Security experts are converging on Iowa in an attempt to ensure that the state’s famed caucuses go off without interference, foreign or domestic. But at this point, there’s little indication of immediate threats in Iowa, so to some extent this may be a test run before the Democratic primaries begin in earnest in New Hampshire on February 11, 2020.
Those security experts, some working for the individual campaigns, some for the Democratic party and some working for private interests and for the US government are hoping that they can spot attempts to hack into voter databases or voting machines before and during the elections. But to some extent, they’re off to a slow start.
By the time the day of the primaries arrived, the election would have already been compromised
Attempts to interfere with the US elections would have begun months before the elections as hackers looked for ways to insert malware into voting machines, or looked for entry points into state voter registration data. By the time the day of the primaries arrived, the election would have already been compromised.
How do you spell interference?
Interference in the US elections takes many forms. There’s the hacking of results that everyone thinks about. In addition, there’s tampering with registration rolls in an effort to cause chaos on election day, for example when voters find out that they’re either not registered or that their information is wrong. Then there are disinformation campaigns designed to stifle turnout or create false information about candidates or parties.
Typically those disinformation campaigns start months before an important election, showing up on social media as news stories promoted by other users. They also take place on or near election day when voters start seeing fake news stories about polling place changes or even date changes for the election.
Iowa is different
The reason that Iowa can only be considered a test run is because of the way Iowans make their choices. The caucuses are community affairs where neighbors gather to in an informal atmosphere. The selections are made by supporters of each candidate gathering in one spot with their fellow supporters. The vote tally comes from how many supporters of each candidate gathered in their defined spots.
In the 2020 caucuses officials will use a smartphone app to report the tally to election headquarters so that the results can be known as soon as possible. While there have been suggestions that the use of an app for reporting introduces security risks, this is unlikely in the caucuses. First, each attendee at the causes will know if the vote count for their precinct is accurate when they see the reported results because they were there. Second, the results will have been physically recorded at the caucus location.
What states can do
The serious efforts by state-sponsored actors to interfere with the US presidential election will come after the nomination process is well under way. The attackers will have a better idea which campaigns to focus on, and the level of chaos will already be high as untrained campaign staff focuses on the vote and not so much on security.
This lack of security focus was brought to light when the chief information security officer for the Buttigieg campaign resigned, primarily because others in the campaign weren’t taking security seriously. During the time in mid-January, Mayor Pete Buttigieg was charging hard to make a show in the Iowa Caucuses, and his campaign was focusing on that.
Unfortunately, it’s during times such as those when security is most important, because the attackers know that the staff will be distracted. There are a number of resources available to the campaigns, and to the state voting officials who must count the votes.
Fortunately, unlike in 2016 when such election interference was first noticed, the federal government has taken action to provide support.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a detailed and thorough resource guide to election security. The guide provides basic guidance, and it includes links and contact information to a vast array of resources.
The US Election Assistance Commission also provides a guide on election security that includes a wide range of topics designed to help local officials learn the ropes.
Congress, meanwhile, has allocated $425 million for election security in the 2020 election, but a bill, H.R. 2660, the Election Security Act of 2019, has been languishing in committee since June, 2019.
The primary conduit for disinformation during the 2016 presidential election was social media. Facebook, for example, not only allowed disinformation to flow through its channels, it sold access to Russian government actors who purchased access in Rubles. For 2020 that’s changing. Recent attempts at distributing disinformation through fake news stories have been flagged by Facebook as being false. Facebook and Twitter are both actively suspending suspect accounts, which means that the disinformation will likely be reduced in 2020.
One thing that can be said with confidence in regards to election security during the 2020 presidential election, is that it’s better than it was in 2016. Unfortunately, that’s not a very high bar.
But the difference is that the threat of election interference is now generally acknowledged, and there’s some desire to keep it from happening. As important as that it, an alert citizenry will play a key role in keeping a lid on interference. A lot of people are trying to help, but no single agency or organization can do it all.