Juliette Kayyem: Terrorism is not the biggest threat facing Americans on Election Day
It's the process of voting, which is vulnerable to hacking and other activity, she says
Editor’s Note: Juliette Kayyem is the author of the best-selling “Security Mom: An Unclassified Guide to Protecting Our Homeland and Your Home.” She is a professor at Harvard’s Kennedy School, a former assistant secretary of homeland security in the Obama administration and founder of Kayyem Solutions, a security consulting firm. Kayyem is a Hillary Clinton supporter and advises the campaign on homeland security issues. The opinions expressed in this commentary are her own.
To put it in context, however, the times around elections and democratic transitions have always raised security concerns as terrorist groups attempt to disrupt the act of voting or sway the results of an election. The real threat next Tuesday, however, has nothing to do with bombs or guns. It has to do with wires. Voting has, in the vernacular of terror, become the new soft target.
As we all wait for election results, the notion that the very process of voting could be vulnerable to hacks, pranksters or a concerted effort by another country like Russia is not idle speculation. It is a deep crisis for the United States, and one that isn’t getting enough attention: A foreign nation could undermine the independence of voting.
Several states already have admitted to potential hacking infiltration, and most states, in response, are seeking advice from the Department of Homeland Security on how better to protect their networks. This is a homeland security issue of the most existential kind.
Views on Election 2016
- Trump's shocking victory: What it means
- The 2016 election: a cartoon view
- Michael D'Antonio: Trump broke all the rules
- Ed Lucas: Victory for Russia's Putin
- Frida Ghitis: Trump started a feminist revolution
- Jane Merrick: Brexit-style win bad for UK
- Ana Navarro: I'm voting for Hillary Clinton
- Paul Ryan: The choice facing America
- Julian Zelizer: What Trump did right
- Leslie Vinjamuri: Trump leads free world?
- Election in 140 characters
- Peter Bergen: President-elect Trump's inbox
- John Sutter: Stop Trump from wrecking the climate
Most experts believe it is unlikely that hackers, Russian or otherwise, could manipulate the ultimate results of the presidential election. Our system of voting is so decentralized and, in the words of FBI Director James Comey, “clunky,” that to actually get into enough systems, manipulate enough results and do so undetected – at a time when those systems are on high alert against such intrusions – would be difficult.
The bigger worry is that hacking will be used as a form of psychological warfare to create enough concern or questions that the loser, whether a presidential candidate or a down-ballot one, will be able to challenge the results in ways that may not be easily dismissed. And while there are a number of ways that Russians or other hackers may be able to create enough speculation, two are of primary importance.
First, there are growing concerns about voter registration validity. There is a huge ground game fight going on now about access to the ballot box, and voting authorities are on the lookout for intimidation; a number of court cases have already enjoined the Republican Party’s attempts to limit access or curtail voting. Tuesday is all about getting out the vote, but it means nothing if a registered voter isn’t on the list.
Databases of who is registered are not considered a type of critical infrastructure subject to regulations and oversight, so instead the federal government is simply dependent on the states to protect their own data rolls.
In some circumstances, the lists are simply Word documents, sent by email from one voting precinct to another. Data on those documents can be changed – names deleted, addresses altered – so that there is confusion at the voting booth and the voter is required either to leave or submit only a provisional ballot. Enough of those, in a highly contested area, will lead to chaos election day.
As Jonathon Zittraine, a professor at Harvard Law School and cybersecurity expert, told me: “All you need to do is start messing with that (registration and voter rolls). It would make Bush v. Gore look extremely straightforward.”
Second, the way that victors are determined on election night – and how networks like CNN access the data from unverified returns to call the results – leads to one place: the Associated Press.
The AP collects election data from precincts and regional centers and has become a one-stop-shopping repository. It also means it can present a “single point of failure” – a hack into the system to manipulate the voting numbers will mean that networks will be basing their results on bad data.
Only until the more official numbers are relayed – much later on – by states through their secretary of states’ offices would any alterations be detected, and that will be long after a victor is declared. The AP has not been very public about its plans to deter such efforts, mostly to ensure it doesn’t disclose to the enemy what cybersecurity efforts it has in place.
Get our free weekly newsletter
It is too late to have a systemic fix in place by Tuesday. Increased awareness, investments in state and local networks and minimizing the risks of data manipulation will provide a temporary Band-Aid.
At the least, the concerns today – and the aggression by Russia against one particular party, from the disclosure of emails to hacks of the Democratic Party – should be a warning for the future: The act of democracy itself is under threat. We must invest, seriously and with common purpose, to harden the most symbolic of soft targets.