Scandals typically have a life cycle. First comes the revelation, then the investigation, maybe some legal consequences. Then, after the spotlight dims, reforms to keep it all from happening again. This time, amid the tumultuous probe of Russia’s interference in the 2016 election, we can’t wait for the remedies to take effect. For we know one thing for sure: the Russians are still coming.
Can we can keep Putin from upending the 2018 and 2020 elections? Many remedies, of course, are external. Sanctions, diplomatic rebukes, seizing safe houses have all been tried. But there’s much to do here at home – concrete moves to secure America’s voting machines and databases. They’re not that hard to do. But they will take a bit of money, and a lot of bipartisan political grit.
Increasingly it is clear that Russian activities went much further than hacked emails and fake news stories. A leaked National Security Agency document, first shared by The Intercept, revealed that the Russians spent months trying to infiltrate the voter registration process. They targeted a manufacturer of devices that maintain the voter rolls, as well as local government officials and organizations that manage voter registration systems. Bloomberg reported that Russian hackers tried to delete or alter voter data in Illinois and hit systems in 38 other states.
There’s no evidence that the Russians tampered with vote totals or voting machines. The final tally was legitimate, as far as we know. Next time, however, we might not be so lucky.
In fact, Putin has been even more aggressive in Europe. Just days before the 2014 presidential election in Ukraine, hackers paralyzed the country’s voting system. Experts scrambled and managed to restore the computers. When they did, they discovered a virus designed to falsely declare victory for an ultra-nationalist party. Russian Channel One even jumped the gun and accidentally reported the hoped-for fake news.
We are ominously vulnerable here, too. So many of the flaws in the infrastructure of American democracy offer a chance for foreign adversaries to make trouble. Consider voting machines. After the 2000 Florida recount debacle, Congress ordered states to buy new electronic machines. But those devices are now old. In 42 states, the machines were bought over a decade ago. (That prehistoric era was before the iPhone.) Many use outdated software too ancient to get security patches. Even when they are not connected to the Internet, they are susceptible to malware that could tilt the results or alter vote totals. Even if the goal is not to pick a winner, these glitches could yield chaos and distrust.
Hackers could target not just the casting but the counting of votes. States gather up results and compile them using central tabulators and election night reporting systems. These are often connected to the Internet.
Wonderful, you might think, one more thing to worry about, as if this badly scripted movie wasn’t dystopian enough. But even if we cannot fully deter Russia – or North Korea or other sophisticated and malevolent actors – we can do much more to stop them from being effective.
That’s where a new report from my colleagues at the Brennan Center, Larry Norden and Ian Vandewalker, comes in. For years they’ve been warning about our rickety election machinery. Now that expertise turns out to be highly relevant as we try to respond to the scandal. They have some specific and suddenly relevant solutions.
Voting machines, for example, can be made much more secure if there is a physical record of each vote, such as when citizens cast their ballot on paper, which is then scanned. These receipts make it possible to do an accurate recount. It also lets officials conduct random audits to make sure the electronic tally matches the voters’ intent. Physical records are useless, however, unless we actually look at them. Currently, only 26 states conduct post-election audits of paper records. By the next election, we need that number to be 50. Some states – including Georgia and parts of Pennsylvania and Virginia– still have machines with no paper record at all. We estimate that it would cost between $130 and $400 million nationwide to replace all the paperless voting machines with machines that read paper ballots.
Voter registration rolls also can be made much more secure. Today 42 states use voter databases that were created at least a decade ago. Think of all the advances in cyber-security since then. Private companies and government agencies use an array of new protections against data theft and hacking that should be enlisted to protect voter rolls.
All this will cost some money. But the biggest obstacle is not wallet—it’s will. Above all, we need to find a way to avoid the toxic partisanship that routinely paralyzes Congress.
So far, omens are not entirely encouraging. The little-known Election Assistance Commission (EAC) sets the standards for voting machines, among other things. It should get more funding. Instead, the House Republicans are trying to eliminate it. When the Obama administration’s Homeland Security Secretary Jeh Johnson considered designating voting machines systems as “critical infrastructure” deserving extra protection, akin to the electric grid, local election officials balked. The Heritage Foundation called the idea “an election Trojan Horse.”
Yet we’ve spoken with lawmakers from both parties who are alarmed by the Russian assault on American democracy. They know that, as Sen. Lindsey Graham has observed, foreign interests may have helped the GOP last time – but could tip the scale for the Democrats another time. Lawmakers may yell about Trump and fight about health care, but there are some encouraging signs that they will actually work quietly to come up with protections for our elections.
After all, this is more than a scandal. A hostile foreign power assaulted our election system. Former CIA director James Woolsey put it with forceful eloquence in his foreword to the Brennan Center report. “The history of national defense shows that threats are constantly evolving,” he wrote. “When the United States was attacked at Pearl Harbor, we took action to protect our fleet. When we were attacked on 9/11, we took action to upgrade transportation security and protect our ports and other vulnerable targets. We were attacked in 2016. The target was not ships or airplanes or buildings, but the machinery of our democracy. We will be attacked again. We must act again — or leave our democracy at risk.”