It’s difficult to remember a time when an American presidential election was more fraught with uncertainty than the one that’s fast approaching next month. Not only has COVID-19 raised questions about the safety of casting votes at physical polling locations, but there’s also a raging debate about election security as millions of American prepare to make their voices heard.
But security should never be politicized – the threats of foreign interference, disinformation, and cyberattacks remain ever-present, and we all have to work together to resist them.
With all these threats to worry about, voters should remember that they aren’t powerless. Just as Americans can wear a mask, physically distance, and wash their hands to mitigate the threat of COVID-19, they can also practice good cybersecurity hygiene to thwart the bad actors who want to infiltrate and manipulate the electoral process.
These measures range from vetting and confirming communications that contain election information through legitimate sources (such as local election authorities) to knowing how to spot disinformation.
Empowerment is the first rule of cybersecurity. People often think they aren’t tech savvy enough to defend themselves from cyberattacks, which leads to complacency and dramatically increases the risks they face.
The same is true of threats to our electoral process – if voters are informed and aware, the chances that they’ll fall victim to a cyberattack or any other attempt to disrupt their participation in the election decrease significantly.
An ominous threat landscape
The United States has never faced a broader range of cyberthreats to its electoral system than it does right now. In June, researchers from MIT and the University of Michigan found that a platform already in use for digital and remote voting was “vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers.”
A recent report by four federal agencies (including the FBI and the Cybersecurity and Infrastructure Security Agency, or CISA) described online voting as “high-risk even with controls in place.” And other cyberthreats could affect our electoral system in many ways beyond compromising the digital voting process.
For example, there are concerns about signature verification software being hacked, password theft (which targeted election officials in Arizona in 2016), and foreign interference. Last month, Microsoft reported that 200 organizations associated with the 2020 election have been targeted by a single group of Russian hackers, thousands of attacks have been launched by Zirconium in China (150 of which resulted in compromises), and an Iranian hacking group has “attempted to access the personal or work accounts of individuals involved directly or indirectly with the U.S. presidential election.”
This is just a glimpse at the ever-lengthening list of cyberthreats to the integrity of our election, and it’s a reminder that 2020 is an unprecedented year for cybersecurity and democracy.
The age of information warfare
The vast majority of cyberthreats rely on some form of social engineering, which means hackers manipulate and coerce human beings to get them to divulge sensitive information, download malicious material, or expose themselves and their organizations in some other way.
In recent years, we’ve seen an explosion of an even more direct type of social engineering – the strategic deployment of disinformation to convince voters to change their minds about issues and candidates, and more importantly, change their behavior.
The evidence for the use (and efficacy) of disinformation is overwhelming. A 2019 Oxford study found that there was a 150 percent increase in “countries using organized social media manipulation campaigns” over the preceding two years. In 45 of the 70 countries the researchers studied, they discovered “evidence of political parties or politicians running for office who have used the tools and techniques of computational propaganda during elections.”
This is particularly alarming, as a large-scale study of fake news published in Science in 2018 found that false information traveled further and faster than the truth. Governments, software companies, think tanks, and many other entities are scrambling to develop ways to identify, flag, and prevent the proliferation of fake content.
While this is a necessary effort, one of the most effective tools we have to fight back against disinformation in the 2020 campaign is education. In fact, education is a critical component of our election defenses across the board.
What voters can do to defend themselves and our democracy
When voters hear intimidating terms like “foreign interference,” “vote manipulation,” and so on, they often feel powerless and discouraged. But they’re far better-equipped to protect their votes – and in turn, the entire American electoral system – than they may think.
While some forms of infiltration can only be prevented by more secure systems, others can be stopped in their tracks by voters themselves. For example, there are plenty of accessible security tools that can keep voters and organizations safe, such as multi-factor authentication on devices used to submit voter data, as well as software like Microsoft ElectionGuard and Google’s Advanced Protection Program.
But the most effective measures to prevent hackers from stealing or manipulating your vote don’t require any software or equipment at all – they just require you to be aware of potential threats and how to foil them. Consider a few examples:
1. It’s common for hackers to break into voter registration lists and change addresses or other information to sow confusion before an election. Voters can easily get around this problem by contacting their local election office to confirm that they have the correct information prior to voting.
2. According to Microsoft, before the 2016 election the Russian hacking group Strontium “primarily relied on spear phishing to capture people’s credentials.” Like any other social engineering attack, spear phishing relies on victims to provide login credentials or other sensitive information directly. Voters can prevent these attacks by providing and confirming information through official government channels and recognizing warning signs (such as last minute polling location changes or demands for information you have already provided).
3. Voters should recognize that there are countless bad actors who are creating fake news sources, articles, and even entire online communities to increase division and distrust in the run-up to the election. This is why it’s crucial to rely on legitimate media outlets (which can be held legally responsible for publishing false material), primary sources, and information that has been corroborated by fact-checkers and other objective third-party organizations. Social media has become one of the largest sources of news in the United States, but users need to be extra wary of the information they find on social media platforms, as it has been used to manipulate the electorate on a vast scale.
Now is a time when cybersecurity and citizenship are one in the same. Doing everything possible to protect your vote, pressure test information, and prevent bad actors from corrupting our electoral process is a civic responsibility, and Americans should remember that the integrity of our democracy depends on it.
ABOUT THE AUTHOR: Zack Schuler is the CEO and Founder of NINJIO