The Washington PostDemocracy Dies in Darkness

Here’s how to keep Russian hackers from attacking the 2018 elections

Putin admits 'patriotic' Russian hackers could have mounted attacks during 2016 election (Video: Jason Aldag, Andrew Roth/The Washington Post)

“They’re coming after America,” former FBI director James B. Comey told the Senate intelligence committee this month. “They will be back.”

In a highly politicized hearing, this bold statement drew strikingly little partisan disagreement. Senators on both sides of the aisle have seemingly reached consensus that foreign agents did try to tamper with the 2016 election and that they are extremely likely to do so again.

The question is: What do we do about it?

While the ongoing Russia investigation has, understandably, received massive attention, there’s so far been scant public focus on the question of how we safeguard our electoral systems from outside interference in the future. Responding to the threat of election hacking isn’t exclusively a matter of diplomatic intrigue or international sanctions. It’s fundamentally a matter of computer science: how we harden our election technology through cybersecurity standards.

This week, we’re joining a group of more than 100 experts on election administration, computer science and national security in releasing a letter that lays out an actionable plan for safeguarding the vote. The experts include tea party Republicans and progressive Democrats, academic computer scientists and corporate security officials — all united in the view that our nation’s rough patchwork of voting security measures is wholly inadequate. One of us (Halderman) will testify Wednesday before the Senate Intelligence Committee on Russia’s attacks last year.

Russia’s attempt to hack voting systems shows that our elections need better security

This shouldn’t be news to lawmakers. In the past decade, cybersecurity experts have revealed devastating vulnerabilities in every U.S. voting machine they’ve studied. In 2014, the bipartisan Presidential Commission on Election Administration sounded the alarm about an “impending crisis” of insecure voting technology. In 2015, Lawrence Norden and Christopher Famighetti of the Brennan Center for Justice at New York University showed in a comprehensive study that the nation’s voting machines are largely past their shelf-lives and deeply insecure. According to a survey of 274 election administrators across 28 states, a strong majority of election officials claim they need security upgrades to voting machines but simply lack the resources.

Ten years ago, Halderman was part of the first academic research team to conduct a comprehensive security analysis of a Direct Recording Electronic (DRE) voting machine. The study’s findings were deeply troubling: It’s possible to reprogram a machine to cause any candidate to win, without leaving a trace. The research team created malicious software — vote-stealing code — that could spread from machine to machine, much like a computer virus, and invisibly change the election outcome. Since then, cybersecurity experts have studied a wide range of U.S. voting machines — including both touch screens and optical scanners — and in every single case, they found severe vulnerabilities that would allow attackers to sabotage machines or alter votes

This month’s blockbuster reporting in the Intercept and Bloomberg News  show that hostile nations have our computerized election infrastructure in their sights. And the threats aren’t limited to the voting machines and tabulators: adversaries can also go after voter registration databases and electronic poll books to block voters, create long lines at polling places and instill distrust in the system.

So why hasn’t Congress acted?

One simple answer is that lawmakers need a straightforward policy agenda to fix the system. The new statement from the 100 election security experts provides a concrete road map:

First, Congress should provide time-sensitive matching funds to states to upgrade voting technologies, and, in particular, replace paperless DRE voting machines with systems that include a good old-fashioned paper ballot — that is to say, a physical record of the vote that’s out of reach from cyberattacks.

Second, Congress should call on states to conduct risk-limiting audits for every federal race, by inspecting enough of the paper ballots to tell whether the computer results are accurate. These audits are a common-sense quality control, and they should be routine. Since they only require officials to check a small random sample of ballots, they quickly and affordably provide high assurance that the election outcome was correct. As Ron Rivest of the Massachusetts Institute of Technology and Philip Stark of the University of California have explained, states can gain high confidence regarding election outcomes by checking as few as 0.5 percent of the ballots in a given contest.

Finally, Congress should instruct federal agencies to partner with states to conduct serious and comprehensive threat assessment, and to identify and apply best practices in cybersecurity from across sectors to the design of voting equipment and the management of federal elections. This will raise the bar for attacks of all sorts.

U.S. elections are a mess

There’s evidence this agenda can fly even in the age of hyperpartisan gridlock.

While many Democrats have supported election security reforms since former Rep. Rush Holt proposed related reforms a decade ago, prominent conservatives are now championing the cause. Recently, retired Army Intelligence Lt. Col. Tony Shaffer — a Fox News contributor and fearless President Barack Obama critic — joined former CIA director R. James Woolsey — a leading national defense advocate — to call for audits and federal cybersecurity standards. In a Fox News op-ed last month, the two made a conservative case for election security reform as a matter of national security, explaining why, among other factors, Congress’ unfunded mandates under the Help America Vote Act of 2002 justify new security investments. Shaffer and Woolsey quote President Trump himself from an interview the morning of the election: “There’s something really nice about the old paper ballot system,” the then-candidate states. “You don’t worry about hacking.”

Perhaps the strongest argument why the new federal election security agenda can succeed is cost. New analysis from the Brennan Center finds that the country can replace insecure paperless voting systems for somewhere between $130 million and $400 million. Implementing risk-limiting audits nationally for federal elections would cost less than $20 million a year. These amounts are a rounding error in the administration’s $640 billion defense budget request, but the investment would be a guaranteed way to boost voter confidence and significantly strengthen an important element of our national security.

With many state and local officials keen to make necessary tech upgrades, Congress may  need to only cover a fraction of the overall costs.

If lawmakers agree with Comey’s assessment that foreign agents are “coming after America,” it stands to reason that Congress should devote resources to addressing the threat. This is a small price tag for the defense of our democracy.