The truth about Russia, ‘hacking’ and the 2016 election

There was an avalanche of revelations this past week about Russian efforts to interfere with the 2016 election. On Wednesday, the Senate Intelligence Committee held a hearing on “Russian Interference in the 2016 Elections,” where it was confirmed that at least one state experienced a breach of its voter registration database, though testimony was conclusive that there was no tampering with the actual votes. On Friday, the Washington Post reported that the Obama administration had known about Russian efforts to influence the election since this past summer, while confirming that hacking efforts had no impact on the vote counts.

As I testified before the House Science Committee in September, it’s important to take a step back and assess the actual facts, if we’re to devise an effective strategy to prevent future attacks on our democracy.

{mosads}FACT: The threat is real. There is unanimity of opinion in the intelligence community that hackers working on behalf of the Russian government undertook a coordinated effort to destabilize our election system. As the witnesses from the intelligence and law enforcement community testified, one of their primary objectives was to undermine Americans confidence and trust in their election system. We now live in a world where foreign governments wage war on our country not with guns and bombs, but by attempting to diminish Americans’ faith in our democratic institutions.

FACT: There is evidence of only a small number of successful hacks of voter registration databases. Illinois election officials confirmed that hackers accessed thousands of records in the Illinois state voter database, though no data was altered. It was also confirmed that the Arizona state voter database also suffered a possible hack, but it appears that the state shut down access to the database before any breach could occur. Information on both these attacks had been reported last summer, as I testified before the House Science Committee last fall. On Thursday, there was a new unconfirmed leak reported by Time magazine that an unnamed county was breached, with a limited number of records altered, but subsequently restored. We also know of possible access to voter data held by third parties in states like Florida and Georgia, but it’s important to note that in both cases, the official voter databases in those states remained secure. And there is no evidence that there were any election problems at all related to any of these issues.

FACT: There remains zero evidence that hackers affected the vote counts. Despite the hysteria, it appears that the decentralization of the American system, with thousands of separate election jurisdictions, all using different combinations of technologies, paired with auditable paper ballots cast by around three out every four American voters, was successful in preventing any hacking of the vote itself. Federal officials and members of the committee confirm this. Senator Warner, who as ranking member of the Intelligence Committee is privy to far more intelligence on this issue than the media or the public, pointed out in a statement this week that he is “not aware of evidence that the 2016 voting process itself was subjected to manipulation….” Comey similarly confirmed that he saw “no indication … whatsoever” that ballots were altered in 2016.

FACT: Independent researchers confirm no altering of votes in Michigan and Wisconsin. Researchers analyzed the votes in Michigan and Wisconsin and determined that “voting technology did not distort the votes in Wisconsin or Michigan…. If there was a hack, it appears not to have changed the results.”

FACT: Nevertheless, the hackers were undoubtedly successful in diminishing confidence in our system of democracy. As Democracy Fund reports, even before the election, well over one-third of all American voters were significantly concerned about the integrity of our election machinery and the vote counts. The Russians didn’t need to be successful in altering the vote counts to achieve their goal – they just needed to sow the seeds of distrust among American voters.

But the big question remains – where do we go from here? Here is a suggested plan of action:

1. Election officials are not the problem, they are part of the solution. Those who charge election officials with incompetence, or worse, indifference to the threat, are wrong, and not helping bring about a solution. In the last several months, I’ve spoken at several gatherings of state and local election officials, and I can say with certainty that they are attuned to the threat, and stand ready to address it. For instance, Florida’s supervisors of elections just held a conference where election security and technology occupied much of the agenda over several days.

2. Acknowledge that this threat is real, and that it’s not going away. While there is no evidence the 2016 vote was hacked, that doesn’t mean that Russia and others will not try to tamper with future elections. We must collectively avoid the instinct to be defensive about existing protections, and instead commit ourselves to addressing this very real challenge.

3. Stronger audits of process and ballots will be necessary. We should encourage forensic audits of voter registration activity in 2016, along with deployment of auditable ballot technology followed by robust audits of those ballots. Each state can benefit from looking at its technology and audit requirements to ensure that they can reach the one goal that matters here – to confirm that the technology accurately reported the intent of the voters as they cast their ballots.

4. Review of security protocols and training. Similarly, it would benefit all election offices to review who has access to sensitive systems and ensure proper training and security protocols are in place, like two factor authentication and other protections.

5. Better two-way communication between federal law enforcement and the intelligence community, and state and local election officials. As was clear from the hearing, federal officials need to improve their communication with the professionals who administer elections in the states and counties, who are often learning about threats from leaks and innuendo rather than from direct communication from federal sources who have knowledge of potential threats.

6. Reinvest in election infrastructure. We cannot expect all these improvements to election technology, security, and procedures to come about without a significant investment. Around 25 percent of American voters rely upon paperless, unauditable systems, and replacing those systems could cost hundreds of millions of dollars, and additional security and training will require additional funds.

Most importantly, policy-making to address this existential threat is too important to be driven by widespread speculation and rumor-mongering, often aided by some in the media too prone to sensationalize rather than inform on this issue. If we convince our own voters that their votes don’t matter, we will have done the hackers work for them. 

David Becker is a former senior litigator with the US Department of Justice Voting Section, and currently serves as the Executive Director and Founder of The Center for Election Innovation & Research, a non-profit that works to improve the security, integrity, and efficiency of elections.