After Mueller, questions loom about 2020 election security
ATLANTA — The collusion question now answered, another one looms ahead of 2020: Will U.S. elections be secure from more Russian interference?
The 22-month-long special counsel investigation underscored how vulnerable the U.S. was to a foreign adversary seeking to sow discord on social media, spread misinformation and exploit security gaps in state election systems.
With the presidential primaries less than a year away, security experts and elected officials wonder whether the federal government and the states have done enough since 2016 to fend off another attack by Russia or other hostile foreign actors.
“Although we believe that Russia didn’t succeed in changing any vote totals, the Russian playbook is out there for other adversaries to use,” said Virginia Sen. Mark Warner, a Democrat and vice chairman of the Senate Committee on Intelligence. “As we head towards the 2020 presidential elections, we’ve got to be more proactive in protecting our democratic process.”
Russian conspiracy: Special counsel Robert Mueller detailed the sweeping conspiracy by the Kremlin to meddle in the 2016 election in an indictment last year, charging 12 Russian military intelligence officers with hacking the email accounts of Clinton campaign officials and breaching the networks of the Democratic Party. The indictment also included allegations the Russians conspired to hack state election systems and stole information on about 500,000 voters from one state board of elections’ computers.
Another indictment from the special counsel detailed Russia’s use of social media and fake accounts to spread divisive rhetoric and undermine the U.S. political system.
Since the 2016 race, Facebook, Google and other internet giants have thrown millions of dollars, tens of thousands of people and what they say are their best technical efforts to identify misinformation, illegal political manipulation and hate that proliferate on their digital platforms.
Federal, state and local election officials have scrambled to improve communications and coordination, increase cybersecurity and upgrade outdated voting equipment. Congress last year sent $380 million in grants to states to help pay for some of these upgrades, but cybersecurity experts say that was just a down payment and much more is needed.
Although there was no evidence of large-scale interference in 2018, security experts and even government officials have acknowledged the likelihood that foreign adversaries stayed on the sidelines in preparation for next year’s presidential election.
A top target: U.S. intelligence officials have said Russia, China, Iran and other countries remain interested in influencing U.S. policy, and elections are a top target.
“We’re much better prepared in that we’re aware that there is a threat,” said Lawrence Norden, an expert on voting machines with the Brennan Center for Justice at New York University’s law school. “But we haven’t done some basic things.”
Norden noted Congress has not taken action on legislation that would subject online political ads to the same requirements as those sold on TV and radio. Nor has it advanced a bill that would mandate the replacement of all-electronic voting machines in use at some level in 12 states, and require postelection audits to detect malfunctions or manipulation.
In the online battle, Facebook has been regularly disclosing that it has blocked accounts, pages and groups engaged in unauthorized activity that could undermine democracy in the U.S. and elsewhere. Of particular concern are European Parliament elections set for May.
Spreading problem: Many of these accounts have been linked with Russia, but some were connected to Iran and other countries, a sign that Russia’s recipe for election meddling may be spreading around the world.
One unknown for 2020 will be how President Donald Trump responds to attempts to interfere. During the 2016 campaign, Trump was more prone to welcome help from Russia than to condemn it, encouraging it at one point to find Hillary Clinton’s deleted emails.
“In so many ways, our country is more vulnerable to foreign interference than it was two years ago,” said Oregon Sen. Ron Wyden, a Democrat and election reform advocate. “The president has publicly embraced foreign hacking and repeatedly questioned the fact that Russia interfered in 2016, and his administration has done far too little to improve the security of our elections.”
While Trump has downplayed Russia’s actions, he has taken steps to combat threats. The president issued an executive order last year authorizing retaliation against foreigners who meddle in U.S. elections and signed legislation creating a new cybersecurity agency under the Department of Homeland Security.
Leading up to the 2016 election and in the year following, state and local election officials complained about a lack of information about threats, including Russian activities targeting their networks.
Since then, Homeland Security formed a working group made up of federal, state and local election officials, begun a program granting security clearances to state election officials, and expanded the agency’s ability to conduct security reviews of state and local election systems for those that want them.
There have been challenges. An Associated Press survey last May found the agency had completed these reviews in only about half the states that had requested them at that point. Eventually, the backlog was cleared and federal officials reported all pending reviews were completed by the November election.
More work needed: Christopher Krebs, head of the new federal Cybersecurity and Infrastructure Security Agency, told Congress earlier this month that the 2018 midterms were the “most secure” in modern U.S. history, while acknowledging more work is needed.
“It will take significant and continual investment to ensure that election systems across the nation are upgraded and secure, with vulnerable systems retired,” Krebs said. “The president and this administration are committed to addressing these risks.”
But even if Congress were to immediately send funds to states, it is unlikely many of them could make upgrades in time. It can take months to decide on replacement machines, develop security protocols, train workers and test the equipment.
State election officials, though, remain confident they are harnessing the power of federal, state and local government and the private sector to guard against the threat. In Alabama, Secretary of State John Merrill said his office has been upgrading firewalls on state networks, adopting two-factor authentication for anyone accessing the state’s voter database and working with federal officials to conduct security reviews.
“Just like if you ask me if Alabama is going to win the national championship, I am going to say yes,” Merrill said of his confidence in the security of state elections. “We know the training is taking place, with the equipment that is available to us, and our people are being properly prepared.”
AP Technology Writer Barbara Ortutay in San Francisco contributed to this report.