Voters are shown at a polling place in St. Louis in 2016.

Voters are shown at a polling place in St. Louis in 2016. Gino Santa Maria/Shutterstock.com file photo

Analysis: The U.S. Could Learn How to Improve Election Protection from Other Nations

Around the world, elections are under attack. U.S. officials could learn from other countries about how to ensure everyone's vote is recorded and counted accurately

Hacking into voting machines remains far too easy.

It is too soon to say for sure what role cybersecurity played in the 2020 Iowa caucuses, but the problems, which are still unfolding and being investigated, show how easily systemic failures can lead to delays and undermine trust in democratic processes. That’s particularly true when new technology – in this case, a reporting app – is introduced, even if there’s no targeted attack on the system.

The vulnerabilities are not just theoretical. They have been exploited around the world, such as in South Africa, Ukraine, Bulgaria and the Philippines. Successful attacks don’t need the resources and expertise of national governments – even kids have managed it.

Congress and election officials around the U.S. are struggling to figure out what to do to protect the integrity of Americans’ votes in 2020 and beyond. The Iowa caucuses are run by political parties, not state officials, but many of the concepts and processes are comparable. A look at similar problems – and some attempts at solutions – around the world offers some ideas that U.S. officials could use to ensure everyone’s vote is recorded and counted accurately, and that any necessary audits and recounts will confirm that election results are correct.

As a scholar researching cybersecurity and internet governance for more than 10 years, I have come to the conclusion that only by working together across sectors, industries and nations can the people of the world make their democracies harder to hack and achieve some measure of what I and others call cyber peace.

Electronic tampering is not new

As far back as 1994, an unknown hacker tried to alter the results of an election – but the effort failed, and Nelson Mandela was elected president of South Africa.

A similar effort played out in 2014 when Russian-backed hackers targeted Ukraine, attempting to fake vote totals for the presidential election. They were caught just in time, but the sophistication of the attacks should have been seen as a shot across the bow for future elections in the U.S. and around the world.

The U.S. military’s Cyber Command is helping secure elections against foreign intruders. Steve Stover/U.S. Army

How has the US government responded?

More than two-thirds of U.S. counties are using voting machines that are at least a decade old. Because many of these machines are running outdated operating systems, they are vulnerable to exploitation.

The multi-pronged strategy used by the Kremlin to undermine the 2016 U.S. presidential election shared parallels with the election in Ukraine back in 2014, including the probing of insecure voting machines, compromising voter-registration lists and weaponizing social media to spread misinformation.

To date, the U.S. response has been weak. True, the threats are complex, and partisan rancor hasn’t made it any easier for officials to unite against them. Still, local, state and federal government agencies have made some progress.

For instance, in 2018 Congress agreed to spend US$380 million to help states buy more secure voting machines. In December 2019, Congress and the president agreed to spend a further $425 million on election cybersecurity, which is in line with estimates for how much it would cost to replace digitally vulnerable paperless voting machines across the nation.

These funds will allow more states to upgrade their voting equipment, and conduct post-election audits. But this is still less than a quarter of the amount Congress appropriated – nearly $4 billion – to upgrade U.S. voting systems after the confusion of the 2000 election.

U.S. Cyber Command has been sharing information with local officials, as well as becoming more active such as by shutting down a Russian troll farm on Election Day 2018.

Lessons from other nations

Like the United States, the European Union has also faced hacking attacks on election systems, including in the Netherlands, Bulgaria and the Czech Republic.

In response, the EU has increased cybersecurity requirements on election officials and infrastructure providers requiring things like more robust authentication procedures to help confirm voters’ identities. It has also urged its members to use paper ballots and analog vote-counting systems to help ward off concerns over compromised voting machines.

Nations around the world – including Germany and Brazil – that have used electronic voting machines are going back to paper ballots in part due to security and transparency concerns, while a 2019 court order requires paper trail audits in Indian elections.

Other mature democracies, like Australia, do far more than the U.S. to protect the vote. Australians all use paper ballots, which are hand counted, and voting itself is mandatory so there are no issues over voting rights. The country’s powerful Electoral Commission also sets nationwide standards and oversees the entire voting process, as opposed to the more decentralized U.S. approach.

Australian election officials hand-count ballots. Australian Electoral Commission/Wikimedia Commons

International initiatives

The problem is global, and in my view would benefit from an internationally coordinated solution among both advanced and emerging democracies. Many nations and interested businesses and organizations around the world say they want to join the fight. The G7 and the U.N. have issued statements emphasizing the importance of protecting democracy and securing voting machines.

The Paris Call for Trust and Security in Cyberspace – which specifically calls on its backers to “cooperate in order to prevent interference in electoral processes” by sharing intelligence – has more than 550 supporters, including 67 nations. The U.S. is part of the G7 and the U.N., but hasn’t joined the Paris Call. Nevertheless, U.S. election officials could learn from other countries’ experiences.

Time is growing short

In the U.S., states are already trying approaches that have worked in other countries, but federal rules have not yet caught up. Congress could encourage states to follow Colorado’s example by banning paperless ballots, and requiring risk-limiting audits, which double-check statistically significant samples of paper ballots to check if official election results are correct. That would increase voter confidence that the outcomes were correct.

Congress could similarly require the National Institute for Standards and Technology to update its standards for voting machines, which state and county election officials rely on when deciding which machines to purchase.

The U.S. could also create a National Cybersecurity Safety Board to investigate cyberattacks on U.S. election infrastructure and issue reports after elections to help ensure that experts and the public alike are aware of the vulnerabilities and work to fix them.

Democracy is a team sport. Scholars can also help federal, state and local governments secure the country’s election system, by devising and testing possible improvements.

Different approaches around the country may make the overall system more secure, but the diversity of potential problems means the election officials on the ground need help. There’s still time to avoid a replay of South Africa 1994 or Ukraine 2014 in the 2020 U.S. elections.

The Conversation

This post originally appeared at The Conversation. Follow @ConversationUS on Twitter.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.