What happened to election security?
Ah summertime, heat, humidity, Black Hat! In 2020, Black Hat, like so many conferences was held virtually, and I was fortunate to participate on a panel talking about election security. As a matter of fact, I did several panels and discussions around securing the election of 2020. We discussed and covered several different areas; voting using an app on the mobile device, on a website, electronic voting in various flavors, block-chain voting, and there was a lot of discussion about the security of the voting machines in use across the nation. Which machines have paper backups, and don’t, which ones could be hacked (as demonstrated at Black Hat) and lots more.
Then the election happened, and other than the false narratives that came out of it, the 2020 election really was the most secure election we have had. And through all of the discussions about the threat vectors, and exploits, much of what we said was that we needed more time to work through the technology and policy challenges, and that trying to do that with an election only months away was foolish.
Now, here we are in the summer of 2021. Are we working on those voting alternatives? Are we addressing the policy and technology challenges? Are we evaluating identity, validation and verification of cast votes, privacy, and secrecy? There are probably some folks who are, but it is not in the mainstream of discussion.
What is happening is that many states are passing legislation regarding voting, but not to improve the security of electronic voting or the voting machines. Instead, in the first 6 months of 2021, 18 states have enacted 30 laws to restrict access to casting a ballot, and there are a total of 400 pieces of legislation pending at the state level to restrict voting.
There is some positive news, our friends at DHS CISA have updated many of the information resources available around election security, including the newest library of Mis, Dis, and Malinformation, to assist state and local governments, and the private sector to understand and combat the threat from erroneous reports and information.
Years ago, James Moore wrote a book called “Noah Built his Ark in the Sunshine”. I always liked the image of that title. Noah did not wait until it started raining to begin building the boat. We should not wait until we are once again facing a monumental election, to revisit the discussion around using the mobile phone to cast a ballot, be it via an app or on a website. Many of the states will be using the same voting machines and technologies for the midterm elections in 2022 and likely for the 60th quadrennial presidential election in 2024. The same equipment and technologies coupled with more restrictive voting access, will surely bring about even louder voices for a different approach to enabling people to cast their secret ballot and to participate in the electing of officials for this constitutional representative republic in which we live, and call a democracy.
Ah, summertime, heat, humidity, and thunderstorms – maybe enough rain to remind Noah why the boat needs to be built in the sunshine, and maybe enough threat to remind us why we need to be building a better voting system, now.