40 Pages Posted: 19 Oct 2016 Last revised: 17 Nov 2016
Date Written: October 14, 2016
With the Russian government hack of the Democratic National Convention email servers, and further leaks expected over the coming months that could influence an election, the drama of the 2016 U.S. presidential race highlights an important point: Nefarious hackers do not just pose a risk to vulnerable companies, cyber attacks can potentially impact the trajectory of democracies. Yet, to date, a consensus has not been reached as to the desirability and feasibility of reclassifying elections, in particular voting machines, as critical infrastructure due in part to the long history of local and state control of voting procedures. This Article takes on the debate in the U.S. using the 2016 elections as a case study but puts the issue in a global context with in-depth case studies from South Africa, Estonia, Brazil, Germany, and India. Governance best practices are analyzed by reviewing these differing approaches to securing elections, including the extent to which trend lines are converging or diverging. This investigation will, in turn, help inform ongoing minilateral efforts at cybersecurity norm building in the critical infrastructure context, which are considered here for the first time in the literature through the lens of polycentric governance.
Keywords: cybersecurity, cyber attack, election, voting, critical infrastructure
Suggested Citation: Suggested Citation
Shackelford, Scott and Schneier, Bruce and Sulmeyer, Michael and Boustead, Anne E. and Buchanan, Ben and Craig, Amanda and Herr, Trey and Malekos Smith, Jessica Zhanna, Making Democracy Harder to Hack: Should Elections Be Classified as ‘Critical Infrastructure?’ (October 14, 2016). University of Michigan Journal of Law Reform, 2017; Kelley School of Business Research Paper No. 16-75. Available at SSRN: https://ssrn.com/abstract=2852461