Commentary on US Election Security
Good commentaries from Ed Felten and Matt Blaze.
Both make a point that I have also been saying: hacks can undermine the legitimacy of an election, even if there is no actual voter or vote manipulation.
Felten:
The second lesson is that we should be paying more attention to attacks that aim to undermine the legitimacy of an election rather than changing the election’s result. Election-stealing attacks have gotten most of the attention up to now—and we are still vulnerable to them in some places—but it appears that external threat actors may be more interested in attacking legitimacy.
Attacks on legitimacy could take several forms. An attacker could disrupt the operation of the election, for example, by corrupting voter registration databases so there is uncertainty about whether the correct people were allowed to vote. They could interfere with post-election tallying processes, so that incorrect results were reported an attack that might have the intended effect even if the results were eventually corrected. Or the attacker might fabricate evidence of an attack, and release the false evidence after the election.
Legitimacy attacks could be easier to carry out than election-stealing attacks, as well. For one thing, a legitimacy attacker will typically want the attack to be discovered, although they might want to avoid having the culprit identified. By contrast, an election-stealing attack must avoid detection in order to succeed. (If detected, it might function as a legitimacy attack.)
Blaze:
A hostile state actor who can compromise a handful of county networks might not even need to alter any actual votes to create considerable uncertainty about an election’s legitimacy. It may be sufficient to simply plant some suspicious software on back end networks, create some suspicious audit files, or add some obviously bogus names to to the voter rolls. If the preferred candidate wins, they can quietly do nothing (or, ideally, restore the compromised networks to their original states). If the “wrong” candidate wins, however, they could covertly reveal evidence that county election systems had been compromised, creating public doubt about whether the election had been “rigged”. This could easily impair the ability of the true winner to effectively govern, at least for a while.
In other words, a hostile state actor interested in disruption may actually have an easier task than someone who wants to undetectably steal even a small local office. And a simple phishing and trojan horse email campaign like the one in the NSA report is potentially all that would be needed to carry this out.
Me:
Democratic elections serve two purposes. The first is to elect the winner. But the second is to convince the loser. After the votes are all counted, everyone needs to trust that the election was fair and the results accurate. Attacks against our election system, even if they are ultimately ineffective, undermine that trust and by extension our democracy.
And, finally, a report from the Brennan Center for Justice on how to secure elections.
italain • July 5, 2017 7:50 AM
i’m from Italy and i remember that i have read somewhere (maybe here)
that elections are not designed to be cheap or fast in this way they are not cheap to attack. and i agree
here we don’t (yet?) have electronic voting machine, we still use paper and people.
i think that is the best also if it might seems obsolete/old.
i think is far more difficult to “hack” an election in any way if voting is done with people.
yes, you can corrupt them but you must corrupt all the people inside a room (and in my very small city <4000people) there are three voting rooms. to get a small gain.