The computer-connected world poses an immediate threat to South Carolina’s and the nation’s elections and, thus, the future of democracy, elections and online experts say.
“Ultimately, the voters are at risk and democracy is at risk,” said Clifford Neuman, a University of Southern California cybersecurity expert. He spoke Tuesday at the university’s 50-state workshop virtual series on election security.
Some in Columbia are taking note with the general election 94 days away.
“It’s a threat to our democracy when we have foreign governments, our own intelligence is saying, attempting to influence our elections,” Columbia Democratic Rep. Seth Rose said. “We should all be very, very terrified about that and be taking steps to do something about it.”
Threat to democratic elections include voter tampering or voter registration tampering through hacking. But those attacks, elections experts say, are just the tip of the iceberg.
Attacks on accounts and government systems often coincide with hack-and-release publicity campaigns (think: the release of Democratic presidential campaign emails prior to the 2016 election) and disinformation campaigns (think: the false news report that Bill Murray entered the 2016 election that spread like wildfire on social media).
The 2016 election was muddied by Russian interference — though experts can’t say if the outcome of the presidential election would have changed — and resulted in the federal government doling out funds for states to shore up protections.
But cybersecurity and election experts are still worried.
“States are really locking (elections systems) down so the votes themselves are OK but if there is any more of (other cybersecurity interference), it has an impact on voter confidence and democracy stands on voter confidence. You have to believe your vote counts for it to work,” National Conference of State Legislatures election security expert Wendy Underhill told Statehouse Report, a City Paper sister publication.
The S.C. General Assembly will reconvene for two weeks beginning Sept. 15. Only bills that have passed one chamber will be taken up in the other chamber, along with the state budget. But that does not rule out the possibility of a strike-and-insert bill, which means lawmakers could use something that passed as a vehicle to do anything they want by striking everything and inserting new language. That’s how they approved federal pandemic aid allocations in June.
The growing threat
Clemson University communications professor Darrell Linvill asks his incoming freshmen the same question at the start of classes: Have you ever been taught in school to determine if something on social media is true?
Students from South Carolina and beyond never seem to answer yes. And, as one of the state’s experts in online disinformation campaigns, Linvill said it frustrates him.
“We live in a world where most Americans get their news socially mediated, and that can be very troubling,” Linvill said. “People need to understand how information comes to them and what that means and how they should interpret that information.”
A growing collection of evidence, gathered by academia and federal investigations, has shown the nation’s election systems, which are governed by states and conducted locally, are under attack.
Neuman said hackers look for weak passwords, phish for information through legitimate-looking emails to state staff and send viruses. Those looking to meddle in elections not only hack but they also work on campaigns more akin to Madison Avenue than spycraft, Linvill said.
Those spreading disinformation online, known as “trolls” or “bots,” are often hard to spot on social media. Part of their effectiveness is the illusion that they are real people who agree with your political leanings, Linvill said.
“If they are disagreeing with you, it is more likely it is a real person because all the Russians ever did was agree with you,” he said. “They just want to make you agree with them more. It seems to be one of their primary goals to make our country more divided, to make us more disgusted with one another.”
And “they” could be Russian, Iranian, Chinese or even homegrown agents.
A state Senate race in Alabama in 2018 saw a homegrown campaign employ some of the tactics seen by Russians in 2016. Linvill said it’s only a matter of time before more campaigns adopt such a method for dirty tricks.
During Tuesday’s Election Cybersecurity Initiative workshop, Executive Director Adam Clayton Powell III highlighted the recent Twitter hack as a reason to pay attention.
“What if they had used the same technique in November with the goal of disrupting the election?” he asked.
The new voting system
South Carolina was among the states scrambling for a different voting system in the wake of the 2016 election. Its electronic-only system was old and vulnerable to hacking efforts, computer experts warned. The state implemented a new machine-marked and ballot-fed system ahead of the Democratic presidential preference primary in February.
Underhill said that was an important step in curbing cyber attacks but also in providing a boost to voter confidence with the ability to audit a paper trail.
But concerns remain.
In a 2020 narrative seeking federal election assistance funds, the S.C. Election Commission wrote: “Challenges this agency faces include the constant threat of cyber-attacks as well as the implementation of the state’s new voting system.”
“The SEC is aware that it is a target of constant (albeit unsuccessful) cyber-attacks,” the agency continued.
The agency requested $6.8 million, some of which was sought to go toward strengthening cybersecurity. SEC spokesman Chris Whitmire did not respond to requests for comment for this story.
Neuman said a hacking breach only takes one laptop keeping its connection to the internet, or a state or county election employee opening a phishing email for any voting system to be compromised.
Potential policy action
Cybersecurity for state agencies appears to be a top issue for Gov. Henry McMaster. Earlier this year, he earmarked $15 million in his proposed state spending plan to build a South Carolina National Guard facility in Aiken that will address cyber-threats. He also issued a 2017 executive order creating a cybersecurity czar at the State Law Enforcement Agency.
But this week, McMaster’s office would not say whether McMaster is concerned about the safety of elections or whether he thinks more should be done to ensure they are secure.
There are few bills in the current legislative session that address election cybersecurity. Most seek to further alter the state’s election system to a hand-marked ballot system. Another bill could address one of the largest concerns of election security: media literacy, which is the understanding of what is real information on an online platform. Freshman lawmaker Rose filed H. 4673 in January, where it stalled in the House Education and Public Works Committee. The bill would establish a panel to make recommendations to the state Department of Education on how to incorporate media literacy into school curriculum.
Linvill said his team at Clemson is working on an August release of a media literacy platform that walks users through fake social media accounts, helping them spot disinformation spreaders.
NCSL’s Underhill said state agencies can play a role by keeping an eye on disinformation, particularly being vigilant about those trying to spread fake changes to voting dates or precincts, and be ready to disseminate correct information.
States should also be working on how to address a potential backlog of absentee voting ballots, which cannot be counted until election day in South Carolina, Underhill said. With the coronavirus pandemic, more people than ever before are voting absentee to avoid standing in line.
The longer that voters wait for official election results, Underhill said, the more opportunity subversive campaigns have to disseminate fabricated results designed to make voters question the legitimate results. Several bills have been filed seeking tabulation of votes prior to election day.