Elections Are Too Online

We can make our voting systems just a bit dumber and a whole lot safer.

Bonnie Kristian | 6.20.2022 3:35 PM

(Susan Stocker/TNS/Newscom)

Russia might do more than meme us into discord during the 2022 midterm elections, U.S. officials warned in a CNN report Sunday. The Kremlin's operatives might also execute "smaller hacks of local election authorities—done with the deliberate purpose of being noticed—and then [use] that to seed more conspirac[y theories] about the integrity of American elections."

This is a plausible threat, not least because of how much tactical sense it makes for Russian hackers. Why bother engineering a vast state- or nation-wide conspiracy, with all the resources and competence that would require, when you can do a little deliberately clumsy meddling in some town council races and let Americans' animosity and gullibility do the rest? "If something small happens, it will feed into the mania and chaos, and all of a sudden people will think all the elections are completely insecure," Nicole Tisdale, who previously worked for the House Homeland Security Committee, told CNN.

The United States has more than 10,000 election authorities, which is part of why large-scale fraud would be so difficult to execute. But for a threat like this—which turns on the appearance of insecurity rather than actual insecurity—that decentralization becomes a liability. It would only take a few weak points to create the desired effect.

The best preventive measure might not be possible to implement in time for the upcoming midterm elections. Updating election infrastructure is a slow and costly process. But it's a radically simple idea: Take our elections offline. Make our voting systems just a bit dumber and a whole lot safer. If we don't want Russian hackers or other unsavories to be able to access our electoral systems, we should not connect those systems to the internet.

In theory, voting machines are already offline, even air-gapped. In practice, however, "many polling places around the country transmit voting results to their county election offices via modems embedded in or connected to their voting machines," The New York Times reported in 2018, and that's a point of internet access. Independent investigators in 2019 said they found "nearly three dozen backend election systems in 10 states connected to the internet," including systems in swing states Wisconsin, Michigan, and Florida—just a "few" weak points. The nonpartisan National Election Defense Coalition says the "assertion that voting machines or voting systems can't be hacked by remote attackers because they are 'not connected to the internet'" is a "myth" and has called for results to be transmitted by offline methods, like USB sticks.

That sort of tool would work because the proposal here isn't that we return to paper ballots in a wooden box or hand-written voter rolls. Paper and the trail it leaves have an important place in electoral security, but I'm not suggesting a completely nondigital approach. We can still have machines as the main counting mechanism, a useful timesaver in uncontested races. Likewise, election authorities can continue to manage voter databases with computers.

Think 1990, not 1890—there's no need to go full Luddite. But we should disconnect our voting processes from the internet where it's feasible. We already know online voting is insecure, and given the detrimental effects even small hacks could have on Americans' confidence in our election outcomes, we'd be wise to harden electoral targets against digital attacks.

And election systems aren't the only thing we should consider moving offline: Utilities are another key system for national stability, and one where a successful cyberattack could more directly cause turmoil and suffering. Recall last year's Colonial Pipeline ransomware attack, which led to fuel shortages, panic buying at gas stations, and flight schedule interruptions. The ransom was paid within a matter of hours, but it took over a week for the pipeline to return to normal service.

What if that delay had happened in January instead of May? One of the fuels Colonial Pipeline transports is heating oil. Or what if a cyberattack disabled an electrical grid at the height of a summer heat wave? Or hit a municipal water system? In February 2021, an operator of a water treatment plant near Tampa watched in real time as a hacker increased the lye level to 100 times its normal concentration. The operator was able to immediately undo the change—but that's a needlessly close call. It's worrying to consider the damage malevolent actors could do from halfway across the planet if life-sustaining systems are vulnerable to remote breach. Switching to air-gapped systems and manual operation would be neither a convenient nor an absolute security guarantee, but that's a doable precaution to take against a potentially major tragedy.

As for the midterms, some election authorities have already begun to log off. Philadelphia "has disconnected its election management system from the internet," the CNN story notes, while in Sauk County, Wisconsin, "[n]one of the machines are connected to the internet, and two-factor authentication is required even to get into employee desktops." Other election authorities, at all levels of government, should follow their lead. Russian operatives will undoubtedly try to meddle in this year's election, and we shouldn't make it any easier for them by keeping our voting systems online.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: As Pride Month Nears End, LGBT Political Culture Warring Escalates

Hide Comments (30)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Claptrap 3 years ago

This article is an attack on democracy, straight-up. Just thinking about it suppresses my vote.
1. Tahlia 3 years ago
  
  I even have made $30,030 just in five weeks straightforwardly working part-time from my apartment. (res-32) Immediately when I've lost my last business, I was exhausted and luckily I found this top online task & with this I am in a position to obtain thousands directly through my home. Everybody is able to get this best career & can gain more dollars on-line going this Website... http://www.profit97.com/
2. JasonAZ 3 years ago
  
  Right! Next thing you know, we'll need to show identification to vote, just like all those stupid EU countries and every other country in the world that holds elections. Racists! Every one of them.
  1. Rev. Arthur L. Kuckland 3 years ago
    
    You don't need id's to vote in Cuba, vensuela, North Korea etc
    1. Liberty Lover 3 years ago
      
      Yes you can vote "yes" or "no" for the government approved candidate, but there will be serious repercussions if you vote no.
Diane Reynolds (Paul.) 3 years ago

Russia might do more than meme us into discord during the 2022 midterm elections, U.S. officials warned in a CNN report Sunday. The Kremlin's operatives might also execute "smaller hacks of local election authorities—done with the deliberate purpose of being noticed—and then [use] that to seed more conspirac[y theories] about the integrity of American elections."

This is a plausible threat,

Umm, dude, you're being prepped for the Democratic midterm slaughter to be declared illegitimate.
1. Nardz 3 years ago
  
  That, and/or the Ds hacking the votes themselves
2. Liberty Lover 3 years ago
  
  LWR Liberal Woke Reason
Diane Reynolds (Paul.) 3 years ago

The United States has more than 10,000 election authorities, which is part of why large-scale fraud would be so difficult to execute.

Time Magazine showed how it can be done.
1. Dillinger 3 years ago
  
  I can't believe someone got paid to post that sentence.
Dillinger 3 years ago

are not!
But SkyNet is a Private Company 3 years ago

What kind of White Nationalist conspiracy disinfo is this?
Dillinger 3 years ago

>>This is a plausible threat

it's how elections are fortified. they give you the blueprint.
Cal Cetín 3 years ago

Don't worry, these vulnerabilities won't affect the actual results of the election, it will only *make* the results look suspicious and thereby promote conspiracy theories, which we're now being warned in advance to discount.
1. Cal Cetín 3 years ago
  
  make the results *look* suspicious
  1. Don't look at me! 3 years ago
    
    Like 81 million suspicions.
Cal Cetín 3 years ago

It's like they know in advance there will be "irregularities" in elections, and they also know in advance that it will be "fake news" to say these irregularities in any way affected the result.

Do they know in advance in which direction the accidentally and no-difference-making irregularities will go?
1. Moderation4ever 3 years ago
  
  Irregularities are a feature of a decentralized system that uses limited term employees for a one-day job, two to four times each year. In theory, the irregularities are random and should go either way when aggregated as a whole. Looked at scientifically these irregularities would be seen as noise in the signal. What we know is that the noise is present but much less that the signal (the actual count).
  1. Cal Cetín 3 years ago
    
    Supposedly, the CNN story was about preparing the people for actual election hacks and reassuring viewers in advance that the hacks would be local and ineffectual, and indeed that anyone who thought the hacks influenced the outcome would be the dupe of a Russian conspiracy theory.
    
    A remarkably precise prediction.
    1. Moderation4ever 3 years ago
      
      I would say that there are two different things at play here. First any counting process has noise in the signal and that is irregular.
      
      The idea of a hack, Russian or other, would not be to effect an election but rather to effect confidence in the election. As the author noted that decentralized system would require too many hacks. But a single hacks could erode confidence and be effective in that way.
      
      There is no way to effectively measure the Russian effect on the 2016 election. We know it happened, but not if it really had an effect. What it did do was to sow a measure of doubt in the 2016 election and that was all that was needed. Add on to that a losing candidate that complained about the interference and a winning candidate that refused to condemn the interference. The result was to multiple the disruptive effect.
      1. Jerry B. 3 years ago
        
        Sure. There was of course a measure of doubt in the 2016 election since the wrong person won. The 2020 election, in contrast, was completely above board since the right person won.
        
        Moderation4ever 3 years ago
        
        No. The Russian interference in 2016 sowed seeds of doubt. We know several things the Russians did in 2016. To date no one has come forth with any proof of any significant problems in 2020. Doubt was not sown by a foreign power but by a candidate who knew he was going to lose and was looking to retain power.
2. Nardz 3 years ago
  
  "Do they know in advance in which direction the accidentally and no-difference-making irregularities will go?"
  
  They did in 2020.
  Even made a point of telling us in the weeks leading up to November 3rd.
  Turned out to happen just as they... "predicted"
Moderation4ever 3 years ago

As long as there is a paper back-up there is no need to worry. As the author noted the hack would be sloppy to sow suspicion, but the count could always be checked with a recount, manual or on another machine, of the ballets.

That said there really isn't a need for internet. It seems to help speed results and if people were more patient, we would be better off. Waiting a few days for results should not be a problem.
1. Rev. Arthur L. Kuckland 3 years ago
  
  Fuck you, the count should be done that night with anyone who wants to watching. Notice that as soon a bowered County got rid of their corrupt pos "election official" 2 things happened. Votes were tallied that day, and not democrats started winning.
  1. Moderation4ever 3 years ago
    
    In 2020, counting was hampered by state legislatures that did not allow preprocessing of mail in ballots. Florida was an exception because ballots could be preprocessed to allow counting on Election Day. More state should follow Florida.
    
    Actual election counting is a multiday process. What people hear on the first day is the preliminary numbers which often are or are close to the final numbers. But there are other ballots that are added, ballots from armed forces serving outside our country, provisional ballots confirmed after Election Day, as well as various checks of the data.
    
    As with driving, counting speedily has it risks and the easiest way to eliminate risks is usually to slow down.
Liberty Lover 3 years ago

There is no reason for a voting machine to be hooked up to the Internet. We voted for almost 200 years without the Internet. Votes should be on paper ballots and the machines should do one thing, total votes. It can reject double votes where to candidates where voted for running for the same office. Write-ins should be kicked out for hand totals. All voting must end by a certain time, no late ballots where the number of votes for the loser to turn the election could be figured and forged.
If you can mail in the last minute, you can mail in a few days before. Lack of caring about the election until the very last minute on your part is no one else's concern. Mail-ins should never be mass mailed, but only mailed on request.
It is just common sense.
1. Jerry B. 3 years ago
  
  "If you can mail in the last minute, you can mail in a few days before. Lack of caring about the election until the very last minute on your part is no one else's concern. Mail-ins should never be mass mailed, but only mailed on request.
  It is just common sense."
  
  Nope. it's voter suppression. I don't know why, exactly, but I've been told that it is, and they wouldn't lie, would they?
2. Moderation4ever 3 years ago
  
  The accepted standard for most things mailed is the data of postmark. We do that for taxes and most businesses accept the postmark date. There is no reason it should be different for mail-in ballots.
  
  Also remember that some of those mail-in ballots are from service personnel serving overseas. Finally we cannot stop the count until provisional ballots are counted. That is usually a number of working days past the election.
TJJ2000 3 years ago

Updating election infrastructure is a slow and costly process. But it's a radically simple idea: Take our elections offline.

Election authentication........... "How dare they.", scream the Nazi's.

Please log in to post comments

Elections Are Too Online

We can make our voting systems just a bit dumber and a whole lot safer.

Latest

ICE Denies Reason Access to Immigration Court In Miami Detention Center

Deported for Innocent Tattoos?

Oh, Canada

Federal Court 'Vacates in Its Entirety' the FDA's Costly and Onerous Lab Test Rule

A Trade War Will Reduce American Exports Too

Recommended

Login Form