A draft US law to secure election computers that isn't braindead. Well, I'm stunned! I gotta lie down
Some good ideas sneak into the Senate
A law bill was introduced today to the US Senate designed to safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents.
The Securing America's Voting Equipment (SAVE) Act [PDF] would designate elections systems as part of the US national critical infrastructure, task the Comptroller General of the United States with checking the integrity of voting machines, and sponsor a "Hack the election" competition to find flaws in voting machines.
"Our democracy hinges on protecting Americans' ability to fairly choose our own leaders. We must do everything we can to protect the security and integrity of our elections," said cosponsor Senator Martin Heinrich (D-NM).
"The SAVE Act would ensure states are better equipped to develop solutions and respond to threats posed to election systems. Until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation's democratic institutions will remain vulnerable."
If passed by both the House of Reps as well as the Senate, and signed into law by President Pence, the proposed legislation would instruct the Director of National Intelligence to perform a security clearance check on the chief election official of each state and one designee, and – after they passed – would keep them updated on current and projected hacking threats.
Meanwhile, the Department of Homeland Security would be given the job of developing a threat assessment model for hacking election systems and develop a best practice guide to protect them. States would also get a grant to buy new, and hopefully more secure, voting machines.
"While the Intelligence Committee's investigation is still ongoing, one thing is clear: the Russians were very active in trying to influence the 2016 election and will continue their efforts to undermine public confidence in democracies," said cosponsor Senator Susan Collins (R-ME).
"The fact that the Russians probed the election-related systems of 21 states is truly disturbing, and it must serve as a call to action to assist states in hardening their defenses against foreign adversaries that seek to compromise the integrity of our election process. Our bipartisan legislation would assist states in this area by identifying best practices to protecting voting equipment, and ensuring states have the resources they need to implement those best practices."
Homeland Security: Putin’s hackers tried to crack electoral networks in 21 US statesREAD MORE
The dire state of election machine security was amply demonstrated at this year's DEF CON hacking convention in Las Vegas. A squad of enthusiasts managed to compromise election machines with ease, either in person or remotely, to potentially alter final tallies for candidates.
The election equipment hacking, which will be repeated next year, proved remarkably easy. Many of the voting machines were still running Windows XP, few were properly patched, and the resulting furor caused the state of Virginia to scrap its own voting machines.
But not everyone is so concerned. Georgia – which doesn't even give voters a paper receipt for their vote that can be used in recounts - recently managed to wipe a computer server that was crucial to a lawsuit probing possible election blunders in the state.
There is a simple technical fix to ensure elections are a lot harder to hack, and it's a low-tech fix: paper. Paper ballots that are time consuming to forge, compared to electronic tampering, have been used in elections for centuries and some states, such as Texas and Virginia, are testing out a return to exclusively paper ballots.
But not everyone looks for low tech. Another suggestion is the Helios system, which takes encryption and distributed networks to make an election not only very hard to hack but also verifiable without compromising privacy.
Whatever the solution, it's clear today's systems are insecure, and something has to be done now rather than when it really is too late. The SAVE Act, if you look past the name, is a pretty good start. ®
Sponsored: Becoming a Pragmatic Security Leader