When eight states hold elections Tuesday, they'll be some of the first to do so on the newly shaky ground of the U.S. election system's integrity.

That's the world we live in after U.S. intelligence officials determined Russia launched a cyber campaign to meddle in the 2016 presidential election. Over the past week, lawmakers have revealed the extraordinarily detailed scheme to influence the votes of tens of millions of Americans, and even to spread false information about how to vote. Lawmakers said this misinformation campaign is ongoing.

We also recently learned that at least 21 state election systems were targeted by Russian hackers before the 2016 election.


There’s no evidence that Russians were able to change any votes after they were cast, but at the very least, they succeeded in raising questions about the U.S. voting process — questions that James Norton, a homeland security expert and former official in the George W. Bush administration, said aren’t unfounded.

The Fix talked to Norton ahead of Tuesday’s elections. Our conversation has been edited for clarity and length.

THE FIX: When voters go to the polls Tuesday, what, if anything, should they be concerned about from a security perspective?


A voter in San Francisco on Election Day 2016. (David Paul Morris/Bloomberg News)

NORTON: You want to make sure all the votes are counted. For stations that do use electronic polling stations, do they have the right amount of security, or they are being dealt with by people who are trained to monitor the machines? As the information passes from each town, that it’s passed in a secure way. That all the voter rolls have been counted, and that all the names on there are legitimate, and there’s been a thorough run-through of that list, and that you have the right people voting. These are all things that could be an issue if not handled appropriately.

That’s a lot of things! Should voters be concerned that Russia is trying to change their vote, either before or after it’s cast?

The integrity of voter rolls, voter data, and voters’ decision process needs to be stronger. The secretaries of state aren’t in charge of cyber; they are in charge of elections. That’s been their role for 200 years, but [protecting elections from hacking] is not their role. I think governors need to appoint cyber directors.

There’s been a push to put the Department of Homeland Security in charge of this. I think that’s a mistake. DHS was never set up to be an election-monitoring organization. They lack the money and resources to really run a massive operation to try to secure every polling station in the country. It’s just not possible.

Should voters be concerned that what information they consume on social media about their local elections isn’t real?

A Russian Facebook page that lawmakers said is an entirely made-up group.

Yeah, absolutely.

What we’re learning from Facebook, Twitter and Google is that they really don’t have any control of what’s on their platforms, and they are kind of running to catch up to see what’s on there. They created this environment where anybody can plug and play. It’s this global wild West, because what the attorneys for these companies were saying to Congress is that they don’t necessarily follow the rules of any one country.

I think that it is scary we can’t trust the information we see online, or that we have to question it.

You’ve recently testified to Congress about all this. What can they do to keep elections safe and honest?


Lawyers for Facebook, Twitter and Google testify to Congress on Tuesday. (Melina Mara/The Washington Post)

A lot of the conversation in Congress is: What is the role of the government, and what can we be doing to support efforts to help clean this up? When individuals’ private data is breached [as the state's voter database in Illinois was], what does it mean to lose your data? Is there a value to that?

But it’s incumbent on social media platforms to give some sort of guarantee that the information on them is real, and show where it’s coming from.

State and federal officials say one particularly pernicious effect of all this is that people might decide not to vote if they don’t think it will be counted accurately.

This could be a motivator in the sense of foreign adversaries trying to create civil unrest or influence elections. Hopefully it motivates people to go out and practice their civic duty and to vote.

Bottom line, we don’t know how to ensure that some of the digital information we rely on to vote is real, nor how to ensure that parts of our voting process won’t be corrupted?

Right. It seems like we are constantly cleaning up yesterday’s messes. For the most part we have the right idea of having a safe, secure election. However, we are grossly underfunded and we lack a strategy at both the federal and state and local level to have a comprehensive security plan, not only for this Tuesday but for two or four years from now.