Protecting our elections must be bipartisan priority for lawmakers

We know the Russians interfered in our elections in 2016. They probed voter registration records and breached state voter databases in at least two known instances. While election officials are preparing for foreign adversaries to try again in 2020, there is unfortunately no assurance that those adversaries will not change up their tactics and targets.

Defending against future attacks means that our leaders in Congress needs to go on the offensive. As the calendar moves closer to 2020, policymakers are running out of time to make the pivot from talking about what election officials have learned toward embracing effective policies through legislation and providing more and consistent funding.

The good news is that the 59th presidential election will be the first run after the election system was declared to be critical infrastructure. That designation initially resulted in some bristling over the role of the federal government in the electoral process, yet an effective partnership between all levels of government administrators and bipartisan political agreement about the need to unify to protect elections from adversaries has resulted in notable improvements to cybersecurity in our elections.

The federal focus was long overdue. States and local jurisdictions now have access to the Department of Homeland Security services that include cybersecurity assessments, the detection and prevention of election system intrusions, training, and information sharing. These new federal resources have been widely accessed by states. Scaling up the ongoing efforts by the Department of Homeland Security will yield more positive results, especially with voter registration databases.

The bad news is that the voter databases are not the only area of risk in the election process. Many efforts that make voting more convenient, like early voting and voting centers, require real time connections to the voter database to ensure that each voter is only given one ballot. Without that critical connection to the database, voters are pushed into a provisional process that takes longer to administer, adjudicate, and count.

Similarly, electronic pollbooks used widely across the country require no federal certification. These potentially vulnerable internet connections have yet to receive much attention by policymakers as a future target of those who seek to influence elections. Election administrators at the local level have an almost impossible task. They must get both physical security and cybersecurity right every day. The “bad guys” only need to get in the door one time. Many of the risks to the system that administrators are expected to mitigate actually lie outside of their direct control.

An increasing number of voters cast ballots through the mail. Any time a ballot leaves control of an election administrator, there is an increased element of risk. In this case, the risk is not solely cybersecurity. An attack on the Postal Service could impact election results and confidence in the system, especially in states where most votes are cast through the mail. But most federal discussions of voting by mail are about the benefits of increasing no excuse voting and rarely about how to secure it.

There are two ways for Congress to prepare for the future of elections. It could pass very specific policies for nationwide adoption or it could appropriate consistent and sizeable grants that allow states to make their own plans. Congress can wield its power to secure its own priorities. For instance, although it took 15 years, there is now near unanimity among experts that our voting systems should indeed be paper based.

While there has always been deference given to states about how they run elections, Congress functionally prohibited certain voting technologies like lever voting and punch card machines in the past by offering states financial resources that required the adoption and implementation of modern systems. It could do so once again and eliminate unverifiable electronic systems through legislation. Congress could alternatively provide states the resources to be forward looking and allow states to decide their own election security priorities. Congress provided states $380 million to fund election security along these lines in 2018.

However, those federal grants require some significant planning by states and result in long procurement timelines. The activities that states could do within the short term were quite limited, and the federal money was insufficient to begin all the security enhancements states need to make. For states to develop long term plans for future elections, they need to know that the federal government will be making consistent and stable appropriations to secure the election process, yet there have been few fruitful discussions about providing such predictable resources.

Neither political party has all the answers about how to solve the election security problem. The conversation will never be complete. Congress has taken more interest ever since significant vulnerabilities were exposed in 2016. Congress now needs to move past talking and into action if it intends to equip election officials for the next round of attacks.

Matthew Weil is director of the Elections Project at the Bipartisan Policy Center in Washington. He previously served in staff roles at the Treasury Department and at the United States Election Assistance Commission.