In our consulting days, a former boss – a retired Army Colonel – enjoyed sharing his Cold War recommendation for protecting sensitive documents from the KGB: fill up a fleet of tractor-trailers with every U.S. government document, and then dump the entire contents on the doorstep of the Soviet Embassy. It was his firm belief that processing that flood of paper would force the Soviets to replicate the Beltway bureaucracy, and he was confident that communism simply did not have the resources to handle the ensuing chaos.
The Colonel’s tongue-in-cheek recommendation illustrates why, notwithstanding warnings and prophets of doom, Election 2016 probably cannot be stolen by hackers alone. This isn’t to say that these experts’ warnings are unfounded. After all, 2016 has been dominated by news of one high-profile cyber breach after another. Voting machines have been shown to be vulnerable. Some states’ election databases have been hacked. Embarrassing internal campaign correspondence has been leaked. And just last week, much of the country witnessed a Denial of Service attack on an unprecedented scale that paralyzed online services including Twitter and Netflix.
Each of these incidents supports an undeniable truth: that much of our cyber infrastructure is not secure. So what would stop a foreign government from electronically changing election results in favor of its preferred candidate (or simply from throwing the entire American election system into chaos)?
Simply speaking, they will be stymied by the fact that there is no single “American election system.” International readers may be accustomed to a single election body that sets schedules, issues standard equipment, designates sites, appoints election officials, arranges for tabulations, and certifies the result.
The United States has no such body. Most of the 50 states have a state board of elections. But most of the voting arrangements are handled at the county level. North Carolina, for instance, has 100 counties. That means that North Carolina effectively has 100 election systems within a single state. Each system has its own ballots, machines, and other paraphernalia. Extrapolating that complexity across 50 states and thousands of counties results in a staggering number of potential variables.
The 2000 election cycle showed the weakness of the system: talk of hanging chads, dimpled votes and butterfly ballots dominated the airwaves for weeks and took acrimonious litigation to resolve. 2016 is poised to demonstrate the robustness of the system: a foreign government seeking to tamper with national election results would confront a bewildering array of systems. Some precincts still use paper ballots. Others use machines. Individual machines can be hacked, but budgetary constraints have meant that the majority of machines – even those that are not purely mechanical – rely on aged software. This means that in many cases both the software and the hardware is cumbersome and antiquated. But it has a great advantage: its pre-connectedness pedigree makes it exceedingly hard to hack.
As the FBI Director recently observed, the “beauty of the American voting system is that it is dispersed among the 50 states, and it is clunky as heck . . . A lot of people have found that challenging over the years, but the beauty of that is it’s not exactly a swift part of the internet of things, and so it is hard for an actor to reach our voting process.”
But even if it could be hacked, a foreign adversary seeking to hack the election confronts the Soviet Embassy problem. It would have to replicate countless systems, not just one. It would then have to identify weaknesses in each individual system. And it would have to introduce malware or some other hacking mechanism in each system – a task made much harder by the fact that the age of many systems requires physical access to the machine.
An intelligence operative trekking through rural Ohio or crawling through New England town halls has an infinitely harder job than a hacker who can attack a single system from another continent. And even the most intrepid operative would need many colleagues to replicate his physical tampering across many states in order to have an impact. To quote FBI Director Comey again, “Even if hackers could reach into a state voting system, they may find ‘it actually isn’t a fiber optic cable, it’s a woman named Sally, a guy named Joe [who] pull out the punch cards, and that’s hard to reach,’’ … There’s a lot of pain in that, but there’s a lot of beauty.’’
None of this means that election process is bulletproof. Cyber attacks are not limited to hacking voting machines to change vote counts. A sophisticated actor can use far more subtle cyber measures to get to the same end: tamper with voter rolls or strategically release critical information during the campaign. None of these measures requires a nationwide approach, and a variant of each has been used in this election cycle. We can anticipate subsequent actors becoming increasingly sophisticated in their approach. That being the case, it may be advisable to preserve the “clunky” aspects of the American elections for the foreseeable future.
Software developers relish an old and well-established meme whereby any error or limitation (or clunkiness) in the software can be explained away by insisting that “It’s not a bug, it’s a feature!” Use of the same equipment that brought about the 2000 embarrassment may be a bug. But in protecting the nation from a massive cyber attack on the election system that could make 2000 look like a model of efficiency (or a Jimmy Stewart movie) by comparison, the clunkiness may be the one feature that rules them all.
Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or firstname.lastname@example.org. Mike may be reached at 919.783.2851 or email@example.com.
Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601 | © Poyner Spruill LLP. All rights reserved.