In early June, the Allegheny County Board of Elections held a special meeting in downtown Pittsburgh, inviting a trio of election security experts to offer advice as the county selects new voting equipment. Marian Schneider, a former Pennsylvania state elections official and the current president of Verified Voting, an election security watchdog group, gave an opening statement framing the day’s conversation in stark terms.
“2016 demonstrated what many of us have long believed…the threat to our computerized voting system was not merely theoretical, but real and persistent,” she warned, reiterating that another nation had “conducted a well-orchestrated attack on American democracy.” The members of the board solemnly listened, took copious notes, and thanked the panel for their expertise as they assessed bids offering new and more secure equipment.
After the meeting, Candice Hoke, a longtime election administration and security expert who’d also been invited to speak, described the gathering as an unusual bright spot, contrasting the attention Allegheny County had devoted to the issue to many places around the country where the state of election security lags. Efforts by federal agencies to work with states and jurisdictions to improve election security are helping, Hoke says, but the bureaucrats overseeing the country’s more than 10,000 election jurisdictions are still routinely outmatched.
“There is no way to plug all the vulnerabilities,” warned Hoke. “You can’t educate these people to be security experts, nor should we expect to.”
But the task of protecting American balloting has largely fallen to these local officials, and, according to interviews with elections administrators in key counties in Michigan, Ohio, Florida, Arizona, Pennsylvania, and officials in state governments, the Department of Homeland Security, and the FBI have been much more proactive in working with counties to protect elections then they had been heading into 2016. While early DHS efforts prompted worries about federal overreach among local officials, many of them have since welcomed Washington’s help, which has included coordinating scans of election networks, running tabletop exercises modeling new threats, and greater information sharing. Such assistance comes after revelations of Russian attempts to hack election vendors and local boards—confirmed in detail in late July by a bipartisan Senate Intelligence Committee investigation and more broadly in special counsel Robert Mueller’s April 2019 report—helped prod Congress and more state legislators to put at least some money toward election security, and prompted several states to replace outdated and insecure equipment.
“If you’re a county official and [the Mueller Report] doesn’t scare you…,” said Chris Deluzio, an election security expert at the Institute for Cyber Law, Policy, and Security at the University of Pittsburgh. “It should make you think long and hard about what choices you’re making about vendors, how you select them, and how you manage cyber security risk.”
Overall, county officials say election security has improved over the last couple years.
“Things are trending in the right direction,” says Sherry Poland, the director of elections in Cincinnati’s Hamilton County. “Prior to 2016 there was a great emphasis always on physical security. Since 2016, we’ve learned that we have to beef up our best practices, our procedures, our sharing of information, when it comes to cyber security.”
Two and a half hours east lies Vinton County, one of Ohio’s smallest counties and a place where 70 percent of the ballots cast in 2016 went for Trump. Elections Director Lynn Herrold says she’s seen election security “change a lot” over her nine years working in related positions. “It’s just so high up right now, that’s what they’re worried about the most,” she said.
In June 2018, then Ohio Secretary of State Jon Husted required every local board of elections to join the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), an initiative launched months earlier by the nonprofit Center for Internet Security (CIS) with the support of the Department of Homeland Security, to coordinate security updates, best practices, and—if needed—incident response for election administration officials nationwide. Husted also ordered every county to undergo DHS election-related security assessments gauging their resistance to phishing and the resiliency of their internet-accessible services. Husted, now Ohio’s Republican Lt. Governor, also provided smaller counties with state IT services, and offered reimbursements for security consultants. Vinton County brought in one such tech. Herrold says she and her colleagues have learned to update their passwords more often, be very skeptical of incoming emails—one of the main avenues for an attacker to slither into a computer system—and remain alert for efforts to compromise their systems. EI-ISAC emails come “every day,” she says, updating her team. One state directive shared with the county included a reminder about the risks of USB thumb drives. “Remember to treat a removable media device like an ice cream tasting spoon,” the advisory read. “Use it only one time.”
Still, Herrold is skeptical that Vinton County would be a target. “I mean, it’s possible anywhere,” she says. “But I think [the threat] is very low here.” Why? “I don’t know, just the county we’re in.”
Pennsylvania, a perennial swing state, is considered to have some of the nation’s least secure voting equipment: In 2018, voters in a majority of the state’s 67 counties voted on machines that left no verifiable paper trail. In April 2018 Democratic Gov. Tom Wolf ordered all counties to upgrade to machines with auditable paper trails in time for the 2020 presidential primaries.
Brenda Munz, the chief clerk in rural Cameron County, Pennsylvania, said she wouldn’t see any need to spend the money to upgrade her county’s voting equipment had Wolf not forced her hand.
“Our system we have right now that we have, I love it,” she says. “It’s not attached to the internet, so I don’t know what all the hubbub is about. But I guess we have to follow the powers that be and say we need to get new ones.”
Security experts generally cringe when locals officials boast, as many do, about the safety benefits of machines that aren’t connected to the internet. Current voluntary guidelines widely used to judge voting machines don’t prohibit such connections. And in the past, equipment vendors have claimed systems don’t touch the internet, only for it to be revealed later that they do; Wired recently reported a group of security researchers had discovered dozens of backend election systems said to be offline, including several in swing states, were actually connected to the internet. In any case, offline systems have been subject to sophisticated cyber attacks—in 2009 and 2010, the US and Israeli governments deployed malware later known as Stuxnet to destroy nearly 1,000 Iranian nuclear centrifuges unconnected to the internet.
Schneider of Verified Voting says many local officials have too much confidence in their systems, and doubt any need for costly replacements. A recent Associated Press analysis found “the vast majority” of the nation’s 10,000 jurisdictions administer elections with older Microsoft operating systems, which the company has or will soon stop offering security updates. “I think there’s a lot of skepticism among election officials, because they deal with vendors most of the time, and they get a lot of their information from vendors,” Schneider said after testifying in Pittsburgh. “They don’t see the threat,” she added.
Pennsylvania Republicans have, like Munz, pushed back on the governor’s directive, arguing that the estimated $150 million price tag is too much and represents an unfunded government mandate. In July, Wolf announced the state would take out a $90 million loan to fund up to 60 percent of counties’ costs. One state Republican told Mother Jones the party might sue to stop the move, arguing the governor lacks authority to assume debt for the initiative.
Munz says one vendor quoted Cameron County replacement costs of about $250,000, and another roughly $350,000, adding that the county’s total annual spending is about $8 million. “We definitely did not have that in our budget,” she says. “It’s a big, big expenditure.”
Election officials across the country have long complained about underfunding but got a rare bit of good news in the wake of the questions raised by 2016. In March of 2018, Congress appropriated $380 million in security funding to be spread between the states, with each getting a minimum of $3 million with additional funds allotted based on states’ voting-age population. But those numbers pale in the face of nation estimates of what upgrading to secure equipment would cost nationwide. As Rep. Mike Quigley, an Illinois Democrat who sits on the appropriations committee, told Mother Jones at the time, “Probably the decimal point was in the wrong spot…It should have been more like $3.8 billion.”
Under that 2018 appropriation, Pennsylvania received $13.5 million—less than 10 percent of the projected costs to upgrade the state’s systems. As Georgia considers upgrading its machines over the next decade, cost estimates range from the tens to hundreds of millions of dollars. Nationwide it would cost more than $1 billion to replace paperless touch-screen machines, according to Alex Halderman, an election security expert at the University of Michigan, a figure that doesn’t include other types of vulnerable machines or investments in other aspects of election administration.
Wendy Link, the Palm Beach County supervisor of elections, tells Mother Jones her county has already spent more than $10 million in the last couple of years upgrading its voter registration system and voting equipment. The county also received a grant from the state to buy into a computer network monitoring system known as Albert, run by the Center for Internet Security, that counties use to scan for malware. The system initially cost more than $18,000, and will charge the county about $11,200 annually to maintain after the first year, she says, a price that might be manageable for larger counties, but harder for poorer jurisdictions.
A lack of funding can not only limit purchases of new equipment but also investments in the staff who help manage election security technology.
Ken Matta, the information security officer for the Arizona Secretary of State charged with providing assistance to local officials, says that it is “hard for our smaller counties to navigate all of the resources that are available.”
While Matta tries to assist such counties in getting the most out of tight budgets by helping them triage the information and services offered by a host of federal agencies, private associations, and others, not all are in a position to take advantage of what’s on offer.
“Imagine an IT department, it’s made out of one guy,” says Matta, calling to mind the limited resources available in Arizona’s least populated counties. Matta warns election security would likely be just one of that tech employee’s many responsibilities: “He may not have the bandwidth, or the experience, to put together security projects to actually initiate and execute enhancements.”
Every official interviewed agreed that information sharing and security notices from federal and state authorities has significantly improved since 2016.
When Obama DHS Secretary Jeh Johnson designated election infrastructure as critical infrastructure in the closing months of that administration, opening the door for more federal monitoring of and aid to elections officials, administrators around the country were skeptical and resistant to what some saw as federal encroachment on state election responsibility. But over the last two years many of those once-reluctant officials have come to see the designation as a net positive. Johnson’s move allowed for the creation of EI-ISAC, which now counts hundreds of jurisdictions as members.
“There was some concern,” said Poland, the elections director in Hamilton County, Ohio. “But what we’ve seen is it’s been more of a ‘Here are services, here we can help you and then you can choose to take advantage of those or not.’”
Maricopa County Clerk and Recorder Adrian Fontes, responsible for one of the largest election jurisdictions in the country with 1.67 million registered voters, agrees. “The minute they talked about critical infrastructure I was like, ‘Oh great, now we’re going to end up working for the feds,'” he says. “But quite the opposite has happened…That has garnered some trust.”
Fontes said election security was one of his main priorities after taking office in January 2017, boasting that he’d hired hackers to probe the county’s systems for weaknesses. He said he inherited a very good election security setup that so far has only needed tweaks, and he’s invited the DHS to conduct risk assessments and provide other services.
“If they’ve got resources that they can bring to bear to help, then great,” he said. “As long as they’re helping us harden the shell, probe for weaknesses, train our folks on how to do their jobs better, I don’t think there’s a problem at all. I welcome the cooperation. And when everyone is staying in their lane, you can make some make some pretty good music.”