Voting security in CT: Not another Iowa, but cyberthreats persist
If you ask Connecticut”™s Secretary of the State Denise Merrill if the state is in danger of repeating the infamous Iowa caucus debacle when tallying its primary and general election results this year, you will get a hearty laugh.
“That”™s not going to happen here,” she said.
The reason, Merrill said, is simple: Connecticut”™s voting process relies on paper ballots “that undergo a rigorous post-election audit and (is) run by election professionals at the state and local level. Although it may take a little longer to report results, Connecticut”™s reliance on paper is our best defense against threats to our cybersecurity.”
The Feb. 3 Iowa Democratic caucus, whose victor, Pete Buttigieg, wasn”™t finalized until Feb. 9, was marred by the use of a vote tabulation app called Shadow, whose enormous technical errors contributed significantly to a three-day delay in reporting results. The Shadow app was distributed through mobile app testing platform TestFairy, instead of official app stores on Android and iOS, which boast higher security and performance requirements.
The poor performance has already caused other states that had contracted Shadow to tally their results, like Nevada, to cancel those plans, and has resulted in any number of late-night TV hosts”™ wisecracks.
But while Merrill also had a chuckle over the Shadow fiasco, she underscored that protecting voters”™ identities and ballots is no laughing matter.
“Some of our best protections come from the things we don”™t do,” she declared.
The Iowa episode “was not about accuracy, but the timing,” Merrill said. “The results were delayed, not necessarily inaccurate, because the app didn”™t work properly.
“Elections are much more complicated than they used to be,” she continued. “We use some technology, mainly to computerize voter registration files” ”” which are made available for public inspection, with copies made available upon request by municipal registrars ”” “but you have to be very, very careful before you introduce new technology.”
As opposed to Iowa”™s Democrat party ”” which apparently signed up for Shadow without going through the expected due-diligence process ”” “You need beta-testing, pilot programs for at least a year before you use it,” the Secretary said.
Connecticut has “the best kind of protection” against cyber threats, Merrill said, “because we do not allow any of our data to be connected to the internet. And we have multiple backups for our voter registration files.”
She acknowledged the state is under constant attack by what she called “bad actors.”
“We get an average of 1 million pings a day on our state systems,” Merrill said. “They could be from Russia, Iran or even maybe domestic. “But even though we have an electronic election management system, we have local officials type the results in by hand. It takes a little longer, but it”™s worth it.”
While Merrill said she feels good about the legitimacy of vote tabulation in the state, she warned that cyber-based “creators of propaganda” are a more worrisome concern.
“They”™re spreading false information about our elections,” she said. “In 2018, there was one website telling people that the election was being held on a different day.”
Such attacks are often aimed at lower-income and less-educated voters ”” often, particularly in big cities, minorities ”” in an attempt at quashing turnout, Merrill said.
“But they also go after students who may not know where and when to vote,” she said.
Since the 2016 presidential election ”” amid ongoing concerns about alleged interference by foreign governments ”” cybersecurity efforts “have gotten a lot better,” she said.
The Secretary said she regularly meets with the U.S. Department of Homeland Security”™s (DHS) head of cybersecurity to remain aware of the latest developments.
“A lot of this activity comes from the dark web,” she said.
She also noted the launch by the National Association of Secretaries of State of #TrustedInfo2020, whose mission is to drive voters directly to election officials”™ websites and verified social media pages to ensure they are getting accurate election infor¬mation.
“Cybersecurity is obviously a very difficult issue to keep a handle on. There are billions of dollars being spent to affect Americans”™ opinions and votes,” she said. “In addition to what we”™re doing, we”™re asking everyone to let us know if there”™s something suspicious going on.”