August 04, 2018

Experts share ways to protect US elections from foreign interference, as threats multiply

Steve Curley

David Wheeler, data privacy expert with Chapman Spingola

The terrifying reality of foreign interference in the U.S. electoral system is a “war” that could threaten American democracy even if no election results are ever actually altered, according to a panel of the nation’s leading experts on data privacy and election systems on Aug. 3 at the American Bar Association Annual Meeting in Chicago.

Panelists agreed that if foreign powers succeed in undermining voters’ confidence in the U.S. electoral system, they will damage, or even destroy, U.S. democracy. And it would not take much – infiltrating some voter systems and altering some names or addresses that disenfranchise voters and cause long lines at polling stations. In these fraught times, it would be easy for such tactics to cause suspicion of election results and an abandonment of trust in the system.

“The Russians, the North Koreans—they don’t need to go far,” said Adam Lasker, general counsel of the Chicago Board of Election Commissioners. “All they need to do is kill public faith in the system.”

“It stops our democracy in its tracks,” added John “Jack” Young, senior counsel at Sandler Reiff, chair of the ABA Senior Lawyers Division and an international consultant on voter systems, pointing out that many states do a better job of protecting their drivers’ license records than they do voter records. Young represented the Democratic party during the 2000 Bush-Gore vote recount.

Looking just a few months ahead, David Wheeler, a data privacy expert with Chapman Spingola in Chicago, warned that the threat of a collapse in public confidence caused by foreign meddling could be imminent. “Where if there is a blue wave or a red wave” in the 2018 midterm elections, he said. “Is anybody going to believe the results?”

Panelists at the CLE session, “Social Media, Security and Election Law,” sponsored by the ABA Standing Committee on Election Law and the ABA Section of State and Local Government Law, traced the history of foreign attempts to interfere in election and detailed current threats and solutions.

They said foreign powers’ attempts to infiltrate American voting systems stretch back decades, but it has escalated to a wartime footing in today’s cybertimes. The problems go back to the disastrous Bush-Gore election in 2000 when disputes over ballots in Florida hung up results for weeks. As a result, officials poured billions into upgrading state and local municipalities’ equipment and systems. But then they dropped the ball, and the nation is left with aging and vulnerable voting machines, databases and other resources critical to a safe election system.

In March, a federal spending bill included $380 million to help protect U.S. voting systems from cyberattacks, providing grants to states to purchase more secure voting machines and improve election cybersecurity training.

But, panelists said, Congress must provide additional funding.

“The Constitution and the federal law give the states the right to run their own elections,” said Lasker. “But I don’t think our forefathers contemplated international cyber warfare, and I don’t think they were anticipating the states would have to defend themselves against something that is absolutely a federal and international security problem.”

Lucy Thompson, past chair of the ABA Section of Science and Technology Law and a member of the ABA Cybersecurity Task Force who focuses her practice at Livingston PLLC on data privacy and global risk management, detailed eight aspects of the critical infrastructure of elections and pointed out a number of risks to the system.

“The secretaries of state like to say that because elections are local and decentralized, there really is no problem. But that’s not actually the case,” she said, noting that 13 states allow centralized voting so voters don’t have to travel to individual polling stations. “But that means the voter registration databases are all online and all interconnected” on the internet, making them vulnerable to a mass attack, she warned.

Indeed, she pointed to the increasingly popular internet voting systems being instituted by some states. While it does allow easier absentee and overseas voting, “there really is no way to do it [safely),” she said. “It is an area that the Russians really could focus on.”

In need of immediate attention, she said, are the states that do not require paper trails of votes.

Lance Gough, executive director of the Chicago Board of Elections, said the city uses a paper backup system to ensure the safety of its system as well as other methods, such as keeping a part of its system off the internet. “I feel confident that nobody is hacking into our system,” he said.

Nonetheless, he pleaded for new equipment. Chicago officials are still using equipment acquired during the 2002-05 funding burst. To keep their outdated machines up and running, officials are starting to cannibalize equipment from other machines since the machines are no longer being manufactured, said Lasker. “It’s like my uncle keeping one-and-a-half motorcycles in his garage.”

Among the solutions laid out by Young are continuous training of officials, focusing on cyberattacks; updating registration database systems to meet current IT infrastructure standards; separately maintaining voter databases and not connecting them to the internet; encrypting voter records and protecting them with firewalls.

It’s not too late to stop this train in its tracks, Young said. “It’s never too late when you’re in a war,” said Young. “We need to do everything we can.”