What We Know and Don’t Know about Election “Hacks” in 2016
Yesterday, the Intercept reported on a leaked NSA document detailing Russian government efforts to hack election offices and voting technology. There are serious and disturbing claims in this report, most of which aren’t entirely new, but which add details to some concerns surround the 2016 election and deserve to be put into context.
WHAT WE KNOW
The threat is real, and it’s significant. Since even before the election, credible reports have confirmed that the Russian government has sought to interfere with the November 2016 election. They sought to do so in two ways:
o First, through massive manipulation of news and facts surrounding our political process. These efforts sought to motivate the electorate by spreading disinformation and narratives, largely in support of then-candidate Trump. These efforts are not “election hacking,” but rather something more akin to political manipulation.
o Second, through efforts to infiltrate election offices and technology. The decentralization of the system, with dozens of different types of technology running in thousands of different election jurisdictions nationwide, made this difficult, but there were efforts to obtain access to information, particularly voter registration information.
These threats likely had two purposes.
o One, to hack the election itself, and deliver it to the candidate preferred by the Kremlin. But this goal was secondary for a few reasons:
- Decentralization made this exceedingly difficult, as it would require being able to predict exactly which of the nearly 10,000 election jurisdictions should be hacked to maximize the chance of impacting the overall election results. For instance, the morning of November 8, 2016, few would have predicted that the key states in delivering the presidency would be Michigan, Pennsylvania, and Wisconsin.
- Paper ballots and audits are more prevalent than they have been in years. Nearly 75% of all ballots nationally are cast on paper, and most states audit the paper ballots to confirm that the voting machines have reported the correct results. Even if hackers from Russia or anywhere else had successfully hacked the voting machines in one of the many states that votes with paper and conducts audits, including Florida, North Carolina, Ohio, Wisconsin, and several others, the hack would have been highly likely to be discovered.
o More importantly, the hackers need not have successfully hacked into the voting systems themselves to achieve another important goal. Even when attempted hacks were unsuccessful, by making it known that the systems were under attack, the hackers successfully created doubt in the minds of many voters about our system of elections and the technology and professionals that protect the integrity of that system. By raising doubts about the security of election systems, and in some cases, inciting hysteria about election integrity overall, the Russian government has successfully caused many voters to wonder whether there’s any point in voting or otherwise participating in our democracy.
- A possible example of the hackers recognition of this goal is their attempted attack on the American Samoan election office. While anyone with even a rudimentary knowledge of American elections would know that the results of voting in American Samoa have no impact on the presidential contest, an attack on any American election office would assist in creating an impression of overall insecurity in the system.
Information in voter registration systems was accessed.
o As we’ve known since even before the election, hackers successfully accessed some voter registration data. In at least two states, hackers attempted to access voter registration data – Illinois, where data was successfully accessed, and Arizona, where it appears the breach was caught before information was compromised. And we’ve known about the hack of VR Systems since at least October.
o We’ve now learned, thanks to the Intercept piece, that some of this data was used to launch further attacks on election system vendors and election offices. But we continue to have no evidence that any of these attacks had an impact on the election.
Voter registration systems are not the systems on which ballots are cast/counted.
o A successful hack on a voter registration database, or on a vendor that solely works with voter registration systems and electronic pollbooks, like VR Systems, cannot, by itself, put the vote count at risk.
o Voter registration data is routinely backed up and stored safely, in case of any system breakdown or hack.
o Even if voter registration data is compromised, at exactly the right moment to create the greatest mischief, it would be detected, as it would result in longer lines and increased provisional ballots (as voters whose information was changed tried to vote at the polling places), or markedly increased requests for mail and absentee ballots from new voters. While this would be a problem during the election, we did not see any evidence of such problems.
o Much, if not all, of the activity documented in the NSA report took place after October 27, after voter registration had closed in many states, including Florida, Georgia, Michigan, Nevada, North Carolina, Ohio, Pennsylvania, Virginia, among many others. In other words, the books in those states were closed well before October 27, meaning that any voter registration activity which took place after the voter registration deadline would have no effect on the voter lists for the presidential election.
There remains NO evidence that voting machines were hacked or that anyone tampered with the result of the election.
o The leaked NSA analysis does not find any evidence of hacking of the vote counts, nor has any previous report or statement by the government or election officials.
WHAT WE DON’T KNOW
Which local election offices were targeted by the phishing attacks outlined in the NSA analysis
o This is important to assess the risk. For instance:
- If these offices were larger and more sophisticated, it would be more likely these offices would have extensive security protocols to prevent a successful phishing attack.
- If these offices represented the majority of areas where voting was done on paper, with an audit of the ballots, any attempt to compromise the ballot counting would be highly likely to be detected.
- If these offices represented smaller jurisdictions, it is unlikely that there would be a sufficient number of votes to sway a statewide election.
Whether voter registration systems were compromised in a way that could have affected the voting process in November
o As discussed above, if a hack had been successful, it is virtually certain that we would have seen evidence of this, but more analysis could be helpful.
Whether any of these attacks was successful, and if so, whether vote tallying systems were compromised
o To date, there is still no evidence of this.
o Even if successful, we would want to investigate whether any hacks were perfectly placed so as to change the outcome of the election.
CONSTRUCTIVE NEXT STEPS
First, we should resist the instinct to jump to conclusions. We still have no evidence to suggest the results of the election were compromised, which continues to be exceedingly unlikely.
o There is still overwhelming evidence that Trump won the majority of the vote in those states that comprised a majority of electoral votes.
o Hysteria and misinformation does not help us get to the bottom of things.
- For instance, our election system is highly decentralized, as discussed above, making it very difficult to launch a large-scale attack.
- While the federal government does not run elections nationwide, there is a federal agency (the Election Assistance Commission, or EAC) which oversees certification of election equipment and serves as a resource to state and local election officials. The EAC works with many other federal agencies, including the Department of Homeland Security and the Department of Justice, to assist election offices in maintaining security and integrity. Unfortunately, the Intercept apparently made no effort to contact the EAC, the agency best suited to comment.
- While the Intercept contacted the Federal Election Commission (FEC) for their report, the FEC has absolutely nothing to do with election administration or voting technology. Calling the FEC to ask about voting technology is akin to calling the Department of Labor to ask about delivering a baby.
Second – and I expect several states are already doing this – given recent allegations it is probably prudent at this point to engage in a thorough forensic analysis of voter registration activity in several states in the days leading up to the election. Specifically, I think it could be helpful to investigate the following data, among others, regarding the following activity from September, 2016 onward, and compare it to previous presidential elections:
o Changes made to existing voter records, both online and by paper;
o Registered voters, either new or existing, who requested a mail ballot be sent to an out-of-state or international address, or any address where multiple ballots were requested at the same address;
o Provisional ballots requested/cast/counted due to an inaccurate voter record.
Third, election offices have been remarkably careful and resilient through this election cycle, dealing with threats and accusations in a highly professional way, but it would be wise to further review office security protocols, ensuring staff are trained to avoid scams like phishing, and that technical systems are in place to maximize security of internal systems. Again, many election offices are probably several steps ahead of us on this.
o As part of this, election officials who aren’t already doing so should look into additional security protocols to prevent phishing like two-factor authentication.
Finally, these threats have highlighted how important it is for jurisdictions to employ auditable technology and effective post-election audits. Many states are looking to beef up the transparency and rigor of their post-election audits, and this should provide some momentum, for two primary reasons:
o First, even in the unlikely event that hackers effectively tampered with vote counting systems, an effective audit of a paper or otherwise auditable ballot would detect the problem, enabling a recount of the paper ballots, and ensuring the correct result.
o Second, public education about the existence of audits to protect against hacking could help restore the confidence so many voters have lost during this cycle, as concerns about hacking and unsubstantiated claims about voter fraud and vote rigging have been raised. It’s essential that voters know their votes in 2016 mattered and were counted properly, and that election officials are working to further improve security in future elections, even as these threats endure.