WAPO: “There are real deficiencies of security in our systems that can and need to be improved, but in many ways, the ‘big lie’ has tainted discussions or efforts,” Susan Greenhalgh, senior adviser on election security for the group Free Speech For People, told me. “There is fear any election security improvements could be twisted to validate the incredibly bogus claims from the Trump campaign.”
https://www.washingtonpost.com/politics/2022/06/17/trump-false-election-claims-made-it-tougher-talk-about-election-security/
Trump's false election claims made it tougher to talk about election security
Analysis by Joseph Marks
with research by Aaron Schaffer
June 17, 2022 at 7:48 a.m. EDT
Welcome to The Cybersecurity 202! I hope everyone is looking forward to a nice Juneteenth weekend. We'll see you back here Tuesday. Here’s “I, too” by Langston Hughes, a great D.C. poet before he moved to New York.
Below: The United Kingdom ordered WikiLeaks founder Julian Assange extradited to the United States, and Dutch authorities say they caught a Russian spy at the war crimes court.
There's a fine line to walk in discussing election security
Election security efforts kicked into high gear after the 2016 election — fueled by Russian interference in that year’s presidential contest.
Then 2020 happened.
The baseless claims of hacking and fraud that former president Donald Trump and his allies spread after his 2020 loss have polluted conversations about election security ever since, making it far harder to talk about legitimate dangers to the voting process.
Trump allies have routinely misrepresented legitimate security concerns to serve their own ends. They’ve also co-opted the language of election security to promote wild conspiracy theories and degrade public faith in the democratic process.
They’ve claimed to have found digital vulnerabilities and back doors in voting machines that make no sense to experts who’ve studied those machines. They’ve conducted vote audits that violate all audit protocols and render election machines too insecure to be used again.
The result: Talking about genuine election security concerns has become a tortuous process as experts try — usually in vain — to ensure nothing they say will be mischaracterized.
“Everyone working in election security has become very sensitive to the need to word things carefully and precisely and to qualify even the most innocuous statements,” Matt Blaze, a Georgetown University professor who has been working on election security for decades, told me.
“Election security researchers now know that their work will be amplified and distorted by activists interested in undermining democracy,” William T. Adler, senior technologist at the Center for Democracy and Technology focused on elections, told me. “It’s harder to raise concerns about legitimate vulnerabilities. … There’s a whole ecosystem set up to mischaracterize election security work.
”To be clear: Russian hackers accessed voter rolls in at least two states and probed election systems in several others before the 2016 election, according to U.S. intelligence agencies and the report from special counsel Robert S. Mueller. There's no evidence they compromised actual voting systems or changed any votes.
In response, election officials have made huge strides in security since 2016 — including retiring large numbers of voting machines that lacked paper records and could not be sufficiently audited and installing cybersecurity sensors in election offices across the nation.
But a lot still needs fixing. About 10 percent of the country still votes on machines that lack paper trails. Researchers recently found numerous digital bugs that the Cybersecurity and Infrastructure Security Agency urged fixing in voting machines used in Georgia and other states.
“There are real deficiencies of security in our systems that can and need to be improved, but in many ways, the ‘big lie’ has tainted discussions or efforts,” Susan Greenhalgh, senior adviser on election security for the group Free Speech For People, told me. “There is fear any election security improvements could be twisted to validate the incredibly bogus claims from the Trump campaign.
”The challenge is heightened because election security has never been a matter of creating a perfectly secure system — a fact that’s easily exploited by election deniers.
Rather, elections are generally viewed as a balancing act between making digital attacks and fraud as difficult as possible while making the voting process as easy as possible.
That provides a lot of opportunities for election deniers who want to blow up legitimate security concerns into something much bigger.
For example: Election security advocates have expressed legitimate concerns that some voting machines transmit election results wirelessly to a central server and could be corrupted by hackers during the process. Some election officials dispute those concerns, saying the machines don’t touch the open internet.
In other cases, voting machines have the ability to connect to wireless networks but it’s supposed to always be turned off — something security advocates say is too risky.
But those legitimate disputes are a far cry from Trump allies' bizarre claims that voting machines routinely communicated with Venezuela and Italy.
“It’s one thing to say airplanes can crash and airplanes are vulnerable. It’s another to say that Air Force One was shot down and Joe Biden’s been replaced by a body double,” Mark Lindeman, director of the group Verified Voting, told me. “The ‘big lie’ claims are in body-double territory. They make no sense.” If there’s one plus side to the current moment, it’s that election machine vendors and election officials have become far more adept at engaging with cybersecurity pros and speaking openly about their security protections.
Election machine vendors, in particular, have evolved from mostly shunning the cybersecurity community before the 2016 election, to inviting outside cybersecurity testing of their equipment. • They’ve also embraced some reforms the security community had long called for, including no longer selling voting machines without paper trails.
“One side effect of the ‘big lie’ is that election officials understand that they need to be able to explain why their systems are trustworthy, which is that the election security community has been advocating from the beginning,” Blaze told me.
Democrats in Congress have also continued to push for election security reforms. The House Appropriations Committee released a funding bill that included $400 million in election security grants this week — which also mandated that states only buy new voting equipment that includes paper records.
Democratic senators have called for a $5 billion investment in election security — though such a large investment is highly unlikely to win support from Republicans who have been historically wary of cooperating with Democrats on the topic.
There’s also a chance that voters convinced by Trump that elections are fundamentally insecure could still be won back.
That’s likely not possible with die-hard believers of course. But the nature of Trump allies’ election lies is that a lot of people have been left with a vague impression the election was corrupted but no firm beliefs about how.
It’s conceivable that those people might be convinced otherwise if they’re shown enough transparent evidence that elections are secure.
“A lot of people don’t pay much attention and their beliefs about 2020 may not make a lot of sense. … Those people are worth reaching out to,” Lindeman said. “A hallmark of good election reforms is they can reach voters across a spectrum of beliefs about the 2020 election.”