By Mark Ritchie
July 23, 2020
Last year I was sworn in as Civilian Aide to the Secretary of the Army, pledging to “support and defend the Constitution of the United States against all enemies, foreign and domestic.” During that solemn moment of the swearing in ceremony I thought about my former role as the State of Minnesota’s Chief Election Officer, and what I had learned during that time about “foreign and domestic” threats with regards to protecting our elections.
Very early in my very first term of office, having won my election in the fall of 2006, our office faced its first major cyberattack– an SQL injection attack that took down our entire system. This particularly successful cyber-disruption came from overseas via a piece of third-party software incorporated into our website long before I was elected. This nearly week-long crisis put me on notice that the digital world was a dangerous place for any politician wanting to get re-elected.
Fast forward to the election of 2016, one where the new term “virtual disenfranchisement” entered the lexicon of worries that election administrations all over the country had to deal with. By this time I had happily retired from elected public office, and no longer served as Minnesota’s Chief Election officer and did not have any role besides concerned citizen in that election. I became an even more concerned citizen after I studied the various digital assaults that ultimately were understood as the first real manipulation of a modern election.
For a number of years Secretaries of State and other election administrators sounded alarms about personal data manipulation via social media being used to influence election results, but the 2016 elections brought many of these digital election-rigging activities out into the open. Some of the most successful examples of the social media-led infiltration of our election machinery were captured in Netflix’s special report on Cambridge Analytica’s partnership with social media, available on-line as “The Great Hack.”
Less known, but perhaps more dangerous over the long-term, was the ability of foreign actors to disrupt the actual voting process by attacking vulnerable steps in the election process. One of the most egregious examples was the focus of a bit of Special Counsel Robert Mueller’s wrath. A digital attack on a third-party vendor in Florida resulted in a corrupted voter registration database that then disrupted voting in district in Durham, North Carolina. Whereas poll taxes and physical violence were used to discourage African Americans from voting during the last century, digital attacks on our elections could become even more effective tools for controlling the outcome of elections by simply stopping large numbers from being able to vote.
Election officials throughout our nation are concentrating all of their attention right now on protecting the November elections from foreign and domestic enemies of democracy. At the same time, others are looking beyond this next Election Day to long-term, pro-active solutions. Some are developing new approaches that incorporate American values related to the “rule of law” and international cooperation. One of the most insightful dives into this issue comes from Dr. Michael Schmitt via the University of Chicago publication program called Unbound. His article “Virtual Disenfranchisement: Cyber Election Meddling in the Grey Zones of International Law Zones of International Law” does an excellent job of summarizing the current state of affairs in the realm of international law that touches on election matters and will be the basis of his presentation at this year’s Cyber Security Summit. In his article Dr. Schmitt frames the fundamental challenge in this way:
“Cyber election meddling presently exists within the grey zone of international law. This zone of normative uncertainty presents a tempting environment for States that are not fully committed to the international rule of law. By operating within the grey zone, these States can avoid consensus condemnation of their cyber operations as violations of binding international legal norms. Moreover, absent a clear violation of international law attributable to the State launching the operations (and as the U.S. responses to date have demonstrated) victim State responses will generally be limited to acts of retorsion.”
This election season is sure to be lively, but so close to the U.S. presidential election it takes on new meaning. Cybersecurity is a concern in nearly all aspects of both our private and public lives. Protecting our elections from enemies, both within and outside our borders – is the kind of “eternal vigilance” that is truly part of the “price of liberty” that President Jefferson reminds us we must all pay through the ages.
Former Minnesota Secretary of State, Mark Ritchie, now serves as President of Global Minnesota and as the Civilian Aide to the Secretary of the Army. Ritchie is also an integral member of the Cyber Security Summit’s Think Tank since its inception ten years ago, contributing his international focus to shaping Summit programming … full bio