To truly ensure the principle of one person, one vote, the American electoral infrastructure should adopt security protocols similar to those used in the cybersecurity industry. Electoral management should be conducted using variations on the techniques employed for financial systems and national security data. Unfortunately, today’s U.S. voting mechanisms at all levels as well as national policy would not pass even the most rudimentary information assurance audit.
Although protecting the ability to accurately cast and count votes is integral to a fair and democratic system, technologies have made the process far more complicated. Additional sophistication presents challenges. From hanging chads in Florida in 2000 to Russian “fake news” and hacking in 2016 to the failed apps mess at the 2020 Iowa caucuses, the U.S. voting system is vulnerable to external and internal threats.
Citizens’ voting choices are important pieces of information. That data should be protected as intensely as credit card accounts or tax records. To that end, the U.S. government must apply the same principles to the electoral infrastructure that’s employed in other critical information infrastructures: confidentiality, integrity and availability.
Confidentiality is important in the United States because in the early days of the republic, voting took place in crowded town halls, markets or churches. The secret ballot didn’t become common until the 1890s.
Since then, secrecy has been paramount for several reasons. People should not suffer retribution because of how they vote. The confidential vote is a fundamental right; consequently, the ability to vote free from undo coercion is an American principle.
The integrity of the voting system instills confidence in the data collected during an election. It is as important, for example, as it is for people to be able to open their email and be certain that the message is correct, from the sender as documented and intended for them.
Democracy requires electoral integrity in every part of the process. When citizens vote for an individual or cast their ballots about decisions for their communities, they should be confident that the votes will be tallied accurately.
Voting also requires access to the ballot box, including an adequate number of ballots and functional voting machines. Although assumed, this hasn’t always been the case. At times, eligible voters were pulled from the rolls, precincts were closed without sufficient notice, or voters were driven from long polling lines because of insufficient numbers of voting machines or ballots.
To ensure confidence, privacy, integrity and access, industry as well as state and local officials should adopt a variation of proven cybersecurity practices. The National Institute of Standards and Technology (NIST) and the U.S. Election Assistance Commission have begun applying stringent standards to the electoral infrastructure. These standards have been adopted by the government information technology community and have documented guidance such as the SP 800 series or the new Cybersecurity Maturity Model Certification (CMMC). The Voluntary Voting System Guidelines 2.0 (VVSG), now in its third draft, creates a framework by which voting machine manufacturers can secure elections.
In the absence of centralizing federal elections, the next step should be a working group like those that created the VVSG, consisting of industry, security professionals and election officials. Its mandate would be to draft guidance and a set of controls election officials would use to maintain the securest manner of electoral infrastructure.
The NIST SP 800-53 Revision 4 Control Families list and the role it plays in how information technology assets are protected from threats and vulnerabilities is an example of how to protect voters’ information. This list includes audit and accountability, access control, configuration management, identification and authentication, incident response, media protection, risk and security assessment, and system and information integrity. With minimal modification, election boards could apply these controls to the protection of their election infrastructure.
In access control, for example, Election Systems and Software LLC, the manufacturer of voting machines that caused some voting slowdowns in Johnson Country, Indiana, in 2018, acknowledged that between 2000 and 2006, remote access software was installed on its machines that opened the front door to unauthorized users. The company only stopped the practice in 2007 because it agreed to adhere to the first iteration of the VVSG.
Existing election management institutions can only take their system provider’s word that the machines lock out all unauthorized users. Following a set of guidelines that uses cybersecurity standards tailored for their circumstances would enable the election institutions to determine the machines’ security.
Another item on the NIST list that can be applied to election technologies is audit and accountability. A system that is consistent with the NIST control family should be able to produce audit records that report what event occurred, when and where it took place, as well as the source, outcome and identity of a suspicious event.
The Center for American Progress is one organization that has called for post-election audits that can test election results. To facilitate this activity, election boards should have the technical ability to perform audits and then conduct them on a regular basis, in accordance with a widely accepted standard like NIST proposes.
Media protection is another way NIST’s Control Families list could help ensure the validity of election results. Academics, such as Douglas E. Jones at the University of Iowa Department of Computer Science, have written of their concerns about the storage and transport of the media used for elections. A consistency of protection methods would give election boards the guidance necessary to ensure their media, both machines and paper ballots, are protected throughout their life cycle. Guidance to establish testable controls for how they are accessed, marked, stored, transported and used would minimize the risk of mishaps that could call into question the integrity of elections.
In an age of cyber warfare, nations need to defend themselves and their institutions from foreign and internal threats. By ensuring the security of the electoral process and the technologies used to implement it, balloting and counting can be streamlined and protected. Applying rigorous standards and information assurance will defend the electoral infrastructure.