Election Interference: A Conversation on the Steps to a More Secure Democracy

Maurice Turner serves as the Deputy Director of the Internet Architecture Project at the Center for Democracy & Technology, a Washington, D.C.-based non-profit advocacy organization dedicated to ensuring an open, innovative, and free internet. Prior to his current role, Turner served on the Republican staff of the Senate Committee on Homeland Security and Governmental Affairs (reporting to Chairman Senator Ron Johnson) and was a TechCongress Congressional Innovation Fellow focusing on cybersecurity issues. Turner has more than 30 years of experience managing cybersecurity projects, with previous employment at the City of Newport Beach, EarthLink Municipal Networks, Center for Democracy and Technology, Coro Foundation, United Medical Center Hospital, U.S. Department of Transportation, and Apple.

The Center for Democracy and Technology (CDT) is a 501(c)(3) organization advocating online civil liberties and human rights. Composed of a team of experts in the public, private, non-profit, and academic sectors, the CDT champions a wide variety of topics including cybersecurity, open internet, free expression, and data privacy. Within the CDT, Maurice Turner focuses on updating election cybersecurity infrastructure and standard practice to maintain and improve the security and privacy of our vote.

CPR Science and Technology writer Samuel Israel conducted and condensed the following interview.

Chicago Policy Review: Could you tell me about the Center for Democracy and Technology?

Turner: The CDT has been around for 25 years, fighting for people to be able to use the power of the internet. We believe that the internet can be used for all sorts of good and lets people around the world have access to information and to be able to do things they hadn’t been able to do before. We have programs related to free expression security and surveillance. My project in particular is the Internet Architecture Project and within that project we work on things like cybersecurity and standards. For the past two years I’ve been focused on the election privacy and security project to make sure we can address some of the fundamental security issues in the election space without sacrificing privacy and accessibility as well. In America we value having a secret ballot and knowing that our vote is counted in the way the voter intended for it to be counted.

CPR: What initiatives have you taken with Internet Architecture Project, and could you provide a timeline of how it has operated so far?

Turner: Last year we focused on developing cybersecurity 101-level guides, something that election officials would be able to pick up and learn a particular topic and have some actionable steps they could take to make themselves more secure. This year we’ve transitioned our focus to advocating for the use of post-election audits to make sure that votes are counted as they were cast and that any sort of issues with the votes can be uncovered, so that way it reduces the likelihood that malicious interference would actually change the outcome of an election. We’ve also been encouraging new entries into the marketplace on alternative voting systems because we believe that with additional competition and the availability of lower-cost and more secure alternatives, voters can have a more secure, and frankly better, voter experience. Lastly, we have been working with state- and federal-level officials and agencies on policy-level changes to make sure all of this can happen with steady and regular funding coming from the state and federal governments.

CPR: Congress recently appropriated $380 million for the Help America Vote Act. In your opinion, how do you think this money should be spent?

Turner: I think the 2018 funding of $380 million and the 2019 appropriation of $425 million are both good starts. With the $380 million appropriation, I appreciated the fact that Congress wanted to focus on security and so it gave the states priority to use that money on cybersecurity training and on replacing equipment. Unfortunately, this most recent round of funding of $425 million didn’t have those additional requirements, so states are able to use that on things like voting equipment that’s been proven to be less secure. If Congress were to go ahead and appropriate additional funds, those funds should come with the requirement that insecure equipment cannot be purchased and that it encourages good behavior like post-election audits and a paper backup.

CPR: Can you explain how this issue [of election interference] became a hot topic? I know we’ve had a lot of conversations on disinformation, for example, with the Facebook hearings. When did the issue of post-election audits and making sure every vote counted matters become a hot topic?

Turner: This issue in America goes back to the founding of the country, and it seems with every few years there’s yet another example of how there can be improvements. In my lifetime, I’ve seen it happen a couple of times. Back in 2000, we had the Bush vs. Gore elections with hanging chads. That really highlighted the need to improve the experience of voters to make sure they understood how they were going to be voting and to make sure that the ballots themselves could be counted and so that’s what kicked off this generation of purchasing electronic voting machines. Now in 2016, we’ve seen how using those machines can be problematic because they are not as secure as they need to be given the current environment, and there is an increased chance that malicious actors be motivated and capable, like Russia and other state-sponsored actors that can change the outcome of the election or suppress the vote. In 2016, that came to a forefront when we found out there was scanning going on of election systems in every state. There was an incident in Illinois where the state actually had a systems breach, so there was the potential for even greater malicious interference. So here we are in 2020, where we have a highly contested presidential race and there is a ripe opportunity for a malicious actor or multiple malicious actors to take advantage of now publicly available information regarding the vulnerability of these systems. Frankly, the lack of preparation is the situation that some election officials find themselves in. We’re getting better. We’re not at the point where we could successfully defend a highly motivated malicious actor, who has the intention of either changing the outcome of an election or using a misinformation campaign to suppress voter turnout in a way that could have a negative impact on voter confidence.

CPR: You were a congressional staffer in 2017 and worked in cybersecurity during that time. From that experience, along with your experience in the CDT, can you tell me about the political difficulty you’ve experienced trying to push these measures forward?

Turner: Based on my experience, both in the Senate and the CDT, I’ve noticed from the political point of view that it can be challenging to move beyond the political rhetoric and come to a consensus on the notion that the Russian influence on the 2016 presidential election didn’t actually change the outcome. From that experience, I noticed there is some hesitancy to question the outcome of that election and there [are] also political motivations behind either being defensive or aggressive in the questioning of the outcome of that particular election. I think now that we are four years beyond that, it doesn’t do any good to focus on that but rather focus on the idea that the vulnerabilities that were exploited in 2016 are now shown to be exploitable in 2020 and beyond, and that the Russian playbook for interference is something that other state actors and other types of actors can use to have a malicious influence on future elections.

CPR: How does local government play a role in election security?

Turner: Local government plays a critical role in election security because it is fundamentally going to be the responsibility of local election officials to run their election effectively, efficiently, and securely. They’re the ones who are actually doing the work on the operational side to make sure that every vote is cast and counted as intended. It is therefore incumbent on local officials to have a certain level of cybersecurity training and awareness and be able to count on the support of partners at the state and federal level, as well as their partners in the private sector who are maybe providing IT support services or are election vendors who are providing support services for the voting equipment.

CPR: How can the private sector play a role in protecting our country against election interference?

Turner: The private sector plays a big role because they are the ones that are actually developing all of these systems that come together. In addition to the actual voting machines being used, there are also election management systems that are being developed on the software side, electronic poll books, and election reporting websites. There are a number of different kinds of companies who all need to have their hardware and software come together in a way that makes for a smoothly run election. I think there are a relatively small number of companies that are able to provide these services, so there is some concern that they have the capability to develop this hardware and software in a secure fashion. There are also large companies, like Facebook, Google, Microsoft, and countless others in the IT security sector who have the capability to provide their services at a low or no cost to local election officials to bolster their defenses and make sure malicious actors don’t have the opportunity to interfere in elections.

Headshot and biography courtesy of Maurice Turner.

Featured photo: cc/(Moussa81, photo ID: 1184077718, from iStock by Getty Images)