To combat disinformation efforts, election officials in Washington state are relying on several new cybersecurity measures they have added since 2016.
They’re also using some time-tested lower-tech methods: urging voters to not believe everything they see on the internet.
“What we are really trying to do is remind voters to get their information from trusted sources,” said Secretary of State Kim Wyman, Washington’s chief elections official.
Those would include the secretary of state’s office, as well as county election offices, she said.
Cybersecurity efforts
One of the things election officials worry about is the possibility that bad actors will try to spread inaccurate information about the results on election night.
In September, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency warned that is likely to happen.
“Foreign actors and cybercriminals could create new websites, change existing websites and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions,” according to the public service announcement from the intelligence agencies.
While final election results typically take weeks to certify, the increased use of mail-in ballots nationwide this year could mean the results on Election Day are less complete than usual, making it easier for people to manipulate public opinion by releasing false information, the agencies said.
In Washington state, election officials have new tools available to detect that kind of activity and shut it down.
Counties have been outfitted with Albert sensors, which are threat-monitoring tools designed to spot when someone is trying to infiltrate or alter an official elections site.
“That Albert sensor is monitored 24/7 by a third party, and that would detect any attempts to deface our websites,” said Pierce County Auditor Julie Anderson.
What’s more, county election officials in Washington state are part of a security monitoring network called the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). The network helps alert local election officials if bad actors are setting up fake results sites in other areas of the country, so they can guard against similar attempts. As Anderson described it: “If a site pops up in New Hampshire, everyone knows about it at the same time.”
Election officials also have developed closer partnerships with the U.S. Department of Homeland Security, with whom they are in constant communication about threats and can report attempted cyberattacks, Anderson said.
The state’s new voter registration system, VoteWA, adds another layer of protection, Wyman said.
Accessing the new system requires multi-factor authentication. That means local elections officials must go through an extra step — such as using a physical token or card — to gain access, in addition to entering their login credentials.
The new VoteWA system also pushes the latest security upgrades and patches to counties, while conducting regular penetration testing to identify potential weaknesses, state officials said.
The Secretary of State’s Office is working with cybersecurity experts from the Washington National Guard to further ramp up election security efforts.
So far, election officials in Washington state say they haven’t seen attempts by foreign actors to confuse voters or intimidate them by sending spoofed emails. That’s something U.S. intelligence officials said Iran has done in other states and that Russia may attempt in the future.
But state officials have raised other concerns, including about an unofficial site that bills itself as a place where voters can check their ballot status and find other election information. State officials reported the site to the Cybersecurity and Infrastructure Security Agency, an agency of the Department of Homeland Security, and warned that voters should not rely on the site for official election information.
Voters should instead turn to VoteWA or their county elections office for accurate information about their ballot status and the Nov. 3 election.
Intelligence officials and election administrators stress that even if a county’s official results website is somehow altered, the underlying data and internal systems would remain uncompromised.
“Our tabulators are not connected to the internet or even to the county’s network,” Spokane Auditor Vicky Dalton wrote in an email. “Even if a results webpage is hacked, it has NO impact on the actual results.”
Physical security
Some counties also have stepped up their physical security efforts, including by having sheriff’s deputies or other security personnel keep an eye on ballot drop boxes and election offices in the days before the election.
While counties haven’t received widespread reports of people harassing or intimidating voters at ballot boxes or election offices, they are on the lookout for that kind of activity.
In King County, plainclothes security officers will be stationed at each of the county’s vote centers, which are locations where people can register to vote as late as Election Day. Additionally, plainclothes security will be present at each of King County’s ballot drop boxes on Tuesday, Nov. 3, said Halei Watkins, a spokesperson for King County Elections.
In an email, Watkins wrote that the role of the security officers is to “de-escalate any tense situations” that arise, but that they will “generally hang back unless needed.”
In Clark County, the sheriff’s office and local police departments have agreed to have officers drive by the county’s ballot drop boxes on a random basis, said Greg Kimsey, the county auditor. Officers will also be present at nearly all the county’s ballot drop boxes between 7:30 and 8 p.m. on Election Day, the final half-hour when voters can return their ballots, as well as at the county elections office.
Similar drive-by checks are happening in Thurston County, local officials said.
In Spokane County, Dalton said nonuniformed security personnel “will be keeping an eye on the boxes” as well.
New security measures also have been extended to the buildings where ballots are sorted and processed. Since 2016, Thurston County has added a more secure entryway to its ballot processing center, and has reconfigured the facility’s parking lot so vehicles can’t drive as close to the building. That’s to prevent people from driving their cars through the facility wall, as well as to guard against bomb threats, said Thurston County Auditor Mary Hall.
Even if ballot drop boxes are physically targeted, that doesn’t mean the ballots inside will be damaged or destroyed. Many counties use drop boxes made of quarter-inch-thick steel; some even have chemical fire suppressants built in.
In Snohomish County, the ballot boxes were put to the test this month yet again when a truck slammed into one. The ballots inside were fine, election officials said.
The misinformation surrounding the crash proved to be the bigger problem, said Snohomish County Auditor Garth Fell.
Fell described the incident as “an unfortunate collision” with a “truck snagging on the snorkel of the box" — but “people jumped to the conclusion that that is something intentional,” he said.
That’s the kind of rumor he wants voters to think critically about before accepting it as fact, or worse, spreading it on social media.
“I think we need to be slow in terms of reaching conclusions when events happen, and really dig into the facts,” Fell said.