In a world where nothing can be 100% secure, U.S. elections are remarkably close. CISA has issued numerous statements assuring voters of the measures in place and warning against claims of hacking intended to "manipulate public opinion and undermine confidence in U.S. democratic institutions." Reviewing the last eight years of threats to voting records and voter data, we see that there of course real threats, but none that would undermine the legitimacy of U.S. election results.
A Complete Guide to Data Breaches
Download this eBook to learn how to avoid a costly data breach with a comprehensive prevention strategy.
Yes, America’s voting machines are secure
America’s voting machines have proven resilient against attacks, and there has never been any evidence to challenge the integrity of the results they produce. Voting machine makers Dominion and Smartmatic have collected hundreds of millions of dollars from defamation suits and they will likely get even more.
Disinformation threatens democracy
America’s electoral system, on the other hand, has been damaged by years of attacks. An election ends with an acknowledgment that the party who received more votes has won. Disinformation campaigns have aimed to give Americans the permission to reject the reality of that result, and even to embrace physical violence to assert their own. Amongst the real threats to the electoral process, according to the FBI and CISA, are “attempts to undermine public confidence in the security of U.S. election infrastructure through the spread of disinformation falsely claiming that cyberattacks compromised U.S. voter registration databases.”
Hacks, leaks, and other attacks
While the U.S.’s election infrastructure remains secure, there have been real information security incidents related to the electoral process. On one hand, there are cases where the confidentiality of voter personal information has been compromised. In many of these cases, the UpGuard Research team was able to proactively detect the leaks before threat actors.
The real threats to the integrity of voting data come in the form of physical attacks on voting hardware and ballots. The timeline below illustrates some of these major events, which include hacks, leaks disinformation, and even physical threats.
Disinformation and distrust
The rejection of reality, and of the results of the democratic process, delegitimizes the resulting goverment and makes America weaker at home and around the world. Every one of America’s adversaries understands this, which is why China, Iran, and Russia engage in campaigns to distribute deceptive content that amplifies divisions within the U.S. electorate.
The FBI and CISA recently issued a PSA about the election, but it’s not a warning about cyber attacks. Rather, it is a warning to be skeptical of such claims, as that disinformation is how foreign adversaries are best able to interfere in the election process.
“There has been incredible effort across local, state and federal governments to ensure the security and integrity of our nation’s election infrastructure. Americans should be confident that their votes will be counted as cast. They should also know that our foreign adversaries will try to make them believe otherwise. We encourage everyone to remain vigilant, verify the information they consume, and rely on trusted sources like their state and local election officials.”
- Cait Conley (CISA Senior Advisor)
A Complete Guide to Data Breaches
Download this eBook to learn how to avoid a costly data breach with a comprehensive prevention strategy.
Voter information privacy
A separate but intertwined concern in election security is the privacy of voters’ personal information. Voter rolls and political campaigns both require large collections of information about the voting public. Those data sets may be distributed, enriched, and managed by third parties, all of which increase the attack surface and likelihood of compromise.
Unlike conspiracy theories about voting machines, concerns about data privacy for voter information do have a basis in reality. Threat actors have gained unauthorized access to voter databases. Entities processing voter information have left it exposed on the internet many times, as the UpGuard Research team and others have demonstrated many times.
Voter privacy and election integrity
Voter privacy and election integrity are intertwined in another way, too: the demonstrated risks to voter privacy have become fuel for disinformation campaigns. In 2020, a Russian media outlet claimed to have American voter PII from a hacked database, stirring anxieties about Russian hacking. People more familiar with US voter systems soon pointed out that the data– like much voter data– was publicly available.
The Podesta email hack, the event that really marked the beginning of the current threat environment for election integrity, established a pattern that has been repeating ever since. There was a cyber threat– Russian hackers really did breach the DNC– but the impact was not to drive discussion of how to better defend against Russian intrusion.
The leaked emails were weaponized to fuel conspiracy theories. There are real cyber threats in an election, but it is the fantastic shadows they cast that are used to disrupt election integrity.
The real threat to U.S. election integrity
When we look at the possible threats to the integrity of U.S. elections, we see real threats, but not from hacking. Former president Trump and his allies have done more to “sow distrust of U.S elections,” as the FBI and CISA put it, than foreign adversaries ever could.
We know what could lead to votes not being counted at polling places: physical threats to the people who administer elections and destruction of the ballots themselves.
And while personal privacy will always be a valid concern, there are more likely ways for one’s private information to be compromised.
