MARY REICHARD, HOST: It’s Wednesday, October 10th, 2018.
Glad to have you along for today’s edition of The World and Everything in It. Good morning, I’m Mary Reichard.
NICK EICHER, HOST: And I’m Nick Eicher. First up on The World and Everything in It: Washington Wednesday.
We’re now less than four weeks away from the 2018 midterm elections. And yet the nation is still dealing with the security concerns of the 2016 election. U.S. intelligence agencies accused Russian operatives of attempting to hack into the election infrastructure in a number of states. And senior intelligence officials are warning that Russia is trying to disrupt the 2018 elections.
We have a clip here of Oklahoma Senator James Lankford talking about this. It’s about two minutes long, but Lankford explains pretty well the ongoing nature of the problem and the effort to fix it. He made these remarks on the Senate floor in late August. Listen.
LANKFORD: This week earlier, conservative think tanks, Republican groups, and Senate official sites were targeted by Russian hackers. Today, Democratic National Committee just detected and announced what it believes was a sophisticated attack to try to hack into its database system, very similar to the attack that Hillary Clinton’s campaign had during the 2016 election time period. And then today we postponed in the Senate a committee debating election security.
Clearly, states like Russia, Iran, North Korea and others are trying to influence our elections. They’ve demonstrated the capability, the willingness, the intent to come after us to try to influence us. They’re looking for vulnerabilities in states, not to necessarily pick one candidate over another, but to be able to sow chaos and to be able to use information against us.
These same nation states are also pursuing independent hackers, not necessarily working for their government at all, just individual hackers that are willing to be hired out to be able to do whatever these nation states want them to do or to be able to hack in and get information and then sell that information to a nation state that might be interested in it.
Election security is not a partisan issue, it is a democracy issue. And we should take the security of our next election seriously, just like we take the security of our infrastructure seriously, our banking system seriously, our power and electrical grid, our water.
EICHER: Now, we’ll get into the specifics of that bill shortly. But we should note that after Lankford’s floor speech—in September—a new report revealed a troubling problem: a ballot-counting machine used in more than half of all U-S states carries a security flaw that makes it vulnerable to cyber attack.
REICHARD: Is the technology that makes our elections more efficient and convenient somehow undermining their security? WORLD Radio technology reporter Michael Cochrane is here to discuss the interesting relationship of technology to the voting process.
Michael, first of all, how concerned should we be, thinking about election security given this recent report?
MICHAEL COCHRANE, REPORTER: It certainly sounds alarming, but most of the security flaws listed in this report can only be exploited if an attacker gains physical access to the machine. This would be difficult since the machines are secured both in storage and at the polling station. The problem is that election security researchers have known about these kinds of vulnerabilities for almost a decade now and they haven’t been fixed. A recent report from the National Academies of Sciences, Engineering and Medicine even recommends going back to paper ballots as a security measure.
REICHARD: How did we get here? I mean, technology is supposed to improve things, not make them worse!
COCHRANE: It’s been a long, slow process. As recently as 1980, 1 in 10 American voters were still casting ballots on hand-counted paper, according to the MIT Election Lab. Because of our federal system of government, U-S ballots are the longest in the democratic world. So automation has typically been used to speed up the process of counting ballots as well as minimizing the chance of human error. The mechanical lever voting machine invented in 1889 was an effort to speed up the process, and with the advent of computers, the paper punch card was introduced in 1960. But then came the disputed presidential election of 2000.
REICHARD: Right! I remember those poor election officials scrutinizing “hanging chads” and even “pregnant” chads!
COCHRANE: Yes! That whole episode showed we needed a system that not only counted votes efficiently but one that provided evidence that captures voter intent. In other words, a voting system that allows for auditability and verifiability. So, in 2002, Congress passed the Help America Vote Act, or HAVA. This law provided federal funds to help some 8,000 jurisdictions around the country install electronic voting machines, resulting in a wave of upgrades.
REICHARD: Did these new machines do away with paper records entirely?
COCHRANE: Most of them did. The mass adoption of what are called Direct Recording Electronic – or DRE – machines, caused the pendulum to swing so violently in the direction of relying solely on electronic means to record votes that many election officials seemed to forget about the importance of having a backup system in case of breakdown or a security breach. For the last 10 years or so, many in the computer science community have been advocating for either optically scannable paper ballots or DREs that can provide what’s called a Voter-Verifiable Paper Audit Trail, or VVPAT.
REICHARD: Has there been progress in replacing those electronic-only DREs?
COCHRANE: In the 2016 election, about a third of all DREs had that paper backup. But many precincts around the country say they don’t have the money to revamp their voting infrastructure.
So this is where Senator Lankford’s bill comes in. He and other members of the Senate Intelligence Committee have written bipartisan legislation called the Secure Elections Act. It would do two things: First, provide grants to states willing to phase out paperless voting machines with more secure systems. Second, it would encourage states to conduct routine and statistically rigorous post-election audits to verify and validate election results.
REICHARD: OK, and we heard some frustration in Lankford’s voice. What’s the status of the bill now?
COCHRANE: It’s still in limbo. Even though it’s generally popular, there are negotiations ongoing to make the language acceptable to both the House and the Senate. But the House is already in recess through the midterms and the Senate is focused on judicial nominations this month.
Last week Senator Lankford told Politico that it’s possible legislation could pass during the lame duck session of Congress. But next year is looking more likely—and that means dealing with a new Congress. For example: The lead sponsor of the House legislation, Florida’s Tom Rooney, is retiring. So someone else will have to take the lead in the House.
REICHARD: So much for the midterms. I also wanted to ask you about internet voting. I’ve heard calls for it, but I’m sure it has its own security concerns.
COCHRANE: Well, prior to the 20-16 election, the authors of that National Academies report thought the trend would be away from in-person physical balloting and toward remote, or internet, voting. Now the committee is recommending against online voting for the time being. That doesn’t mean it hasn’t been tried, though. The country of Estonia has used internet voting since 2005 – around 25 percent of all votes cast in that country have been online. But an independent team of e-voting and security experts that examined the Estonian elections found many vulnerabilities and came away unconvinced that the current internet ecosystem can maintain the level of integrity elections demand. Advocates for online voting aren’t giving up, however. They’re convinced that blockchain technology will provide the needed security solution for e-voting.
REICHARD: Blockchain? Isn’t that associated with crypto-currencies like Bitcoin?
COCHRANE: That’s right. A blockchain is a public digital ledger of individual transactions distributed across a network of computers. Used in a voting system, each vote becomes a single transaction and the blockchain securely records the vote tally so that the entire process is transparent, secure and auditable while protecting the privacy of the voter. That system is actually being used right now in 24 of West Virginia’s 55 counties for military absentee voters. Users create an account on their smartphone with identifying information such as phone number, email and a picture of their photo ID. The system also requires fingerprint or retinal scans to confirm the voter’s identity and eligibility to vote.
REICHARD: Do you really think this might eventually become a secure voting option?
COCHRANE: I think eventually it will. Many analysts point to the fact that a safe and tested online system could eliminate voter fraud and boost turnout. It could also be a useful tool for an election commission to streamline vote counting and ensure every vote is accounted for.
REICHARD: Michael Cochrane is our technology reporter here at WORLD Radio. Michael, thanks so much for the information and insights.
COCHRANE: You’re welcome, Mary.