And when we talk about these things, we talk to Dan Wallach.
When we think about those who defend the territorial integrity of our nation and state, we tend to imagine well-equipped members of the U.S. armed forces, or perhaps a square-jawed detachment of Texas Rangers. Increasingly, however, the twenty-first century battle for control of the American homeland is being fought in the computerized elections systems overseen by our humble county clerks.
Here in Texas, votes in federal and state elections are tallied independently by 254 local officials, one in each county seat, from big cities like Houston and Dallas to tiny courthouse towns like Tahoka and Floydada. If a hostile country decides to hack an election in Texas, that means pitting Russia’s (or Iran’s or North Korea’s or China’s) most skilled hackers against a group of officials and volunteers who may not even know their way around an iPhone.
“We’re asking county clerks, and for that matter local poll workers, to defend against a nation-state adversary,” says Dan Wallach, computer science professor at Rice and expert on election security issues. “That’s not a fair fight.”
Wallach, a graduate of J.J. Pearce High School in Richardson as well as U.C. Berkeley and Princeton, has made it his mission to assist local election administrators by helping to develop and advocate for the adoption of foolproof, verifiable election systems and policies in Texas. From 2011 to 2015, Wallach served on the U.S. Air Force Scientific Advisory Board; before that he led the National Science Foundation–funded ACCURATE (A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections). Most recently, he’s been seen testifying before the Texas Senate on issues related to election security.
“From a security perspective, the systems that we use, these electronic voting systems, were never engineered with the threat model of foreign nation-state actors,” Wallach says of the status quo in Texas. “I have no idea if anybody’s planning to exploit them, but there’s no question that the vulnerabilities are present.”
That’s the bad news. The good news is that remedies are within reach, if Texas is willing to invest money and other state-level resources to improve election security. Experts like Wallach have identified best practices that can make elections reliably secure for the current threat horizon. Wallach proposes what amounts to a three-step plan for improved election security: better machines, better oversight, and better contingency planning.
The rest of the story delves into those three steps; it begins of course with auditable voting machines that include printed ballots. Speaking from my perspective in the IT security field, I can confirm that every big company that wants to stay in business past tomorrow zealously captures, indexes, and monitors its systems’ log files, both to look for real-time anomalies and to provide a written record of what happened in the event of a breach or other failure. It’s just standard practice in the real world. Why our state government is so resistant to it for our election systems is a question for which they really need to be held accountable. I would also note that the $350 million price tag to replace every obsolete voting machine in the state, which apparently we can’t do unless the feds pick up the tab, is something we could easily afford if we wanted to do it. For now, assuming we don’t get a state government that’s willing to do this, our best bet is to work towards a federal government that will do it, presumably after 2020. And hope like hell in the meantime that nothing goes horribly wrong.