This week, alarm cries went up with headlines screaming that our elections could be hacked with ease after a publicity stunt at the DEF CON, a hacking conference in Las Vegas, where hackers accessed mock voting machines. The reality is, if anything, DEF CON proved it is hard to hack our election systems, but one possible cure to this problem may be worse than any disease.
Yes, the DEF CON participants were able to hack the machines but let’s go through the caveats.
The first and most obvious problem is hacking the machines required physical access and proximity. One of the beauties of partisan poll watchers, let alone election officials, is they would all notice and immediately raise an alarm if someone were taking a screwdriver to a voting machine or standing close to one for a long period of time. Voters would be upset as well. Can you imagine how the line would grow in the time it took the hacker to gain access to the machine?
But what about physical access before election day? States have laws and procedures to physically protect voting machines, and machines are always checked before voting begins to ensure their vote tallies are zero.
Second, the hacks were done on machines purchased on eBay that were scrapped or decommissioned. In other words, the hackers proved with sufficient physical access to a machine they could go back in time and hack a prior election.
So what does this mean? The elite hackers were not able to change votes or gain access to the machines remotely. Unlike modern light switches, refrigerators, cars, and door locks, voting machines are never connected to the internet. While our current system of voting machines is far from perfect, it would be very difficult for a Russian, a teen techie in his mother’s basement, or a political operative to alter votes for an election.
But a possible solution to the problem of hacking could change all this: the federal government’s Department of Homeland Security (DHS) declaring elections “critical infrastructure.”
Let’s be clear: the word is “could.” The designation of critical infrastructure is very ill-defined, especially as to what DHS has unilaterally asserted jurisdiction over and what it may do about it. At a meeting last month, DHS officials spoke with state officials, but according to Republican Tennessee Secretary of State Tre Hargett, it cleared up nothing and he was “disappointed” by how unprepared the DHS officials were. Democrat California Secretary of State Alex Padilla echoed Hargett in calling the generic quality of the conversation “disappointing,” as it was months after the designation and DHS officials could not provide details.
However, we do have a few ideas and they seem extreme. But given how little anyone—including DHS—appears to know about the designation, all we can do at this point is speculate. Apparently, in the closing days of the Obama Administration, they had a contingency planned to send “armed federal law enforcement agents” to polling places in response to efforts to hack the election. How military type personal would stop or even begin responding to hacking is an open question.
What Democrat and Republican election officials do agree on is this critical infrastructure designation by DHS raises alarm bells with these sorts of extreme and arguably nonsensical solutions actually having been considered by the last administration.
One possible response could be the federalizing of elections. This raises serious constitutional issues since election administration is under the purview of the states. If the “federalize solution” were limited to the federal government serving as central gathering point for election results or common source of electronic voting machine code, that could lead to a digital record that actually could be hacked.
Unlike states, where officials are often monitored by the local community and involved in local political squabbles, the federal government would be an allegedly objective and neutral yet very distant and unreachable, overseer. Unfortunately, under the highly politicized Obama Department of Justice we saw the “neutral IRS” was targeting conservative tea parties groups. What is to stop a similar future DHS administration from treating states differently or shading the efforts at the request of those candidates it is sympathetic to? Who is to say a DHS Secretary could not favor one side, as it seems Eric Holder and Loretta Lynch may have done as the head of Department of Justice?
Even if someone is naïve enough to believe that Cabinet and Department heads will always be neutral, the other problem is the centralizing of vote tabulation or code, which actually could lead to hacking. One assumes the federal government would be communicating sensitive information with states online, thus opening the system up like never before. (It is important to contrast this with the Presidential Advisory Commission on Election Integrity, which is only looking at public available voter registration records and not touching voting or tabulation, as could be the case in an action under the critical infrastructure designation.)
All of the headlines this week play in to the mainstream media’s favorite narrative, that the 2016 election was somehow hacked, all in an effort to delegitimize President Trump. There are serious considerations for states and localities related to voting machine security, but the media’s hysteria over election hacking distracts from the actual threats that hardworking election administrators across the country have to address, like old technology, malfunctioning equipment, and lack of funding for upgrades and systems that provide a backup paper trail. Likewise, the DHS critical infrastructure designation provides the promise of potentially harmful regulatory nightmares for election officials without any promise of actual assistance in the important work of keeping elections secure.
In the end for the most part, the DEF CON hacking of our elections is mostly fake news. However, the solution of DHS’ designation of elections as critical infrastructure could make hacking easier and a reality.