Could hackers break into election systems on Long Island and across the state, erasing voter rolls or even falsifying results?
Not likely, say lawmakers and elections board officials, citing New York’s continued reliance on records and machines disconnected from the internet and backed up by paper.
But after recent attempts to steal voter registration information from a number of other states across the country, the biggest impact on the presidential election may be the simple injection of doubt.
“We think that what they’re trying to do, mostly, is create a mood of uncertainty, rather than doing actual damage,” said Rep. Peter King (R-Seaford), a member of the House Homeland Security Committee. “We’re not worried, we’re not anxious, but having said that, voting is our most cherished right, and voting for president is the most cherished of the cherished.
“So we want to make sure that not only is it done honestly and accurately, but also that the American people feel confident with the result,” King said.
King and Rep. Kathleen Rice (D-Garden City), also a Homeland Security Committee member, wrote a letter on Sept. 9 to Homeland Security Secretary Jeh Johnson asking the department to assist the state and the Suffolk and Nassau election boards in “protecting their voting systems from cyberattacks.”
The lawmakers noted that New York’s voting systems had not yet been the victim of any known cyberattacks, but that they were acting out of an abundance of caution.
The letter came after Johnson held a conference call in August with state elections administrators to discuss cybersecurity, and after the FBI issued a “flash alert” to state officials to warn them to boost security of their systems.
The alert cited two recent examples of hackers targeting local election systems that match the circumstances described in news reports from Arizona and Illinois, where the theft of voter registration information was either attempted or executed.
Last week, FBI director James Comey told the House Judiciary Committee that there had been more “attempted intrusions” into state voter registration systems, which he didn’t identify, and said officials suspect that Russia-based hackers may be responsible for some. Comey said the bureau is “investigating to try to understand exactly what mischief the Russians might be up to in connection with our political institutions and the election system more broadly.”
On Friday, The Associated Press, citing an unnamed Homeland Security official, reported that hackers had targeted the registration systems of 20 states in recent months. The official said it was unclear if all of the attackers were foreign or domestic, and did not identify the states or say whether the intrusions were successful.
“We need to take this seriously and we need to be proactive,” Rice said in an interview. “Especially if there’s evidence that sophisticated actors are attempting to influence our elections by taking people off rolls, skewing the results or, more worrisome, just creating a doubt or suspicion that would attempt to delegitimize the outcome.”
In Arizona, hackers attempted to access a portion of the state’s voter registration system by introducing malicious software, according to reports. In Illinois, they obtained data on roughly 200,000 voters, prompting the state voter registration system to be closed for more than a week, reports said.
Leaders of the state, Nassau and Suffolk election boards said in interviews that they are reviewing security procedures in light of the hacking attempts in the other states.
But the officials said they believe New York’s system, which still relies partly on paper registration records and electronic voting machines that use paper ballots, provided added safeguards.
“We always start on paper, so you always have backup on those things,” said Thomas Connolly, a state elections board spokesman. “We still feel pretty secure in our system.”
New York State allows voters to register online before forwarding the applications to county or city election boards for completion and approval. In Suffolk and Nassau, voters cannot change their registration information online via the election board websites, and must submit their applications via mail or in person at the election boards. While records are kept digitally, they are backed up by physical print copies, officials said.
“To access a board of elections database, one has to be physically in the building,” said Nick LaLota, the Suffolk Board of Elections Republican commissioner, noting that he doesn’t even have remote network access from his home. “We’re probably more susceptible to a Russian land invasion than a cyberattack.”
Both counties, as is the case with the rest of New York, use electronic voting machines that record paper ballots, and do not connect to any kind of network.
“All machines are independent of each other and independent from the internet,” said Bonnie Garone, a Democratic deputy commissioner at the Nassau Board of Elections. “They can’t communicate with each other.”
Each machine, Garone said, is tested by a bipartisan team of election officials, and after results are recorded, can be checked against the paper ballot.
“I would say we are 100 percent confident in the security of our voting system and registration records,” Garone said.
Cybersecurity experts say that a hack with widespread implications on the presidential race is made more difficult by the fact that America’s elections are decentralized. Different processes and technologies are used from state to state.
Most susceptible, experts said, are touch-screen, ATM-style voting machines, without paper backups, which are used by only a few states, including Georgia and Delaware.
“They don’t have a good track record,” Jonathan Katz, a computer science professor at the University of Maryland and director of the school’s Maryland Cybersecurity Center, said of the security of touch-screen machines. “The paper ballot has the advantage of providing you with a recourse in case something does happen.”
But Katz said even local election agencies with such backup might not always have the quality of security that is found in the private sector, such as strong network intrusion detection systems or encryption ability, and might grant network access to too many people.
“In many cases, you see that they’re not following the basic cybersecurity hygiene that they should be,” Katz said.
Even if the chances of a serious hack of election data is unlikely, Katz said it’s important that voters have confidence in the integrity of the election system.
“There’s a psychological component here, and if you can somehow make voters even believe that when they show up to the polls that they might not be able to vote, that might keep people home right there,” Katz said.