Managing Electoral Cyber Risk (Table of Contents)
4 Pages Posted: 20 Sep 2017
Date Written: September 17, 2017
Election “hacking” has become a topic of intense national conversation in the United States following allegations of foreign interference in the 2016 federal elections. Even assuming for a generous amount of partisan political rhetoric, the nature of political, scholarly, and scientific discourse following that election cycle suggests widespread concern regarding the integrity of U.S. electoral processes among most (if not all) segments of the polity. Put simply – Americans are losing faith in their election systems.
An overwhelming volume of discourse responsive to this problem focuses on “securing” election systems or “preventing [foreign] hacking.” This Article answers both questions, claiming that the “answer” to both is that in fact the questions are wrong. A frightening percentage of public discourse, and even some scholarly and scientific literature, fundamentally misunderstands one or both of the technological or legal systems currently in place, what are the threats to those systems, what protections they do (and could) provide, and what actually are the nature and means by which a foreign actor could influence an election result.
This Article seeks to bring clarity to this discussion – one fundamental to the U.S. representative democracy – by providing a framework for understanding the means by which elections can be unlawfully influenced, the legal and technological systems in place to prevent such unlawful influence, and the limitations of those systems. It argues that current discussions are likely to continue two (failing) approaches found in other areas of cybersecurity: (1) a desire for a technological “silver bullet” solution; and (2) the creation of checklists to implement such solutions and “prevent” or “solve” the problem.
Such approaches have repeatedly failed, as anyone who has received notification their personal information was compromised is aware (well over one-in-three Americans). Drawing upon previous literature and empirical evidence, this Article attempts to reframe the question by answering that we should instead be asking how to manage such risk, and examine how the integration of multiple legal and technological tools into a risk management plan can achieve an acceptable level of confidence in our electoral systems, buttressed by “failsafe” procedures in the event an election result falls outside an acceptable margin of risk.
Keywords: cybersecurity, elections, hacking, risk management
Suggested Citation: Suggested Citation