For better or worse, technology is playing a bigger role in the U.S. election system than ever.
Digital messaging tools that enterprises rely on to communicate with customers are easily deployed for dirty politics. Deepfake videos and misinformation spread like wildfire across social media, to a captive audience of voters who are clocking more screen time during COVID-19 lockdowns.
While technology can serve as a blunt instrument to crack the foundation of America's Democracy, IT systems will also be the way election officials uncover fraud and validate outcomes in a contested election.
Voting machines, infrastructure
Election technology infrastructure is made up of databases of registered voters, data files for each ballot before the election, servers, storage and networks. There are the individual precinct voting machines and software, cybersecurity products, equipment to process absentee and early voting ballots, and statistical models to forecast outcomes.
Mobile apps are playing a bigger part in 2020's election cycle as well, from apps that help voters decide who to choose based on the issues they care about to apps used by some states for actual voting.
With no countrywide or statewide standard systems for voting, the types of hardware, software and the approach vary by district. Many districts use optical scanners to read paper ballots. Some districts print electronic votes and use optical scanners to read them. Others have moved to mobile or electronic voting this year to prevent the spread of COVID-19, despite security warnings about those approaches.
Election experts are concerned about the quick addition of new technologies in communities and expect there will be problems in districts processing a massive influx of mail-in ballots for the first time.
"This election is totally novel in U.S. history," said Walter Mebane, Ph.D., a professor of political science and statistics at the University of Michigan, Ann Arbor. "And any time you have an innovation in election administration, things go wrong."
Media reports show the lack of confidence American voters have in the election system, partly fed by President Trump, who sows seeds of suspicion around mail-in voting with claims that the process will be manipulated. Trump spread warnings of a "rigged election" during his 2016 presidential run as well.
The level of mistrust of the election process coming from inside the White House will make vote audits and verification technologies all that much more critical.
"It's a real challenge, this insider attack [from President Trump] saying he'll challenge the results of the election," said Mebane, who is also a member of the Election Verification Network, a nonpartisan group concerned with the integrity and improvement of U.S. voting systems.
"Once the paranoia sets in, even if all the votes are tallied and in order, with all the suspicions being raised, when the inevitable small and big problems occur -- some due to innocent accidents -- a large part of the public won't trust the outcome, whatever it is," he said.
While concerns about fraudulent votes circulate, age-old voter suppression efforts have become exponentially easier to pull off using web-based messaging tools.
In March, the Texas secretary of state received reports of robocalls to voters on Super Tuesday falsely stating that the primary would take place the following day. During the congressional primary in Florida this summer, some voters received texts with a link to a video that appeared to be from a Republican candidate saying he dropped out. Twilio's messaging platform was used to deploy those text blasts.
Absentee ballot fraud was uncovered in North Carolina in connection with the Republican candidate for Congress in 2018. Absentee ballots were allowed to be collected by on behalf of others. In 2020, absentee voters in North Carolina and many other states can use online ballot tracking technology to make sure the vote they cast hasn't been tampered with and is counted correctly.
Voting systems far from ironclad
Even with technologies to provide peace of mind that ballots are properly processed, there are a number of risks associated with the U.S. election system. One major concern is ransomware attacks on voter registration databases.
Over the summer a false Russian news report claimed Michigan voter data was hacked. No hack occurred, and the "leaked" voter data was already publicly available. The goal of that misinformation, like so much of it, was to create controversy and distrust of U.S. election systems, according to Doug Cahill, vice president and group director of cybersecurity at Enterprise Strategy Group.
"Disinformation is more of a threat to voter confidence than any technology vulnerabilities," Cahill told SearchDataBackup in a report on voter data security. That's not to say the U.S. election system isn't vulnerable to cyber attacks; hacks happen. Computer scientists warn against the use of internet-connected voting systems, or direct electronic recording systems.
In an Election Security hearing on January 9, Matt Blaze, McDevitt professor of computer science and law at Georgetown University, gave testimony recommending paperless e-voting machines be phased out and "replaced with precinct-counted, optical scan ballots that leave a direct artifact of voters' choices." He also called for audits after every election to immediately detect and correct software failures and attacks, adding that "state and local voting officials need resources, infrastructure and training to properly protect election management IT systems against sophisticated threat actors."
Despite those election security concerns, widely held by computer scientists, the risks of spreading COVID-19 through in-person voting and a desire to give active-duty military a way to vote while overseas has tipped the scale in favor of e-voting and even mobile voting in some areas.
West Virginians can cast their vote on a mobile app that uses blockchain to store the ballots until election night, and requires a "heightened standard of identity verification for users than traditional absentee ballot processes," according to information on the secretary of state's website. Voters from six counties used the app to vote in the primary election. Post-election security audits by "several independent and widely respected technology auditing companies" deemed it a secure platform for voting, according to the website. Still, IT experts continue to warn that blockchain isn't secure enough for elections.
While Blockchain's distributed ledgers have proven effective for cryptocurrency, security experts are skeptical about applying it to election systems because it could introduce other issues.
In a keynote presentation during an August 2020 Black Hat conference, Blaze said blockchain-based e-voting adds another layer of software, and complexity, to the election process and makes ballot secrecy nearly impossible. In addition, he said implementations are heavily dependent on the integrity of client software and the data entered into the ledger in the first place.
Further complicating the process, there are multiple approaches to voting -- and multiple technologies -- used within each state. Across Ohio's 88 counties, for example, 13 different vote-counting and tabulation systems are used. All are provided by private companies whose software is proprietary. The software runs on equipment that has been manufactured overseas, if not entirely, then in part.
When the voting apparatus itself isn't trustworthy, technology can help validate election results.
Election Verification Network's Mebane co-leads the Election Forensics project to develop a set of Open Source statistical and computational tools that use pattern recognition to help determine whether votes have been tampered with. There is also Microsoft ElectionGuard, a free, open source toolkit that allows voters and third-party organizations to verify election results and allows voters to confirm their votes were counted correctly. That tool hasn't been widely deployed yet, but it could be part of election infrastructure in the future.
Open source systems that provide transparency into voting verification will be critical in providing confidence to voters. The FBI and Cybersecurity and Infrastructure Security Agency released a joint public service statement in September warning that foreign threat actors and cybercriminals are expected to spread disinformation regarding election results.
Disinformation, cyber attacks and social media
With social distancing and lockdown orders in the 2020 pandemic, voters rely more on digital tools for political discussions. Instead of discussing candidates and issues with co-workers in the office, Americans share political views in a vacuum on social media, spreading and consuming misinformation on those platforms.
A recent Pew Research study shows social media is now among the most common way that people, especially young adults, consume political news. This tendency makes it easier for bad actors to get disinformation in front of voters.
Twitter's policy prohibits posts that manipulate or interfere in civic processes, but states that "not all false or untrue information about politics or civic processes constitutes manipulation or interference."
Under enormous pressure to weed out false information, Facebook in September said it would push authoritative information and take steps to limit false info. Whether Facebook's algorithms are good enough to catch disinformation before it causes damage remains to be seen.
IT experts are also concerned about how easy it is to create deepfake videos. These AI-driven videos are often used as a tool to damage political candidates, but the more serious threat of deepfake videos is their potential to spread incorrect information about how, where and when to vote in the days leading up to the election. Microsoft recently released an AI tool called Video Authenticator to help identify deepfakes. The algorithm behind the technology has an accuracy rate of just 65%.
Microsoft in September also reported that it detected cyber attacks targeting candidates in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns. As part of Microsoft's Defending Democracy Program, the company launched a service called AccountGuard to help candidates and their campaigns prevent cyber attacks.
To date, Microsoft has trained election officials in 38 states on cybersecurity. AccountGuard protects two million email accounts in 30 countries and has sent more than 1,500 nation-state notifications to AccountGuard customers, according to a company representative.