Rigged? Or hacked? Cybersecurity and #Election2016

From the hacking of political party e-mails to voter database intrusion and claims of rigged elections, cybersecurity is a prominent concern in the 2016 presidential election. The National Conference of State Legislatures says the mechanics of a presidential election haven’t been so scrutinized since 2000. USC experts in elections administration, information technologies and politics discuss.

Contact: Ian Chaffee at (213) 740-8606 or ichaffee@usc.edu

Layers of government insulate us
“Our system of election administration in the U.S. is often regarded as one of the least modern among developed countries. For protection against cyber-threats, that has advantages as well as disadvantages.

“The states have responsibility for administering national elections, and local governments (usually counties) are typically in charge of the operation itself. Effectively, there are really 50 or more systems of electoral administration, and many states have under-invested in security, along with record-keeping and other aspects of voting administration. The debacle in Florida in 2000 revealed many problems in this system, only some of which have been remedied. The Department of Homeland Security has recently been reviewing cybersecurity of state systems when requested by the states, but this has not addressed all the shortcomings in this domain.≈

“The voting system is not recognized as critical infrastructure by the federal government, and therefore, has none of the protections accorded to the monuments and government facilities in that category. Five states, including the critical swing state of Pennsylvania, provide no way to generate a paper trail of voting records that could be used to audit and verify electronic voting results.

“A nationwide virtual hack through any single point in the system is impossible; something on this scale would require a coordinated effort by teams working in person around the country. Aside from attacks on voter registration rolls, which could disrupt election day, but not the counting of results, this may make the voting system itself a less cost-effective target for cyberattacks than other aspects of U.S. elections.”

Jefferey Sellers is an associate professor of political science at the USC Dornsife College of Letters, Arts and Sciences. He can discuss voting systems, local administration and governance of elections, and federal elections oversight.

Contact: (213) 740-6998 or sellers@usc.edu

Likelihood of an attack

“I think there will certainly be some sort of cybersecurity issue in some location.

“Someone that gets ahold of voter registration records could utilize that information to contact voters they don’t like and tell them their polling places have changed.

“It could be a real problem if someone were able to modify the voter registration database, whether it’s creating new, fictitious voters or changing information on voters who you don’t want to vote. Even though the systems are different from county to county, you don’t need to attack all of them. All you need to do is pick the easier ones. Those systems that actually have a paper trail are going to be more resilient to that kind of attack.”

Clifford Neuman is director of the USC Center for Computer Systems Security at the USC Viterbi School of Engineering. He can discuss the security of voter registration and elections systems, as well as cyberattack attribution and sourcing.

Contact: (310) 448-8736 or bcn@isi.edu

Beware of false info — and don’t click on it

“There is the potential for interference with the collection of results if managed on internet-connected devices, but voting in the United States is managed somewhat independently in very small districts. Given the natural variation in the systems used, a vulnerability would be highly unlikely.

“I am much more concerned with the use of attacks and false information to sway public perception during the vote. Political ads always have the potential for false information, but conventional media ads (newspaper, radio, TV) are traceable to the party who paid, so truly false information has consequences, legally or financially. Internet ads can be very difficult to trace, so there’s less of a check on their content.

“During this election, I encourage everyone to apply the same internet safety they should use other days — do not click, respond, or act on any email, web post, or text message, period. Always verify any such information independently, e.g., by checking with your county or state election office directly. The only way to always be Internet-safe is to always ‘buckle up’ this way.”

Joseph Touch is the director of the Postel Center for Experimental Networking at the Information Sciences Institute. He can discuss general “cyber-safeguarding” and best practices to prevent socially engineered hacks on Election Day.

Contact:  (310) 560-0334 or touch@isi.edu

It’s already out there

“Our government makes voter registration information publicly available and hundreds of campaign professionals have copies of the date and time stamped data. Why hack a database which is a matter of public record already? Second, if your name is not on file at the polling place, voters can (and should) ask to cast a provisional ballot. This process allows any individual to record their vote and later, to have elections officials verify eligibility.

“We’ve seen sloppy operations get hacked. After 200 years of practice, American election officials aren’t sloppy. Voting processes are controlled locally, voter participation is public information and the election will be won by candidates who have the most supporters go out and vote no matter how long it takes to double-check every ballot before reporting a final winner.”

Dora Kingsley Vertenten is a professor at the USC Price School of Public Policy. She can discuss information technology related to the election process and voter behavior.

Contact: (202) 298-7313 or kingsley@usc.edu