Officials around the United States have spent the last three years scrambling to harden election and voting infrastructure against the disinformation campaigns, phishing attacks, and system probing that plagued 2016. With exactly one year to go until the 2020 presidential election, local and state boards of election have made significant progress on improving digital defenses. But researchers and election integrity advocates continue to sound the alarm that some of the most important changes—like replacing insecure voting machines and hiring necessary personnel—can’t happen without more funding from Congress. And the scores of free cybersecurity offerings that have cropped up from tech companies to fill the void ultimately can’t substitute for those resource-intensive projects.
Free and low-cost election cybersecurity tools are gaining visibility, though, as a way for small or under-funded election groups to make some meaningful improvements. They are particularly suited in some ways to aid campaigns, which are lightweight, temporary organizations by nature. But in addition to their limitations for dealing with deeper problems, it’s unclear how widely these low-cost tools are adopted, perhaps in part because it’s difficult to determine which offerings are safe and effective.
“I’ve heard election officials in particular say that they are bombarded with offers from private vendors to help with cybersecurity, and often feel like they have no basis for determining who to trust,” says Lawrence Norden, deputy director of the Brennan Center’s Democracy Program at New York University School of Law.
Private vendors aren’t the only option for election officials and candidates. Since 2016, the Department of Homeland Security, US Election Assistance Commission, federal law enforcement, and other agencies have all been working to increase communication about election security threats and expand the defense programs and tools they offer. Nonprofit and academic organizations have also been working on campaign security and election integrity resources.
And there are a number of free services from well-known vendors, which can still be valuable. Some initiatives debuted ahead of the midterm elections to protect state and local government websites and services like online databases. One of the more popular company offerings is the Athenian Project from the internet infrastructure company Cloudflare. It debuted in late 2017, and stems from a similar suite of free protections, known as Project Galileo, that Cloudflare offers to human rights groups, activists, journalists, and artistic organizations. Today the Athenian Project is used by more than 110 jurisdictions in 25 different states, including Alabama, Hawaii, North Carolina, and Rhode Island.
“A lot of what happens in the election space is about voter confidence, so the concern is that you don’t want to have your website defaced or improperly accessed, because even if there’s no change in vote count, it still undermines voter confidence,” says Alissa Starzak, Cloudflare’s head of policy. “And we’re seeing instances where we’ve prevented those types of things. That doesn’t mean there aren’t still gaps and there aren’t still challenges in the space, but I think that we are seeing progress.”
Jigsaw, a division of Google’s parent company Alphabet, runs a comparable initiative called Project Shield. Project Shield began taking on election-related clients in May 2018, focusing on campaigns in the US and Europe. Jigsaw CEO Jared Cohen emphasizes the organization’s dedication to election defense through Project Shield and Google’s Protect Your Election initiative, which also aims to combat disinformation. Jigsaw wouldn’t say how many campaigns have taken advantage of its services or provide any specific statistics on its use in the political sphere, though.
Another tech giant, Microsoft, offers a number of election-related cybersecurity protections through a service known as AccountGuard. Launched in August 2018, it provides monitoring and intrusion protection for Microsoft accounts in Office 365, Outlook.com, Hotmail, and other platforms. Microsoft says that AccountGuard currently has about 60,000 enrolled accounts across political campaigns, parties, and democracy-focused NGOs in more than two dozen countries. And the service has generated more than 800 notifications to AccountGuard users of attacks against political campaigns, parties, and pro-democracy groups since last year.