Voting systems in the United States have come a long way since the hanging chads of the 2000 recount in Florida — but now cybersecurity is as big a concern as ballot fidelity.
Here’s what you need to know.
The good news
There are about 3,200 counties or their equivalents across the United States and its territories, ranging in size from Los Angeles County with around 10 million residents to Kalawao County, Hawaii, with fewer than 100. Most counties — more than 70% — have populations under about 50,000, says the National Association of Counties.
That huge breadth and diversity means that most elections truly are local and it would be nearly impossible for a foreign adversary to touch them all with a single effort.
Elections in the United States remain, as then-FBI Director James Comey famously told Congress, “a bit of a hairball.”
The bad news
A huge breadth and diversity of counties means a huge breadth and diversity of security capabilities.
Also, every jurisdiction that runs elections in the United States doesn’t present the same kind of appeal to a foreign interference campaign. The results of a close election can depend on turnout in only a few key states or other locations, meaning some locations are under much more pressure than others.
At the same time, evidence about successful interference in an election system anywhere in the United States would raise questions about the integrity of elections everywhere. Russian cyberattackers have been able to gain access to voter databases and other systems around country, but U.S. officials say they believe no votes have been changed.
Risk of compromised votes
A worst-case fear is that a cyber-compromise could allow a foreign adversary to change Americans’ votes and throw results in key places.
Twelve states include jurisdictions that use paperless voting machines, according to a report by the Brennan Center — although efforts are underway across the country to upgrade machines by Election Day 2020.
Some experts fear that without a paper record for a person’s ballot, there’s no way to audit an election after the fact and verify the total. But there are other worries about cybervulnerabilities, including the systems used to check voters in on Election Day — called e-pollbooks — and databases of voter data used by officials or vendors that the public doesn’t see.
Russian cyberattackers accessed those kinds of databases in some places in their attack on the 2016 election, according to the findings of Justice Department special counsel Robert Mueller.
Risk of spreading false information
Foreign election interference in recent years has mostly been about influencing the information environment within the United States.
That could be a way in which voters’ behavior is affected without a compromise to elections systems. Imagine a highly convincing fake video that went viral on social networks just hours before a key milestone in an election.
There are other, older types of mischief that could influence people: emails circulating ahead of Election Day that offered people a link to “vote online” — tricking someone into thinking they’d cast a ballot and staying home on the real Election Day. Or a text message that said, “Republicans vote on Tuesday. Democrats’ day to vote is Wednesday.”
This chicanery often takes place in elections but it’s getting new attention following the Russian interference in 2016.
Vulnerable voting machines
Voting machines are like any other computer — the older they get, the less current they remain. Much of the fleet of electronic voting machines in the United States was designed without security in mind, in response to the last big national flap over an election in 2000.
The last big national focus on voting machines was about making it as easy as possible for voters to understand and record their intentions, and ease-of-use remains a major priority. The tension between accessibility and security could remain a big theme ahead of the big vote in 2020.
High cost of replacing voting machines
The Brennan Center estimates that it might cost somewhere between $580 million and $3.5 billion to replace all the voting machines in the United States, although there are no official estimates from the government.
There also isn’t legislation that would authorize the spending of that kind of money and there probably isn’t time, even if Congress supported doing so, to recapitalize all voting equipment before Election Day. About 16 million Americans will use paperless voting machines in the 2020 election.
Congress may not act before Election Day
Congress has authorized about $380 million to upgrade voting machines around the United States. Law enforcement and intelligence agencies say they’re working to help safeguard against foreign interference and strengthen cybersecurity.
Lawmakers also have discussed mandating a paper ballot backup for every vote; increasing restrictions and disclosure for social media platforms; and requiring U.S. campaigns to report to the FBI when they make contact with foreign government agents.
There’s no consensus about the details, however, and it isn’t clear whether any bill could take effect before Election Day.