Opinion: The real cost of election insecurity
Voter trust is on the line unless the US increases cybersecurity at the polls.
As Election Day approaches, security concerns at the polls have reached an all-time high: Donald Trump is warning about a "rigged" election, the FBI has already cautioned state voting officials about digital intrusions, and the White House is now preparing to respond to suspected Russian hacks against US political organizations.
But the bigger risk isn't to actual vote counting technology, it's to democracy itself. Democracy depends on voter trust – trust that each vote will be tabulated correctly, and that those votes will be counted and reported accurately. Without this trust, we risk voter disengagement and the potential for social unrest.
While there's certainly potential for hackers to tamper with the vote, it's critical that we talk about the issue reasonably and avoid exaggerating the damage of certain types of digital intrusions.
For instance, while it seems certain that Russia had a hand in the Democratic National Committee hack, it's dangerous to assume Moscow or Beijing is responsible for every hack that surfaces in the news. Wild and unfounded speculation about which nation-state is behind the recent breaches feeds hype and fear about cyberattacks.
When people believe that security problems are insurmountable, they often stop caring and no longer take basic actions necessary for security. Our democracy can't afford additional sources of voter disengagement. While we need to avoid making baseless claims and overblowing the problem, the US must still take basic precautions to protect the vote.
First, we should establish national standards for election hardware and software. Complexity is rarely good for security. Voting equipment varies by state – not just the version of the hardware and software, but also the method of voting. Keeping systems secure – pushing updates and patching vulnerabilities – is nearly impossible in such an unnecessarily complex system. Building a comprehensive national structure, with mandatory patching and upgrade requirements, would substantially increase the security of our election infrastructure.
We have to upgrade our technology. At least 43 states will use voting technology that's at least 10 years old in November’s election. Election officials are stockpiling old parts, buying them from eBay because they aren’t available from the manufacturer any more. We upgrade our personal computers every few years – we should do the same with voting tech. Voting technology should be purchased from a company that can continually support upgrades, from the hardware to the operating system to security features and user interface.
None of these upgrades should be done on the cheap, either. Securing our country's voting systems is a huge job. A 2015 report by the Brennan Center estimates the price tag of a national voting system overhaul at more than $1 billion – although the report also mentions that this cost could be offset by "lower operating costs and better contracts."
We must pick our security partners wisely when it comes to protecting the vote. The level of trust in government, especially when it comes to our individual rights, was badly damaged by Edward Snowden's revelations about National Security Agency surveillance practices. The FBI’s push to unlock the iPhone didn’t help. Why not bring on Apple as technical partner for securing voting systems? They aren’t perfect, but they've proven to be effective when it comes to prioritizing encryption and standing up for their users’ privacy.
Ensuring the security of our election systems will be costly. It will require election officials at all levels to understand both technical and social elements. But it's something we absolutely must do – and we must do it soon. Our democracy, and the people who participate in it, are too important to leave unsecured.
Jamie Winterton is the director of strategy for Arizona State University's Global Security Initiative. Follow her on Twitter @j_winterton.