Vigilance Is Required to Protect Midterm Election Voting

With people in some states already voting in the 2018 midterm elections and election day less than a week away, the question about the safety of our voting machines, and our overall voting system should be on everyone’s mind.

We know that Russians tried to disrupt the 2016 presidential election, and federal officials stress that those efforts are ongoing. Whether by directly attacking our voting machines or posting disingenuous and malicious posts on social media, foreign interests will apparently do whatever they can to sow discord or outright change election results.

The question of whether your vote is safe may come down to where you live, and how much you allow social media to influence your voting choices.

It’s a concern shared by the majority of Americans leading up to next week’s election, and one that crosses party lines. That was a key takeaway of a new Pew Research Center study released this week. The survey asked 10,683 randomly selected American voters if they were confident that our voting systems were secure. Over half of those surveyed, 55 percent, didn’t think so. And, 67 percent believed that it was likely that Russia, or some other foreign entity, would attempt to disrupt the midterm elections.

Following the 2016 presidential election, most states made efforts to improve their cybersecurity footprints. That’s important because in America, even for federal elections, everything is handled by the various state boards of elections. Interestingly enough, the survey results were better when people were asked about the safety of voting machines and practices within their home states, with 66 percent saying they thought their state’s voting system was secure.

But that confidence might vary by state, depending on what technology is deployed there. In my home state of Maryland, we use paper ballots that are fed into optical scanners. And the entire process is backed up by a full paper trail, so that if something happens to the electronic records, there is a full, unhackable, backup. Maryland earned a grade of B, the highest given out, in the Washington-based Center for American Progress report on voting security conducted over the summer.

Even so, the state was one that was targeted with a social media misinformation campaign, misleading Facebook ads, and at least one attempt to directly hack the voting system. Since then, Maryland has redoubled its efforts to improve security. Maryland elections administrator Linda Lamone told The Baltimore Sun that the federal government has been working in tandem with Maryland officials to improve election security. “Both the federal government and us are taking this very, very seriously,” she said. “Everybody’s working as a team.”

There may be less confidence if you live in a state like Georgia, or one of the five that still use direct-recording electronic voting machines, which are basically touchscreen computers with no paper backup. Georgia plans to use 28,000 of those types of machines in the midterm elections, even though most experts say that this is extremely dangerous, and makes the state a prime target for hacking attempts.

And make no mistake, vulnerabilities on certain voting machines do exist, even for ones that are being used in this election cycle. Wired magazine reported on the results of the DefCon Security Conference Voting Village event, where cybersecurity professionals tried to hack various kinds of active voting machines. While the group did not find many new exploits, they did confirm that some machines with highly exploitable, known vulnerabilities, have not yet been patched. As an example, in one case, they pointed out that a voting machine called the ExpressPoll-5000 used “password” as it’s root password and “pasta” as its administrator password. Now that you know that, you can bet that foreign hackers do too.

Securing our voting machines against attacks by hackers is paramount, but so is stopping the misinformation campaigns and false ads that now appear on social media around election time. In fact, with Russia in particular, this seems to be its preferred method of hurting U.S. elections, or at least one prong of the country’s attack pattern. Just last week federal officials charged a Russian national with trying to inflame passions online ahead of the midterm election.

In those types of soft or “grey-matter” hacks, the election meddlers zero in on hot-button issues such as keeling at NFL games, LGBT rights, gun control, Confederate monuments and immigration, among others. They generally pretend to be a part of a group that believes strongly in a position surrounding those issues, but their true goal is to rile people up and hopefully peel votes away from certain candidates. Ultimately, they try to get people to vote against their own best interests based on misinformation.

The indictment last week shows just how much Russia is investing in these false flag efforts. Prosecutors say the group had a $35 million operating budget, funded largely from Russian oligarchs and their companies.

That type of social media hacking may be even more difficult to fix than flaws in the voting machines. We could rely on tech companies to take down fake accounts and ads, but few people believe that they will be effective in doing so. In that same Pew Research study, only 33 percent of those questioned thought that companies like Google, Facebook and Twitter would be able to protect them from fake influencing posts and ads.

In a way, the 2016 attacks on our voting system were a good thing. By all accounts, they were not successful, or at least not very successful. But they did wake us up to the possibility of an attack, either using cyber weapons or simply with fake influence ads. They clearly demonstrated that we need to continue to improve our election cybersecurity, while also reducing the influence of things like Facebook posts over our lives.

Neither of those efforts will be easy, but we can—and must—achieve both in order to protect our elections and ultimately our democracy. Because, like Winston Churchill famously said, “Democracy is the worst form of government, except for all the others.” Let’s all try to redouble efforts to keep ours strong.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys