This week, a Millennial in our office said he'd been thinking about going back to a "dumb phone." We laughed. An offhand, humorous comment, yes, but one that speaks to a change afoot. Millennials, those early adopters of technology, those digital natives who have grown up not knowing a world without the Internet, are now able to see the writing on the wall about the drawbacks of the technology that many of us have embraced.
When technology means a breach of the public trust and a threat to democracy, it's time for pause. Those breaches can come in the form of "quizzes," masked as personality tests on Facebook, used, according to The New York Times, by Cambridge Analytica to glean valuable data intended to swing the 2016 presidential election.
Those breaches also have the potential to swing our elections, by actually manipulating votes.
Last week, Sen. Ron Wyden, D-OR, took part in a hearing in the Senate Intelligence Committee on election security. In it, Wyden asked Homeland Security Secretary Kirstjen Nielsen whether the federal government had the "authority to mandate basic cyber security in the electronic voting machines used in this country." Nielsen said no—and confirmed that no other federal agency has that authority, either. Some overarching federal agency should.
In the United States, 43 percent of voters use voting machines to cast their votes, Wyden stated, adding that five states have no paper trail for those votes. Researchers have found that voting machines, Wyden said, have "serious security flaws, including back doors." He also stated that some of the largest manufacturers of these voting machines have refused to answer questions about the security of their machines.
From reports this fall, we know that 21 states' voting systems were targeted by Russian hackers during the 2016 election. Meanwhile, federal government officials say there's no one in charge of mandating basic election security nationwide. So who does that burden fall to? By default, to the counties and the states that handle the votes. That should scare you.
"Americans don't expect states, much less county officials, to fight America's wars," Wyden said in a March 21 statement. "The Russians have attacked our election infrastructure and leaving our defenses to states and local entities, in my view, is not an adequate response. Our country needs baseline, mandatory, federal election security standards and what I'm talking about here are paper ballots and post-election, risk-limiting audits." We believe nationwide paper balloting—indeed, a move back to more tangible, verifiable methods of handling elections, would be a benefit to our democracy, and we applaud Wyden for his efforts.
To be clear, Oregon, which uses a paper vote-by-mail system, is not one of the states whose voter system was targeted by the Russian hacking operation, according to a statement issued by Secretary of State Dennis Richardson Feb. 27.
"I am confident that Oregon's voting system is a national leader in cybersecurity and protection from malicious outside intrusions," Richardson wrote. The steps Oregon takes to protect voter data include backing up the state's voter registration database each day and keeping breach detection devices in place. But note that it's Oregon statutes that stand to protect voter data—not federal policies or agencies.
"A federally accredited voting system test laboratory checks for vulnerabilities and provides our Elections Division with a report that helps us perform our own analysis to ensure systems are secure before certifying them," Richardson wrote. "Once these certified machines are purchased by the counties, they are never connected to the internet and are physically secured at all times." Meanwhile, an audit takes place before and after every election, also as required by state law.
- Jen Sorensen
Still, as Richardson admitted, "We are in the middle of an information war." While Oregon may have more processes and protections in place to ensure the votes you make are the votes that are counted, statements about "information wars" are scary. Oregon may be at the vanguard of voting security—but that is a standard that takes continued diligence to maintain, and that's not the case elsewhere. If we've learned anything about the nation in the past year and a half, it's that sticking our heads in the sand and pretending it's OK to ignore what's outside our own backyards is dangerous territory. We are in an information war, and as both Wyden and that Millennial among us has intuited, part of the solution may lie in a shift in society—not in a backward direction, but in a direction that acknowledges the limitations and potential dangers of widely adopting technology too quickly and too comprehensively, without proper oversight.
Paper ballots and dumb phones are not dead—and shouldn't be.
Paper ballots allow elections officials to tally votes in a way less easy to be manipulated by cyberhackers from across the Atlantic. And dumb phones allow us the constant communication we crave, without the threat of feeding a beast of personal data that can be used against our democracy.