Managing Electoral Cyber Risk (Table of Contents)

4 Pages Posted: 20 Sep 2017  

David Thaw

University of Pittsburgh - School of Law; University of Pittsburgh - School of Information Sciences; Yale University - Information Society Project; University of Pittsburgh - Graduate School of Public & International Affairs

Date Written: September 17, 2017


Election “hacking” has become a topic of intense national conversation in the United States following allegations of foreign interference in the 2016 federal elections. Even assuming for a generous amount of partisan political rhetoric, the nature of political, scholarly, and scientific discourse following that election cycle suggests widespread concern regarding the integrity of U.S. electoral processes among most (if not all) segments of the polity. Put simply – Americans are losing faith in their election systems.

An overwhelming volume of discourse responsive to this problem focuses on “securing” election systems or “preventing [foreign] hacking.” This Article answers both questions, claiming that the “answer” to both is that in fact the questions are wrong. A frightening percentage of public discourse, and even some scholarly and scientific literature, fundamentally misunderstands one or both of the technological or legal systems currently in place, what are the threats to those systems, what protections they do (and could) provide, and what actually are the nature and means by which a foreign actor could influence an election result.

This Article seeks to bring clarity to this discussion – one fundamental to the U.S. representative democracy – by providing a framework for understanding the means by which elections can be unlawfully influenced, the legal and technological systems in place to prevent such unlawful influence, and the limitations of those systems. It argues that current discussions are likely to continue two (failing) approaches found in other areas of cybersecurity: (1) a desire for a technological “silver bullet” solution; and (2) the creation of checklists to implement such solutions and “prevent” or “solve” the problem.

Such approaches have repeatedly failed, as anyone who has received notification their personal information was compromised is aware (well over one-in-three Americans). Drawing upon previous literature and empirical evidence, this Article attempts to reframe the question by answering that we should instead be asking how to manage such risk, and examine how the integration of multiple legal and technological tools into a risk management plan can achieve an acceptable level of confidence in our electoral systems, buttressed by “failsafe” procedures in the event an election result falls outside an acceptable margin of risk.

Keywords: cybersecurity, elections, hacking, risk management

Suggested Citation

Thaw, David, Managing Electoral Cyber Risk (Table of Contents) (September 17, 2017). Available at SSRN: or

David Thaw (Contact Author)

University of Pittsburgh - School of Law ( email )

3900 Forbes Ave.
Pittsburgh, PA 15260
United States


University of Pittsburgh - School of Information Sciences ( email )

Pittsburgh, PA 15260
United States

Yale University - Information Society Project ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

University of Pittsburgh - Graduate School of Public & International Affairs ( email )

Pittsburgh, PA 15260-0001
United States

Register to support our free research


Paper statistics

Abstract Views