With early voting underway in Maryland for the Nov. 6 election, state and federal authorities say they’re confident the voting system is well fortified against ongoing cyber threats from foreign nations.
And state officials pledge that voters won’t face that same woes that tarnished the June primary, when updated registration records of 72,000 voters were not transmitted by the Motor Vehicle Administration to the state elections board. The computer error that required those voters to use provisional ballots has been fixed, officials said.
“We’re good to go,” said Linda Lamone, Maryland’s elections administrator.
A succession of worrisome events thrust Maryland into the center of lingering national angst over foreign intrusion into elections. U.S. intelligence agencies warned again this month that Russia, China and Iran are trying to “undermine confidence” in U.S. democracy.
The U.S. Department of Homeland Security has been working with election officials nationwide to secure voting systems. Maryland has received particular attention since 2016 when the state, like several others that year, detected an attempted hack of its online voter registration system. The FBI concluded there was “no breach or compromise,” according to a state report.
Homeland Security stepped up its efforts in July when the FBI revealed that one of Maryland’s election contractors, ByteGrid, was connected to Vladimir Potanin, a wealthy ally of Russian President Vladimir Putin. Potanin’s private equity firm, Altpoint Capital of Greenwich, Conn., bought an ownership stake in ByteGrid in 2011.
A final report on ByteGrid is expected in mid-November. But in a letter last month to Gov. Larry Hogan, Homeland Security wrote that its agents have “found no evidence of an adversary presence in the networks.”
The federal department has been working for months with Maryland officials to safeguard the state’s elections system.
The agency, which started weekly “vulnerability scans” on Maryland’s election board websites in October 2016, has been conducting other scans, risk assessments and training ever since.
Last November the department began performing reviews of local election offices and warehouses in Maryland. And after the ByteGrid revelation, the department has been conducting 24-hour monitoring of the state systems hosted by the Silver Spring-based contractor. They include the online voter registration system and statewide management system for voter registration, candidacy and elections.
In April Homeland Security staged an email “phishing” attack on all 220 state and local election board employees, seeing if they would open suspicious emails that could allow hackers entry.
“We learned that the more sophisticated, the more real an email looks, the more vulnerable we are,” deputy elections administrator Nikki Charlson said. Staff were trained on screening emails to avoid opening ones they were not expecting.
Such security efforts are happening across the country. Congress allocated $380 million this year to a little-known — and rarely funded — U.S. Election Assistance Commission to dole out grants to states, including $7 million to Maryland. The commission, authorized by a 2002 law passed in response to the 2000 presidential election recount, has been funded sparingly over the years. The new infusion of money is to be used over five years, primarily for cybersecurity.
“This will be one of the most secure elections that has ever happened in this country,” said Amy Cohen, executive director of the National Association of State Election Directors. “Every state is working to train staff and local election officials and increase system security to prepare and batten down the hatches.”
U.S. Sen. Chris Van Hollen, a Democrat from Montgomery County, said he is “confident” — based on information from the state elections board and Homeland Security — that Maryland is prepared.
The state board oversees 20,000 poll workers across the state’s 79 early voting locations and 1,991 precincts open on Nov. 6. To monitor that massive system, the board uses its own software and employs contractors to monitor for suspicious behavior.
That includes ByteGrid.
“ByteGrid continues to cooperate fully with all official inquiries involving this matter,” said company spokeswoman Annie Eissler.
The irony about ByteGrid, Lamone said, is that it was responsible for detecting the 2016 hacking attempt of the online voter registration website. (The attempt did not involve the state voter registration database, which has no connection to the internet.)
Still, Maryland’s congressional delegation is uneasy over how a Russian oligarch was able to hold a majority stake in ByteGrid for seven years without any notice by state or federal agencies.
Van Hollen, fellow Maryland Democratic Sen. Ben Cardin and Republican Sen. Susan Collins of Maine introduced a bill this month that would “prohibit any foreign adversaries from owning any part of our election infrastructure systems.”
“While they’ve determined that there’s been no interference, I think we would all breathe easier if we didn’t have to worry about a foreign adversary owning an aspect of our election system,” Van Hollen said.
Cardin and Van Hollen also introduced a bill that would require such companies to disclose foreign ownership to the Election Assistance Commission.
Back in July, Rep. Jamie Raskin introduced a measure to prohibit states from contracting with election system vendors that are “owned or controlled” by foreigners or that “do not meet cybersecurity best practices.” The measure has 25 co-sponsors but has yet to get a hearing, a spokeswoman said.
While federal and state officials say Maryland’s voting system is prepared, critics remain wary about the online absentee voting process established by state law in 2013.
The online tool allows voters to receive a ballot over the internet and fill it out on a computer. The completed ballot must be printed and mailed to a local elections board. But under the law, it does not need to be signed — just as ballots filed in person at polling places are not signed. Charlson said officials have felt it would be inappropriate to impose a different standard on absentee voters.
A federal judge has upheld the system, which was designed in part to facilitate voting by people with disabilities and by military personnel overseas.
Michael Greenberger, director of the Center for Health and Homeland Security at the University of Maryland, has been sounding an alarm about Maryland’s online absentee ballots for years. He has recommended that the state require signatures and a verification process for ballots sent to voters over the internet. If not, he recommends that the ballots be sent only to physical addresses rather than over the internet.
Van Hollen also is concerned. “The state has to focus on that issue going forward,” the senator said. “I don’t see it being a problem in the election coming up. But as more and more people utilize online voting it’s going to be even more important that all safeguards be implemented.”
Greenberger also said there have been too many missteps at the state elections board and that the General Assembly needs to “appoint a bipartisan commission of independent experts to investigate what is going on there.”
State legislative auditors in April 2017 found that the board exposed full Social Security numbers of almost 600,000 voters to potential hacking from 2012 to 2015. The audit also faulted state election officials’ handling of issues including ballot security, disaster preparedness, contracting and balancing its books.
The state budget analysis for the current fiscal year credited the elections board with fixing several of the audit issues.
Van Hollen and other election experts said Congress and the White House need to continue providing funding to the Election Assistance Commission to help states implement best practices and continually upgrade systems.
“We have to make sure this remains a front burner issue,” Van Hollen said. “The integrity of our elections depends on it.”