There were indeed difficulties, as laid out in the lede of the story by Perlroth, et al. So-called e-poll books — essentially digital rolls that guide voting-day check-ins — malfunctioned, resulting in potential voters leaving in frustration or standing in line, annoyed. The state’s vendor for e-poll books was VR Systems, a Florida company that was targeted by Russian state hackers, according to a leaked document from the National Security Agency. Many accounts have concluded that VR Systems was “successfully infiltrated,” though the company disputes the characterizations. “Absolutely we deny it,” says VR Systems’s Ben Martin.
Derek Bowens, Durham’s election director starting in June, is quoted in the New York Times story as saying, “We do not believe, and evidence does not suggest, that hacking occurred on Election Day.” The problem, says Martin, was that officials had “not run a process called ‘cleanup’ on all of the machines. That is what caused the anomaly when the voters showed up at the polls that morning.” Other North Carolina counties that used VR, says Martin, didn’t experience the sort of difficulty that plagued Durham.
Publication of the story touched off some contentious correspondence between elections officials in North Carolina and the New York Times. The Durham County Board of Elections issued a news release attacking the newspaper: “Many of the allegations contained in the coverage are based on remote hearsay or were otherwise unverified by election officials in North Carolina before the story was published. In response to these concerns, the Durham County Board of Elections, along with the State Board of Elections & Ethics Enforcement, is respectfully requesting that The New York Times retract or correct its coverage unless verifiable evidence is provided.” The board also took issue with the story’s claim that Durham County had “rebuffed” offers of assistance from the Department of Homeland Security and a separate forensics team.
Juxtapositions drove the complaints. There was Durham sitting right smack in the lede of a story about Russian efforts to hack directly into the U.S. election apparatus. “The thing that irritated me about the story was that it made it sound like there was some connection between Russian hacking and what happened in Durham County,” William J. Brian Jr., Durham County’s chairman of the board of elections, told the Erik Wemple Blog. As evidence that the story was bound to be misinterpreted, Patrick Gannon, public information officer for the North Carolina State Board of Elections & Ethics Enforcement, tells this blog that he had to request a correction from a newspaper in upstate New York that had stated flatly, “Electronic poll books in North Carolina were hacked in the last presidential election.”
In an email to the Erik Wemple Blog, Gannon writes, “The story gave the overall impression that Durham County’s electronic poll books had been hacked and that elections officials didn’t do anything about it and even turned down federal assistance. … We have no problem with fact-finding or a critical public. However, one of our main and ongoing concerns in the age of social media is that voters unnecessarily lose faith in the security and integrity of elections because of false or misleading reports that spread quickly via the Internet.” Merely broaching the topic of Russian election hacking in reference to a particular jurisdiction risks abetting the hackers themselves, says Brian. “The press needs to be careful in reporting these stories so they don’t become an accomplice,” he says, noting that a goal of disinformation agents is to lower public confidence in government.
The New York Times did publish a correction on the elections piece. It stated that the story had referred “incorrectly to problems with voter rolls in three North Carolina counties that included the cities of Raleigh, Winston-Salem and Charlotte. The problems involved paper rolls, not e-poll books.” In the revised sentence, the only change was that “e-poll book incidents” was replaced with “paper roll incidents.”
In the context of a story about hacking, the distinction matters. “Hacking the voting rolls before paper poll books are printed would require a breach of the state-owned and operated voter registration database, which DHS has said did not happen in North Carolina,” Gannon tells the Erik Wemple Blog. “After that, the way to hack a paper poll book would be with Wite-Out.” More reporting from the New York Times would have helped, says Gannon, who accuses the paper of relying “in part on data and reports gathered by election protection specialists without verifying the accuracy of that information (see the Times’ correction). In our experience, many reports and complaints that come in during elections end up being frivolous or based on misunderstandings of election laws or processes.”
The New York Times isn’t budging much. “Given the steps our reporters took to corroborate the assertions in the article, we see no error and therefore no need for a correction,” notes an extensive letter to voting officials from New York Times Assistant Editor Rebecca Corbett . The two-page letter explains the exhaustive efforts of the paper’s three-person team in piecing together the story. On the question of whether Durham had rejected offers of assistance, the letter argues, “During the July 18 call, Mr. Gannon did not challenge the assertions that Durham officials had rebuffed offers of federal and private assistance.” To which Gannon replies, “Not challenging something is vastly different from corroborating it. I had no way of knowing whether that was true at that time, so I would not have challenged it. The NYT reporters never asked the State or County Board on the record about whether we had been offered or rebuffed any federal or private assistance on Election Day. If they had, our answer — then and now – would be, ‘Not that we are aware of.'”
To add further texture to the story, North Carolina last week announced that a DHS official had declared that “Russia-based hackers did not target state- or county-owned or operated elections infrastructure in North Carolina,” according to a news release from the state elections board. Twenty-one states were indeed targeted. And what about the VR software used by Durham and other North Carolina counties? “DHS officials do not have any evidence that hacking affected VR Systems’ software used in North Carolina, but they could not rule it out with 100 percent certainty. The Department’s review appears to be ongoing,” said Gannon in statement to this blog.
The Erik Wemple Blog requested an interview with the New York Times to probe the decision to include Durham’s voting-day glitches in a story about Russian hacking. Spokeswoman Danielle Rhoades Ha responded that the relevant editor wasn’t available and passed along this statement: “Our story was focused on the hacking of a backend vendor that managed voter registration systems, not North Carolina’s own systems or those of Durham county,” said the statement. “We know the vendor, VR Systems, was hacked through a leaked NSA report. The hacking of the 21 states is a related but ultimately distinct issue – that is, the comparison of the vendor hacking to state hacking is truly one of apples to oranges.”
No doubt about that. The question is whether a reader fumbling with the morning coffee and, say, a panting dog, is going to sort out these fruits: Okay, so there were some troubles in Durham; a monitor said it “felt” like a cyberattack; a vendor that does business with North Carolina was targeted by Russia; does that mean Durham was hacked? Possibly hacked?
Before Durham issued its news release, Perlroth wrote an extensive and fascinating explainer for the Times Insider section on the importance of her investigation, noting that a report that Durham secured from a private firm was substandard.
But a key line from Perlroth’s piece reads: “Nobody in Durham — or any other county that relied on VR Systems’s electronic poll books — was ever informed that their equipment had been compromised by Russian hackers.” Then why quote an observer saying, “It felt like tampering, or some kind of cyberattack”?