Election winners are always happy to take the win, but the losers — and often the voters — require evidence, and that evidence needs strong backing. Modern voting systems must engender confidence that the final tally represents the true preferences of voters, without manipulation or tampering. After apparent Russian interference in the 2016 national elections, politicians nationwide are investigating our security posture.
It seems that no Russian probes into Texas election systems went anywhere, but we might not be so lucky next time. Texas’s current voting systems were not designed to defend against the cyberattack skills that the Russians and other sophisticated adversaries can bring to bear. It’s time for our state to plan an orderly retirement of its old and insecure voting equipment and adopt better practices.
Texas has a unique chance to be a national leader here, and there are three Texans poised to lead the charge. Director of Elections Keith Ingram heads the Secretary of State’s investigation into election security. Under the Texas Cybersecurity Act, he must issue a report — due December 1, 2018 — that contains legislative recommendations aimed at bolstering our election systems.
Under the same Act, the Senate Select Committee on Cybersecurity, chaired by Senator Jane Nelson, R-Flower Mound, must issue legislative recommendations by January 13, 2019. And Senator Bryan Hughes, R-Mineola, chairs the Senate Select Committee on Election Security, which held a day-long hearing on the topic last month where I and others testified.
“There are few rights more precious — more fundamental — than [the] right to vote,” Hughes said last month.
He promised that his committee would take a “thorough look” at risks to Texas’s elections systems.
His commitment to election security is admirable. And although Nelson’s hasn’t yet tackled elections cybersecurity in her committee, I hope she too will dedicate public hearings to and engage with experts on cybersecurity, national security and elections infrastructure.
In fact, the cybersecurity report she must submit next January will be incomplete if recommendations to secure elections systems are not front and center.
As Fort Bend County’s Elections Administrator told Hughes’s committee last month, counties need funding to address their outdated infrastructure. At the same time (to borrow a phrase from Nelson), Texas must “spend smart.” In the election security
context, spending smart means establishing protective and practical security standards for voting machines, voter registration systems, and back-end databases — before purchasing new equipment.
We needn’t wait for available products to catch up: Texas is a large enough market that standards we establish here can drive vendors to provide the right equipment.
Last week, the U.S. Senate Select Committee on Intelligence, including Texas’s Senator John Cornyn, released bipartisan initial recommendations on improving election security. Prominent on its list: recommending that states “rapidly replace outdated and vulnerable voting systems” and ensure voting machines have a voter-verified paper trail and no wireless networking capability. At minimum, Texas should include similar provisions in its standards.
In fact, our state has a chance to get ahead of curve — and of any federal mandate — by issuing and helping counties meet such standards now.
There are other standards Director Ingram and Senators Hughes and Nelson should consider: mandatory audits, improved cyber-hygiene standards for all election-related information technology systems and logistical and technical support enabling counties to administer elections securely. Additionally, the U.S. Department of Homeland Security has created a brand-new Elections Infrastructure Information Sharing and Analysis Center (ISAC), allowing DHS to share threat intelligence information across every state. Texas certainly needs to be a member.
Texas’s voting systems are aging out and their security engineering was never up to the task. Our state government has an opportunity to step up and put Texas at the forefront of this issue of national significance. With sensible reforms, Texas can lead the nation in election integrity.
Right now we’re pretty much just sitting ducks.
Dan S. Wallach is a Professor in the Department of Computer Science and a Rice Scholar in the Baker Institute of Public Policy at Rice University. Wallach’s research considers a variety of computer security topics, including the design and engineering of secure and usable voting systems.