Elections in the United States are almost entirely safe and secure. The decentralized nature of our election system – states, after all, establish their own processes and protocols – make it extremely difficult for any coordinated attempt to undermine the results of a national election. Nonetheless, there are vulnerabilities in election systems that could potentially be exploited, including a limited potential for voter and election fraud, the somewhat greater threat of hacking digital voting systems, and the much more prevalent risks from domestic and foreign interference.
In particular, interference in the form of disinformation campaigns that undermine trust in candidates or the electoral process has proven to be particularly damaging to election integrity. Such misinformation has real impacts on public trust in elections, as reflected in the January 6 insurrection that resulted from President Trump’s and many Republicans’ repeated false claims of voter fraud in the 2020 presidential election that Trump lost.
“There are many, many people, both from overseas and here domestically, that are spreading misinformation about vulnerabilities in our system, whether it’s through vote-by-mail or whether it’s through the technology that counts our ballots,” David Becker, a former Department of Justice civil rights attorney and head of the Center of Election Innovation & Research, explained shortly before the November 2020 election. “And those have been overblown to such a degree that we now see the largest percentage ever of American voters who don’t trust the system.”
Despite federal election officials declaring the 2020 election the most secure in the nation’s history, election security is an ongoing concern, one that requires constant vigilance against those who wish to weaken our democracy or place partisan interests ahead of their respect for its institutions.
Voter Fraud and Election Fraud
Voter fraud — which includes, for example, voting more than once, voting under someone else’s name, or non-citizens voting — is exceedingly rare, but does happen. As discussed in the section on Voter Suppression, supporters of measures to secure elections — often bad-faith actors, foreign or domestic — may often cite conspiracies of rampant voter fraud without any evidence whatsoever. In making and repeating such false and unsubstantiated claims, those who claim to be concerned about election security in fact undermine confidence in the voting process far more than do isolated cases of individual voter fraud.
Election fraud — misconduct by campaigns or election officials, as distinct from voter fraud — is also exceedingly rare. The most prominent recent example is the case of North Carolina’s 9th Congressional District in the 2018 midterm elections, in which multiple workers for candidate Mark Harris (R) were indicted for the criminal mishandling of absentee ballots. The State Board of Elections refused to certify the result, and Harris did not run in the new election.
By and large, however, the consensus among election officials and non-partisan experts is that voter and election fraud are very uncommon and do not pose a major threat to the legitimacy of elections. Established processes for both in-person and mail-in voting have multiple safeguards in place to prevent fraud and to catch and punish those who commit it.
One of those safeguards is the Electronic Registration Information Center (ERIC), a nonprofit organization run by and for the states that choose to join it. As of this writing, ERIC coordinates voter registration data across 30 states and the District of Columbia to help keep voter rolls up-to-date. A key feature of ERIC is its ability to notify a state when one of its registered voters moves to become a resident of another state.
Another critical safeguard is the integrity of state and local election officials who oversee and conduct the actual counting of ballots. As was proved in the 2020 presidential election, these officials withstand tremendous political and social pressure to ensure that most if not all legally-cast ballots are counted — and that most if not all ineligible ballots are not included in the count. (Note: We use the phrase “most if not all” to acknowledge the possibility of some small number of errors; the point being that any errors in the final count would not have changed the outcome of the election.)
Local election officials find themselves on the front lines of a cyberwar with sophisticated nation-state rivals and other malevolent actors. As Chair of the Federal Election Commission, Ellen Weintraub stated that she is “gravely concerned about ongoing efforts by geopolitical adversaries to undermine our democracy.” Ensuring the integrity of digital voting machines and registration databases is a paramount concern. To date, there is little evidence, however, that any votes or voter rolls have been altered through digital manipulation.
In July 2020, cybersecurity firms warned the Department of Homeland Security of possible issues with outdated voter registration systems in California and Florida, according to an NPR report. In particular, in 2016, Riverside, CA may have seen changes to the voter records of “dozens” of people, the local district attorney believes — though details remain unconfirmed. Additionally, there is evidence that some other counties, as well as the Illinois State Board of Elections, have had their systems infiltrated by hackers, though there is no evidence that ballots were compromised. Improvements to many states’ systems have been made since the 2016 election.
The decentralization of the American election system is both a curse — it leaves more doors for hackers to penetrate — and a blessing, as any potential vulnerabilities tend to be extremely localized.
Despite the system’s weaknesses, elections remain secure. Soon after the 2020 election, the Cybersecurity and Infrastructure Security Agency, which among other responsibilities monitors threats to elections, released a preliminary statement calling it the “most secure in American history.” The statement also noted that “all states with close results” have paper records of every vote, and stressed that “there is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”
Much as Microsoft or Apple puts out patches to fix vulnerabilities in software even when they have yet to be exploited, so too do election officials look to solve holes in election security before they present a larger problem. All election officials in the United States are constantly on the lookout for problems and consult with cybersecurity experts to find solutions. Doing so preemptively, before a system is breached or an election goes haywire, is crucial to retaining public confidence in the voting process.
Foreign and Domestic Interference
Concern about foreign involvement in US elections dates back to the nation’s founding, as noted by Trevor Potter, a former Federal Elections Committee Chairman. Back then, the framers of the Constitution included several safeguards against foreign interference, including prohibitions against a foreign-born, naturalized citizen running for president and against any government official receiving gifts from foreign governments.
As we have learned in recent decades, interference can take many other forms, and it is not the exclusive domain of foreign governments. During the 1984 election cycle, for example, the Soviet Union took covert actions against incumbent president Ronald Reagan, including trying to infiltrate both the Republican National Committee and Democratic National Committee. And much more recently, President Donald Trump spread disinformation about vote-by-mail election fraud and the results of the 2020 election that he lost.
The internet has magnified the nature and scale of such interference and their threats to the democratic process.
In 2016, the Russian government inserted itself into the presidential election in a “sweeping and systemic fashion,” according to Volume I of the Report On The Investigation Into Russian Interference In The 2016 Presidential Election, better known as the Mueller Report. Not only did Russia promote then-candidate Trump in social media propaganda campaigns to the detriment of former secretary of state Hillary Clinton, they also hacked and strategically released the emails of Clinton campaign officials and penetrated local voting systems. The Mueller Report also found that the Trump campaign knew about and in some cases welcomed Russian help, but that there was not enough evidence of criminal collusion between the two to pursue charges.
A Republican-led Senate committee also released a report on Russian interference in August 2020 that came to largely the same conclusions as Mueller: that the Russians interfered, that the Trump campaign welcomed it, and that members of the campaign were vulnerable to manipulation by Russian intelligence officers, creating “notable counterintelligence vulnerabilities.”
The evidence of interference is thus well-established, as are the potential liabilities created by some in the American political system who downplayed or denied the basic fact that foreign interference in an American election hurts the perceived legitimacy of the election’s results. And FBI Director Chris Wray testified to a congressional committee in September 2020 that “very active” efforts were underway by the Russians to attempt to tilt the election against former vice president Biden. In this context, the reluctance of political partisans to act to prevent or limit such interference could be construed as its own form of interference.
Between August 2018 and July 2019, Microsoft said it had sent more than 740 notifications to political party organizations, campaigns, and democracy-focused nonprofits that use its free cybersecurity services warning them that they had been targeted by foreign government hackers. Most of the attempted infiltrations, the company said, were from Iran, North Korea, and Russia. Additionally, in September 2020 the FBI warned Facebook and Twitter that Russia was propagating misinformation online to hurt former vice president Joe Biden’s campaign and help President Trump’s. Both companies, the New York Times reports, are facing criticism for not having done enough to combat misinformation in 2016.
As noted, the 2020 presidential election was rife with unprecedented interference from the sitting president and his party. Soon after states responded to the coronavirus pandemic by expanding the right to vote by mail for their primaries and the general election, President Trump assailed this method of voting as open to substantial fraud, although available evidence supported the security of mail-in voting. He also publicly claimed that if increased voting by mail were allowed, “you’d never have a Republican elected in this country again.” In mid-June, Louis DeJoy, a close Trump ally, took over the United States Postal Service as its Postmaster General. After less than three months, there were numerous reports of a deceleration of mail service, leading many to worry whether their mail-in ballots would arrive in time to be counted.
Following the election, in which he lost, efforts by then-president Trump and his allies focused on changing the outcome of the November results, claiming widespread voter fraud without presenting any substantive evidence. In particular, Trump’s refusal to accept the results of the vote count in Georgia is now being investigated by Fulton County’s district attorney, and his insistence that he and his followers could “stop the steal” led to the insurrection on January 6, 2021 that sought to disrupt congressional certification of the electoral college vote. The Trump campaign’s widespread use of misinformation in campaign advertising and events bears some resemblance to the 2016 Russian social media campaign denigrating then-secretary Clinton. Trump was also accused of sabotaging the Post Office in order to impede vote-by-mail, which he baselessly asserted was ripe with fraud. Even as election officials and voters watch for foreign efforts to influence American elections, they should not forget to watch for homegrown issues as well.