Monday’s Iowa caucus snafus related to the reporting of caucus results for Democratic candidates demonstrate ongoing weaknesses with the U.S. national election security enterprise. Democratic Party officials in Iowa chose to use a smartphone app to help report results, but failed to thoroughly test the app at scale or to make sure that precinct officials tried out the app before caucus night. Further adding to the confusion were breakdowns in a parallel phone bank system intended to provide security in reporting results that quickly became overwhelmed as hundreds of caucus volunteers tried to call in results only to be kept on hold for hours or ultimately disconnected.
While the Iowa Democratic Party leaders have said there is no indication of hacking or other deliberate technical compromise, Republicans should be cautious not to point fingers, since they had to change the initial winner in their 2012 Iowa caucuses. More importantly, Monday night’s confusion once again reveals deep vulnerabilities in the election enterprise and could provide adversaries intent on affecting the November 2020 presidential elections with an example of the power of confusion on Election Day.
Much has now been revealed and discussed about Russia’s efforts to compromise the 2016 presidential election, from organizing a vast disinformation campaign on social media to denigrate the Democratic nominee, Hillary Clinton, and promote the Republican nominee, (now President) Donald Trump, to fomenting and heightening social and political divisions within the United States.
Another component of Russia’s campaign centered on probing and exploring election databases in all 50 states. Although no databases were altered or corrupted, Russia may have conducted these efforts more as a demonstration effect for future elections and testing a capability that could have brought more damage if fully weaponized. Technologies like smartphone applications, electronic voting systems, phone banks and voter databases should be looked at as an interconnected ecosystem that requires a more comprehensive approach to prevent future compromise or default like what occurred in Iowa.
There are several potential policy and technical solutions that could strengthen the overall election enterprise. First, the little-known Election Assistance Commission (EAC) – created in 2002 in the aftermath of the issues in the Bush/Gore election – needs broader support both in the Executive Branch and Congress. It currently has only a small staff and annual budget, and its leadership is perceived as partisan. If truly neutral and fully empowered, it could help provide more funding, training, national standards and technology evaluation to election officials throughout the United States — similar to the approach that the National Institute of Standards and Technology (NIST) under the Department of Commerce has adopted on other cybersecurity issues.
Second, the Department of Homeland Security’s Cyber and Infrastructure Protection Agency (CISA) also needs to similarly exert more influence in the election security domain since it was created in late 2018 in order to do address the cross cutting issues between cybersecurity and critical infrastructure – of which election security is one – in the United States.
But to be effective in today’s partisan environment, the people working on these issues need to be, like the U.S. military, seen as nonpartisan. In 2016, many Republican-led state governments mistrusted DHS’s offers of assistance in protecting election cyber infrastructure, and this year’s Iowa Democratic Party refused DHS’s offer of help in vetting its Caucus app. Some things need to be above politics.
Third, Congress should consider creating a nonpartisan election security “czar” to help coordinate the various elements of the federal government beyond the EAC and DHS (including the Federal Bureau of Investigation and Department of Justice, the National Security Agency, the Office of the Director of National Intelligence and the Department of Defense) that can provide for a range of government functions from threat detection, disruption and mitigation; law enforcement investigation and response; and training, outreach and information-sharing with state and local election security officials.
Fourth, Congress should increase efforts to introduce new legislation or revitalize existing legislation designed to address any of the items referenced above. Without congressional support and budgetary authorization, none of these federal initiatives could move forward to provide meaningful solutions. Numerous proposals from the House have died in the Senate, raising the ironic spectacle of nonpartisan elections potentially becoming an election issue that will further undermine the public’s confidence in the outcome of the 2020 election.
The Iowa caucus results did not produce catastrophic failure nor did they appear to be caused by an outside adversary. Nevertheless, they did illuminate several weaknesses with the current election security enterprise that only seem more pronounced when looking at what occurred in the 2016 presidential election. All signs point to our adversaries looking to sow chaos and confusion in 2020 as a means of weakening the winner and diminishing American influence around the world. Faced with these prospects, a status quo approach as we head towards November 2020 seems unwise. Shoring up deficiencies and implementing real solutions will help make the election credible.
Javed Ali is a former Towsley Policymaker in Residence at the University of Michigan’s Gerald R. Ford School of Public Policy and has more than 20 years of professional experience in Washington, D.C. on national security issues. Tom Warrick is a nonresident senior fellow at the Atlantic Council and has more than 35 years of professional experience in Washington, D.C. on national security issues, including senior roles at the Departments of State and Homeland Security.