The threat to vote by mail isn't fraud. It's disinformation and sabotage

The threat to vote by mail isn't fraud. It's disinformation and sabotage

Michael K Hamilton undefined avatar

Michael K Hamilton

The CISO

Editor's Note: The original article is published on CNET here.


Millions of Americans have voted by mail securely for more than 150 years, with fraud historically being so rare that election officials wouldn't even consider it significant enough to be a rounding error. But with the coronavirus pandemic pushing a record number of absentee ballot requests, President Donald Trump and his administration have attacked the time-tested system, claiming that it will lead to a chaotic Election Day outcome.

Since April, Trump has questioned the legitimacy of vote-by-mail on Twitter, saying it will "lead to massive corruption and fraud," without offering any evidence of what security flaws are present. Attorney General William Barr also claimed, in June, that voting by mail "opens the floodgates to fraud," also without any proof. 

These attacks on mail-in voting aren't new, but they do come at a time when a record number of people in the US are expected to request absentee ballots because of the coronavirus pandemic. COVID-19 has killed more than 160,000 Americans, causing businesses to shut down to prevent the spread of the infectious disease; pushing people to keep their distance from each other; and leading children to attend school online or have their parties via webcam. Sending in your ballot is the next logical step when trying to stay safe.

 

Disinformation Is the Greater Threat to Election Security

The real danger is that these attacks damage the credibility of our entire democratic system. Election security officials have long warned that disinformation about voting is more concerning than the potential for someone to tamper with ballots. If you can get people to believe that results aren't legitimate, it doesn't matter whether fraud actually happened.   

"Nobody really has to successfully attack an election and demonstrate that votes were changed or ballots disappeared," said Mike Hamilton, a founder of CI Security and a former chief information security officer for Seattle. "You just have to raise enough doubt in people's minds."

The US Postal Service says it remains committed to delivering election mail on time, and it has been coordinating with local election officials, despite the many cuts to its services by the Trump administration.  

The truth is, fraud associated with mail-in ballots is exceedingly rare, and when it does happen, it's minuscule enough that it wouldn't affect the outcome, election officials and experts said, noting there are safeguards in place.

That truth gets distorted thanks to social networks. A Wall Street Journal report found over 100 claims from Trump, via Twitter, attacking mail-in voting, a majority of which are factually inaccurate.

The attacks on mail-in ballots, particularly when a pandemic threatens the health of voters and election volunteers, have frustrated experts, who point out that many of the scenarios raised by the Trump administration would be impossible to carry out. 

"When people throw these ideas around, it shows a lack of understanding of the overall process," said Amber McReynolds, CEO of the National Vote at Home Institute and Coalition, and the former director of elections for Denver.

 

How to Get Away with Vote-By-Mail Fraud

Across the board, election security experts have pointed out just how difficult it would be to carry out election fraud on a scale large enough to actually affect the outcome. Printing a fake ballot would fall into the "nearly impossible" category. 

"The statement that other governments can print ballots and mail them to everybody is bullshit," Hamilton said. He pointed out that each ballot has a specific barcode generated and matched to the voter, with scanners being able to tell which votes are legitimate. "To print fake ballots with a matching barcode is not even possible." 

But in case you're curious, here's what you'd need to do to actually carry out voter fraud by mail and affect the outcome of an election. 

  • Figure out every registered voter who requested a mail-in ballot
  • Intercept the ballot
  • Get good at forging signatures and really good at guessing

If you've gotten through all of these security checks, congratulations: You've done something most election officials would consider nearly impossible. 

But remember, you need to do this for hundreds -- if not thousands -- of people for your effort to actually affect the outcome.

 

Digital doubt

Disruptions can also come digitally -- election officials are frequently on alert for cyberattacks, working with government agencies like the Cybersecurity and Infrastructure Security Agency to test for vulnerabilities. 

There's no evidence that hackers have ever changed votes in an election, but a cyberattack could still cause concerns for officials. Counties that use computers to verify signatures, for example, could be affected if those devices are vulnerable. 

"A ransomware attack could affect the outcome of an election if it happens during the counting process," CI Security's Hamilton said. "If I can encrypt your data, I have enough access to change it. How are we going to prove it wasn't changed? It's the integrity of the votes -- that's exactly where this applies."


Read the rest of the article here:  https://www.cnet.com/news/the-threat-to-vote-by-mail-isnt-fraud-its-disinformation-and-sabotage/

Critical Insight contact background

Talk to one of our cybersecurity experts

245 4th St Ste 405Bremerton, WA 98337

Looking for careers?

View all job openings

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.