Managing Electoral Cyber Risk (a.k.a. "Hacking Democracy")
35 Pages Posted: 20 Sep 2017 Last revised: 22 Aug 2018
Date Written: May 8, 2018
Election “hacking” has become a topic of intense national conversation in the United States following allegations of foreign interference in the 2016 federal elections. Even assuming for a generous amount of partisan political rhetoric, the nature of political, scholarly, and scientific discourse following that election cycle suggests widespread concern regarding the integrity of U.S. electoral processes among most (if not all) segments of the polity. Put simply – Americans are losing faith in their election systems. An overwhelming volume of discourse responsive to this problem focuses on “securing” election systems or “preventing [foreign] hacking.” This Article answers both challenges, claiming that the “answer” to both is that in fact the questions are wrong. A frightening percentage of public discourse, and even some scholarly and scientific literature, fundamentally misunderstands the technological or legal systems currently in place, the threats to those systems, the protections they do (and could) provide, and what actually are the nature and means by which a foreign actor could influence an election result. This Article seeks to bring clarity to this discussion – one fundamental to the U.S. representative democracy – by providing a framework for understanding the means by which elections can be unlawfully influenced, the legal and technological systems in place to prevent such unlawful influence, and the limitations of those systems. It argues that current discussions are likely to continue two (failing) approaches found in other areas of cybersecurity: (1) a desire for a technological “silver bullet” solution; and (2) the creation of checklists to implement such solutions and “prevent” or “solve” the problem. Such approaches have repeatedly failed, as anyone who has received notification that their personal information was compromised is aware (well over one-in-three Americans). Drawing upon previous literature and empirical evidence, this Article attempts to reframe the question by answering that we should instead be asking how to manage such risk, and examine how the integration of multiple legal and technological tools into a risk management plan can achieve an acceptable level of confidence in our electoral systems, buttressed by “failsafe” procedures in the event an election result falls outside an acceptable margin of risk.
Keywords: cybersecurity, elections, hacking, risk management
Suggested Citation: Suggested Citation