It’s likely too late to save the midterms. Without a miracle, the weaknesses and vulnerabilities in some states’ voting systems can’t be hardened against foreign cyber threats. But, at least, the damage that can be inflicted in November is limited to just a few states and localities. The looming crisis is in 2020. If, in mid-November two years hence, officials announce that foreign hackers infiltrated elections systems and the vote totals can’t be independently verified, we could face the biggest democratic crisis since 1876. Luckily, there is a bipartisan solution slowly working its way through Congress. Congress has received a lot of criticism of late for its inability to craft and pass productive legislation that does anything besides spend money (and even that it can barely do sometimes). The Secure Elections Act is a welcome exception to that rule. The bill has co-sponsors from across the partisan spectrum, from Sen. Lindsey Graham (R-S.C.) on the right to Sen. Kamala Harris (D-Calif.) on the left. It makes sense that a group of people who rely on elections for their jobs and their legitimacy wouldn’t want a hacker in Moscow or Beijing having more of a say than their constituents.
The central problems it addresses are two-fold. First, five states – Louisiana, Georgia, South Carolina, New Jersey, and Delaware – use voting machines that are purely electronic. They leave no permanent vote record. That makes these states and their combined 50 electoral votes prime targets the kind of infiltration seven states experienced in 2016. Luckily, last time, no vote totals appear to have been changed. There’s no guarantee for 2020.
The bill, co-authored by Republican Sen. James Lankford (Okla.) and Democratic Sen. Amy Klobuchar (Minn.), would grant federal money to any state or locality to replace digital-only voting machines with ones that leave a paper trail. The authors rightly point out that an attack on one state or locality can throw an entire election into doubt, especially in a presidential year, so Congress has a duty to ensure every state runs a secure election as a national security matter.
The bill would also require states to perform an audit of every election, in which a sample of paper records would be checked against the computer results to guarantee no interference had taken place. Without audits, the paper records are worthless, like a warning light that no one can see.
The second problem the Act would solve arose during the 2016 campaign. Since no large-scale cyber-attack had ever been launched at an election system before, there were no clear procedures or strategies for defense. Under the Secure Elections Act, the Department of Homeland Security would act as a central hub for election protection – a roll the Department has already begun to play in a less formal capacity. They would work with the intelligence community and the FBI to identify threats before they occur, and coordinate with state election agencies to ensure a robust response. To facilitate cooperation, the bill would give priority to security clearances for state election officials, who would then be legally allowed to receive threat information from DHS.