Oct 14, 2020

Analysis | The Cybersecurity 202: A ruling against expanding online voting is a win for cybersecurity advocates.

Joseph Marks

They wanted an option of submitting the ballots as PDF attachments to emails or using a secure fax system managed by the Defense Department. Similar voting methods are available to overseas voters from 30 other states. 

The ruling underscores how efforts to make voting easier during the pandemic can sometimes clash with efforts to protect the election against foreign interference. 

“We know that there are actors looking to use cyber warfare to attack our election,” Lawrence Norden, director of the Election Reform Program at New York University's Brennan Center for Justice, told me. “Opening up another potential target for cyberattacks at this moment, with 21 days left before the election, doesn’t seem like a good idea.” 

Judge Brian M. Cogan, who rejected the online expansion in a telephone conference with lawyers, warned that electronic voting is less secure against hacking than other options available to overseas voters and that forcing such big changes could confuse voters and add extra pressure to election offices just three weeks before the election, according to attorneys on the call. 

That pressure could make things even more complicated in the states projecting tight margins in the presidential contest that are already facing a mountain of litigation over their election practices even outside this lawsuit, including Georgia, Pennsylvania, Ohio, Texas and Wisconsin. New York and Kentucky were also defendants in the lawsuit. 

Election experts have long warned electronic voting is the most dangerous option from a cybersecurity perspective. 

The essential problem is that without a physical record of the vote, there’s no sure way for voters to verify their ballots were recorded accurately or for auditors to double-check them after the fact. 

Because the vote is secret, technology people have yet to come up with a method by which you can determine definitively that the ballot a voter sends electronically is the same ballot election officials receive electronically,” Douglas Kellner, a New York State Board of Elections commissioner, told me. 

The Department of Homeland Security, the FBI and Election Assistance Commission have also explicitly warned that accepting ballots electronically represents one of the riskiest options. 

But voting advocates say it's far too hard for Americans abroad to cast their ballots, which depresses turnout. 

Out of roughly 3 million eligible U.S. voters who live abroad, only about 208,000 cast ballots in 2016, according to data gathered by the Pentagon's Federal Voter Assistance Program. That's about 7 percent voter turnout compared to 72 percent turnout within the United States. 

Overseas voter turnout could rise to about 38 percent if various barriers that make it harder to vote were removed, the Pentagon estimated. 

The plaintiffs in the lawsuit live in Thailand, New Zealand and Singapore, as well as numerous European nations.  

And proponents of electronic voting say the security concerns are overblown. 

Remy Green, the lead attorney for the plaintiffs, distinguished between votes cast by email and other forms of electronic voting such as casting votes on websites or via mobile apps. 

In the former case, hackers probably would have to individually crack into each voter’s email account or hack into a dedicated election office computer that receives those emails in order to alter votes. 

That’s certainly a risk, but it would be very difficult for hackers to sway an election that way and protecting against it isn’t worth making it harder to vote, Green told me. They compared the security concerns to claims about rampant in-person voter fraud, which studies have shown is exceedingly rare.

It’s not beyond the realm of possibility, but the cost-benefit analysis for someone trying to rig an election isn’t there,” Green said. 

The 30 states that allow some overseas voters to cast ballots by email or using the Pentagon fax system use essentially that logic — that the hacking dangers are real but worth accepting in these limited circumstances to make voting easier. 

Experts have also argued that because so few ballots are cast by overseas voters, any manipulation that was extensive enough to change the result of even a small race would surely be large enough that auditors would spot it. 

Green argued that any benefits to ballot security are outweighed by the danger that overseas ballots won’t arrive in time to be counted

“As I read the Constitution, it provides a right to have your vote counted when there are reasonable things a state can do to make sure your vote is counted,” Green said. “It’s a tragedy there are so many limitations on ensuring that right actually exists.”

Some officials experimented with expanding electronic voting domestically during the pandemic.

West Virginia, Delaware and New Jersey piloted app-based voting systems for some of their voters in primaries this year, including military and overseas voters, and voters with disabilities that make voting by mail impractical. 

West Virginia is offering the app as an option again during the general election but only for military and overseas voters who hail from 24 counties. 

The keys

Trump's Supreme Court nominee Amy Coney Barrett declined to say whether a president can delay an election.  

The comment is giving heartburn to the president’s critics, who fear he’ll look to the Supreme Court to help him retain power if there’s any doubt about the election’s result. 

“Her refusal to stand up to the president on this obvious legal question is alarming, and indicates that she is more interested in pleasing President Trump than she would be in stopping his illegal behavior, said Senate Minority Leader Charles E. Schumer (D-N.Y.).

Barrett also declined to commit to recusing herself if any cases regarding the 2020 election make their way to the Supreme Court, Donna Cassata reports

“I can’t offer an opinion on recusal without short-circuiting that entire process,” she said. 

A network of fake Twitter accounts posing as Black Trump supporters generated hundreds of thousands of likes before getting shut down.

Several of the accounts also amassed tens of thousands of followers before Twitter could take them down, Craig Timberg and Isaac Stanley-Becker report. The accounts' messaging focused on promoting the president, using hashtags such as #BlacksForTrump. 

The network shows how easily malicious actors can amplify misleading narratives to the masses before Twitter is able to catch them, experts say.

“It’s asymmetrical warfare,” said Clemson University social media researcher Darren Linvill who tracked the accounts. “They don’t have to last long. And they are so cheap to produce that you can get a lot of traction without a whole lot of work, 

It's unclear who was behind the network. Twitter is investigating the activity, Twitter spokesman Trenton Kenney said.

Twitter detected another campaign posing as Black conservatives in August though it's unclear whether the two are related. Russia's Internet Research Agency posed as Black Lives Matter and other groups on Instagram and Facebook to target Black voters in 2016. 

An Internet outage knocked down Virginia's online voter registration system on the state's final day to register. 

The disconnection was caused by a larger Internet service outage caused by a car accident, Antonio Olivo reports. Some local election officials reported that the outage interfered with early voting. 

The Lawyers’ Committee for Civil Rights Under Law filed an emergency motion in federal court calling for an extension. Virginia Gov. Ralph Northam (D) said he supports extending the deadline to register, but state law requires a court order to move the day. 

Global cyberspace

Norway accused Russia of launching an August cyberattack on its parliament's email system.  

‘This is a very serious incident, affecting our most important democratic institution, said Minister of Foreign Affairs Ine Eriksen Søreide.

Millions of cyber attacks are annually committed from abroad against Russian state Internet resources but this does not give us the right to indiscriminately blame authorities of the countries of their possible origin, the Russian Embassy said in a statement. 

Norway has also accused Russian of launching influence operations aiming to sow political discord.

Johns Hopkins University researchers are releasing a “heat map” today that predicts where in the world cyber conflict is most likely.

A major hacking conflict is most likely right now between Russia and Ukraine, according to the Cyber Attack Predictive Index. Other “likely” or “highly likely” scenarios include  hacking conflicts between the United States and Iran, Russia or China and between China and India, researchers found. The index was created by computer science professor Anton Dahbura, cybersecurity lecturer Terry Thompson and former undergraduate Divya Rangarajan. 

More cybersecurity news:

Cyber insecurity

States are struggling with cybersecurity during the pandemic, a new study finds.  

States’ top cybersecurity officials are more concerned about getting hit with major breaches now than they were two years ago, according to the study from Deloitte and the National Association of State Chief Information Officers.

Cybersecurity concerns have been exacerbated by tight budgets during the pandemic and by large portions of state workers working remotely, the study found.

Chat room

Here's a good election hack.


  • The House Permanent Select Committee on Intelligence (HPSCI) will convene a virtual unclassified hearing entitled, “Misinformation, Conspiracy Theories, and ‘Infodemics’: Stopping the Spread Online" on Thursday at 1:30 p.m.
  • The Knight First Amendment Institute at Columbia University is hosting an online symposium on Data and Democracy on Thursday and Friday.
  • New America will host an event "Will We Ever Vote on Our Phones" on Oct. 21 at noon.
  • The USC Election Cybersecurity Initiative will host a final workshop on the lessons from the workshops its hosted in 50 states leading up to the election on October 28 at 1:30 p.m.
  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on November 17-18, from 11:00am-3:00pm ET.  

Secure log off

Tell us about your voting experience!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Latest Post Published

From The Desk Of Fernando Guzmán Cavero

 Dear Friends:  I would like to express hereby my apologies for couldn't fulfill to be with you with my "Daily Financial News Blog&...