The following is adapted from oral testimony given Thursday before the House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation.
The November 2020 election was widely considered the most secure in American history. But an anti-democracy movement, fueled by the Big Lie, poses serious threats to the security of elections. Taking these threats seriously requires expanding upon recent improvements to election security.
In 2016, one in five voters cast their vote using a paperless voting system. But in 2020, an estimated 96 percent of voters used voter-verifiable paper ballots. In fact, no swing state used paperless voting machines, and routine, statutory tabulation audits were performed in every swing state. None found discrepancies that would have been sufficient to alter the outcome of the presidential election.
In addition to this crucial move away from paperless systems, the Cybersecurity and Infrastructure Security Agency expanded its collaboration with state and local election officials. It provided vulnerability testing and trainings, shared information, and emphasized public education. For instance, in the fall of 2020, some Florida voters received threatening emails in the guise of a domestic far-right group that has promoted violence. The intelligence community detected the true source of the attack, alerted election officials, and held a joint press conference to let the public know the truth: the emails were actually coming from malicious actors associated with Iran.
Election officials adopted resiliency measures, such as stocking emergency paper ballots in case of machine failure, to ensure voters could exercise their rights even when there were sporadic polling place problems. And in some states, the many options for voting served as their own resiliency measure, against the pandemic. These options allowed voters to spread themselves out among different voting methods and days. But they also meant that money from Congress was crucial.
After this success, what lies ahead? The continued lie that the 2020 election was stolen is not only undermining the public’s confidence, it is also threatening election infrastructure directly, through sham partisan reviews and increasing insider threat risks.
Sham partisan reviews can provide unmonitored election equipment access to biased, uncertified partisans. In fact, decertification or decommission of equipment has been necessary after multiple sham reviews across the country. Ballot security breaches have been another damaging effect.
Antidemocratic forces are also undermining a once broadly shared commitment to competent and nonpartisan election administration.
Many election officials committed to fair elections are resigning or being pushed out, in the face of myriad attacks and pressures.
Moreover, given that almost one-third of Americans still believe the Big Lie, it would not be surprising if some election officials, or the employees and vendors who support their work, themselves buy into election conspiracy theories. Unprecedented amounts of money are being spent in campaigns for election administration jobs, with election denialism — for and against — being treated as a key issue.
What happens if election officials and personnel fall victim to election falsehoods? We are witnessing the first glimpses now: In Colorado, a county clerk with connections to election conspiracy theorists gave unauthorized access to the county’s voting systems. Photos of passwords for the voting machine software then ended up online. Other access breaches have occurred in Ohio and Michigan.
These security risks are alarming, but they can be mitigated.
It should go without saying that all levels of law enforcement should enforce existing laws against threats, especially when election personnel are intimidated. Congress can work to combat doxxing and provide for physical security and training.
When it comes to insider threats, well-accepted best practices already exist. They include restricting and logging access to critical systems, monitoring through video surveillance, transparent procedures, background checks, and choosing vendors that also employ good practices. This all costs money, and Congress should provide help.
Routine tabulation audits in which ballots and equipment remain in the custody of election officials help to guard against a variety of threats, including insider threats. In particular, requiring risk-limiting audits of federal elections has received bipartisan support in the past.
Our election infrastructure is strong, but it is facing a growing anti-democracy threat from within. Congress can lead the way on protecting democracy from that threat by investing in true election integrity measures.