America’s democracy is at risk from more than Russian Twitter trolls. Our voting systems, the information technology that undergirds our elections, are dangerously outdated and vulnerable to attack. And for Finnish data security expert Harri Hursti, the best defense we have might be counting paper ballots.
We don’t have to count every vote by hand, he says — just enough to prove with a reasonable standard of certainty that the electronic results are valid. And for Hursti, who founded a string of companies before becoming involved in the area of election security, such a low-tech solution might be our best chance to protect the core mechanisms of our democracy.
Hursti is the subject of the new HBO documentary Kill Chain: The Cyber War on America’s Elections, directed by Simon Ardizzone, Russell Michaels and Sarah Teale. The film, which premiered March 26, follows Hursti as he exposes the vulnerabilities of America’s election systems. Watching the doc and learning the extent of those weaknesses won’t necessarily help you sleep at night, but for activists and ethical hackers, the first step in fixing a system is showing that it was broken to begin with. Hursti spoke with TIME in advance of the film’s release, taking a deep look at the realities of American election security, psychological warfare and the information landscape in the age of coronavirus. The interview has been condensed and edited for clarity.
TIME: Why are you concerned about the security of America’s election infrastructure?
Hursti: America is a country that exports democracy to a number of other countries, both old democracies and new emerging democracies. And right now, when this exporting happens, it’s important that what is being sent out are the best practices that will make that democracy resilient. We are literally in a new cold war. All democracies are constantly under attack. Those attacks are carried out by multiple parties with a multitude of different methodologies and goals. So it is important to have systems that can sustain these attacks.
What are some of our major vulnerabilities?
The other angle is attacking the election systems themselves. Our systems were designed at a time when cyber warfare was just bad science fiction. There was no security consciousness. But security is something you cannot add as an afterthought. It has to be part of the basic design before the first line of programming is written. Even with the newer machines, there has been no clear movement to redesign the systems to be resilient.
So why the return to paper ballots?
All systems we have today and for the foreseeable future can be hacked, and American elections cannot be conducted without information technology. So you need to have a hand-marked paper ballot to record the voter’s intent in permanent media as a fallback, and then you have to use technology to process that data with the knowledge that you might not be able to trust the result. And then you have to have a process of risk-limiting audits to convince you and the others that the election was in fact free and fair.
The goal of democracy is peaceful transition of power. The peaceful transition of power is only possible if the supporter of the losing parties can accept the results as free and fair. So we need to go back to paper ballots as evidence, with mandatory risk limiting audits to make sure the results of every race are verified.
Are there certain types of voting machines in the U.S. that particularly worry you?
In localities where people are still using direct recording voting machines (touchscreen voting machines with no paper trail) there are dangers because the voters’ intent is only recorded in digital form. If there is a suspicion of a hack, there is nothing you can do to prove that nothing happened, or prove that something happened. And if someone did tamper with the votes, there is no recourse to get a trustworthy result. So anything that is not backed by evidence, that evidence being a hand-marked paper ballot, is a vulnerable system. These machines are incapable of producing a forensic trail. Doubt is a destructive force, so we need to get to a place where elections are evidence-based and you can always prove that the election result was accurate.
Who’s to blame for how things got this way?
There are two things. First, the 2000 election crisis happened and as a reaction the Help America Vote Act of 2002 was enacted. That allocated over $3 billion of funding for jurisdictions to “modernize.” The problem was that there were no security standards, and much of what was being sold was already outdated. That is why the massive deployment of substandard equipment started in the first place.
The second part of the blame is with the voting technology vendors, who, in my opinion, live in the past. The vendors need to understand risks and vulnerabilities not as a PR problem, marketing problem or lobbying problem, but as a technological problem. There has been no security-conscious thinking. When a vulnerability is demonstrated in any system, the vulnerability itself doesn’t tell you how bad things are; the reaction of the company does. If the company responds proactively, then you know it’s a company with a responsible, pro-security culture. When you have companies where the first reaction is a PR campaign or legal action, to basically shoot the messenger, now you have a real security problem, because the company does not have security consciousness.
Has the COVID-19 pandemic affected America’s election security situation?
If you think about a malicious actor whose goal is to sow distrust within society, this kind of crisis is a perfect way to undermine trust. False messaging around public health issues started before COVID-19, and now you have a massive ramping up of information warfare because of the outbreak. Both the tools and the platforms used to spread the messages will outlast the disease itself. So in the cyber world, we are seeing the beginning of a long-lasting trend.
The E.U. has already picked up on Russian activities targeted to amplify the adverse effects of the COVID-19 crisis. We are seeing what happens when an official reaction and communication is delayed. Adverse actors can see the beginning of a new playbook—it’s a way to utilize a natural disaster to undermine adversaries. For the threat actors whose primary goal is to undermine people’s trust in society in western democracies, this is a start of a new kind of warfare.
Is it too late for us to secure the 2020 elections in November?
The short answer is yes. The longer answer is we should do everything we can possibly do. In counties where you have a paper ballot, we should make sure there is a chain of custody and governance over the paper trail, and enact strong risk-limiting audits. I don’t think those actions would cost much; they’re more a procedural and legislative change. That is, implementing paper ballots, and where you already have paper ballots, mandatory risk-limiting audits.
Is there anything ordinary people can do?
Yes. The most important thing is that apathy is as dangerous to democracy as someone manipulating the elections. If you are eligible to vote, please vote, and vote on the whole ballot. The races down the ballot are massively under-voted. From a criminal point of view, that’s where the money is. The more a race is under-voted, the easier it is to manipulate undetected.
You can also be a poll worker. There is a desperate need for younger and technologically agile people to help to run elections, and also to look out for irregularities and report them. It’s a wonderful way to get involved in the community, and to learn about civics, to learn how the cornerstone of democracy actually works.
And last but not least, if your jurisdiction is not using paper ballots and doesn’t have mandatory risk-limiting audits, contact your representative and ask them to get it done. Ask them for evidence-based elections, hand-marked paper ballots and mandatory risk-limiting audits, where every race is audited every single time.