A year ago I gave an extensive interview with the Public Radio program “Reveal” on the threat of hacking the voting machines that would be used in the 2016 Presidential election. Because of the physical security measures and procedures in place in election offices combined with the total number of machines that would have to be attacked, I was confident that attempts to hack or subvert the election through voting equipment could not be pulled off without detection in time to foil the attempt.
What I never envisioned at the time was the vulnerability of voter confidence to manipulation, from the inside and outside. I never anticipated the effectiveness of attacks on the legitimacy of our democratic institutions. I never expected the profession of Election Administration to be undermined by elected officials, by the media and the political fringes. In other words, I never expected Election Administration itself to be hacked.
The term hacking implies some kind interference, disruption, manipulation, destruction or loss of control. Hacking as it applies to elections is misused and misapplied. Election hacking invokes images of cyber villains taking control of voting equipment and manipulating and changing election outcomes. The reality is that elections are not really vulnerable to this type of hacking. Due to the de-centralized nature of voting, the number of individual machines, and the security counter-measures that each jurisdiction employs, it is a practical impossibility to pull off.
There is evidence that unauthorized and possibly hostile agents gained access to unsecured voting registration information at the state level. While this access is disturbing and a violation of voter privacy, it is not a threat to elections and voting. It is merely the virtual equivalent of dumpster diving-discovering interesting stuff but nothing really actionable. This mischief has been mis-branded as hacking and as a result has become the subject of a national security intervention- and that is a problem and a threat.
Elections have been designated as “critical infrastructure” and therefore entitled to defense and protection by the Department of Homeland Security (DHS). But what does “critical infrastructure” mean? Where is it? These are fundamental questions that no one really knows the answer too- not even those charged with protecting it (whatever it is).
I have my own definition of “critical election infrastructure” to propose for your consideration.
The foundation of the infrastructure is the laws and regulations of each state governing voter registration and voting. The second aspect is the legal and governance framework for the administration of those laws and regulations. The third piece of the infrastructure is the human, capital, and financial resources allocated for the administration of elections. The fourth aspect is the professional, managerial, and ethical qualifications of those charged with election administration. The final and least tangible piece of infrastructure is “legitimacy”; the yardstick by which all democracies are judged by scholars, by history, by the public, and by media.
Laws and regulations can suppress participation, disqualify eligible voters, invalidate valid votes, and even rig the game. Sometimes this is intentional, sometimes for advantage and sometimes the result of bad legislation or poor code revision practices.
Governance of election administration may be by a non-partisan elected official, a partisan elected official, a partisan or non-partisan appointed official, a partisan or non-partisan board, or by some other body. None of these structures are inherently better than another but all of them have their weaknesses and vulnerabilities to outside influences.
Election administration is chronically under-resourced, a fact that has become widely recognized. The cyclical nature of elections demands more people, space and money in some years than in others. This does not fit traditional governmental budgeting practices. Straight line budgeting of off election years creates a crisis in election years. Across-the-board cuts, a favorite budgeting tactic in lean times, are nonsensical as if it would be appropriate for a 10% budget cut to be offset by registering 10% fewer voters and counting 10% fewer votes.
There was a time, not too long ago, when elections were simple, clerical in nature and run by rather anonymous administrators. There was a time when election administration was not like managing an IT department. There was a time when public expectations did not require election administrators to be media savvy. There was a time when administrators were largely insulated from attack or attempts to influence by activists, interest groups, partisans and the public. Times have changed as have the required qualifications and expectations of election administrators.
What once may have been merely sour grape criticisms by losing candidates and campaigns has morphed into deliberate and shameless efforts to discredit election systems, election results, and election administrators. Extreme disappointment in a candidate’s loss (or narrow win) has become the basis to justify overt, untrue, and non-factual attacks on the integrity and legitimacy of elections. Legitimacy is undermined by the frivolous and continuous claims of fraud which have been normalized by their frequency, volume and quantity.
While these vulnerabilities and attacks on election administration as an institution are not new, I never anticipated their cumulative effectiveness in “hacking” the system and voter confidence. It is time to focus on securing the real “election infrastructure” whose legitimacy is visibly and actually under attack every day on all sides rather than being distracted by the hypothetical and unrealistic threats of hacking registration databases and voting machines.