When the House Committee on Science recently held a hearing on cyber vulnerabilities and our elections systems, the committee focused only on threats facing the actual systems of voting—tabulations, electronic machines, and the possibility of a “rigged election.” Experts who testified at the hearing agreed that a threat to widespread vote manipulation across many different precincts and jurisdictions is very small and unlikely. But dismissing the likelihood of cybertampering with the election tally misses an important point: Cyberattacks could shake public confidence in political institutions, sow dissent and distrust among the population, and tilt the electoral playing field. In an attack this spring, hackers—who I have been advised are from Russia —stole data from the Democratic National Committee and the Democratic Congressional Campaign Committee. They also stole voting data in Arizona and Illinois. Most recently, FBI and Department of Homeland Security officials have confirmed attempted attacks on voter registration systems in more than 20 states. These attacks align with a particular pattern that Russian-sponsored hackers have followed previously in well-documented attempts to influence foreign democratic elections in Ukraine, Bulgaria, Romania, and Philippines. They don’t just release stolen sensitive material; they also create false and counterfeit material designed to impact the outcome of elections.
As our nation’s top intelligence official, Director of National Intelligence James Clapper, recently suggested, outside actors may attempt to find ways to tamper with the U.S. elections system in order to create public doubt about our system’s reliability. As he explains, “The more likely objective here would be to try to sow seeds of doubt about the efficacy and viability and the sanctity, if I could use that word, of the whole system.” An election can be harmed even if the vote count remains unchanged. Simply discrediting a major political party or inciting division among Americans in hopes of reducing voter turnout could be sufficient to alter the results of elections.
This is not just an attack on a political party; it’s an attack on America and our institutions of democracy. But beyond introducing doubt into our political system, there are a number of actions that saboteurs could take to affect our elections systems. For example, cyberattacks that disable voting or tabulation machines, rather than changing the vote totals, could discouraging voting through increasing wait times and long lines. How many voters, if faced with hours long waits and lines stretching for blocks from polling locations, will turn around in frustration and go home without casting their ballots? And if those attacks were targeted to precincts with predictable voting patterns, it’s conceivable that the overall election result in a tight race could be altered. Stolen voter registration information could be used to send targeted, false information about voting locations, dates, or eligibility and reduce turnout among targeted populations—likewise altering election results in a meaningful way.