Voter registration officials in 21 states have contacted the Department of Homeland Security to request help in dealing with attempts to break into their voter registration systems.
Responding to a letter sent from the bipartisan leadership of the House and Senate, Homeland Security Secretary Jeh Johnson reiterated his earlier messages about the willingness of his department to help states deal with cyber-attacks aimed at the voting process.
So far, 20 states have experienced intrusions of sufficient severity that are considered causes for concern by DHS. The department has not said which states have been attacked. This is a significant increase since earlier this year, when only two states had reported being attacked.
At this point, there are few details about what the hackers were after, although in most cases it appears it was voter registration databases rather than voting machines or the IT systems that support voting results.
While apparently some of the hackers have relationships with other criminal elements in Russia and have been involved in other Russian state-sponsored activities, there’s no evidence that the Russian government was directing the hacking of U.S. voter registration data.
So what’s going on here? At this point, not much. So far only two states, Arizona and Illinois, have actually had any voter information taken. The other attempts have been serious enough to raise concerns, but they haven’t been successful. The hackers have, in the words of FBI Director James Comey, been “poking around.”
Comey’s statement, which came from Congressional testimony on this topic made last week and provided by the FBI in an email to eWEEK, is part of an effort to differentiate between attempts to breach voter registration data and to influence the upcoming November election.
“We are urging the states just to make sure that their deadbolts are thrown and their locks are on and to get the best information they can from DHS just to make sure their systems are secure,” Comey said in his statement. “And again, these are the voter registration systems. This is very different than the vote system in the United States which is very, very hard for someone to hack into because it’s so clunky and dispersed.”
As Comey indicates, much of the concern about the voter database hacking has been around whether this somehow means that the vote tally in some areas can be fudged by a foreign power. This would be very difficult to achieve because the voting systems in the United States have been so resistant to change and so disorganized, there is no one way to break into and change anything. There is no central repository of voting results.
Federal Agencies Working With States to Guard Voter Data Security
This is not to suggest that voting in the United States can’t be tampered with, because it can be. After all, there are precincts around the country that have graveyards filled with potential voters.
But those voting practices aren’t part of a cyber-attack (perhaps a zombie attack?) and they don’t indicate some kind of foreign interest attempting to tamper with the electoral process in the United States. Instead, those are just examples of garden-variety political fraud at state and local levels.
What’s happening with the voter registration hacks is almost certainly a series of attempts at identity theft. Voter records are the sort of things that identity thieves like to steal, both because they contain the data necessary to engage in financial fraud and they can be used to verify data stolen from other places.
Trying to perform a cyber-attack on the actual voting process is probably impossible, at least on a nationwide basis. As Comey explained, “It’s Mary and Fred putting a machine under the basketball hoop at the gym. Those things are not connected to the internet.”
Those voting machines (in areas where they have machines), are also not connected to each other, and there’s no central control over voting. This in turn means that the process of voting is so disorganized that no single attack could get more than a tiny fraction. This, in turn, is the answer that the election might be “rigged,” because it can’t be. It would require too much organization.
This is not to suggest, however, that election security is unnecessary. Voters need to know that the private information they supply to election officials is secure and protected, so that they’re willing to register and vote.
Perhaps even more important is the need to protect the election results at every level. Voters need to know that the results aren’t tampered with so that they can be assured that the election is legitimate. In addition, while tampering with votes at the precinct level on a national scale is unlikely, those votes are tabulated and the results stored somewhere, and that’s a more likely target for cyber-tampering.
Even at the state level a cyber-attack is unlikely to succeed for long, if only because paper trails have made a comeback since the disputed election of 2000 and those votes can be counted again if necessary.
But another disputed election is unlikely to be anyone’s preferred outcome in the United States and it would certainly shake the faith of the election in the minds of the electorate. Even though election officials can tally the results of any voter canvas, uncertainty about the accuracy of the final count is not good for the legitimacy of any government that depends on the votes of its citizens.