Will Foreign Hackers Disrupt the Election Process?

10_14_Hack_Election_01
The virus lab at the headquarters of Russian cybersecurity company Kaspersky Labs in Moscow on July 29, 2013. Denise Merrill writes that, just as terrorism is designed to paralyze freedom by spreading fear, cyberattacks on U.S. election materials are an indirect assault on democracy, intended to sow the seeds of doubt in our electoral process. Sergei Karpukhin/reuters

Cybercriminals are targeting our elections, and I'm angry.

Let's be clear. I do not believe these unlawful actors will be successful. I believe in our elections officials and law enforcement's ability to protect the infrastructure of our democracy.

However, I believe that actual disruption is not the primary motive of these actors. Just as terrorism is designed to paralyze freedom by spreading fear, these cyberattacks are an indirect assault on democracy, intended to sow the seeds of doubt in our electoral process.

And that should have every democracy-loving American livid.

While I freely admit that there are vulnerabilities, I remain confident in our democracy.

I also recognize that elections officials must be vigilant and every voter has a right to seek assurances that our elections are secure and that their votes will be counted. To that end, here are just a few reasons why I believe the public should have faith in our elections in November.

First, there is no national election system. There are around 9,000 elections jurisdictions and hundreds of thousands of polling locations. Elections are diffuse by design. It turns out this expansiveness also adds a layer of security.

So what has been "hacked"?

To date, we've heard reports about intrusions by foreign-based hackers into voter registration files in two states. That is alarming. However, in most states, voter registration records are public information. Hackers may have been probing these files for data mining purposes, but it is a bit like scanning the phone book.

Could something more dramatic occur in the future?

It is certainly conceivable, but in our decentralized, low-connectivity system, it would be incredibly hard for hackers to change election outcomes.

In Connecticut when someone registers to vote—either by paper, online, in person, at the Department of Motor Vehicles or another registering agency—that information is transmitted to the local registrar of voters, who inputs the voter's information into a database. A paper backup of the registration is retained.

In the lead up to elections, poll books are created and voter records are printed. There are backups and backups of backups.

The most common occurrence that my office encounters vis-à-vis the voter file is human error. A voter makes an honest mistake while registering or accidents occur during data entry.

A number of states have ways to deal these kinds of problems (voting by affidavit, provisional ballots or, in a number of states, Election Day registration for unregistered people). Again, the variations in elections systems make it difficult to address every scenario. However, all states conduct contingency planning for emergencies, and responses exist.

But let's not confuse the roster for the scoreboard. The actual vote casting and counting systems function very differently than the voter registration systems.

Again, there is enormous variation between jurisdictions.

Some jurisdictions use electronic touch screen systems for voting. However, these are capable of printing paper receipts. Other systems—like Connecticut—employ paper ballots and optical scanners/tabulators (with memory cards) to ensure that votes are counted accurately.

I have seen it suggested that the memory card is one route to tampering, but these cards are locked behind tamper-proof seals and the machines themselves are under watch by law in Connecticut and other states have similar if not identical security processes and procedures for their equipment. Cybersecurity researchers acknowledge that tampering with voting machines requires physical access.

Since none of our voting machines are connected to one another, an attacker would need to get alone time with all of the individual machines. Do we believe that a phantom army of hackers is on the ground in the U.S., ready to somehow coordinate stealth assaults on thousands of individual voting machines?

If our federal law enforcement officials believe so, I want to know. To date, in multiple conversations with federal authorities, nothing (I repeat—nothing) to that effect has been shared with me.

Remember, there is nowhere in the country where voting machines are hooked up to the internet and many jurisdictions carry out legally mandated audits of the paper ballots.

The threat has produced one positive outcome. Elections officials, through the National Association of Secretaries of State and other outlets, have better communication with federal law enforcement than ever before. We stand together ready to respond when credible threats arise.

Nevertheless, I do not want to convey bravado. I cannot guarantee that some part of our electoral system will not be breached by cyber criminals. Nor can I say with 100 percent certainty that some degree of disruption is not possible.

What I can say is this. Our democracy has weathered too much to be shaken by these kinds of criminal acts.

We must not let cybercriminals erode trust in the United States' electoral system.

Denise Merrill is the secretary of the state of Connecticut and is the president of the National Association of Secretaries of State.

Will Foreign Hackers Disrupt the Election Process? | Opinion