Decades of concern with election security have so far led to scandalously few reforms of our voting procedures. Many Americans are no longer confident that vote totals this coming November will be accurate or, more fundamentally, will reflect the preferences of citizens among whom “voter suppression” is a reawakened worry.
States remain firmly in control of election administration, and states vary widely in timing votes, deciding where votes can be cast, permitting votes to be cast early or other than in-person, handling votes cast overseas or in advance, recording votes, counting votes, and reporting votes.
And states also vary widely — and frighteningly — in their attitudes toward cyber attacks by foreign intelligence organizations, by digital criminals, and by thrill-seeking Internet trolls. Deterring such attacks is difficult, and retaliating against them is dicey. Our 2016 experience and our ongoing observations show many states, Maryland fortunately an exception, either uninterested in election security or ineffective at mitigating the dangers they do expect to face.
Familiar risks — storms, earthquakes, fires, riots, fraud — have strained past votes, and our new cyber risk, most dangerous where least feared, will surely strain the coming vote, but no stress prior to our current coronavirus pandemic has created, in every state simultaneously, a conflict between exercising the electoral franchise and staying healthy. Directly ahead in COVID-19’s policy-forcing path and already immunocompromised by pre-existing conditions, lies ELECTION-20.
The difference a virus makes
The earliest COVID-19 infections breaking into the general population in China in December 2019 had been acquired in November 2019. Since most COVID-19 infections are mild and easily mistaken for other diseases, circulation may have begun even earlier than that. Here’s why that’s important.
By October 2020 our novel coronavirus will be — where? Present and circulating? Gone for good? Seemingly gone but soon to surge? No telling. Will we have one or more effective anti-viral drugs? Maybe. Will any anti-viral be shown by then to prevent COVID-19? Highly unlikely. Will we have one or more promising vaccines in human trials? Yes, we already do, but no vaccine will be available outside clinical investigations.
Assembling large numbers of people in small spaces always entails infectious risks, but rarely in the modern era a risk as consequential as now. Standing 6 feet apart we’ve just learned is too close; airborne spread of SARS-CoV-2 has been documented at 4 meters — more than 13 feet — and even farther than that. And standing in line for long periods, as is common at polling stations, would compound the problem, especially if lines wrap around, as we see in airport security queues. And what about using a marker or a touchscreen? Or touching any surface touched by everyone? Sterile wipes would greatly outnumber ballots.
Knowing these risks could discourage many citizens from voting and could also discourage volunteering to assist as poll workers. Especially discouraged could be citizens who, because of age or health impairment, would be more likely to do poorly if infected. This is the situation that will confront every state, more or less obviously, not only on Election Day but also, in many states, throughout in-person early voting.
If our epidemic is truly done and gone by Election Day, with any “second wave” having been gentle at worst, then we may regret (mildly) having taken any precautions at all. But if Election Day itself marks the rising of a second wave, tsunami or not, then having never committed to precautions will haunt the results. If our epidemic by then has settled in stubbornly as an endemic, with infections and deaths less frequent but no less frightening, than any prior assumption that precautions would not be needed would mean scrambling to salvage something credible.
Could infectious risk be mitigated sufficiently by reengineering mass-voting procedures in some manner? Feverish voters could be turned away, as in South Korea, but they’d still have come near enough to endanger the poll worker measuring temperatures and the citizens waiting to be assessed. Worse still, we have come to realize that people feeling fine and having no fever — the asymptomatic infected — have been pivotal in spreading the coronavirus from the very start. No point-of-voting assessment would do.
What if polling places were restricted to the “seasoned” among us? Historically, “seasoned troops” were soldiers who’d been together through a measles season; the survivors were not going to get measles again (though, as we now know, measles would have wiped away much of their immunity to other infections). Could “seasoned” poll workers be recruited and “seasoned” citizens remotely pre-certified and admitted for in-person voting? Maybe, if by then we could be sure that SARS-CoV-2-specific antibodies could be detected reliably and readily and that they guaranteed the impossibility of residual viral carriage, even if they did not guarantee the impossibility of re-infection. Could all this be proposed, achieved, and gracefully accepted by November? Or ever? Forget it.
In-person voting may persist in some states at some level but seems unlikely to prevail nationwide. Support for persistence could arise from political operatives figuring that fear of infection would suppress the demographic whose votes they’d prefer not to see being counted. Support for persistence could also arise, quite respectably, from traditionalist motivations. And just as respectably from security motivations.
How could states proceed to implement not-in-person voting were it accepted this year as necessary, whether as a rule or a default or merely an option?
First a warning. Then a way.
Avoiding a head-long rush to “voting online”
Proposals for online voting — using a web browser or smartphone to access the Internet — are beginning to emerge, either as pilots for small-scale testing at the state level or as mature scalable solutions for overseas voting by members of the US Armed Forces. These proposals are unwise. Internet voting is fully vulnerable to cybercrime: identity theft and fraud, denials of service, theft of valuable intellectual property and sensitive data. Internet voting is also just a swipe away from hyper-personalized disinformation and psychological manipulation. The general voting public would likely be even more vulnerable, and, for those citizens lacking Internet access, vulnerability could be compounded were they to crowd into a shared space, such as a public library. Shared-space voting would defeat its own social-distancing purpose.
Surface-mailing to the Cloud for “Common Security”
However inelegant in some estimations, vote-by-mail seems sure to be the leading remote modality. And why not? Surface mail is used for tax forms, for census forms, and for absentee ballots. Problems are real but foreseeable and not likely to be made much worse by sabotage.
The vulnerable steps are counting, tabulating, and reporting, much as they would be for a branch bank accepting cash at a teller’s window and then sending data to a main office. That sending step today would aim for the Cloud.
Technology clearly has a role to play here, but different states (not to mention counties and cities) have conflicting rules about devices, connectivity, and practices allowed when processing votes and voter information. The objective must be to safeguard election technology while allowing local differences. “Common security,” an idea whose time must come, and quickly, would do this, enhancing health protections while reducing cybersecurity risks by blocking, or even retaliating against, attacker exploitation.
New cloud services — from Microsoft and Amazon AWS and others — offer highly secure remote access to voting services. But isn’t the Cloud just one more Internet destination? Not really. When computers began connecting to other computers worldwide through the Internet, usability was the obsession; security, only as much as necessary, grew around usability. When industries, institutions, and governments began putting their data, their transactions, and their secrets in the Cloud for safety’s sake, security was the obsession; usability, only as much as necessary, grew around security. Nothing’s completely protected, but the Internet is now a high-crime neighborhood, and the Cloud isn’t. Existing cybersecurity concerns could be minimized by rapid transition from decentralized election security administration to standards-based cybersecurity risk governance utilizing secure cloud-computing services. While not perfect in all respects, these services do have clear advantages for processing, tabulating, and auditing a vote.
At risk here is nothing less than the integrity of the secret ballot and the inviolability of voting as a human right — sacred values in any democracy. Our elections must become again the unquestioned expression of public opinion. Making them so and keeping them so during the COVID-19 pandemic is the central civic emergency of our time.
The authors, Rob Sprinkle, MD, PhD and David Mussington, PhD, CISSP can be reached by email at their respective email addresses: firstname.lastname@example.org and email@example.com. Both are on the faculty of the School of Public Policy at the University of Maryland College Park.
Mussington speaks to Risk Roundup on the impacts of COVID-19 on Democracy