How Can States Protect Their Election Systems?
This column by ACRU Policy Board member Hans von Spakovsky and Jennifer Matthes was published October 6, 2016 by Conservative Review.
Anonymous law-enforcement sources are telling the media that up to 10 states have had their voter registration databases “probed or breached” by hackers —- most likely Russians, according to cybersecurity experts.
But there is no indication that any voter information in those databases was altered or deleted, or that we are facing a realistic threat that the outcome of the November election will be changed by cyber criminals. Is this yet another leak intended to push state election officials into involving the Feds in their administration of local elections?
No one should discount or underestimate the dangers from these types of cyber intrusions, but as explained in a Conservative Review story back in August, there is still no credible evidence of a successful cyberattack on our voting and ballot-counting system (which is separate from the voter-registration databases “probed” in these states). All these revelations emphasize is that those states that have brought voter registration online are acting foolishly, since that gives hackers an internet pathway into their registration databases. And there is no reason to provide online registration —- getting registered to vote is already extremely easy. Adding online registration is of only marginal benefit in comparison to the increased risks it brings.
There is no question that hackers could cause major headaches if they were able to hack into voter-registration databases and alter data, which could cause registered voters problems when they go vote. But it should be kept in mind that under federal law, any individual who shows up at a polling place and claims he or she is eligible and registered to vote will not be turned away even if his or her registration has been deleted or changed. Those voters are given provisional ballots and, if an investigation after Election Day bears out their claims, their vote is counted. States could greatly diminish the chances of this type of cyber intrusion happening through a very simple expedient: stop online voter registration.
Jeh Johnson, the Secretary of the Department of Homeland Security, seems to have backed away from designating our nationwide election system as “critical infrastructure,” as he was threatening to do only a month ago. He did issue a press release on Oct. 1 praising a letter sent to the National Association of State Election Directors by Paul Ryan, R-Wisc. (F, 51%), Nancy Pelosi, D, Calif. (F, 11%), Mitch McConnell, R-Ky. (F, 40%), and Harry Reid, D, Nev. (F, 2%) urging state election officials to “take full advantage of the robust public and private sector resources available to them to ensure that their network infrastructure is secure from attack.”
But that Sept. 28 letter emphasized that these congressional leaders “would oppose any effort by the federal government to exercise any degree of control over the states’ administration of elections by designating these systems as critical infrastructure.”
If state election officials need security advice, they would be much better off going to private industry, which is where the best cyber security experts reside.
In fact, the Sept. 28 letter cited language from the 2002 Help America Vote Act that outlined one of the biggest advantages of the election process we have, which is the most decentralized election administration system of any Western democracy. That decentralization would make it very difficult for anyone to successfully change the outcome of a national election through cyber hacking:
The dispersal of responsibility for election administration has made it impossible for a single centrally controlled authority to dictate how elections will be run, and thereby be able to control the outcome. This leaves the power and responsibility of running elections where it should be, in the hands of the citizens of this country.
We have no central authority —- and no central computer system —- running our election process. Johnson urges state and local election officials to seek the cybersecurity assistance of the federal government, and he claims that 21 states have already done so.
But as I pointed out in August, do election officials really want to take advice from a federal government that seems to always be lagging behind the private sector in its technology? A bureaucracy that couldn’t protect its own employees from what many consider to be the largest security breach in the history of the federal government, the attack on the Office of Personnel Management (OPM) that obtained the personnel files of millions of federal employees?
If state election officials need security advice, they would be much better off going to private industry, which is where the best cyber security experts reside. There is no reason to involve the federal government, particularly this administration, which has had a contemptuous, dismissive attitude toward state and local governments throughout its entire tenure.
This administration is actually ignoring the real threats to election integrity, which are the weaknesses in our election security caused by states not taking common-sense steps to prevent voter fraud: requiring photo ID for both in-person and absentee balloting; requiring individuals who register to vote to provide proof of U.S. citizenship; and cleaning up states’ highly inaccurate voter rolls by getting rid of ineligible voters —- those who have died, moved, are registered in more than one location, or are not U.S. citizens.
In fact, the progressive Left, with the aid of the U.S. Justice Department, has been doing everything it can to stop any such efforts to improve security. They have been waging a litigation war on election integrity in the states.
Unfortunately, with the help of activist federal judges who apparently believe they should be administering our elections, the Left have been very successful in that endeavor in recent weeks. The very fact that getting rid of common-sense measures such as voter ID and proof-of-citizenship is a strategic and political goal of this administration should make every election official in the country wary of taking any advice they have on how to administer their elections.