Why securing elections is so hard

At the RSA Conference 2020 in San Francisco, a panel of experts discuss the issues with securing elections.

At the RSA Conference 2020 in San Francisco, a panel of experts discuss the issues with securing elections

Assuming you have not been living under a rock — not looking at Twitter, Facebook, or Netflix and avoiding any news — you are probably aware that 2020 is an election year in the United States. If your disconnection goes beyond the past few years, you may also be unfamiliar with the 2016 election and discussions (for example, here and here) about election hacking and disinformation campaigns.

At the recent RSA Сonference, I attended a panel entitled “Why is securing elections the hardest problem in IT?” with Mary Hanley, Harri Hursti, Philip Stark, and Dan Webber.

Making the panel a bit more timely (aside from this being an election year) is that a lot of election-based stories have been popping up in the news regarding issues with the Iowa caucuses, as well as an op-ed in Wired about the need to protect the 2020 US election from both the novel coronavirus and hacking — with mail-based voting.

Local execution vs. global threats

Over the course of the 30-minute panel, the speakers covered everything from the history of hacking election machines at DEF CON to our current issues, the lack of trust and the viability of both trust and the technology associated with election machines.

The first and perhaps biggest issue elections face is that they are managed locally and use varying systems. On top of that, election machines were purchased many years ago and were simply not designed for our connected world, in which nation-states and others subject them to attack. Now, if you think about local execution, we are talking about putting states and municipalities up against the cyberpowers of nations looking to interfere with or destabilize confidence in an election.

Our panelists offered some ideas that anyone can put into action to help ensure the election system’s integrity. The first and easiest is to push for transparency in the system, which can mean anything from speaking up in local meetings with politicians to pushing for open audits that the public can look at and see that this is being taken seriously.

Another is to volunteer to be a poll worker. The panel pointed out that many people working in the security field can use their day-job skills to help point out when something looks awry.

Perhaps the simplest of the things that one can do is vote. You may feel apathy or lack of trust, but voting is a clear way to make your voice heard.

What does the future hold?

We all know that new technologies can be hacked, no news there. But voting systems can and should be fixed. Ensuring transparency and increasing the public’s faith and trust in voting systems will require collaboration among public and private organizations.

In the private sector, some companies are working on new technologies to help bring back security and trust in elections. Some of the solutions include Polys from Kaspersky, which has been tested in a number of municipal elections, as well as Microsoft’s ElectionGuard.

Now, I am not a fortune-teller. Nor are the panelists. All I can do is believe in the system and seek transparency. I hope the collaborations we learned about from this panel come hand in hand with increased security, restoring our trust and making the evening news a bit less alarming.