tried to break into voter databases in at least 39 states, aiming to alter or delete voter data, and also attempted to take over the computers of more than 100 local election officials before Election Day. There is no evidence that they infiltrated voting machines, but they have succeeded in doing so in other countries, and it’s only a matter of time before they figure it out here. R. James Woolsey, the former C.I.A. director, wrote in an introduction to the Brennan Center report, “I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections.”
The report identifies three immediate steps states and localities can take to counter the threat.
First, conduct regular threat assessments of voter registration systems, and upgrade them if necessary. Forty-two states now use systems that are at least a decade old and rely on outdated software like Windows XP, for which Microsoft stopped providing security updates in 2014. This makes them especially susceptible to hacks, like the global ransomware attack in May that devastated Britain’s national health service. The annual cost of performing these assessments throughout the country would be just $1 million to $5 million; the upgrades would cost more.
Second, replace old electronic voting machines that produce no paper trail. Fourteen states still use these machines, meaning there’s no independent way to confirm the accuracy of one in five votes cast nationwide. New, auditable machines for everyone would cost between $130 million and $400 million, according to the report — a pittance considering the stakes.
Third, audit the votes. This is generally done by comparing a random sample of paper records to voting machine totals and looking for discrepancies — intentional or not. About half the states perform postelection audits, but many don’t examine enough ballots to ensure that errors will be caught.