It’s go time.
Tuesday’s midterm elections will be the first major test of the election security precautions that governments and companies have adopted following revelations of a wide-ranging Russian operation to influence the 2016 presidential election in favor of Donald Trump. As voters head to the polls, The Washington Post will be closely monitoring for any signs of cybersecurity issues, from reports of potential voting machine vulnerabilities to disinformation on social media.
In tight races, even a minor cyberattack could have a major impact on the outcome of the election — or the perception of whether a race was fairly decided. On Monday, Georgia Republican Brian Kemp’s hacking allegations put a fine point on the challenge of preserving voter confidence during the midterms.
Going into the big day, the federal government is voicing confidence in the integrity of the midterms: Department of Homeland Security Secretary Kirstjen Nielsen said at a recent event that tuesday’s election will be “the most secure election we’ve ever had.” As of Friday, she said there was no activity targeting election infrastructure that could be attributed to a foreign entity, but she acknowledged “that can change in an hour.”
Monday night, the federal government put out a statement reiterating its confidence. “Our agencies have been making preparations for nearly two years in advance of these elections and are closely engaged with officials on the ground to help them ensure the voting process is secure,” said a statement from Justice Department, DHS, FBI and Office of the Director of National Intelligence.
Here are a few things we’ll be watching Tuesday.
— Could disinformation impact whether voters actually make it to the polls?
Much of the federal government’s focus has zeroed in on helping local election officials harden their voting system infrastructure. But rampant disinformation — especially on social media — may be an even tougher problem for security officials to address.
As my colleague Tony Romm highlighted in a report last week, disinformation is not just about influencing a potential voter’s opinions. It can also be used to deter users from voting at all. In one instance, Twitter users spread a rumor that U.S. Immigration and Customs Enforcement agents would be at polling places, checking voters’ immigration statuses. Facebook and Twitter are attempting to combat the problem with aggressive steps to vet and scan such content.
And the voting hoaxes could go beyond posts on social media. As we’ve previously reported, local election sites where voters get information about their polling places could be vulnerable to manipulation. If these sites are hacked, there’s no impact to ballots — but there could be an impact on the race if would-be voters don’t turn out.
From David E. Sanger of the New York Times: “Cybersecurity firms and some election officials reported seeing an increase in cyberattacks on websites and infrastructure surrounding the vote, but not on systems that are part of the voting process. Hackers have targeted websites across the United States — including in Georgia, Florida and California — that allow voters to look up the location of their local polling stations or to verify that they are registered to vote.
In its statement Monday night, the government warned voters to check the source of their election information and said they should rely on official state or local election offices. Agencies told voters “know your source — and think before you link.”
— Will there be problems with aging electronic voting machines?
Even before Election Day, there were reports of glitchy voting machines in Texas.
Some voters planning to vote for Democratic Senate candidate Beto O’Rourke said their votes were changed to votes for incumbent Sen. Ted Cruz, R. The state says it’s a “user error,” and it posted notices reminding Texans to check the summary of their ballots before they submit them.
Bad technology may make people believe they were targeted by foreign hackers when they actually weren’t. Either way, these errors might also fuel momentum for a shift to paper ballots so that any concerns with electronic machines can be audited. Politico reporters Christian Vasquez and Matthew Choi explained the stakes: “Experts in voting technology say the machines’ errors aren’t the result of mischief by hackers. But the same lack of a paper trail that would make it impossible to verify the voters’ intent in these races would also hamper efforts to detect a cyberattack on the election machinery.”
— Will the social networks’ efforts be enough?
On Election Day 2016, social media was filled with hoaxes and false news stories, ranging from claims that rapper Lil Wayne was voting for Trump to a report that poll workers in Nevada were wearing “Defeat Trump” shirts, according to a roundup from BuzzFeed News at the time. It’s continuing this cycle too: As my colleagues recently reported, several politically charged events like the migrant caravan and mail bombs have recently led to many false reports on social media.
The election will test whether they have done enough about it. Just Monday night, Facebook announced it took down 115 accounts in an effort to publicize its actions on the eve of the election. And the company has a “war room” where employees will be responding around the clock to election integrity issues.
— Will federal agencies, local election officials and social media companies all be able to coordinate?
As Gerald Seib of the Wall Street Journal pointed out at Friday’s event with Nielsen, the dispersed nature of the U.S. election system is both an advantage and a disadvantage. “That’s a good thing, in the sense that you can’t break into one — you can’t walk through one door and be in the whole house if you want to break into the system,” he said. “On the other hand, it makes it very hard to figure out if something small has happened over here that it might be happening over there, but the person over here and the person over there don’t necessarily have a way to communicate.”
As Nielsen points out, the federal government is working to improve its coordination in several ways since the 2016 election. It has established two councils: one that brings governments together and one that brings the private sector together, which enables them to coordinate with one another and understand which entity has responsibility to address an issue. They’ve created an information sharing and analysis center, which she says includes all 50 states and more than 1,300 counties. This allows federal agencies to share potential threat information with local election officials vice versa, in a way that is very similar to financial institutions’ threat-sharing consortium.
— What will be the impact of any cybersecurity problems after the election itself?
Nielsen warned on Friday that foreign actors could still try to influence voters’ perception of election integrity even after the polls close. “My biggest concern is that a foreign entity will take the opportunity after the election or the night of the election to attempt to sow discord on social media by suggesting that something did not work as it should,” Nielsen said. “We have to not jump to conclusions as Americans. We just need to pause election night and not jump to conclusions.”
We’ll also be watching to see how politicians handle cybersecurity issues and any reports of potential hacking. As the controversy over Kemp’s hacking allegations in Georgia underscored over the weekend, cybersecurity issues can be swiftly politicized. With hacking in the news so much lately, there is a risk that politicians unhappy with election results could point to any reports of cybersecurity interference before conceding.
As University of North Carolina professor Zeynep Tufekci penned in a New York Times op-ed: “Because the legitimacy of an election depends on the electorate accepting that it was fair, that everyone who tried to vote got to vote and that every vote counted. Lose that, and your voting system might as well have suffered a devastating technological attack. Unfortunately, in much of the United States, we are no longer able to assure people that none of those things has happened.”