Three Things We Need To Do Now To Protect Our Elections In 2020

This essay originally appeared on Medium.

Despite how front and center Russia’s significant campaign to influence the 2016 elections has been in our politics these past few years, little has been done to ensure it doesn’t happen again in 2020. No major bill addressing foreign interference has passed the Congress, the strategy of the United States government remains opaque at best, and of course our President has still not accepted that Russia did intervene last time. This lack of action comes despite the US intelligence community giving repeated warnings about Russia and other nations trying again in the 2020 election; and in recent weeks FBI Director Wray has been loudly raising the alarm about an unprecedented rise in cyber-attacks happening now against American interests. Given how late we are to taking action — the election began three months ago, twenty candidates are actively campaigning for President and voting begins in January — there are three things which the nation’s political leadership should prioritize and make happen in the coming months:

Require Paper Ballots And AuditsFirst and foremost: make sure every state uses unhackable paper ballots and conducts mandatory post-election risk-limited audits of votes (something currently required in Colorado, Rhode Island, and Virginia). Getting this done by the November 2020 elections is going to require swift action, strong leadership from the Administration and Congress, and federal resources. Our current system of leaving election security up to the states, with no minimum mandatory standards, isn’t an adequate response to the reality of the threat today. The simple truth is without paper ballots and audits we have no way of knowing whether our election results have been altered. The lack of leadership from the White House on this fairly straightforward issue has been profound, and dangerous.

Protect Federal Candidates From Cyber Attacks/Hacking And DisinformationWhen it comes to protecting political candidates for federal office from the kind of activity we saw in 2016, the candidates and their political party campaign committees are essentially on their own. The Department of Homeland Security just isn’t yet in this business, and the extraordinary turmoil we are seeing at DHS now will make it far less likely a real program will emerge in the coming months. The cyber protections that federal elected officials receive in their official capacity as Senators and House Members do not extend to their campaigns or private activity, nor does it extend to candidates who are not yet elected. Essentially, it’s up to the candidates and campaigns to protect themselves — even though few politicians are cybersecurity experts — from Russian, Chinese, Iranian and North Korean government hackers and disinformation campaigns.

A series of things must be done here to address these emergent challenges. First Congress should work with DHS to establish a clear and transparent process for information sharing and technical support at the very least with the six federal party committees — the RNC, NRSC, NRCC, DNC, DSCC and DCCC — who can then extend similar services to each of their campaigns. Next each party committee should add a Vice Chair for Cyber Security to oversee these efforts and a Chief Security Officer to ensure the Committee’s access to the technical knowledge required to truly protect our candidates. The strategy for how each Party Committee approaches their responsibilities in these areas should be public, perhaps on their FEC filings; and robust programs with modern tools, fulsome information sharing and extensive training should be funded and executed.

The two offices that provide cyber security for Congress, the Senate Sergeant at Arms and the House Chief Administrative Officer should be given additional authorities and resources, including the ability to help extend protections to the political and private communications of Senators and House Members. Congress should also make counter intelligence and cyber security training mandatory for all principals and staff, and this training should be conducted at least annually as the threats, tactics and tools are always evolving.

Candidates Should Enter Into A Pact To Forgo Use Of Illicit Campaign TacticsOne of the great dangers facing the US in the coming years is that the kind of illicit tactics used by the Russians — hacking, weaponization of stolen information, extensive use of fake accounts and inauthentic amplification — becomes commonly used by domestic actors here in the US against one another. It is vital that responsible leaders of both parties come together and commit to forgoing the use of these kinds of tactics in our democracy.

Many European political parties have signed on to a pledge to forgo these kinds of illicit tactics in their May elections. The Democratic Party State Chairs of the four early primary states — Iowa, New Hampshire, South Carolina and Nevada — have expressed support for the idea of the Democratic Presidential candidates entering into a binding pact with one another committing to forgo the use of a wide range of these tactics. Encouragingly, all of the Democratic candidates up and running in late February agreed to forgo the use of stolen or hacked material in the 2020 elections, a tactic central to how Russia influenced our election last time. It is a good first step but much more must be done.

As an advisor to the Democratic Congressional Campaign Committee in the 2018 elections, I supported both extensive cybersecurity security and countering disinformation operations run by the Committee. We worked with the social media platforms to take down illicit activity, and reported cyber intrusions to the FBI. But at no point did we work cooperatively with anyone else in the federal government. The systems for information sharing, joint learning, training and tool evaluation simply aren’t there yet. We were on our own, as are the campaigns and party committees of both parties this election cycle.

Simply put, we are not ready. The country hasn’t taken the kind of commonsense steps to protect ourselves that we should have taken after Russia’s historic attack on the nation in 2016. The kinds of things I describe above should have happened in 2017 and 2018, and been up and running on January 1st, 2019. They didn’t happen — but they should now. While there are many things which can be done to protect our elections (like the Honest Ads Act and DETER Act, and of course HR1) to me these three steps are the most important and achievable in the coming months. I urge our candidates, elected leaders and the Trump Administration to step up and work together to get them done as soon as possible.