Donate
News. Debate. Community. Levers for a better democracy.
The State of Reform
Download Unite America’s free report
Download Unite America's free report analyzing the impact of four key political reforms.
Matt Anderson Photography/Getty Images

Swing states build 2020 hacking protections: Will they hold?

With the presidency on the ballot in less than a year, fears of another attempt by Russia or other foreign powers to interfere in the election seem to grow with each passing day.

But in the battlegrounds where the outcome will be decided — the 13 states almost certain to be most hotly contested by both parties — election security has been tightening and the opportunities for a successful hacking of American democracy are being greatly reduced, a review of the procedures and equipment on course to be used in each state in November 2020 makes clear.

"There's been a huge amount of progress since 2016," says Elaine Kamarck, an election security expert at the Brookings Institution. James Clapper, a former director of national intelligence, says his assessment of the fight against election interference results in feeling "confident that a lot has been done to make it better."

In fact, many who work on the issue now cite the public's perception that our election systems are vulnerable as a problem at least as great as the actual threat.

Sign up for The Fulcrum newsletter


"What the Russians really are doing is weaponizing uncertainty," a cybersecurity source told Washington Post foreign affairs columnist David Ignatius at a conference on the topic in October.

Ohio's top election official sounds a similar warning. "If we keep telling voters that elections are screwed up then they're going to start believing us and stop voting," Republican Secretary of State Frank LaRose said at another such conference in September.

Despite the cloud of accusations and suspicions surrounding the last presidential election, Florida is the only one of the battleground states that suffered a confirmed hack into an voting-related computer system in 2016. And there is no evidence of tampering with the election tallies.

Given the polling at this early stage in the race, the results last time and the two parties' current target lists, the places most often identified along with Florida as the current swing states are Arizona, Colorado, Georgia, Iowa, Michigan, Minnesota, New Hampshire, Nevada, North Carolina, Ohio, Pennsylvania and Wisconsin.

[The state of election security in all 13 battlegrounds]

They represent 170 of the 538 votes in the Electoral College, where a majority of 270 is needed to win. Donald Trump carried nine of the states last time, although some by extremely narrow margins. He won Michigan by just 0.3 percentage points, or 10,704 votes out of nearly 5 million cast; Wisconsin and Pennsylvania by 0.7 points each, and Florida by 1.2 points. And he only lost New Hampshire to Hillary Clinton by 2,736 votes, the closest result in the country.

The narrow margins reinforce how just a handful of successful invasions into balloting or tallying hardware or software could upend and delegitimize the most consequential exercise of democracy.

Boosted by several hundred million dollars in federal funds, with almost as much more in the offing, all of the swing states have been buying new voting machines, hiring security experts, conducting training of election officials, and taking a variety of other steps to prevent hacking and to be alerted if any attempt occurs.

"I think we have made a significant amount of progress since 2016 but there is still work to be done," says Elizabeth Howard of the Brennan Center for Justice, a nonpartisan democracy reform advocacy group that often advocates for progressive causes.

Paper records, audits and suspicion

One thing that hasn't changed — and won't for many years, according to experts — is the vulnerability of computerized election equipment and software to hacking.

"To be blunt, it's a widely recognized and indisputable fact that every piece of computerized voting equipment used at polling places today can be easily compromised," Matt Blaze, chairman of the computer science department at Georgetown University, testified before Congress last month.

Despite this, he told lawmakers, there is "overwhelming consensus" that reliable elections can be held as long as two things are in place:

There must be voting systems that create a paper record that can be checked. And there must be regular audits of election results.

The Brennan Center's Howard says she expects that by Election Day portions of just eight states — none of them on the potential tossup roster — will be the only places with touch-screen or otherwise paperless equipment.

Most states already have the ability to do at least some kind of audit to double-check the accuracy of their initial counts. But by next November only about half will be able to conduct the sort of sophisticated post-election audits recommended by experts. These "risk-limiting audits" feature sample sizes designed to ensure that the election result is valid.

This year Democratic Gov. Tom Wolfe of Pennsylvania — with 20 electoral votes, it's the second-biggest swing state prize — ordered all of the state's voting machines be replaced in time for the May 15 primaries because the equipment used for the last presidential balloting did not create a paper record proving to voters (and potentially officials) that their choices had been properly recorded.

Many questioned whether there was not enough time and money to make the switch. But in time for last month's local elections, 45 of the state's 67 counties had upgraded their systems and eight more had taken official action toward selecting a new voting machine. Spokeswoman Wanda Murren says the secretary of state's office is sure new machines will be in place throughout Pennsylvania five months from now.

While the number of successful 2016 penetrations of election systems were few, the variety of attempts brought extra attention to the issue.

Wisconsin is a good example. The Department of Homeland Security reported in September 2017 that the state was on the list of 21 where Russians tried but failed to infiltrate websites associated with elections. But then two other incidents were reported. In one, Russians tried to break into an inactive computer belonging to a state agency with no jurisdiction over elections in order to test their ability to hack into election-related devices. In the second, Russians attempted to post a malicious ad on an elections site but were blocked by a firewall.

Most disturbing was a report by NBC News last year that election websites and voter registration systems in seven states were compromised by Russian-backed covert operatives long before the 2016 election. No votes were changed and no voters were taken off the rolls, according to the report. The Department of Homeland Security denied that any hacking was successful.

Federal aid and better communication

Many election security deficiencies identified in the states have already been addressed, or soon will be, with $380 million in federal grants approved by Congress in March 2018.

While some lawmakers have criticized the slow pace at which some states have allocated their share of this money, recent reports are that most will have been spent in time to bolster the reliability of next year's voting.

Responding to widespread lobbying by the states and cybersecurity experts that the first installment was not enough, this summer the Democratic-majority House of Representatives voted for another $600 million in grants to protect voting systems from interference. Senate Majority Leader Mitch McConnell originally said more money was not needed but was eventually persuaded by fellow Republicans to support $250 million.

A compromise on the total is one of dozens of decisions lawmakers are aiming to make before the current stopgap spending law lapses the weekend before Christmas. If the final budget talks are postponed to the new year, it's unlikely whatever election security money Congress agrees to provide will all get delivered to the states in time to prepare for November.

Besides shoring up security threats, many states are looking at enhancing communication between and among election agencies and law enforcement.

For example, Wisconsin's newly created Elections Security Council held its first meeting in the middle of October with local governments, county and municipal clerks' associations, the FBI and the Department of Homeland Security at the table.

"Defending democracy here in the state of Wisconsin is all our responsibility and something we take really seriously," said Meagan Wolfe, administrator of the state election commission. "None of us are going to stand for anybody compromising our democracy."

What's officially known

Numerous investigations have been conducted regarding Russian attempts to hack into elections systems in 2016. In the end, however, few systems were actually penetrated and there is no evidence any votes were changed or anyone was removed from the registration rolls.

Here is what the three major investigations concluded this year:

  • Robert Mueller: In the same April report that found insufficient evidence to accuse President Trump of criminally coordinating with Russia to sway the 2016 election his way, the special counsel said Russian operatives were able to break into the computer network of the Illinois Board of Elections and steal some identifying information about hundreds of thousands of registered voters. The Russians also gained access to the network of at least one Florida county government, but no information was taken.
  • Senate Intelligence Committee: In addition to echoing the information about Illinois, the report issued in October states the Russians probed election-related networks in 21 states. In total, according to the report, the Department of Homeland Security assessed that the Russians likely conducted searches of election sites in all 50 states, but no penetration occurred.
  • Justice Department: Two Russian intelligence officers were indicted in July as part of a hacking campaign. In addition to the information about Illinois, the indictment says the conspirators visited websites of counties in Georgia, Iowa and Florida "to identify vulnerabilities." They also hacked computers of a vendor that supplied software used to verify voter registration information and sent emails containing malware to more than 100 organizations and people involved in administering elections in numerous Florida counties.
We’re all about the issues that have broken American democracy — and efforts to make governments work again for you, your family and your friends.
Donate
MOST READ
© Issue One. All rights reserved.