16 Jul Getting Practical

All eyes on the prize: the midterm elections. It’s time to get practical.

A shift of fewer than 80,000 votes in three states—Michigan, Pennsylvania, and Wisconsin—would have made Hillary Rodham Clinton president (as the overall popular vote did, but never mind). That’s a shockingly small margin, leaving aside the issue of the Electoral College, which I’ll take up in a future post here. Remember that less than 80,000 number when someone tells you voting really won’t matter because there’ll be foreign intervention, or political conspiracies will rig it, or it’s all a lost cause anyway.

But we do face serious threats to our crucial fall elections. The American election system is actually made up of 50 different state-run elections, each with its own unique voting process, and each state has several procedures potentially vulnerable to interference, foreign and domestic. That somewhat chaotic system is the bad news. But that same individualized arrangement is good news: hackers and other disrupters have to devise 50 different means of doing their dirty work. U.S. intelligence agencies have definitively concluded (and the bipartisan Senate Intelligence Committee strongly agreed) that Russia tried to throw our 2016 elections and might have succeeded. Electronic technology is responsible for most of these problems, though not all; election-tampering can take many forms.

We need to educate and protect ourselves, since the Trump regime has deliberately done nothing toward either. So here we go.

Generally speaking, if you can keep your registration and voting procedures solidly on paper, you are safer—but that’s not possible once you’ve cast your vote. Journalist Shannon Vavra of Axios compiled a list of the potential points of failure, and with thanks to her, I share it here.

Registration interfaces: When you enter your voter registration information online, any vulnerability on your devices could expose that information to potential bad actors. (Only your individual data should be at risk.)

Voter registration databases: Security measures like firewalls and physical network separation can protect these data troves, but no firewall is foolproof.

Electronic poll books: E-poll books are the electronic version of the books of voter records that poll workers refer to on Election Day at voting locations. In some instances, e-poll books can send live updates back to the county or state offices using active network connections. If the security on those networks fails, the information could be exposed.

Printed poll books: Some counties print their poll books using third-party printers, according to Maurice Turner, senior technologist at the Center for Democracy & Technology. That could expose this part of the process to the Internet if the third party has weak security protocols or other vulnerabilities.

Voting machines: At DEFCON last year, hackers demonstrated that they could break into any voting machine with wireless connectivity or a USB port.

*In theory, it would be difficult to exploit the vulnerabilities physically, because someone would likely notice this kind of tampering. But it’s not unusual for people to take their time in a voting booth, and election officials can’t and shouldn’t observe every move voters make.

*Electronic vote tabulation: This can require data from electronic ballots to be transferred to an Election Management System (EMS). Any of the methods used to do that—USB sticks, email, or other Internet transfer—can expose the data to tampering if not properly secured.

*Optical scan vote tabulation: Scanners often tabulate paper records of votes, like a standardized test. But in some cases, these scanners may be rented from third-party vendors, which means they might have been exposed to tampering or bad security there.

*Election management systems: These systems, used in different locales to tabulate and store voting results, may be at risk of exposure to the internet as well, depending on the jurisdiction’s security protocols.

*Absence of paper trails: Most of these vulnerabilities are deepened by the lack of paper backups to electronic election systems. In five states—Louisiana, Georgia, South Carolina, New Jersey, and Delaware—there are no paper records of votes, and the paper record is spotty in nine others: Pennsylvania, Texas, Florida, Tennessee, Arkansas, Indiana, Kentucky, and Mississippi. If you live in one of the above-listed 14 states, you should raise a bit of hell, and you might consider voting via absentee paper ballot, although there’s no guarantee that your ballot won’t be scanned electronically after it arrives.

*Last, risks from human error, confusion, and doubt. Mistakes introduced through human error aren’t likely to affect an election outcome if they happen at a small scale. But they can add to the confusion in the context of other simultaneous efforts to undermine public trust in elections or to create chaos, and an adversary can still claim responsibility. This tactic—experts call it a “blended attack”—can cause as much disruption and doubt as direct interference. Most of what the Russians in 2016 did was probe voter registration records—and that still sparked a national debate.

What to do, then? Warning: it’s work. Like women, communities of color, immigrant communities, and disabled and elderly citizens, now none of us dare take our enfranchisement for granted anymore.

For starters, you can find out more regarding the above list. You want to know what systems are used for where you are and what if any are the paper trails for registration and for balloting; if third parties are contracted for voting machines, scanners, or electronic voting, and if so what are their security guarantees. You want to find out about disability-accessible polling places, information about early voting and absentee voting, about registration and voting for military and civilians abroad, and about how to volunteer as a poll worker.

Join or start a local group; divide up tasks; and start sleuthing. You have a right to ask what your local and state officials are doing to protect your vote. If the answers aren’t satisfactory, organize online petitions, campaign to attract press attention, and pester your mayors, governors, secretaries of state, legislators, and election officials.

Despite White House inaction, some of those blessed bureaucrats who actually care about their work in government agencies are already on the case—as are many city, state, and national nongovernmental groups. Here are resources for learning the current status of cyber threats and other election interference regarding your vote.

The League of Women Voters (both the national office and branches in each state and many cities) and your State Board of Elections, each of which can be found online, are good places to begin. The US Election Assistance Commission sounds like a government body but actually was set up under Help America Vote, is nonpartisan and independent, and has information in multiple languages, including Cherokee, Dakota, Navajo, Tagalog, and Yupik. The Cyber Security Services Catalog for Election Infrastructure put out by DHS—Department of Homeland Security—has online information about operational, structural, and technical strengths and weaknesses (but do not trust DHS as your sole source). The Center for Democracy and Technology, the Center for Internet Security, the Council of State Governments, and especially Defending Digital Democracy (D3P) at The Belfer Center at Harvard, are all useful for info on electoral security in your state and city—and each lists emails and phone numbers for officials.

All states, and many cities as well, have their own voter guides. I urge you to spend an hour on your favorite search engine checking this out. It’s spine stiffening, too, to see how many specific constituencies are addressed. There are lots of Christian voter guides, anti-choice guides, pro-gun guides, and guides with fetching names like VoteUnderGod.com. But there also are voter guides from Planned Parenthood Advocacy Organizations Across America, and guides focused on concerns of ethnic communities, lesbigay rights, disabled citizens, older people, students, and so on. 


Our federal government should be actively supplying us with such information, and supporting our right to enfranchisement rather than suppressing it and passively welcoming foreign interference in it. But that’s not the case these days. So we need to do it for ourselves.

Still, that can refresh the act of casting our votes. It can remind us that all women and that male citizens of color have been beaten, jailed, and killed to secure this right. Rather than the reliable, waiting-on-line, slightly obligatory duty it has been for tragically too low a percentage of Americans in the past, voting is now an act of radical defiance.