To put it in context, however, the times around elections and democratic transitions have always raised security concerns as terrorist groups attempt to disrupt the act of voting or sway the results of an election. The real threat next Tuesday, however, has nothing to do with bombs or guns. It has to do with wires. Voting has, in the vernacular of terror, become the new soft target.
As we all wait for election results
, the notion that the very process of voting could be vulnerable to hacks, pranksters or a concerted effort by another country like Russia is not idle speculation. It is a deep crisis for the United States, and one that isn't getting enough attention: A foreign nation could undermine the independence of voting.
Several states already have admitted to potential hacking infiltration
, and most states, in response, are seeking advice from the Department of Homeland Security on how better to protect their networks. This is a homeland security issue of the most existential kind.
Most experts believe it is unlikely
that hackers, Russian or otherwise, could manipulate the ultimate results of the presidential election. Our system of voting is so decentralized and, in the words of FBI Director James Comey, "clunky," that to actually get into enough systems, manipulate enough results and do so undetected -- at a time when those systems are on high alert against such intrusions -- would be difficult.
The bigger worry is that hacking will be used as a form of psychological warfare to create enough concern or questions that the loser, whether a presidential candidate or a down-ballot one, will be able to challenge the results in ways that may not be easily dismissed. And while there are a number of ways that Russians or other hackers may be able to create enough speculation, two are of primary importance.
First, there are growing concerns about voter registration validity
. There is a huge ground game fight going on now about access to the ballot box, and voting authorities are on the lookout for intimidation; a number of court cases
have already enjoined the Republican Party's attempts to limit access or curtail voting. Tuesday is all about getting out the vote, but it means nothing if a registered voter isn't on the list.
Databases of who is registered are not considered a type of critical infrastructure subject to regulations and oversight, so instead the federal government is simply dependent on the states to protect their own data rolls.
In some circumstances, the lists are simply Word documents, sent by email from one voting precinct to another. Data on those documents can be changed -- names deleted, addresses altered -- so that there is confusion at the voting booth and the voter is required either to leave or submit only a provisional ballot. Enough of those, in a highly contested area, will lead to chaos election day.
As Jonathon Zittraine, a professor at Harvard Law School and cybersecurity expert, told me
: "All you need to do is start messing with that (registration and voter rolls). It would make Bush v. Gore look extremely straightforward."
Second, the way that victors are determined on election night -- and how networks like CNN access the data from unverified returns to call the results -- leads to one place: the Associated Press
The AP collects election data from precincts and regional centers and has become a one-stop-shopping repository. It also means it can present a "single point of failure" -- a hack into the system to manipulate the voting numbers will mean that networks will be basing their results on bad data.
Only until the more official numbers are relayed -- much later on -- by states through their secretary of states' offices would any alterations be detected, and that will be long after a victor is declared. The AP has not been very public about its plans to deter such efforts, mostly to ensure it doesn't disclose to the enemy what cybersecurity efforts it has in place.
It is too late to have a systemic fix in place by Tuesday. Increased awareness, investments in state and local networks and minimizing the risks of data manipulation will provide a temporary Band-Aid.
At the least, the concerns today -- and the aggression by Russia against one particular party, from the disclosure of emails to hacks of the Democratic Party -- should be a warning for the future: The act of democracy itself is under threat. We must invest, seriously and with common purpose, to harden the most symbolic of soft targets.