SPECIAL REPORT: Election security
In the run-up to the U.S. midterm elections on Tuesday, some companies have been working to secure the user accounts of government officials and election workers.
Guemmy Kim, who leads account security at Google, says the company has been working with politicians and government employees to secure not just their G Suite for Work accounts, but also their personal Gmail accounts.
“We explain that it’s important to protect personal accounts because [they’re] backing up your Facebook or Twitter account. The personal account can be the gateway to other accounts” beyond Google, she says.
Google offers tighter security to users who sign up for its free Advanced Protection Program. If you think of a user’s account as a house, Kim explains, the program puts better locks and protections on the front door, back door, and windows.
It protects the standard way to access accounts by requiring users to have a physical two-factor authentication key, and it protects account recovery by making it harder to request a one-time recovery password. And the program keeps others from snooping account data by restricting which third-party apps can access your account—even with user permission.
Kim estimates that globally, Google has about 10 million users who might be “highly targeted” by hackers, including but not limited to business executives, celebrities, journalists, activists, politicians, and government employees. She would not disclose how many of them are in the Google’s Advanced Protection Program. Separately, The Washington Post reported that cybersecurity startup Area 1 Security has tracked 949 candidates for the House of Representatives, Senate, and governor who use Gmail.
U.S. government-led efforts to secure the vote, on the other hand, have stalled. Despite more warnings than ever about security risks associated with using poorly secured, rarely verified electronic voting machines, or EVMs, more than a dozen states still use them. Five states still don’t have an auditable paper trail for their machines. And a major elections bill that would have secured long-overdue funds to update and secure voting technology went nowhere in the Senate, after the White House refused to support it.
To be fair, election security isn’t easy, says Ben Adida, vice president of engineering at educational-software company Clever, and co-founder of Helios, a Web-based voting system.
“Voting securely is a very difficult proposition,” he says. “Anybody who says that this is simple hasn’t thought about the problem very hard.”
To that end, we’re exploring some of the nittier, grittier nuances of election security in the run-up to Tuesday’s election. In our first story for our special report Lock the Vote, contributing writer Rob Pegoraro looks at the cybersecurity challenges inherent in absentee voting.
Today, I dive into why it’s been so hard to fund EVM improvements, and look at some of the alternatives being proposed. And our graphic designer, Pinguino Kolb, outlines in a colorful infographic the various voting systems in place across the United States.
On Monday, cybersecurity executive Gary McGraw will detail why he thinks that it’s important to vote, no matter what your political affiliation is. And on Monday evening, The Parallax is joining Javelin Strategy and Research, New Context, and Rain Capital for our second Context Conversations speaker series event.
I’ll moderate an on-stage conversation between Adida and Chris Jerdonek, the former president of the San Francisco Elections Commission and the current chairman of its Open Source Voting System Technical Advisory Committee.
Thank you for reading, and thank you to Rob, Gary, and Pinguino for contributing to our latest special report. We welcome direct feedback via social media. You can also reach me at firstname.lastname@example.org.
Editor, The Parallax