Email systems used by some county election officials lack rudimentary security settings and are vulnerable to hacking, according to a recent survey conducted by the nonprofit investigative newsroom, ProPublica.
Propublica’s findings include eleven offices protected by only a login and password. Election security best practices suggest 2-Factor authentication for sensitive email accounts. This simple protocol requires a second account (usually a mobile phone) to receive a security code that must be entered to gain access to an email account.
The possibility of election interference is hot-button issue after it was determined by the state department that Russia interfered with the 2016 election. The Democratic Party’s push to flip the House of Representatives in the November election makes this a much watched midterm election–and partisan politics are a major reason for this increased attention. According to the ProPublica survey, found 10 of the 12 districts with non-secure email systems were home to incumbent Republicans up for re-election.
The vulnerability of email systems has been understated in comparison to the security of machines within the voting booth. “The focus on election equipment… ignores the greater dangers caused by hacking into the diverse collection of sensitive information that flows through … the electoral process,” commented Jasson Casey in an editorial for the website Dark Reading.
The threat posed by hackers infiltrating electoral systems isn’t limited to coercing or influencing votes, but to undermine the overall confidence in the system itself. Matt Dietrich, a spokesman for the Illinois Board of elections said of a 2016 hack of the state’s voter base “wasn’t… to steal votes, but to create havoc.”
Jasson Casey echoed this point, saying “Even if the hacker’s candidate-of-choice is not elected, the information’s integrity becomes a distraction as authority figures are discredited, creating social and political instability.”
Upgrading and securing the U.S. election systems has been something of an uphill battle, even with a $380 million fund provided by the federal government. A cybersecurity skills shortage and political infighting has slowed attempts at reform.