Let’s put aside for a moment the question of whether anyone connected to President Donald Trump colluded with Russia in its attempts to hack the 2016 election. Let’s not get into an argument about whether the effort changed any votes, not to speak of the outcome. Let’s not even worry about whether Vladimir Putin himself was involved.
The fact is, the hacking was massive, sophisticated and far more widespread than previously thought. According to a new report from Bloomberg, hackers broke into the election systems in 39 states. They may not have succeeded this time in breaching the voting machines themselves or even in substantially disrupting the voter registration rolls. But next time, they could.
It doesn’t take much imagination to see how that would sow chaos and undermine trust in our democracy. That’s because our disorganized, underfunded and inconsistent voting systems — not to speak of actual, organized efforts by Republican officials to purge voter rolls and keep minorities, young people and the elderly from the polls — have done more than enough in that regard already.
We see enough distrust of the system every time some polling places open late because not enough judges show up; imagine that multiplied thousands of times across the country in the next presidential election, with hours-long lines at the polls and voters turned away in state after state. Hackers wouldn’t need to actually change votes to influence the outcome.
They could delete records of voters registered with one party or another, or they could seek to crash systems in precincts likely to vote heavily for a particular candidate. People could still vote using provisional ballots or other means, but many would simply go home. Hackers wouldn’t even necessarily have to favor one party over the other — as they are believed to have done in 2016 — in order to delegitimize the winner. Doubt about the validity of the outcome would be enough to suit the Kremlin’s goals of undermining the West.
The details that have emerged so far about the Russian effort underscore how difficult out election system is to secure. Hackers reportedly targeted employees of voting system vendors by sending them fraudulent emails designed to get them to provide their passwords. They used the information they gained through those efforts to target election officials themselves with deceptively realistic fake communications. Thousands of people work on our election systems, either as public employees or contractors; it only takes security mistakes by a few of them to provide opportunities for serious mischief.
Adopting balloting systems with voter-verified paper trails is a good first step, though one that hasn’t been universally adopted. About 20 percent of voters still use machines that leave no paper trail, including some in swing states like Pennsylvania.
And having paper ballots doesn’t matter if no one checks them. Maryland conducted a variety of post-election audits this year, though that didn’t satisfy some critics because the audits relied on reviews of the scanned images of ballots rather than an examination of the actual paper copies.
Elsewhere — notably, the electorally crucial states of Wisconsin, Michigan and Pennsylvania — the effort to audit became a politically charged exercise. Such mechanisms need to be automatic and not dependent on a candidate requesting or funding them.
When reports of Russian hacking efforts first surfaced last summer, New York University Law School’s Brennan Center for Justice issued a report on vulnerabilities of our voting systems, noting that voting machines across the country were outdated, leaving them prone to errors, if not hacking, and that lax procedures left many state or local voter registration systems at risk. The former problem can be solved through greater federal investment in supporting voting machine hardware purchases at the state and local levels.
It’s a good thing that we have variation in the types and manufacturers of our voting machines because it makes wide-scale manipulation more difficult. But we do need more uniformity in their age and quality. As for registration databases, more needs to be done to ensure that local and state officials follow some basic precautions, for example making frequent paper back-ups of the rolls and employing auditing techniques to flag unusual activity.
What we absolutely do not need is a president who dismisses the entire question as sour grapes and excuse-making by Democrats.
This cannot become a partisan question. We all have a stake in ensuring that our voting system remains reliable and trusted, and we need Republicans and Democrats alike to make it a top priority immediately. The 2018 congressional elections are only 17 months away.