In recent days, our nation’s response to the continued threat of foreign meddling in American elections has taken something of a surprising turn. Coming off his two-hour conversation on Friday with Vladimir Putin in Hamburg, President Donald Trump touted Putin’s personal assurance that there was neither any Russian manipulation of the 2016 election nor any Russian plans to disrupt future American elections. He even floated the prospect of creating a joint U.S.-Russia “impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded.”
As if Putin is trustworthy. As if his assurances are more believable than the mountain of evidence demonstrating the exact opposite.
“They will be back,” former FBI Director James Comey warned the Senate last month. Russia’s meddling in the U.S. elections was not a one-time affair; it’s an ongoing offensive with the singular goal of undermining and debasing American democracy. Russia could well interfere in the 2020 presidential vote, or the 2018 midterm elections just 16 months away.
They will be back. And when they are, we better be ready with a plan that’s suited to our current moment.
As with almost every other aspect of our culture, the emergence of the internet and the relatively recent advent of social media are profoundly disrupting our democracy. It is a new and open issue as to whether our kind of self-government can function successfully when: one, much of the electorate gets its news from social media easily employed by foreign powers, and; two, infrastructure of all types—perhaps including the voting system—can be infiltrated by sophisticated hackers based overseas.
When it comes to election infrastructure, we have to keep in mind that since the birth of the republic, the federal government and the states have had a contentious relationship over voter protection dating to the post-Civil War era, if not earlier. That history means that any national effort to combat foreign interference with elections must be done with a delicate touch. America’s elections are administered locally, and any heavy-handed federal regulations of the voting system will go over poorly with state legislators, election commissioners and secretaries of state.
What might a more deft approach look like? Thankfully, the federal government has a model to build upon: It can use the same approach that it already takes on the 16 other sectors of critical infrastructure and focus on building voluntary partnerships with state and local governments.
The National Institute of Standards and Technology already has a role in developing standards that address the security of computers, networks and data storage used in voting system. But beyond a simple federal mandate, the NIST needs to work with the states to put its guidelines through a workshop process, both to address states’ concerns and get them to buy in. Historically, one such concern has been that upgrades to election infrastructure can be pricey, and many cash-strapped states are simply unable to afford even the most essential improvements. Here, the federal government has a carrot to offer, as Senator Angus King (I-Maine) has proposed: federal funding for some aspects of administering elections, which could be tied to states adhering to new nationwide election standards.
A central requirement of any attempt to protect the voting system must be that states evolve past the first generation of electronic voting machines and voter database systems to newer, defensible ones that were built with modern cybersecurity in mind. Even then, it’s imperative we have certain fail-safe measures—especially a paper trail of all votes, so that voters can be sure their ballots were counted correctly and the entire system can be audited and tallied by human beings.
After implementation of the security features, federal funds should be used to test the security of the system and the vote counts—an audit conducted not by federal regulators, but by third-party accounting firms with experience in managing both ballots and cybersecurity. If the states do not act quickly and sufficiently, Congress should legislate federal regulation of federal elections; states would still be free to run insecure elections for state and local officials, should they choose to do so.
But beyond the actual administration of elections, the federal government must take an active role in combating foreign influence of American voters—including, for instance, other nations’ use of fake social media accounts to advance propaganda while targeting individual Americans for psychological warfare manipulation. Russia’s government has an organization, the Internet Research Agency, in which thousands of “analysts” each create scores of fake profiles posing as Americans on Facebook, Twitter, Reddit and other social media. These fake personas then micro-target vulnerable American audiences, telling them stories tailored to affect their attitudes, such as the case of a Russian soldier who infiltrated a social media group pretending to be a middle-aged America housewife. Over time, such fake or exaggerated stories—backed up by approving comments from other fake online personas—affect a voter’s decision of whether to vote and who to support.
Facebook says it has now stepped up its internal efforts to identify such fake identities. While these efforts are laudable, the U.S. government should do what it does with other sectors, and make the collection and sharing of intelligence on these threats a priority, helping Facebook and other social media companies identify the location of these social media bot factories and to determine which pretend Americans they have falsely created.
As simple and obvious as these few steps seem in the face of an assault on our democracy by a foreign government, they will be controversial in some quarters. Wouldn’t the search for fake social media accounts and bot factories be intrusive? No; it would not involve spying on real Americans or their political views because the collection activity would all be targeted on foreign entities overseas and would not involve the intercept of communications with U.S. entities.
Doubtless there will be others who oppose election-security reforms out of legitimate concerns about federal interference in state responsibilities. But for those who would stand in the way of securing the sanctity of our democratic process, we have a simple question: What would you do to preserve, protect, and defend our democracy and its election system from the new vulnerabilities it has to foreign interference in the cyber age?
Deciding to do nothing more than we are now is a decision: It is a decision to allow foreign manipulation of our country by governments that wish us harm.