In late March, Congress passed a significant spending bill that included US$380 million in state grants to improve election infrastructure. As the U.S. ramps up for the 2018 midterm elections, that may seem like a huge amount of money, but it’s really only a start at securing the country’s voting systems. A 2015 report by the Brennan Center law and policy institute at New York University estimates overhauling the nation’s voting system could cost more than $1 billion – though the price could be partially offset by more efficient contracting. Most voting equipment hasn’t been updated since the early 2000s. At times, election officials must buy voting machine hardware on eBay, because the companies that made them are no longer in business. Even when working properly, those machines are not secure: At the 2017 DEF CON hacker conference, attackers took control of several voting machines in a matter of minutes. Securing electoral systems across the U.S. is a big problem with high stakes. This federal money being provided to states now may not be the last of its kind, but it’s what’s available right away, and it must be used as efficiently as possible.
… The government must not only act, but also reassure the electorate that those actions reflect how seriously officials are taking public concerns. States may want to consider something similar to the “Hack the Pentagon” program, which has been publicly visible as well as effective in flushing out security issues in specific Defense Department systems. “Whether you’re a well-funded government like the U.S. or anyone else, you have to work with the hacker community,” said Katie Moussouris, who helped start “Hack the Pentagon” and also created Microsoft’s bug bounty program. It’s a bold move, but inviting white-hat hackers to publicly probe election systems – and paying them for information on the vulnerabilities they find – would show voters that states are serious about solving problems.
There is a lot of work to do to secure U.S. elections, but $380 million is a good way to start. If states spend it in the most meaningful ways – patching both their machines and the population’s trust – they will build a system that’s secure, trustworthy and works for all the people.