This content is provided by Brianna Wu

Provided by Brianna Wu

This content was written by the advertiser and edited by BG BrandLab to uphold The Boston Globe's content standards. The news and editorial departments of The Boston Globe had no role in its writing, production, or display.

The solutions to securing the US electoral system already exist

This article is a part of BG BrandLab’s Cybersecurity Special Report, meant to provide insights about today’s cyberthreats and the steps readers can take—as  individuals, employees, and decision-makers—to protect against them.

advertisement

When I was a teen in the ‘90s, there was no hobby more ostracizing than being into programming. And yet, in 2019, we’ve seen a stunning reversal of fates—America is counting on geeks to keep our nation safe. America’s foes don’t wage war against us with tanks and planes, but rather information warfare and cyber warfare. Tech is no longer a niche topic, it’s one of the most pressing public policy issues.

Over this time, we’ve also seen a shocking decline in public trust of our elections. A 2006 Zogby poll showed that only 45% of Americans were “very confident” that the presidency was won fairly. That gap is only widening, underlying the need for transparent and honest elections. Nations are only as strong as the public trust in their institutions—and technologists have a critical role to play in securing the integrity of American elections.

The United States has over 235 million registered voters using 56 distinct voting systems, which are split across our states and territories. If you’ve ever had a household using both PCs and Macs, you know the headaches it can cause. Now imagine having 56 different operating systems in your house. Imagine how difficult it would be to make sure they can share information with each other. Now imagine trying to keep all 56 machines secure from hackers, knowing that if even one fails, it puts the entire system at risk.

In many states, election administration is a part-time job, and the people doing the work do not have a computer science background. As these voting systems age, rather than update the entire system, election officials often opt for quick fixes. In computer science, we call this “technical debt,” problems that become more and more costly to fix the longer they are ignored.

I’m often told, “We need to just use paper ballots for elections.” And while it’s true electronic voting machines introduce a number of serious problems, banning them would not guarantee accurate outcomes for our elections. That’s because it’s not just the votes, it’s the voter rolls—the lists of people eligible to vote—that are vulnerable to hacking.

advertisement

According to the US Election Assistance Commission, over 2.4 million provisional votes were cast in 2016—meaning someone attempted to vote, but election workers were unable to verify their status as registered with that precinct. These provisional ballots make up almost 2% of all votes and may or may not end up being counted. That is a non-trivial number, and it drives home the importance of accurate and reliable records on voter registration. The 2016 election was won by 107,000 votes in three states—the high number of provisional ballots should give any person pause.

So, how are our voter rolls compromised? The movies might have you believe that it’s shadowy hackers writing custom malware to target high-level officials, but the truth is often a lot simpler. It’s the same way everything else is hacked: phishing schemes, recycled passwords, and unsuspecting election workers clicking on attachments that end up being malware. These concerns are far from theoretical. In 2016, election workers in San Mateo fell for spear-phishing attacks and had their email systems, as well as the website publishing voter eligibility and poll locations, compromised.

With the 2002 Help America Vote Act, congress allocated $3.8 billion to strengthen our election systems. While this might sound like a generous amount of funding, consider that we spent over $100 billion preparing for Y2K, a far less complex technical problem. According to a 2019 report commissioned by Homeland Security, this funding “was not enough to have a significant impact.” In September, Congress allocated a mere $250 million dollars for election security.

All of this is a strong argument for federal investment in a national electronic voter registration system. We can’t feasibly secure every machine in every office for 56 separate systems across our country, but we can build a world-class database with top-of-the-line security. The argument isn’t just that it’s more modern and more secure—it would be drastically less expensive to fund and maintain. Training would be universal for election workers, and security could be handled by teams of dedicated specialists.

What is so frustrating about America’s failing election infrastructure is the tech industry solved many of these issues decades ago. We have solutions, but we are not implementing them. Take the issue of electronic voting machines.

advertisement

Every election, it seems like a video goes viral about someone attempting to vote with an electronic voting machine. The machine stutters, and it selects a different candidate. The implication is that the system is rigged. After the election is over, a follow-up story will come out saying it was just a routine hardware failure. Anyone who has ever used a resistive touch screen on an airplane knows it isn’t always reliable. But these sensational videos cover up the real cybersecurity issues with electronic voting machines.

How does the public know that the software running on an electronic voting machine runs correctly? How does the public know the software hasn’t been tampered with by a malicious third party? The depressing answer is, America doesn’t have the infrastructure to answer any of these questions.

In software development, we have a process called code auditing. It’s the equivalent of letting a friend look over your homework before turning it in, to make sure the answers are correct. Increasingly, software developers put their code in public repositories where anyone can inspect it, flag bugs, or even download it and use it for themselves.

One might think that electronic voting machines would follow this example, as there is an extremely compelling argument for transparency. But, that’s simply not the case. Many electronic voting machine makers have refused code audits. The 2006 investigative film “Hacking Democracy” showed these problems and others with Diebold voting machines, including secret backdoors into the software and the ability of the public to alter results. These are issues that would be avoided with code auditing, and even better, by making the machines open source.

There is progress being made with electronic voting machines, however. According to a report published by the Brennan Center for Justice, over half of the states that used paperless voting machines in 2016 will have replaced them by 2020. The new machines produce a paper receipt that can be used for error checking and allow voters to check the result. These papers trails are critical for public confidence and for election certification.

When President Kennedy committed America to landing on the moon in 1961, the biggest challenge was inventing entirely new technologies. Fixing America’s voting systems is a far less daunting task, because we already have solutions. We know how to write open source software. We know how to digitally sign software on voting machines. We know how to build secure cloud computing databases.

America has built the best technology in the world for open and fair elections. We merely need the political leadership to implement it. Fellow geeks, your country needs your service.

This content was written by the advertiser and edited by BG BrandLab to uphold The Boston Globe's content standards. The news and editorial departments of The Boston Globe had no role in its writing, production, or display.

Follow BG BrandLab on Facebook Follow BG BrandLab on Twitter