Hello from York, Maine!
It is hard to believe there are just 25 days until the end of the 2020 U.S. presidential election. Early voting has been underway since September, and a significant number of people are voting by mail this year, in large part due to COVID-19. In fact, according to the United States Election Project, which gathers early voting data, more than 7.9 million Americans have already cast their ballots. At this time in 2016, only 74,836 people had voted.
There are a number of reasons this election has captured the attention of the country. In the effort to keep this a nonpartisan letter, we’ll skip the majority of the reasons. A big one, though, is election security. Will the USPS be able to deliver the ballots ahead of the deadline? Will there be outside interference this year? What lessons have been learned since the last election?
Earlier this week, the IAPP held the latest installment in its Keynote Series, which featured Richard Clarke, former White House National Security Council for Presidents Bush (41), Clinton and Bush (43). In his keynote, “Defending Democracy,” Clarke spoke about the privacy and cybersecurity lessons learned from the 2016 election and the intersection of the two.
Clarke said the most obvious lesson learned is that stealing or even faking people’s identities on the internet is still remarkably easy. The majority of people, especially now, maintain the majority of their relationships online, either through virtual meetings where it’s easy to tell that the person in front of you is real or through social media, where it can be more difficult to tell if someone is real.
According to Clarke, Russian military intelligence interfered in the 2016 election process by creating false online personas that people believed were real Americans. The personas were based on information gathered from hacked databases that contained personal information of registered voters, including their specific interests. These personas were then used to sway people to vote a certain way or, in some cases, to not vote at all.
Clarke said government regulation could solve this issue. “The government could establish standards it could certify … and create an ecosystem, a federated identity system where you could prove to whoever you were interacting with online that you were actually the person you claim to be,” he explained.
He also called for the inclusion of cybersecurity requirements in the regulation. “Privacy cannot be achieved, privacy cannot be maintained unless we have very high levels of cybersecurity,” he said.
A cyber-resilient company, he said, has either never been hacked or if one occurs, it “identify that penetration instantly, they block it off, they isolate it, they remediate. And no data is lost.” Characteristics of a cyber-resilient company include governance, a culture of security and the budget to spend on improved security.
With the election so close, we won’t likely see any government election regulation this year, but perhaps we will by the next major election.
To echo Clarke’s closing words, I urge you to vote early or vote Nov. 3.
Have a good weekend, and be safe.