Two states left nearly 200,000 people off voter rolls earlier this year, leading to confusion and anger when those people tried to cast a ballot in the primaries.
Election security experts fear it could happen again in November. While the problems stemmed mainly from computer glitches and human error, the chances of a repeat could be even greater if foreign adversaries, like the Russian government, successfully hack voter registration information.
The confusion in primary elections in Maryland and California illustrated that Russia wouldn’t need to change votes to disrupt America’s electoral process, said Maurice Turner, a senior technologist at the nonprofit Center for Democracy and Technology in Washington, D.C. Simply changing voter registration information or spreading disinformation about voting places and times could be catastrophic, he said.
“The attack that is most likely to succeed is one that causes confusion,” Turner said. “To cause confusion, there just needs to be a disruption in the normal process, and people’s fears can start to build.”
Disarray at the polls slows the voting process, disenfranchises people and sows doubt in democratic systems, Turner said.
“In my mind,” Turner said, “this is definitely the biggest concern that I have as far as securing our elections in 2018.”
The failures in two states earlier this year show how easily the voting process can be upended.
What happened in Maryland and California
Thousands of Marylanders may have avoided the polls during the state’s June primary because of a computer glitch that affected voter rolls.
On the eve of Election Day, officials notified 80,000 people by email that the Motor Vehicle Administration failed to transmit their updated voter information to the State Board of Elections because of a coding error that led to a computer glitch. (A month later, state officials said the total number of affected voters was 72,000.)
Affected voters were told they had to fill out provisional ballots when they went to the polls the following day. Provisional ballots in Maryland aren’t scanned and counted until after the voter’s information is verified.
A 2002 federal law guarantees the right of voters to cast a provisional ballot. Turner called it “a great backstop,” but added that “the downside is it takes more time, increases frustration, and some people are discouraged and they might find they don’t want to spend extra time to cast their vote.”
The error factored into the low turnout in Maryland’s primary, officials said. Only 1 in 10 affected voters cast a ballot, compared with the overall primary turnout of 1 in 4.
State Elections Administrator Linda Lamone told Maryland legislators in July she believed the error deterred voters. State Del. Anne Kaiser, a Democrat who co-chaired the hearing, said in such situations “some people are going to get frustrated and leave.”
The low turnout may have been a factor in several close local races. In two of them, the winner was decided by fewer than 10 votes, counting the provisional ballots. In another county race, decided by 80 votes, the losing candidate said “there was the intent of many voters to vote for me, and they weren’t able to” because of the error.
In July, the FBI revealed that a Russian oligarch with close ties to President Vladimir Putin owns a majority stake in a firm that manages Maryland’s critical election data, including voter registration and election-night results. U.S. Democratic Sens. Ben Cardin and Chris Van Hollen, along with Republican Gov. Larry Hogan and other top state legislative leaders, are asking the U.S. Treasury Department and the state attorney general to determine whether Maryland’s elections system is at risk.
Many voters in California’s June primary also encountered problems. Before that primary, 118,000 people were incorrectly purged from voter rosters in Los Angeles County — more than 2 percent of voters in the state’s most populous county — because of a software error.
Affected voters were able to cast provisional ballots, but, according to local news outlets, it led to confusion and anger at the polls. Henry Winkler, who played The Fonz on the TV series “Happy Days,” was among those left off the voter roster that day.
At the time, county officials couldn’t rule out a cyberattack. But an independent investigation by IBM Security Services finished nearly two months later found there was no evidence that a security breach caused the error. The county’s election software was unable to process formatting changes, causing an error that purged voters from the system, the study found.
A smaller problem occurred earlier this year in Wisconsin, where according to Reid Magney, a spokesman for the Wisconsin Elections Commission, roughly 2,200 voters went to their precincts in two separate elections and found they had been incorrectly removed from rolls because of a statewide effort to clean up the state’s registration database.
In 2016, Wisconsin became one of 25 states to join the Election Registration Information Center (ERIC), a nonprofit that identifies people who may need to update their registration information because they either moved or are considered inactive voters. In Wisconsin, a voter is inactive if she has not cast a ballot in four years. (The Pew Charitable Trusts, which funds Stateline, helped launch the center in 2012 through logistical and financial support. It is now independently run and funded by state contributions.)
Last November, the state sent postcards to 343,000 people ERIC identified as either inactive voters or voters who moved. After the mailing, the state deactivated 308,000 of those voter registrations. The remaining 35,000 voters either re-registered online or had not moved, the state later realized.
Magney said roughly 200 voters across the state showed up to vote in February’s primary but discovered they weren’t registered. Many voters said they were annoyed by the 20-minute process of re-registering. (Wisconsin is one of 18 states that have same-day voter registration.)
ERIC’s effort to coordinate between the states to clean up registration rolls is “a great thing and much, much better than other systems,” said Phil Keisling, chairman of the National Vote at Home Institute, a Washington, D.C.-based nonprofit that pushes states to adopt vote-by-mail systems.
But Keisling added that when states implement the ERIC systems, there are bound to be voters who fail to respond to state notifications. “You definitely get difficulties in some states adopting it,” he said.
Scott McDonell, the Dane County clerk, said Wisconsin may have had difficulties because of communication barriers between the voter registration database and the Department of Motor Vehicles. McDonell has asked the state’s election commission to examine how many of his county’s voters were improperly removed from registration rolls or couldn’t vote in the primary.
“The state should have worked these things out before,” McDonell said, “but it’s not unusual.”
Because of the confusion in February, the state now provides precincts with a supplemental voter roll that has the names and information of voters who were purged from the system. During a statewide April election, poll workers checked in 2,000 voters who were incorrectly purged and therefore on the supplemental list. After November’s election, Magney said, the state will rethink the way it deactivates voters for future elections.
Same-day registration made it easier for Wisconsin to resolve confusion, said Turner of the Center for Democracy and Technology. Practices like early voting — available in 37 states — and all-mail voting in Washington, Oregon and Colorado can also ease the process, he said.
Foreign adversaries aim to sow confusion
To sow confusion in the fall, Russia could hack voter registration systems, altering names, addresses or party affiliations, said Jonathan Brater, a counsel at the New York University School of Law’s Brennan Center for Justice.
“If there is some sort of successful effort, the consequences could be significant on Election Day,” Brater said. “Incorrect information leads to long lines, which could mean they leave and give up on voting.”
According to indictments issued by Special Counsel Robert Mueller last month, Russian military spies attempted to infiltrate local election administration systems during the 2016 U.S. elections.
Trump administration officials earlier this month said Russia is targeting U.S. elections once again. FBI Director Christopher Wray said at a White House press briefing that the threat from Russia is one “we need to take extremely seriously.” Homeland Security Secretary Kirstjen Nielsen echoed those sentiments, warning that “our democracy itself is in the crosshairs.”
Congress has provided some help. It set aside $380 million earlier this year for states to bolster election security, though several local election officials told Stateline that it wasn’t enough to protect their systems. House Republicans in July voted against a measure to increase election security spending further, however, saying enough grant money remained from the $380 million.
Democrats who voted for the spending said Congress has not provided nearly enough support to local jurisdictions to meet the demands of defending against foreign adversaries.
If Russia attacks the U.S. election system again, it will target voter registration systems by taking people off voter rolls or manipulating voter information, said McDonell, who runs elections in the area around Madison, Wisconsin. Misinformation is their greatest weapon, he said.
“The Russians are going to run the same play until we stop it,” McDonell said. “That worked amazingly and nothing happened to them. That hole needs to get plugged.”
If an attack were successful in November, he said, he expects voter confusion would look a lot like it did in February.
Misinformation has already negatively affected Wisconsin voters in recent years. Sixty or more 17-year-olds voted illegally during the 2016 presidential primary in Wisconsin after seeing erroneous social media messages saying they could vote if they turned 18 by the November general election, according to a state report.
To protect the integrity of their systems, Turner said local officials should educate staff members about phishing attempts — where hackers might gain passwords, usernames or personal information through unwitting officials — and periodically change passwords.
Counties and states also should audit their elections, he said, to detect errors in the vote count or registration information.
Keisling, who served as Oregon’s secretary of state from 1991 to 1999, said local governments must focus on how to protect systems and prevent future errors or attacks. Since the 2016 presidential contest, “election officials are hypersensitive” about it, but they need help.
“Buy or build better software and test the hell out of it,” Keisling said. “But we give the responsibility of election security to the counties and tell them to pay for it.”
When it comes to misinformation, there’s only so much election officials can do, he said. They should engage voters to prevent confusion on Election Day.
“There needs to be good communication with your voters and telling them to be on the lookout,” Keisling said. “If you’re not getting the information you think you should, say something. Focus is the best disinfectant.”