It’s a good thing someone in our government is actually informed about elections. A report out yesterday afternoon noted the head of the NSA, during an Armed Services Committee weighed in on the possibility of US elections being hacked (and here).

During a Senate Armed Services Committee, Sen. John McCain, R-Ariz., asked about the possibility that Russia “could somehow harm the electoral process” in his state and “disrupt the voting results in the upcoming election.”

Admiral Mike Rogers, head of the NSA and U.S. Cyber Command, spoke about the disparate structure with some states voting manually and others electronically.

“But is it a concern?” McCain asked.

“Oh, yes sir,” Rogers responded.

Fortunately, elsewhere in government, another top official knows how things actually work.

 “The beauty of the American voting system is that it is dispersed among the 50 states, and it is clunky as heck,’’ said [FBI Director] Comey. “A lot of people have found that challenging over the years, but the beauty of that is it’s not exactly a swift part of the internet of things, and so it is hard for an actor to reach our voting process.’’

Rogers clearly doesn’t understand how elections work. As I pointed out the other day, there is almost ZERO chance that the election could be “hacked” in any meaningful way. The FBI Director (who I rarely agree with on matters of security, privacy and surveillance) is spot on. Our election process is a giant, decentralized mess. It is largely impervious to hacking largely because it is not standardized, not centralized, and not connected. Comey gets this. That’s ultimately good because it would probably be up to the FBI/DOJ to enforce security over elections. If the NSA was in charge, we would be screwed.

Recent news reports that the election databases in Arizona and Illinois have a whole lot of people up in arms, and have caused numerous publications that have precious little understanding of election systems to proclaim that the US election in November could be hacked. For instance, there is this from the Daily Signal:

“If it’s an organized effort, and someone hacks into a system and falsely registers bogus voters, you could hire a crew of people to vote multiple times under different names,” von Spakovsky told The Daily Signal. “That’s a problem for states with no voter ID laws. There is no way to prevent that.”

Guess what, there is nothing that prevents that currently. You can fill in a ton of false registrations in a state and hire a crew of people to vote multiple times. Yet it doesn’t happen. Just about every major study of voter fraud has found that when it does occur, it is a) generally on a very small scale and b) frequently caught. Why? Several reasons:

• The sudden appearance of a large number of extra voter registrations would be noticed. Most states publish the number of registered voters publicly and there are people who look at the numbers, literally, on a daily or weekly basis to see how they have changed, and how the change tracks against changes over time. A sudden shift in the number would stand out.
• The size of the “crew” required to throw an election is significant. Few states decide Presidential or Congressional elections by a few votes and rigging them is VERY difficult. The Florida results in 2000 are the rare exception, not the rule in Presidential elections. To swing a state like Ohio in 2004, you would have needed 60,000 votes. The size of the crew that could pull that off is so large it is unlikely that somebody wouldn’t brag about it to a friend. Occasionally you have a down ballot race for something like dog catcher that is decided by a handful of votes. Those are frequently fixed and very frequently caught.
• The decentralization of American election systems would make a large scale hack almost impossible. Typically each county in a state is responsible for providing their own election systems. You vote, the aggregate vote from your precinct/ward/division is sent to the county election official, who then sends it along to the state. To “hack” an election in a single state, you may have to compromise dozens or even hundreds of individual polling systems in a state, and quite frequently a mix of different systems is in use. So you may have to compromise dozens of different types of machines. You could possibly hack the secretary of state’s central computer, but all the counties have to reconcile their votes, then meet with the state election officials to certify that what the state shows is correct. So the hack at the state would eventually be revealed.

The biggest threat to our election systems is not the hacking of an election, but the workaday hacking of our personal information. That, however, is something that threatens every major database – be it commercial, private or government. In just the last few years, an alphabet soup of government agencies has been hacked. The IRS, NSA, and OPM, to name just a few, compromised the personal information of millions of citizens. Corporate hacks on everything from Target to porn sites have resulted in even more.

Election agencies maintain huge databases of information about voters. In many states the use of a voter ID number is prohibited, so they often use your Social Security Number to identify you. When the database gets hacked, the attackers will often get your name, address, date of birth, driver’s license number and SSN. That’s all the ingredients needed for identity theft. What’s worse, is the leak of that information happens all to frequently.

A lawsuit filed this week revealed what Kemp said his office learned on Friday — that Social Security numbers, dates of birth and driver’s license numbers for 6.1 million registered voters was included in a voter file provided last month to 12 organizations.

That’s among the largest breaches affecting states, if not the largest, according to a timeline kept since 2005 by the Privacy Rights Clearinghouse. South Carolina in 2012 discovered that unencrypted data from tax returns was hacked from its Department of Revenue, affecting 3.8 million adults, 1.9 million dependents and 700,000 businesses.

Despite that danger not only existing, but coming to fruition, Georgia’s elections director refused help in securing their systems, claiming a fear that the federal government was using it to get their nose under the tent to take over elections.

The reality is there is precious little chance that elections can be hacked, unless and until we centralize and standardize our election systems. While some have called for that as a way to provide better oversight and protection, it is actually quite likely that would create worse problems. Instead, the real election reform we need as voters is the creation of a national voter ID number that could keep track of voters without compromising their social security and drivers license information. Many on both the left and the right oppose a voter ID number though for different reasons. The left is generally opposed to voter IDs because they feel they suppress minority and low-income voters. The right fears them as a way for government to track individuals’. Both are likely justified in those complaints.

However, we already have ID numbers that are frequently surrendered on registering to vote, but those IDs are tied to everything else we do in life, and our system, currently, is ill-equipped to protect them.

So sleep well tonight knowing that our election systems will likely keep our democracy safe, but not your personal information.