With the news of targeted attacks against election systems, should the American voter be concerned that the upcoming presidential election could be manipulated or invalidated by a foreign government or cyber-terrorists?
In my view, the short answer is “no.” The reason is that the US election system is so complex and distributed such that there is no single attack point.
Our founding fathers deliberately set up this complex system because of the reality of the late eighteenth century. At that point, the newly born United States with its thirteen states was larger than any country in Europe, spanning over 1,000 miles as the crow flies. Messages and people could only travel at the speed of a walking horse or a sailboat. Just getting from New York City to Philadelphia would usually take at least three days. A voter in Boston would know very little about a candidate from Virginia. With slow communications in mind, the Constitutional Convention made a series of compromises in the summer of 1787 to balance the rights of the individual states and the power the national government needed to make a strong country. One of those compromises gave us our House of Representatives, representing the people, and the Senate, representing the states. For the current topic, the two important compromises were the creation of the Electoral College and giving each individual states control over the election. The result is that each state is responsible for the number of precincts and the number of polling places in that state, and the manner in which votes are cast and collected. While various voting rights acts have impacted the way precincts and districts are defined, the states still retain control over the voting process. In many states, this responsibility is passed down to the individual counties, so that voters could be using multiple voting mechanisms within the same state. A few states, like Oregon, have switched or are in the process of switching to mail only voting.
In the 2004 election, according to Election Data Services, there were about 186,000 precincts. Each precinct represented between 436 and 2,703 registered voters, with an average of around 1,100 registered voters per precinct.
ABC News reported that Russian hackers have targeted more than twenty state voter registration systems and have been successful in hacking four (Illinois, Arizona, Florida, plus another that I have not be able to identify). Of course, these are the states that have actually made the effort to determine if they had been hacked. How many others have been attacked?
The US Department of Homeland Security (DHS) has offered to help state election boards stay secure, but as of this posting only eighteen states have expressed any interest in that help. DHS has also offered a more comprehensive on-site risk assessment. While four states have expressed interest, DHS is offering this service so late that it will likely only be able to provide one state this service before Election Day. This is yet another example of how the US government is late and slow to respond to cyber security threats.
These attacks may be more about stealing personal information for future identity theft activities, but it is difficult to determine the real purpose of these attacks if they are from Russia.
The good news is that these voter registration systems are not integrated into the actual voting systems. Even if a registration system is damaged, each state has procedures for a “provisional ballot.” You submit a ballot on Election Day, usually on paper in a sealed envelope, and election officials have time to research and confirm or deny the ballot after Election Day but before the official results announcement. Provisional and absentee ballots are generally only counted if they could possibly make a difference for any ballot position or question. The insertion of the Electoral College process provides a significant time window to deal with absentee and provisional ballots.
We have more than fifty different voting systems from multiple vendors distributed across all fifty states, plus precincts in the District of Columbia, territories like Puerto Rico and foreign locations including some embassies and military bases. Since almost all of these voting systems are not connected to the Internet, it will be very difficult for hackers to make a successful attack that can impact an election.
The last word:
This does not mean that we will have a fraud-free election, but it means that we need to continue to be vigilant for the relatively few cases of voter fraud, voter intimidation by groups or individuals, or “lost” ballot boxes. If you are sleeping too much, search for “lost ballot box” on Google.
Keep your sense of humor.