Private vendors build and maintain much of the election infrastructure in the United States with minimal oversight by the federal government. A report released today by the Brennan Center for Justice at NYU Law presents the risks this poses to the security of our elections and offers a solution.
“Vendors manufacture and maintain much of America’s election infrastructure, yet they’re subject to fewer federal government regulations than the companies that make colored pencils,” said Lawrence Norden, one of the authors of A Framework for Election Vendor Oversight and director of the Brennan Center’s electoral reform program. “After the 2016 election, we have no doubt that our voting systems are a target of foreign adversaries. Congress must do more to protect our elections from attack.”
Because the election vendors are allowed to keep their security practices secret, election officials have little of the information they need to protect their voting systems. The report’s authors — Norden, Christopher Deluzio, and Gowri Ramachandran — propose a federal oversight structure to improve transparency and security. For the short term, they recommend contingency plans to compensate for attacks on election systems in 2020.
As the report details, the private companies that manufacture and maintain election systems are not required under federal law to disclose to their customers if their networks have been hacked, disclose who owns or controls them (including whether those owners have ties to foreign governments), share their cybersecurity practices, or provide their screening procedures for employees in critical positions.
The authors note that most of the voting system industry is controlled by a few companies, creating fewer and larger targets for adversaries. In addition, private vendors are involved in all aspects of elections, producing, servicing and programming registration databases, electronic pollbooks, voting machines, and election night reporting systems.