Election Security

An Op-Ed From the Future on Election Security

By Alex Stamos
Wednesday, September 4, 2019, 1:38 PM

There have been many pieces, in Lawfare and elsewhere, about the weaknesses in America’s political and election systems. In my career as a security executive, I sometimes found it difficult to communicate risk to non-expert audiences when focusing on a specific vulnerability. It is often more effective to paint a dire but realistic scenario relying on the proven capabilities of real adversaries combined with a variety of known, systemic issues.

Below is a potential Lawfare piece from New Year’s Day 2021, following a not-quite-worst-case scenario of election interference using real vulnerabilities in U.S. electoral systems, as well as social media, traditional media and the political sphere. For a more thorough discussion of weaknesses and recommended mitigations, please see the election security report from my colleagues and me at Stanford’s Cyber Policy Center.

***

Jan. 1, 2021

New Year’s Day is traditionally spent recovering from the previous night’s revelry. This year, the United States awakens to the greatest New Year’s hangover in the country’s almost 245-year history: a crisis of constitutional legitimacy as all three branches of government continue to battle over who will take the presidential oath of office later this month. This coming Wednesday, Jan. 6, a joint session of Congress will meet for what is a traditionally perfunctory counting of the Electoral College votes. With lawsuits still pending in seven states, both major-party candidates claiming victory via massive advertising campaigns and the president hinting that he might not accept the outcome of the vote, it’s time to reflect on how everything went so very wrong.

The first signs of external interference were seen in the spring of 2020. As the Democratic primary field narrowed, a group of social media accounts that had voiced strong support for particular candidates early on pivoted from supporting their first-choice candidates to alleging that the Democratic National Committee (DNC) had unfairly rigged the primary. The uniform nature of these complaints raised eyebrows, and an investigation by Twitter, Google and Facebook traced the accounts back to American employees of a subsidiary of the Sputnik News Agency—an English-language media entity owned by the Russian state. Yet as these groups were careful not to run political ads and to use U.S. citizens to post the content, there was no criminal predicate for deeper law enforcement investigations.

The activity around the election intensified in the summer, when medical records for the son of the presumptive Democratic nominee were stolen from an addiction treatment center and seeded to the partisan online media. But that wasn’t all: Less than 24 hours later, embarrassing photos from the phone of the incumbent president’s single, Manhattanite daughter were released on the dark web. While the FBI has remained silent on the matter, citing an ongoing investigation, the New York Times recently quoted anonymous NSA officials attributing the first leak to Russia’s SVR intelligence service and the latter to the Chinese Ministry of State Security. As to why Russia and China appear to be backing opposing candidates, America’s adversaries do not necessarily share the same geopolitical goals, and it is clear that the Chinese are no longer willing to sit on the sidelines of U.S. politics while the Russians interfere.

This multi-sided foreign interference dominated the headlines throughout the last half of the campaign, drawing the media’s attention away from substantive policy debates and priming the U.S. electorate for the coming catastrophe. Election Day 2020 started quietly, with the familiar television spots showing images of early lines at polling places, interviews with proud citizens wearing “I Voted” flag stickers and footage of volunteers canvassing neighborhoods. The first signs of trouble appeared in Miami, Ft. Lauderdale, Akron and Cleveland, as poll workers were surprised by the unusually large number of mismatches between the voting rolls they had been provided and the ID shown by people intending to vote.

At first, each county assumed that simple errors, such as swapped rolls between precincts, were to blame. But it soon became clear that something much more insidious was afoot. In all four of the affected cities, the documentation used by each county and state election authority contained subtle disagreements on voters’ names and precincts. By about 8:30 a.m. EST, precincts in Florida started running out of the provisional ballots that poll workers had been instructed to give voters whose identities could not be verified, causing extremely long lines and angry outbursts. Poll workers frantically tried to contact election staff at the state and county headquarters, not knowing that simultaneous internet and phone system denial-of-service attacks meant that their calls and emails were not going through.

The registration catastrophe continued to unfold and eventually exploded onto screens across the world when several Floridians used social media to livestream a confrontation between a Cuban American veteran trying to vote and an African American poll volunteer who could not verify his identity. Their argument became physical and ended with the veteran handcuffed and bleeding on the floor while the crowd hurled insults and coffee cups at two bewildered Miami-Dade police officers. While the dispute was eventually resolved amicably and the veteran released, the most inflammatory 45 seconds of the incident were quickly cut together and distributed on social media. In response to a request from the FBI Foreign Influence Task Force to slow the video’s spread, Twitter took down the most popular copy and Facebook labeled it as “disputed.” But this had the immediate effect of driving millions of Americans to upload the video again in protest and forward it via messenger services.

Russia Today carried the first racialized story of a conspiracy to steal the election in Florida at 9:45 a.m. EST. Fox News reported the “controversy” at 10:10 a.m., triggering a presidential tweet referencing potential deployment of the National Guard only three minutes later. The only group to act faster than the troll farms was the election lawyers. Having flown in from New York and Washington, D.C., days earlier, Republican National Committee (RNC) and DNC attorneys across Florida filed two dozen conflicting requests for relief in state and federal courts before lunch.

While chaos reigned in Florida, voters calmly lined up, checked in and registered their preferences in Georgia, Pennsylvania and New Jersey. But while these voters enjoyed the ease and convenience of the direct-recorded entry (DRE) touchscreen systems still deployed by their states, they might also have noticed the lack of any paper trail created by their vote and wondered how their choices would eventually be counted. Around 1 p.m. EST, a random selection of voting machines stopped responding to touch inputs. This was a normal occurrence in elections past, and poll workers apologetically shunted frustrated voters to the remaining machines before removing the memory cards containing all votes registered to that point.

It wasn’t until a selection of voting machines started displaying a ransom note in red on black text that the enormity of what had occurred was clear. As was reported in the following weeks, around a quarter of the DRE systems in the three states had been loaded with a backdoored version of the last code update provided by the device manufacturer. This malware had different impacts based on several factors, and subsequent analysis by the Department of Homeland Security showed that votes may have been subtly changed or deleted—or the entire device encrypted and its contents lost. Without voter-verified paper trails, the votes cast by these systems have been challenged in court.

Even months later, there seems to be no way to discern the will of the electorate in those states without a legally questionable “do-over.” As a result, the legislatures in all three states have taken it upon themselves to disregard the vote totals and appoint their electors instead—leading to widespread protests and lawsuits.

By the time polls began to close on election night, spectators worldwide were glued to their screens, transfixed by what appeared to be the greatest American electoral crisis since the Compromise of 1877 handed Rutherford Hayes the presidency and ended Reconstruction. With an audience of billions watching, U.S. adversaries had one final trick up their sleeves. At around midnight EST, CNN and Fox News reported completely different vote totals in Wisconsin and called the state going in opposite directions—confusion generated by subtle manipulation of the intermediate counting systems, websites and data links providing vote returns. While the networks both retracted their predictions quickly, tweets sent by the hacked Twitter accounts of the top personalities at both networks have left an enduring impression with the U.S. electorate.

It is small comfort that there is now one topic on which most Americans can agree: The latest polling shows that fully 78 percent of Americans believe that the election has been stolen. The hitch, of course, is that Americans do not agree which candidate is the rightful president and which the usurper.

That brings us to the present day. Two groups of electors purporting to represent the voters of Pennsylvania, one appointed by the legislature and the other by the governor, met in December and transmitted competing “official” results to the archivist of the United States. Lawsuits have prevented the electoral results of three other states, including Florida, from being submitted, and multiple cases with no clear precedent or outcome are still pending before the U.S. Supreme Court. At this point, it seems a distinct possibility that the House and the Senate will end up selecting the president and vice president, likely with no regard to the votes cast in each state—a complicated process made even more so by the fact that doubts over the presidential vote have also raised questions about the legitimate composition of Congress.

This crisis was both predictable and partially avoidable. Since 2016, many institutions have warned the American public and Congress of the potential risk to U.S. democracy. The Senate Intelligence Committee’s report from last summer, which followed Robert Mueller’s anguished plea for action, contained the evidence needed to understand that this kind of attack was possible. While an open society like that of the United States will always have some vulnerability to attack, action by Congress to set standards for election systems, fund upgrades to federal and state capabilities, and create legal structures for coordination between the public and private sectors could have prevented some of these problems. In the bigger picture, the reluctance of the U.S. Senate and president to appropriately punish Russian malfeasance in 2016 likely emboldened Russia to try again in 2020. The Russians were not alone in their actions this time. It is now believed that the cyberwarfare arms of the Iranian Revolutionary Guard Corps, the Chinese People’s Liberation Army, the Lazarus Group of North Korea as well as patriotic hacking groups in Vietnam and Pakistan were all involved in the Election Day shenanigans, likely without any foreknowledge or coordination.

We couldn’t have known,” voices on Capitol Hill have argued again and again in the months since the election—including the Senate majority leader. If only there was a way to go back in time and help them understand the risks of their inaction.