Security Has Improved, But The American Voting System Is Still Vulnerable

May 7, 2018
Originally published on May 7, 2018 8:07 pm
Copyright 2018 NPR. To see more, visit http://www.npr.org/.

AUDIE CORNISH, HOST:

We're about to be in the thick of primary season. Voters are deciding the candidates for November's midterm elections. Four states vote tomorrow, with another four next week.

That means more questions about the security of the American voting system. It's still vulnerable after Russia's multifaceted attack on the presidential election in 2016. Joining us now is NPR's Miles Parks. He covers voting security. Welcome to the studio.

MILES PARKS, BYLINE: Hi, Audie.

CORNISH: So as we just said there, a multifaceted attack, right? We've heard a lot about Russian meddling in the election when it comes to, say, social media. What else happened in 2016?

PARKS: Yeah. And I think one of the reasons we haven't heard so much about the fact that this attack also influenced voting infrastructure is the fact that there's no evidence that any votes were actually changed. But that doesn't mean that there weren't efforts to affect the government infrastructure here. And that means that - Department of Homeland Security says that Russian hackers basically targeted or probed the voter registration systems of 21 states.

They were only able to successfully break into one, Illinois, and they weren't able to change any of the data there. They also were able to successfully steal the username and password of an election official in Arizona. And intelligence officials say there's no reason to think they'll stop now, in 2018 and going forward.

CORNISH: Where is the U.S. when it comes to addressing these issues?

PARKS: I think that depends on who you ask. I was in Boston a couple weeks ago at Harvard University for a kind of worst-case scenario military-style conference, where election officials from all over the country gathered to kind of just go through what could happen in 2018. And a cybersecurity expert there said basically all computers - every computer that's ever been invented is in some way insecure.

Election officials, on the other hand, though, have to take a much more delicate line here because their mission is to get people out to vote. People aren't going to vote if they think their vote is not going to get cast accurately. But at the same time, they are talking about these issues and threats - nation-state threats - louder and more openly than ever before.

CORNISH: What about the places where they use paper ballots - that they have some kind of advantage here?

PARKS: Yes, but it's important to note here that 13 states still use completely electronic voting machines. These are voting machines that don't give any sort of paper receipt that let you know if there was a software malfunction or a cyberattack that affected your vote. But more broadly, it's important to realize that it's not just about casting a ballot.

The American voting system - when we talk about cybersecurity in the American voting system, that entails voter registration, when you show up at the polling place, getting checked in. After you vote, you get online, and you want to check the results either on a government website or social media. All of these aspects have the ability to be hacked. And so even if you have completely secured when someone casts a ballot, and that is accurately counted, there's a lot more cybersecurity that goes into the voting systems.

CORNISH: You've been speaking with election officials who are preparing this time around. Do they have a grasp on the problem?

PARKS: At the highest level, I'd say it's definitely getting there. Congress allocated $380 million this year to the states to help them beef up their cybersecurity. But it's important to remember how - just how disparate elections in the U.S. are. There's over 10,000 different voting jurisdictions, all with local officials who have to get a grasp on this stuff.

And this is not just updating technology. It's about changing a culture to prioritize cybersecurity. Here's Eric Rosenbach, who led that conference at Harvard University.

ERIC ROSENBACH: The Russians, in particular, don't have to attack every state. They'll go to the weakest link, and it doesn't have to be a prominent state or a battleground state. All they have to do is undermine trust in the system and confidence in the outcome, and that could be someplace that is very weak.

PARKS: And there, he touches on the central theme here - voter confidence. It's about a lot more than just protecting the accuracy of votes.

CORNISH: That's NPR's Miles Parks. Miles, thank you.

PARKS: Thank you. Transcript provided by NPR, Copyright NPR.