Skip to main content

The real election hack fear

Betsy Cooper, Executive Director, UC Berkeley Center for Long-term Cybersecurity | November 3, 2016

By Steven Weber, faculty director of the Center for Long-Term Cybersecurity and a professor, School of Information and political science, and Betsy Cooper:

If you are expecting to feel relief from a long and tortuous election season on the morning of November 9, don’t. Expect instead to hear about a possible cyberattack on American democracy. We might be watching a slow trickle of election results poisoned by suggestions that they may not be real. Imagine what it would feel like to hear different results on different media platforms, and not have any idea whom to trust.

The security of voting data means everything to American democracy. The act of voting is meaningful only if we believe that our vote will count — and be counted accurately. The U.S. had a small taste of what uncertainty about voting accuracy can look like during the Florida recount in 2000, and that was before the widespread use of electronic voting machines.

cybersecurity300Ensuring the security of our voting systems is important not only because we need to protect the integrity of elections, but also because we need to reinforce the corroding foundation of basic trust in digital technologies, the hopeful and somewhat naive faith that holds up an ever-growing share of the U.S. economy.

The threat of widespread election-day cyber vote-rigging that would tip the outcome is likely still small. FBI and security experts agree that the electoral system is probably too diverse and the number of votes too large for hackers to change the outcome. But for every voting machine that will be deployed across the country on November 8, there are literally millions of digital devices that exchange data critical to our lives every minute of every day. Even an isolated breach of digital voting systems — followed by a steady drumbeat in the media about lack of digital security — could break the camel’s back of digital trust, and in turn wreak havoc with our economy.

The U.S. government estimates that 5 percent of GDP is now purely digital, and that does not take account of digitally enabled processes that underpin and accelerate much of the other 95 percent. But every time a consumer makes an e-commerce purchase or a manufacturing company sends instructions to a factory robot, the integrity of those transactions or instructions is at risk of cyberattack. We go about our digital lives calmly because most people and most companies believe in that integrity most of the time. The default assumption is that devices are safe and the internet is secure, unless someone is directly hostile towards us; or we are extremely careless; or we are an unfortunate victim of very low-probability bad luck.

That assumption makes the digital world go round, but it is fragile and getting more so all the time. The steady stream of data breaches — from the U.S. Office of Personnel Management, Target, Yahoo, or countless other large institutions, to Colin Powell and the Democratic National Committee — are quietly eroding public faith in our digital-everything world. A tipping point may be coming soon.

A hack — or even the intimation of a hack — on our election system could easily serve as this kind of triggering event. It would touch literally every American at once and would likely be interpreted as a catastrophic failure not just of a single government agency or a single business, but of computer networks and software more generally. If we decide we need to return to paper ballots, why wouldn’t we also call for a return to in-person banking and paper record-keeping?

Our research institute at UC Berkeley has developed a scenario about the dynamics and consequences of a core reversal in digital trust, where the default assumption flips from “we’re basically safe” to “the Internet is a dangerous place unless proven otherwise.” In our narrative, set in the year 2020, the reactions of individuals are diverse: Some go offline; others make their data public before it can be stolen, and still others fight back, using whatever tools they can to stay one step ahead of the next hack. Either way, the “new normal” in 2020 is a cyber Wild West, where anyone who ventures online with the expectation of protection and justice has to provide it for themselves. It’s a world of much greater economic and social anxiety and considerably lower growth, where the digital giants that have fueled the U.S. economy for the last decade are struggling to get users to trust them with anything valuable.

Imagine if even 10 percent of business transactions moved back to paper contracts, or if NASDAQ required telephone confirmation of large stock purchases. A retreat to the analog world would be a massive blow to growth, jobs, and economic development — at a time when we can least afford it.

Crossposted from Bloomberg Government.

Read more on the Center for Long-Term Cybersecurity website.

Leave a Reply

Your email address will not be published. Required fields are marked *