Ripon Forum


Vol. 52, No. 4

View Print Edition

In this edition

With polls showing that over 80% of the American people view cyberterrorism as one of the top threats facing the United States, the latest Ripon Forum examines what is being done to prevent a “Cyber 9/11.”

In Memorian: “An Enduring Peace”

In tribute to the life and accomplishments of the late John McCain, we republish his 2008 interview with the Forum that not only remains remarkably relevant today, but reminds us why he will be missed.

THE NEW OFFENSIVE

America has played defense long enough when it comes to cybersecurity. In the face of an increasing multitude of threats, it is time to go on offense.

Elevating Cyber Command:

The elevation of CYBERCOM earlier this year is a move whose time has definitely come. In fact, the only possible criticism could be: “What took you so long?”

The Magnitude of the Cyber Threat Facing America

With an estimated 40 billion new devices expected to be interconnected by 2020, the American people — and the U.S. economy — are more vulnerable than ever before to a cyber attack.

Defending the Grid

With cyber threats continuing to grow and evolve, the public & private sector are working together to protect America’s supply of electric power.

Closing the Federal Cyber Workforce Gap

A recent OMB report highlighted the fact that Three quarters of federal agencies lack the capability “to effectively detect data exfiltration attempts and respond to cybersecurity incidents.”

Paper Ballots & Election Security:

Eliminating the human element from filling out paper ballots is as essential to election security as ensuring election machines produce a voter verifiable paper ballot.

Safeguarding the Mid-Terms

There’s a mixed bag of actions being taken by election officials in states across the country in order to mitigate the infiltration of election systems during the 2018 mid-terms.

Troubling Trends in the Federal Budget

Elected leaders profess to be concerned about the nation’s long-term economic growth. You’d never know it, however, by looking at the federal budget.

A Failure on 9/11, and a Lesson Finally Learned

Prior to 2001, the ability to communicate over commercial wireless carriers would routinely be unavailable during major incidents — times when first responders need it the most.

Ripon Profile of Jackie Walorski

The Indiana Congresswoman discusses, among other topics, the importance of farmers and manufacturers in her District, and how tariffs will impact their work.

Paper Ballots & Election Security:

Why machine vulnerabilities must be balanced against human flaws

“Would you say that oval is filled in 5/8ths, or more like 7/8ths of the way?”

The question may sound esoteric, but in the fall of 2005, it was actually one that was frequently asked during the recount of a New York City judicial election.

Following the 2000 Presidential election, Congress passed the Help America Vote Act (HAVA), transitioning the nation from butterfly ballots to electronic voting machines. That solved a 20th century problem, while creating a 21st century problem.  DEFCON’s Voting Village, as well as researchers like Alex Halderman and Matt Blaze, have demonstrated that a well-trained adversary could flip an election with current electoral machines.

Some recommend returning to voter-completed paper ballots. In 2005, before New York City fully implemented HAVA, provisional and absentee ballots were cast on paper ballots while Election Day voting was conducted on refrigerator-sized mechanical machines designed by Thomas Edison.

My experience with voter-completed paper ballots demonstrated a significant security flaw: They cannot guarantee the integrity of the voters’ intent.

Measuring Election Security
When I worked on cybersecurity policy for the Federal government, we focused on the CIA triad: Confidentiality, Integrity, and Availability.

Given the concern about foreign actors hacking our elections, it is important to assess whether proposed reforms improve an election’s CIA. Moving to voter-completed paper ballots significantly weakens each CIA element.

Confidentiality of the ballot is sacrosanct to democracy. True electoral security requires that we maintain a secret ballot. Vote-by-mail, all-paper ballots fail this test. It is impossible to determine who actually filled out a ballot — elderly citizens’ ballots, for example, might have been filled out by their child or assisted living facility staff — much less who was present when the ballot was filled out.

My experience with voter-completed paper ballots demonstrated a significant security flaw: They cannot guarantee the integrity of the voters’ intent.

Did an employer verify employee votes? Did the ballot arrive at the intended recipient? Ostensibly, signature requirements guard against the latter.  But I have rarely seen a judge uphold signatures as a security mechanism, due to it being impossible to determine why a signature no longer matches, as speed, injury, and writing surface impact appearance.

Integrity of the voter’s intent is the real detriment of all-paper ballots. Paper ballots filled out by individuals present election lawyers with a multitude of opportunities to overturn election outcomes. A partially-completed oval will lead to the ballot being rejected; an incomplete erasure will lead to an over-vote and the ballot being rejected; an errant mark may indicate the voter was trying to nix their vote and the ballot will be rejected. These issues are adjudicated, at best, by a judge, but more often are decided at each table recounting an election.

Availability of ballots for counting is another drawback of all-paper ballots when it is practiced as part of a substantial vote by mail system like in Oregon and Colorado. In 2016, nearly 400,000 mailed paper absentee ballots were rejected for late arrival or invalid signature — both issues that cannot be cured when paper ballots are mailed. Moreover, as America continues to segregate itself along partisan lines, mailed paper ballots with a likely partisan tilt congregate in certain mailboxes and sorting rooms. A bad actor need only target mail drops in a specific neighborhood to tilt a tight election.

A Recommended Solution
While the 2016 presidential election ballot count was almost certainly not flipped, it should nonetheless serve as a clarion call that the electoral process is a new attack vector much like airplanes after 9/11.

This is a deeply troubling, nonpartisan issue. An estimated 108 nations can hack critical infrastructure, including electoral systems. The revelation of the global Iranian social media campaign should motivate all political parties to ask whether they are universally supported by all 108 cyber-capable nations. That question can easily be answered: They are not. Failure to address election security, as a national security risk, only guarantees that the 2020 presidential election will be a proxy cyberwar for Russians, Chinese, Iranians, and up to 105 other national interests.

The best solution is a machine-generated voter verifiable paper ballot with mandatory risk-based auditing.

The best solution is a machine-generated voter verifiable paper ballot with mandatory risk-based auditing. Eliminating the human element from filling out paper ballot is as essential to election security as ensuring election machines produce a voter verifiable paper ballot. The voter can verify that malware has not changed their ballot, candidates cease to worry that attorneys will toss out the paper ballot for insufficiently demonstrating voter intent, and the public has faith that the outcome was properly adjudicated given verification by a risk-based audit.

Machine-generated paper ballots and mandatory risk-based audits are critical defenses against foreign attacks. Given the administration’s China and Iran positions, Chairman Roy Blunt should return both safeguards to the Secure Elections Act.

As a matter of national security, Congress should also appropriate Federal funds to implement both nationally before Republican ballots are attacked.

Philip Stupak is a Senior Advisor with Cambridge Global Advisors.