On the security of electronic election infrastructure

I keep getting asked to interview on the topic of election system security and whether I think there is enough being done, whether I think there are risks, and what I think about what is being done. I always direct the requester to talk to Chris Krebs at the DHS. The following is basically all the commentary I’m willing to engage in and though not the totality of any discussion it is my overall view point. I would say that Black Box Voting, the Voting Integrity Project and others were tracking the issues of voting machines and technology long before 2016.

If experts say there is no possible way to secure electronic systems from every adversary why do we use electronic systems for voting? This is a pretty consistent statement. Though MIT profs and a few others say the systems can be made they are either to expensive or to hard for users to actually interact with in most cases. You are left with paper and pen which has issues with counting and auditing. Common statements about computer security suggest a less sanguine answer. It is said to secure a computer you have to “Han Solo” it. Encase the computer in Carbonite and bury it somewhere deep. It is also pointed out that Han Solo escaped.

https://youtu.be/wtADzMEeiE0?t=45

I would ask you whether the speed of reporting is more important than the integrity of the election itself? One reason given for electronic elections is the pressure to provide results ASAP and that reason does not seem aligned with the criticality of election integrity. Look at the debacle of the Iowa Democrat Primary to see how the high tech solution may not be the best.

If security of any system is a risk based decision where you can’t possibly afford to do everything then why would you expect it to be secure against tampering by domestic or foreign adversaries with nearly unlimited funding? In a state where the leaders have the best of intentions you balance the amount of money to protect the election infrastructure (electronic tools, physical tools, audits, etc) on the available funds and the competing priorities. The adversary who may want to jeopardize the integrity or the perception of integrity need only spend a small amount in an asymmetric result that surely isn’t fair but is quite the reality. Remember actually succeeding is less important than creating rancor and distrust. .

If the integrity of the election is so emotional that the former DNC chair is cursing out the RNC chair on television, POTUS is purging people who suggest integrity is not possible, and it is a news story to report on… Why is it even being discussed to continue to use electronic mechanisms?

You have to think of scale of the risk. We’re talking existential national threats to the republic being actioned by under funded, under prepared, and sometimes politically motivated individuals at the state level. You don’t have to be dishonorable, evil, or despicable to have the integrity of an election challenged. You just have to have an opening where the integrity of the election becomes a point of contention rather than a given. Every criminal prosecution enters the arena of the court where adversarial positions move the case forward. In an election the last thing you want is to rely on a contest of rhetoric rather than facts to stand in place of the ballots cast.