The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Here are five big things election experts are really worried about

Analysis by
Anchor of The Cybersecurity 202 newsletter
September 28, 2020 at 7:17 a.m. EDT

with Tonya Riley

President Trump has claimed repeatedly without evidence that mail ballots will undermine the integrity of the election. But for election experts, the extremely low chance of any successful mail-ballot fraud is not even close to their top concern.

“When I talk to election security people, they’re not worried about mail ballots,” Mark Lindeman, interim co-director of the election security organization Verified Voting, told me. “I haven’t seen anyone present a really plausible scenario about how you steal a lot of votes at scale with mail ballots.” 

With just over five weeks to go until the election, experts are far more concerned about hackers from Russia or elsewhere modifying voter rolls, technical snafus that could produce long lines at polling sites, and foreign and domestic disinformation campaigns that shake voters’ confidence in the democratic process. 

They’re also extremely worried Trump himself will exploit any Election Day difficulties or slower-than-usual vote counting to prematurely claim victory and undermine faith in the outcome. And, in a chilling sign of how heated the dispute over election measures has become this year, they fear the possibility of violence at polling sites or targeting poll workers. 

“[That’s] something we always played out in training scenarios when I was running elections, how to respond, who to contact … but now the threat seems very real. And that worries me tremendously,” Jennifer Morrell, a partner at the Elections Group consulting firm and a former local election official in Colorado, told me. 

Here are five of election experts’ biggest actual concerns about voting this year.

1. Disinformation that depresses voter turnout or confuses people about the voting process 

Such disinformation could come from abroad, but it’s just as likely to come from domestic sources — including from Trump, who has made myriad false claims about mail voting and election security. 

Trump also has alarmed election officials by suggesting his supporters cast multiple ballots as a way to test the voting system — which would be illegal. Trump backed off that suggestion but still urged people who had already sent in mail ballots to vote in person in case those ballots don’t arrive. 

Other possible disinformation campaigns could sow confusion about the mail voting process and lead ballots to be invalidated — for example, if voters don’t properly use a privacy envelope or fail to sign where a signature is required for verification purposes. Such efforts could be especially effective at targeting people who don’t usually vote by mail and are unfamiliar with the process. 

Millions of people are voting in a new way and that’s created an environment that’s ripe for effective disinformation,” Lawrence Norden, director of the Election Reform Program at New York University’s Brennan Center for Justice, told me.

2. Trump claiming victory early

Polls suggest Trump’s relentless attacks on mail voting have had an effect on Republicans who are significantly more likely than Democrats to say they plan to vote in person. That distinction could make a big difference in key swing states including Wisconsin, Michigan and Pennsylvania, where the process of counting mail votes is expected to last several days after the election. 

The fear is Trump could declare himself the winner if he’s ahead after in-person votes are counted in those states  on Election Day and be unwilling to concede if he falls behind once mail votes are all counted, which probably won't happen until after Nov. 3.

Election officials have made a concerted effort to educate voters that tallying the results will likely take longer this year and not to expect a final result on election night or even for several days after. But Trump has spent a lot of time sowing distrust about mail ballots, which could lead many of his supporters to believe they're illegitimate.

3. Hackers disrupting voter registration databases 

Voter registration databases are a major vulnerability because they’re one of the few voter records collected at a statewide level and must be connected to digital networks so counties can share information about who’s registered where. That means hackers from Russia or elsewhere could create widespread chaos if they altered those databases undetected or if states didn’t have clean backups. 

One great worry is hackers could change voter registration information in specific districts that lean more Republican or Democratic, making it more difficult for people there to vote and driving down turnout. Hackers that wanted to depress Democratic votes, for example, could target urban centers in swing states such as Wisconsin, Michigan and Pennsylvania. 

In the most extreme cases, such attacks could swing the election in a key state and maybe even nationally. Even if such an attack didn’t depress turnout to that extent, it would certainly spark widespread doubts about the election’s legitimacy.

The Department of Homeland Security’s cybersecurity wing also has sounded alarms about the possibility adversary nations or criminal hackers could lock up statewide voter registration databases using ransomware attacks. Leaders at the Cybersecurity and Infrastructure Security Agency, which scans election systems for hacker activity, also have consulted with states to help ensure those databases are sufficiently guarded. 

The best way to ensure such hacks aren’t effective is for states and localities to have multiple offline backups, including paper lists of registered voters that polling places can use if digital copies are corrupted or unavailable. But experts fear such backups aren’t widely enough available and that one missing list at a crucial location could lead to disastrous consequences. 

If you disrupt the election in just one jurisdiction with a known voting pattern you can possibly change the election outcome. That’s the biggest threat right now and I’m not convinced election officials realize how dangerous it is,” said Duncan Buell, a University of South Carolina election security expert and a member of the Richland County, S.C., Board of Voter Registration and Elections. 

4. Hackers attacking election night reporting

Another election night system comparatively easy for hackers to disrupt is online systems reporting early election results to the media and the public. If those systems were hacked in key districts to send out phony information, that could sow confusion and damage faith in the actual results. 

Another worrying scenario is if hackers cracked into those systems and were able to use that access to compromise systems that actually tally votes. Those vote tallying systems are supposed to never touch the Internet. Election officials typically move information from them to reporting systems using thumb drives or CDs they use only one time. 

But if someone goofs and reuses a thumb drive that creates a danger, those systems could be corrupted with malicious software. 

5. Election Day mishaps

This year’s primary elections were beset by technical problems including electronic pollbooks that didn’t work properly and voting machines poll workers didn’t know how to use. Those problems often led to long voting lines, including in the early days of the pandemic. 

There will almost certainly be similar problems in some counties in November. And they’re sure to spark widespread public concern, especially if the problems seem to particularly disadvantage either Democrats or Republicans. 

There are some peculiarities about this election that also make such problems more likely

For example, many people who requested mail ballots may choose instead to vote in person, either because Trump’s baseless attacks have made them fearful of voting fraud or because they fear the Postal Service won’t deliver their ballots on time. That could create big problems if polling locations don’t have enough provisional ballots for those voters to cast. 

“There are a lot of big changes to deal with,” Norden said. “The system has adjusted to a lot of the changes caused by covid in the last few months. But I wish there was more done and election officials had more resources.”

The keys

A federal judge granted TikTok's request for a preliminary injunction, blocking Trump's proposed ban on new app downloads.

Judge Carl Nichols did not grant a stay on a second part of the White House's TikTok ban, which could go into effect Nov. 12 if TikTok's Chinese owner, ByteDance, fails to divest from the company, Rachel Lerman reports

The White House maintains that as long as TikTok is owned by a Chinese parent company, the Chinese Communist Party could use it for propaganda and to steal U.S. user data. ByteDance is trying to sell parts of TikTok to a U.S. company. But it's uncertain whether it can reach a deal that would meet White House expectations. 

ByteDance insists it will retain majority ownership of the company and its algorithm, but Trump has said he won't approve any deal with ByteDance involved

The legal battle has ratcheted up tensions between the United States and Beijing. The Justice Department, in a filing Friday, accused ByteDance chief executive Zhang Yiming of affirming the company is a mouthpiece for the CCP and committed to promoting the CCP’s agenda and messaging.

China is reportedly moving forward with its own list of U.S. technologies to be banned and has floated Apple and Google for potential inclusion in retaliation for the TikTok ban.

The White House is restricting even more Chinese tech over national security concerns. 

The latest move would require U.S. companies to get a license before exporting anything to China’s largest maker of computer chips, Semiconductor Manufacturing International Corp., Jeanne Whalen reports.

The move comes after the Commerce Department determined technology exports to SMIC could end up being used by the Chinese military. SMIC disputed that, saying the company has “no relationship with the Chinese military and does not manufacture for any military end-users or end-uses."

The White House has taken similar steps against Chinese telecom giant Huawei, which it has said could help Beijing spy on users of its hardware. Huawei denies the charges.

The push against SMIC also comes as the White House tries to maintain the United States' position as a world leader in chipmaking, an industry the Chinese government is heavily investing in. Most major chip makers use some U.S. technology.

Putin proposed a cyber "truce" between the United States and Russia. 

But the Kremlin statement, released Friday, made no mention of Russia's long string of cyberattacks against the United States and other nations including Ukraine, Anton Troianovski and David E. Sanger at the New York Times report

The suggestion for a reset comes as Russia faces intense scrutiny over its attempted hacks and peddling of misinformation targeted at disrupting the 2020 U.S. election. Russia continues to deny it's attempting to interfere or that it interfered in the 2016 election, despite U.S. intelligence findings to the contrary.

It seems highly unlikely the White House would sign on to such a deal. 

“It is hard to take such statements seriously when Russia, China, Iran and others have sought to undermine our election process,’’ John Ullyot, spokesman for the National Security Council, told The Times.

Securing the ballot

Former DHS secretary Jeh Johnson called the Trump administration's claims about widespread voter fraud "disconcerting." 

“It’s disconcerting to see the president and his chief of staff cast doubt on the integrity of our democracy,” the Obama administration's homeland security secretary said on CBS's “Face the Nation.”

There’s also tension within the Trump administration. Earlier in the same program, White House Chief of Staff Mark Meadows slammed FBI Director Christopher A. Wray for testifying before Congress that there's been no history of coordinated mail voter fraud.

More election news:

Short of Money to Run Elections, Local Authorities Turn to Private Funds (The New York Times)

Ransomware Attacks Take On New Urgency Ahead of Vote (New York Times)

Global cyberspace

A cyberattack knocked down some Hungarian telecommunications and banking services on Thursday.

The attack came from servers in Russia, China and Vietnam, Hungarian telecoms firm Magyar Telekom said, Reuters reported. The companies were able to repel most of the attacks and were back online by the end of the day.

Cyber insecurity

Ransomware attacks are rising as the pandemic continues.

Ransomware accounted for 32 percent of the cyberattacks IBM's X-Force security team remediated in the second quarter of this year — more than triple the previous quarter, according to a new report. Attackers are also becoming more aggressive by increasing ransom demands and more frequently threatening to leak sensitive information if victims don't pay up.

Manufacturers remain the biggest targets for ransomware attacks, but as schools and universities experiment with virtual classes, attackers are finding them more attractive, IBM found.

More cybersecurity news:

Tyler Technologies says clients reported suspicious logins after hack (Reuters)

Inside eBay’s Cockroach Cult: The Ghastly Story of a Stalking Scandal (New York Times)

Chat room

Daybook

  • The Senate Armed Services Committee will hold a hearing on supply chain integrity on Thursday at 9:15 a.m.
  • New Americas Open Technology Institute will hold a virtual panel exploring how Internet platforms are addressing the spread of election-related misinformation on Thursday at 1:30 p.m.