How secure is U.S. voting, anyway?
This debate has been ongoing since the 2016 presidential election, and at its forefront is Middlebury Scholar-in-Residence Sue Halpern. Halpern has been reporting on the question of election security since 2016 for publications like The New York Review of Books and The New Yorker. In recent months, She has written about a hacking conference in Las Vegas, a slew of divisive Facebook propaganda emanating from Russia and Breitbart and a contested gubernatorial race in Georgia that raised questions about the state’s voting security.
Antiquated voting machines, lack of well-distributed government funding and GOP resistance to address Russian influence have prevented any national progress towards securitization in the last two years. Although she avoids speculation as to how vulnerable the country remains in this upcoming election, Halpern has doggedly worked to illuminate weaknesses in the election system and vulnerabilities in voter data.
In an interview with The Campus, Halpern discussed Russian tactics in election meddling, what the U.S. is (or rather, isn’t) doing to counteract foreign influence and how Vermont stacks up in terms of its own voting security measures. Her responses were edited for flow and clarity.
What are Russia’s different strategies in its hacking endeavors?
The kind of hacking that people were probably most aware of was divisive Facebook infiltration of propaganda. That was all produced in St. Petersburg at a place called the Internet Research Agency. They had people working 24 hours a day pretending to be Americans, tweeting and sending stuff out on Facebook in the U.S. And so that’s a kind of psychological hack that was happening and continues to happen.
Then there was a second thing going on, and that was the actual hacking and stealing of emails and documents from various people, particularly Democrats. Some of [these documents] were leaked out strategically through WikiLeaks, particularly John Podesta’s [Hillary Clinton’s main campaign advisor] emails, to undermine the authority of both the Democratic Party and Hillary Clinton. They stole these documents from the Democratic Congressional Campaign Committee, which laid out the strategy that the Democrats were going to use in the states.
The third kind of hacking that happened was the hacking in which the GRU — an intelligence agency of Russia — had agents infiltrate at least 22 American states’ voter registration databases as well as some private companies that oversee and manage American elections. And these three types of hacking were happening simultaneously from different parts of the Russian government.
Which strategy do you think can be the most acutely countered by the U.S.?
Well, none of them are going to be treated by the American government in the midterm elections. The American government is the Trump administration and Congress, which have absolutely no interest in solving or curbing any of this activity. Within some of the states, there have been efforts to create a more robust cybersecurity defense for their elections, but that is also somewhat problematic. Elections in this country are run through counties, which have a variable amount of money to spend on elections.
Obviously, there’s a correlation between economic inequality and the quality of one’s election security. Which is to say that poorer counties that don’t have a lot of money to devote to elections tend to be using older, much more hackable machines. Those counties tend to be in communities that the Republicans, in particular, would like to see not vote. They tend to be Democratic. So, there’s really no concerted effort on the part of the government to do anything about this.
Is there anything that’s counteracting Russian meddling, then?
The hacks of our mind are on-going on social media, and are pretty unpreventable. We’ve got Facebook hiring 20,000 new fact-checkers, but it’s a bit of a misnomer to call them fact-checkers. A lot of that very insidious divisiveness that we’re seeing on social media will continue just because it’s almost impossible to curb it. Then we’ve got the potential to harden our election system, but that requires both political will and a fairly significant infusion of cash, which itself requires political will, so it’s an unlikely scenario at least right now.
Are you seeing a surge among academics and private hackers on the scene, of non-state actors taking initiative in helping the U.S. securitize their election system?
Academics, computer scientists and other election integrity advocates have been working very hard for many years. In the year 2000 the election was so highly contested — this was the one with the hanging chads and Bush v. Gore — and it was so destructive to our country that Congress was very clear that they wanted the election systems in this country to be updated. That’s when they first passed HAVA (Help America Vote Act). But, as soon as those fancy new machines were being deployed, computer scientists started to examine them and try to determine how safe they were. So, these academics and lawyers and other interested parties had a tremendous effect, if not on changing particular ways of voting, then on what we know. They haven’t just uncovered problems, they’ve made actual recommendations for how these problems could be overcome.
How has the HAVA fund of $380 million been distributed?
That money sounds like a lot, and it seems like the government is taking it seriously, but the thing about that money is that it was allocated in 2002 and is only just being released now, and very little of it is going to election machine security. The $380 million, which is allocated in a weird proportional way in each state, didn’t provide any state enough money to entirely replace their machines with more robust ones. So, yes, that money went out there, but there was no rule for what that money had to be used for. If states and counties wanted to use it for putting better locks on the doors of the gym in which elections were going to happen, they could. Because the whole election system is decentralized, there are very few rules for how it needs to be administered, and that extends to that money.
Why is the decentralized system of elections in the U.S. always pinned as a point of a security, when it seems to also be a weakness? Do you think the U.S. would ever move to centralize its voting system?
Centralization would never happen because there’s a wall between the federal and the state governments. The wall is that states are mandated to run elections. The states are very proprietary about that rule. And so, [centralization] would never happen because it’s a states’ rights issue and it would never be part of anyone’s political future to take that on. In theory, a decentralized system is actually way more secure than a centralized system. If you have a centralized system, you have a very obvious attack surface. In a decentralized system, it’s just a mess. You have to go hither and yon to deal with it. The system, weirdly, is often much more centralized than it appears on first glance. Elections, although they’re run by states and counties, are often administered by private vendors and companies that will run election-management systems for multiple states all at once. And so, they become an attackable surface. Decentralization, then, is a bit of a misnomer. It’s never not going to be run in this somewhat disjointed way, but it’s not necessarily the worst thing in the world. It’s just that that notion that it’s decentralized has been used as an excuse for why we shouldn’t be worried about hacking, and that’s just not true.
Was there something novel about the 2016 elections and Trump’s candidacy that made us particularly susceptible to Russian influence? Or do you think the midterm elections are just as vulnerable to foreign meddling?
First of all, the kind of psychological hacking that was happening in the 2016 presidential elections started long before then. It was an attempt to begin to slow discord in an attempt to drive a wedge between us. It was certainly in response to Obama’s presidency. So, it’s not correct to say that it was specific to 2016 — it started well before that. With all the Twitter bots, Facebook ads and all of that. And those continue. A lot of that propaganda that began seeping into social media was then picked up by places like Breitbart and the Daily Caller and other outlets that are homegrown, and then they get repeated, and you start seeing things like the Proud Boys and what happened in Charlottesville. So, there’s a viral nature to setting the fuse. Now we have a president whose point is to be divisive. His point is to inflame his base. It matters tremendously who gets elected in these midterms. The kinds of divisiveness that we’re seeing coming from the Trump administration and that are being replicated in places across the country will either be challenged in this election or will be ratified. In some ways, this election is as important, if not more important, than what happened in 2016.
Because of the public outcry that’s emerged since the 2016 elections, do you think we’re better off now than we were in 2016?
I sort of decided early on in this election cycle that I was never going to read anything that was speculative because it’s just someone’s opinion. I think it’s irresponsible to say, “It’s going to be worse!” or “It’s going to be better!” Because we don’t really know. We don’t know what the Russians are thinking or what they’re capable of, and I think we’d be remiss to imagine that it’s just the Russians who would be interested in messing with our election system. The most we can do is point out where the vulnerabilities are and hope that the people who are in charge of these systems are paying attention.
In terms of Vermont, are you personally aware of any securitizing of Vermont elections? Has it been a topic of discussion, or do you think people should be talking more about it here?
Vermont is an amazing state in respect to elections. First of all, over 90 percent of eligible voters in Vermont have registered to vote. We are a very democratic state — we care about elections. We’re such a small state that many elections take place in places where I live, in a small town, where we vote on a paper ballot that is put into a ballot box. At the end of the day, a group of citizens volunteers to sit together and count them. Those systems are so remarkably secure because you have a document in front of you, you have 12 people counting together. In that sense, Vermont has a built-in security system. That isn’t to say that larger towns in the state don’t vote on electronic voting machines, they do. But we have a very proactive secretary of state and we have a lot of voting reforms that have occurred in this state that suggest that people here care about elections and are paying attention. So, I’m not very worried.
It is a very rare day in Vermont when elections are contested. And that’s the thing in states like Wisconsin, Pennsylvania, Michigan or anywhere where an election is close — that’s where it becomes particularly sticky. That, and where it looks like the registered population coming out of the polls appear to be saying one thing, and the votes are saying something else, that’s suspicious. Those are the places where you really need to be worried, and that does not describe our state.