Contact The Editor
Articles By This Author
The DNC, which is moving its convention online because of the coronavirus pandemic, released a plan Friday for delegates to vote by email for the Democratic presidential nominee and planks in the party's platform.
Internet voting presents far fewer risks in this case than it would during a regular election because delegates' ballots are not secret. That means they can verify that their votes were not altered, either by hackers or technological snafus, and can correct any errors after the fact. There's also no drama about the outcome of the most important vote because former vice president Joe Biden has practically secured the Democratic nomination.
But it still presents numerous opportunities for hackers from Russia and elsewhere to disrupt the voting process, sow confusion about results or use disinformation operations to spread conspiracy theories or gin up hostilities between rival camps supporting Biden and Sen. Bernie Sanders, I-Vt.
And any disruption is likely to spark painful memories of 2016, when information Russia hacked and leaked from the DNC helped wreak havoc on Hillary Clinton's campaign.
That means the DNC must be hyperprepared to knock back any allegations of digital interference or rapidly respond to attacks even as it runs a convention unlike any in history.
"Even if they're making a prudent decision for public health, this still remains a rich environment for bad actors," Edward Perez, global director of technology development at OSET Institute, a nonprofit election technology organization, told me. "No one should lose sight of the fact that a purely electronic return of ballots is very high risk. The DNC needs to wear both hats at the same time: public health and cyber defense."
The DNC has been working for months on how to make a virtual convention work during the pandemic. The party passed a resolution in May allowing smaller subcommittees to handle in advance some of the more complex votes that usually take place on the convention floor. The remaining votes, including nominating the party's candidate for president, will go to all convention delegates on a single ballot delivered by email. They'll have between Aug. 3 and Aug. 15 to fill out that ballot and forward it by email to state party officials. The convention begins Aug. 17.
Those emailed ballots will include the delegate's name and another unique identifier such as a bar code that connects the delegate with his or her vote, the party said in an email to delegates.
"The State Parties will be responsible for collecting all ballots from convention delegates as they would if we were conducting votes in person at the convention," the letter states. "At the conclusion of voting, each state delegation chair will submit a tally sheet to the Secretary's Office that formally records the number of votes cast on each item of convention business."
There are a number of built-in security safeguards. Delegates will receive email updates when their votes are tallied by state party officials and will be able to reach out to those officials to ensure that their votes were recorded correctly, a DNC official told me. Delegates will also have the option of voting by phone or conventional mail if they object to email voting or lack Internet access, the official said.
Biden's and Sanders's campaigns hosted webinars this weekend outlining the email-voting system for their delegates.
"We want delegates to play their critical role without risk to their personal or the public health," said the official, who was not authorized to speak publicly about cybersecurity planning. "We know who all the delegates are. And because the votes are public, we feel confident that we could swiftly fix any problems that arise."
The party is also taking measures to ensure that other elements of the convention are not disrupted by hackers such as speeches by Biden and top party officials. That includes buying services from cybersecurity companies and "deploy[ing] redundant and diverse connections and pathways for the programming and infrastructure that supports the programming," the official said.
If a traditional election were held this way, election security experts would be sounding alarms about it. When several states piloted voting on mobile apps this year, it sparked so much concern that the Department of Homeland Security, the FBI and the Election Assistance Commission sent states a guidance memo detailing the risks. The memo warned that returning ballots using the Internet poses "significant security risks," including that hackers could change large numbers of votes, block votes from being recorded or undermine ballot secrecy.
Those risks are significantly mitigated when officials are not trying to both send a vote over the Internet and keep the voter's identity secret. But they're not eliminated.
"The stakes are obviously a lot lower in a party convention setting than a general election context where online voting could be hacked to change the results," Alex Halderman, a University of Michigan election security expert, said. "But what's at stake here is the legitimacy of the process and for that reason security is still very important."
For example, hackers could prevent a state from forwarding votes to the DNC by locking up its computers with ransomware or overwhelming its networks with Internet traffic. They could also change large numbers of votes by hacking into delegates' personal computers and mobile devices. That would probably be caught, but not before it publicly embarrassed the party.
"I'm less concerned about this instance of remote voting because they won't be anonymous," Duncan Buell, a University of South Carolina election security expert, said. "But [the DNC] should contract with a really good security firm. They should have backups on top of backups and delegates should be checking their votes were cast the way they expected."
The committee should also be as transparent as possible, Perez said, so there's less room for Russia or another hostile nation to spread phony rumors that votes are not being counted accurately or to otherwise spark fights between delegate factions.
"Just like the DNC attack in 2016, this creates an opportunity for bad actors to cast doubts on results and further divide us as a nation," he said.
(COMMENT, BELOW)