Speaker 0
0:00 – 6:01
Hello. I'm Ryan Cook, and this is Civic Tech Chat, a podcast about the civic technology movement. We seek to harness the power technology has to improve the delivery of public services to people everywhere. Welcome back to another episode of Civic Tech Chat. We've returned from a long hiatus as I'm going through the final semester of an undergrad program. Don't forget to subscribe in order to follow new episodes as they come along. All of that said, let's get into our main topic for today, election security. We find ourselves checking in on this issue, in part because of its importance, and in part because of a report released recently by some folks at Stanford University. This document seeks to make policy recommendations to enhance the security of the twenty twenty elections and beyond. It makes use of conclusions drawn in the Mueller report, which lays out efforts made by the Russian government to influence the outcome of the twenty sixteen election. The title of this report is Securing American Elections, Prescriptions for Enhancing the Integrity and Independence of the the twenty twenty US presidential election and beyond. Truly, this is a catchy title. You might be wondering, though, what are they saying we should do? This can be summarized by a few main points. The first being that that election tech security can be improved through the use of techniques like penetration testing. This would involve things like the use of attack teams that would attempt to infiltrate and undermine systems in simulated attacks. The benefit of such actions would be the discovery of exploits and vulnerabilities. The report also contains recommendations seeking to limit foreign involvement in campaigns. It suggests banning foreign consultants and companies from working with US campaigns and publishing information about connections between campaigns and foreign governments. It goes on to recommend foreign governments and individuals be prohibited from buying online advertising meant to target US voters, the appointment of a US government representative on election interference, and a commitment for the US government to respond to instances of election interference. Admittedly, I was somewhat surprised to learn that the last point there hadn't quite happened yet. The report is also keen to point out that attempting to do any of this is going to require considerable coordination. In Stanford's own piece about the topic, Nate Persley, co author of the report, is quoted as saying, you can't just have engineers deal with this problem, and you can't just have politicians. You need a concerted response with people from across disciplines tackling the issue. You need computer scientists, technologists, lawyers, economists, political scientists, and ethicists. The report is timely, as it releases when we're learning about and acknowledging shortfalls in our own election infrastructure. There are a couple portions of this that are oft forgotten about that I'd like to briefly dig into. The first of those is the cybersecurity of campaigns themselves. Typically, these organizations have to handle it on their own, despite of lack of resources to do so. Current campaign finance law more or less prohibits corporations from volunteering their service to campaigns as such a thing would be considered an in kind donation. In response to this dilemma, senator Ron Wyden proposed a bill that would allow political parties to provide this sort of support to individual campaigns. That said, it remains stuck, as majority leader McConnell has stated that they do not intend to allow any election security bills to make it to the senate floor. But it's not all doom and gloom here. The FCC did rule to allow a nonprofit by the name of Defending Digital Campaigns to Offer Free Services. The ruling broke down to a lesser of two evils kind of choice. It was determined that the risk of election interference is worse than the risk of influence peddling by the aforementioned nonprofit. Services will be available to campaigns of any party that reach certain thresholds. 5% national polling for presidential candidates. And for House and Senate candidates, they need to have raised 50,000 or $100,000 for their campaigns respectively. Another weak link that doesn't always garner attention is the electronic poll book. These are computers, often tablets, that allow poll workers to look up voter information at individual precincts. They save a lot of time, but at times can't introduce their own vulnerabilities. For example, just last week, Politico reported on a software company that had inadvertently opened a pathway for a potential malicious actor to tamper with voter records in North Carolina. It would seem that remote access software was used to connect with a sensitive system in order to troubleshoot a voter list management tool. The reason this has caused concern is that a vulnerability in poll books could be used to make changes to the information presented in swing precincts. This could be done in a way to prevent certain folks from voting, which could then have a ripple effect on the larger election. So it seems election security is still quite the topic. If you've enjoyed hearing about about this and would like us to dig deeper into the subject, head on over to civictech.chat and click on the feedback link. There, you can let us know what you like and what you don't like about the program. Thanks again for listening, and I hope to catch you again next time. You can follow us on Twitter using the handle at CivicTechChat, visit us on the web at civictech.chat, or subscribe to us for content updates wherever it is you download your podcasts.