Vulnerability to cyber intrusion became a pointed issue with the turn of the last election cycle. Investigations are still ongoing, but intelligence and cybersecurity experts attest to some degree of foreign meddling in the 2016 election that catapulted Donald Trump into the Oval Office.
Democracies are fragile, and in a digital age precautions are needed to ensure the integrity of the electoral process and thus citizen trust in the process.
That’s why a group of cybersecurity experts from the Harvard Kennedy School Belfer Center for Science and International Affairs have recommended maintaining voting machines as critical infrastructure.
We posed a few questions about the state of our democracies in this brave new cyber world to Scott Shackelford, associate professor of Business Law and Ethics at the Indiana University Kelley School of Business.
It January 2017 the US finally designated voting machines as a critical infrastructure. Why do you think it’s appropriate? What’s got you worried?
It's appropriate because picking the next leader of the free world unfettered from foreign interference should be at least as important to us as turning the lights on or using our smartphones.
Looking ahead to the 2018 and 2020 US elections, I’m worried about the ability of technology to now produce very accurate fake audio and video files.
This would make it possible for groups to create content purporting to show candidates saying something they didn’t and then spreading that across the internet through social media. This could be done at such a fast rate and high volume that it would be very difficult to call out the fakes, further undermining trust.
Germany requires all essential steps of an election be subject to public scrutiny, and thus they have outlawed electronic voting machines (EVM). Could that apply here in the US?
This was done in Germany because of a lack of transparency in their elections, as was required by law. Basically, they were not using paper trails.
India, for example, still allows EVMs, but now requires a paper trail. I think the same reasoning should apply in the US.
If we made a concerted effort, it would be possible to update state laws to require a paper trail whenever an electronic voting machine is used in this country and for Congress to appropriate funds to purchase new machines in time.
However, at this point I only see haphazard progress being made.
Recent reports suggest the 2016 hack of the DNC servers was an internal leak — not an external hack. What do you make of these forensic critiques?
I’m no forensic scientist, but I would caution that this breach was only part of a sophisticated campaign by Russia to undermine trust in US elections.
I worry that, when folks read that Russia may not have been behind this part of the campaign, that they then think that the Russian government had nothing to do with 2016 election hacking. That’s not an accurate reading of US intelligence.
Frankly, the DNC hack, while important, isn’t the whole story of Russian meddling in the 2016 election. Even if that hack was from an insider (a notion about which I’m not convinced, given a year of investigations into the topic), US intelligence services have repeatedly confirmed that the Russian government attempted to hack, and in some cases succeeded in gaining access to, election systems in more than 38 states.
Using this one dissenting report to somehow disprove this sophisticated campaign in an effort to boost the beleaguered Trump administration’s preferred foreign policy will leave us more vulnerable looking ahead to 2018 and 2020.
How best to balance the convenience of electronic voting with the requirements of a healthy democracy?
Rather than bolstering technical best practices in elections, like deploying blockchain, the trend around the world seems to be to go back to tried and true paper ballots. A compromise is requiring EVMs with a paper trail that is, in turn, automatically audited.
The former involves less convenience than, for example, allowing everyone to vote online (as Estonia already does), but frankly there is no way we could guarantee the security of such an election.
For the time being, I think the first order of business is to restore trust in an election system that is in desperate need of just that.