The Catch-22 of Addressing Election Security

Earlier this month, when the former Georgia U.S. senator David Perdue filed a lawsuit seeking to examine last year’s absentee ballots from Fulton County, the state’s largest election district, he became the latest Republican to parrot the cynical rhetoric of election fraud championed by Donald Trump. Just a few days earlier, Perdue, who lost reëlection…

Powered by NewsAPI , in Liberal Perspective on .

news image

Earlier this month, when the former Georgia U.S. senator David Perdue filed a lawsuit seeking to examine last year’s absentee ballots from Fulton County, the state’s largest election district, he became the latest Republican to parrot the cynical rhetoric of election fraud championed by Donald Trump. Just a few days earlier, Perdue, who lost reëlection to his Democratic opponent, Jon Ossoff, in a run-off election in January, not only declared his intention to challenge the incumbent Republican governor, Brian Kemp, in the 2022 primary but also announced that, if he had been governor in 2020, he would not have certified the Presidential election results. Not surprisingly, Trump has endorsed Perdue. (Kemp, who ran in the 2018 Republican gubernatorial primary as a Trump acolyte, was quick to point out via a spokesperson that “David Perdue is so concerned about election fraud that he waited a year to file a lawsuit.”)

It’s unlikely that Perdue’s lawsuit will be any more successful than a similar one filed by nine voters in Georgia, which was thrown out in October. But there are other ways of winning. According to a Center for Election Innovation and Research poll, more than sixty per cent of Republicans now believe that the election may have been stolen. That narrative may not have been able to overturn the 2020 election, but it is undermining future elections by seeding widespread doubt about the legitimacy of the democratic process. Perdue, for instance, is claiming that sixteen Fulton County election officials, whom he has identified by name, counted and certified “unlawful counterfeit absentee ballots.” In so doing, he has joined a disturbing trend of vilifying election administrators for not delivering the Presidency to Trump. (A recent investigation by Reuters found more than a hundred threats of death and other acts of violence against election workers and officials.) Meanwhile, actual measures to shore up election security—such as those included in the Freedom to Vote Act, the Democrats’ aspirational election-reform bill, which includes protections for election workers and voter-verifiable paper ballots—seem destined to wither on the vine of the filibuster.

“If Republicans were serious about protecting elections, they wouldn’t have blocked bills that required high-quality audits and strong security standards multiple times in the past two years,” Senator Ron Wyden, the Oregon Democrat and the sponsor of the Protecting American Votes and Elections Act of 2019, which would have mandated hand-marked paper ballots and statistically rigorous post-election audits, told me in an e-mail. “Instead they’re focused on sham audits and wild conspiracies.” What this has done, Wyden said, is “to make it nearly impossible to have an honest discussion about election security.”

In the estimation of Douglas W. Jones, an emeritus professor of computer science at the University of Iowa who has been researching and writing about election security for more than two decades, “It’s a very natural reaction of any elected politician to say, ‘I don’t really want questions asked about the election that put me in office.’ ” This time, though, politicians face a different, less self-interested dilemma: What if identifying potential deficiencies and insecurities feeds the election-fraud narrative? Jones, himself, was surprised last fall when, he says, he got two calls from people claiming to represent Donald Trump, who asked him to weigh in on various voter-fraud lawsuits. “I immediately wondered why in hell were these people phoning me, and I started Googling around and found a bizarre screed that listed me and a shortlist of others as people who were guaranteed to testify before the Supreme Court that the voting system was utterly and completely full of flaws,” he said. (He added, “I know I’m reading something written by someone who is an ignoramus, because the Supreme Court doesn’t take testimony.”) Jones declined the offers.

The screed that Jones referred to is an open letter to Trump’s lawyers and “other freedom fighters,” published online by a perennially failed Ohio congressional candidate and avowed anti-Semite named Jim Condit, Jr. In what is now the topsy-turvy world of election security, Condit advances the rigged-election narrative while also advocating for the use of hand-marked paper ballots—as many election-integrity advocates do—in order to insure that there is a physical record of a voter’s intent. (Unlike those advocates, he opposes mail-in ballots and other ways of making it easier to vote.) The shortlist of names that Jones found himself on is Condit’s inclusion in his memo of the names and credentials of members of the boards of directors and advisers for Verified Voting, a well-respected nonpartisan pro-democracy organization that promotes responsible use of election technology. Its advisers include many preëminent computer scientists and academics. J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, is one of them.

For years, Halderman has been calling attention to the potential vulnerabilities of computerized election systems; he has even performed hands-on demonstrations for a Times video and at the Defcon hacking convention, to show how certain voting machines can be easily manipulated to flip votes. In the past, when Halderman was asked if he worried that he might be handing hackers tools to subvert an election, he said that he wasn’t revealing anything that a sophisticated hacker didn’t already know how to do. But, when I spoke with him recently, he expressed concern that voting machines also may be increasingly susceptible to internal attacks. “Over the last year, technically skilled people working with different right-wing audit groups and different lawsuits have gained access to election equipment from local clerks and election officials, who were willing to give them extraordinary access,” he said. “This is allowing them to learn things about the real security problems with systems that could be used to exploit them.” (The F.B.I. is currently investigating breaches of election systems that occurred earlier this year in Ohio and Colorado, when outsiders on the hunt for voter fraud gained access to county election networks, apparently with the assistance of local government officials.)

The fact is that, despite real gains over the past several years in shoring up the security of election systems in a number of states—with increased cybersecurity training for election officials, the introduction of risk-limiting audits, and the elimination of touch-screen voting machines—many of those systems continue to have weaknesses that could leave them open to attack. Some are still connected to the Internet, or encode voters’ choices in bar codes that are unreadable to the human eye, or don’t provide a paper trail. Additionally, not all voter-registration systems are secured behind a firewall or outfitted with monitors that alert administrators to a breach. Electronic poll books, which are used to check a voter’s eligibility to cast a ballot, are vulnerable to malware attacks and remote hacking; according to Verified Voting, almost seventy-five per cent of registered voters now live in jurisdictions that use e-poll books. There is little oversight or regulation on e-poll-book companies or on election venders more generally.

To be clear, acknowledging these vulnerabilities is not an admission that they have been exploited to change the outcome of an election. Or, as Jones put it to me, “even if the barn door is unlocked, it doesn’t mean someone went inside and robbed it.” Halderman conducted a twelve-week study of Georgia’s new ballot-marking voting machines, beginning a few months before the November, 2020, election, and uncovered numerous security flaws, such as the potential for a malicious actor to install software that could alter votes. But he has also defended the vender of those machines, Dominion Voting Systems, from spurious claims made by the former Trump lawyers Sidney Powell and Rudy Giuliani that the company conspired with Facebook to rig the election for Joe Biden. (In July, U.S. District Court Judge Amy Totenberg put Halderman’s report under seal, likely out of fear that it would be used to amplify accusations that the 2020 Presidential election had been stolen. She also denied Dominion access to the report so that the findings would not be disclosed in litigation against the company.)

Read More