Elections Are Too Online

We can make our voting systems just a bit dumber and a whole lot safer.


Russia might do more than meme us into discord during the 2022 midterm elections, U.S. officials warned in a CNN report Sunday. The Kremlin's operatives might also execute "smaller hacks of local election authorities—done with the deliberate purpose of being noticed—and then [use] that to seed more conspirac[y theories] about the integrity of American elections."

This is a plausible threat, not least because of how much tactical sense it makes for Russian hackers. Why bother engineering a vast state- or nation-wide conspiracy, with all the resources and competence that would require, when you can do a little deliberately clumsy meddling in some town council races and let Americans' animosity and gullibility do the rest? "If something small happens, it will feed into the mania and chaos, and all of a sudden people will think all the elections are completely insecure," Nicole Tisdale, who previously worked for the House Homeland Security Committee, told CNN.

The United States has more than 10,000 election authorities, which is part of why large-scale fraud would be so difficult to execute. But for a threat like this—which turns on the appearance of insecurity rather than actual insecurity—that decentralization becomes a liability. It would only take a few weak points to create the desired effect.

The best preventive measure might not be possible to implement in time for the upcoming midterm elections. Updating election infrastructure is a slow and costly process. But it's a radically simple idea: Take our elections offline. Make our voting systems just a bit dumber and a whole lot safer. If we don't want Russian hackers or other unsavories to be able to access our electoral systems, we should not connect those systems to the internet.

In theory, voting machines are already offline, even air-gapped. In practice, however, "many polling places around the country transmit voting results to their county election offices via modems embedded in or connected to their voting machines," The New York Times reported in 2018, and that's a point of internet access. Independent investigators in 2019 said they found "nearly three dozen backend election systems in 10 states connected to the internet," including systems in swing states Wisconsin, Michigan, and Florida—just a "few" weak points. The nonpartisan National Election Defense Coalition says the "assertion that voting machines or voting systems can't be hacked by remote attackers because they are 'not connected to the internet'" is a "myth" and has called for results to be transmitted by offline methods, like USB sticks.

That sort of tool would work because the proposal here isn't that we return to paper ballots in a wooden box or hand-written voter rolls. Paper and the trail it leaves have an important place in electoral security, but I'm not suggesting a completely nondigital approach. We can still have machines as the main counting mechanism, a useful timesaver in uncontested races. Likewise, election authorities can continue to manage voter databases with computers.

Think 1990, not 1890—there's no need to go full Luddite. But we should disconnect our voting processes from the internet where it's feasible. We already know online voting is insecure, and given the detrimental effects even small hacks could have on Americans' confidence in our election outcomes, we'd be wise to harden electoral targets against digital attacks.

And election systems aren't the only thing we should consider moving offline: Utilities are another key system for national stability, and one where a successful cyberattack could more directly cause turmoil and suffering. Recall last year's Colonial Pipeline ransomware attack, which led to fuel shortages, panic buying at gas stations, and flight schedule interruptions. The ransom was paid within a matter of hours, but it took over a week for the pipeline to return to normal service.

What if that delay had happened in January instead of May? One of the fuels Colonial Pipeline transports is heating oil. Or what if a cyberattack disabled an electrical grid at the height of a summer heat wave? Or hit a municipal water system? In February 2021, an operator of a water treatment plant near Tampa watched in real time as a hacker increased the lye level to 100 times its normal concentration. The operator was able to immediately undo the change—but that's a needlessly close call. It's worrying to consider the damage malevolent actors could do from halfway across the planet if life-sustaining systems are vulnerable to remote breach. Switching to air-gapped systems and manual operation would be neither a convenient nor an absolute security guarantee, but that's a doable precaution to take against a potentially major tragedy. 

As for the midterms, some election authorities have already begun to log off. Philadelphia "has disconnected its election management system from the internet," the CNN story notes, while in Sauk County, Wisconsin, "[n]one of the machines are connected to the internet, and two-factor authentication is required even to get into employee desktops." Other election authorities, at all levels of government, should follow their lead. Russian operatives will undoubtedly try to meddle in this year's election, and we shouldn't make it any easier for them by keeping our voting systems online.