(AP) — Election officials preparing for this year’s midterms have yet another security concern to add to an already long list that includes death threats, disinformation, ransomware and cyberattacks — threats from within.
In a handful of states, authorities are investigating whether local officials directed or aided in suspected security breaches at their own election offices. At least some have expressed doubt about the 2020 presidential election, and information gleaned from the breaches has surfaced in conspiracy theories pushed by allies of former President Donald Trump.
Adding to the concern is a wave of candidates for state and local election offices this year who parrot Trump’s false claims about his loss to Democrat Joe Biden.
“Putting them in positions of authority over elections is akin to putting arsonists in charge of a fire department,” said Secretary of State Jocelyn Benson, a Democrat and former law school dean who serves as Michigan’s top elections official.
Experts say insider threats have always been a concern. But previously, the focus was mostly on what a volunteer poll worker or part-time employee could do to a polling place or county system, said Ryan Macias, who advises officials at the federal, state and local levels on election security. Now the potential harm extends to the very foundation of democracy — conducting fair elections.
“Since 2020, the coordinated efforts to have threat actors run for office, apply to be election officials and volunteer as a poll worker or observer should be treated as national security concerns,” Macias said.
The potential risks posed by insider attacks run from granting unauthorized access to sensitive information to planting malware within election systems.
While insider threats are the hardest to guard against, Macias said measures are in place to recover from an attack. Most of the country relies on paper ballots filled out by hand or with the use of a voting machine, so there should be a paper record of each ballot cast. In addition, post-election checks are designed to identify potential manipulation or discrepancies in the vote.
This year, voters in 25 states will elect their state’s chief election official, and several races feature candidates who dispute the outcome of the 2020 presidential contest despite no evidence of widespread fraud or a coordinated scheme to steal the election.
Some voters also will decide who will run their local elections as the next county clerk. It’s these local election offices that have experienced security breaches.
In Mesa County, Colorado, authorities are investigating whether unauthorized people were granted access to county voting equipment. State officials began investigating after the county’s voting system passwords appeared on a conservative website. Because each county has unique passwords maintained by the state, officials identified them as belonging to Mesa County, where Trump won nearly 63% of the vote.
Clerk Tina Peters — a Republican elected in 2018 — then appeared at a “cybersymposium” hosted by Trump ally Mike Lindell, the MyPillow CEO who has sought to prove that voting systems were somehow manipulated to favor Democrats.
At that event a copy of Mesa County’s election management system — which is used for designing ballots, configuring voting machines and tallying results — was distributed. Experts have described the unauthorized release as serious, potentially providing a “practice environment” to probe for vulnerabilities.
Peters, in an interview, said she made the copy of a county voting system hard drive to preserve “the evidence of how you get to the result of an election, who came in, who made changes, who did what.” She denied knowledge of how a copy came to be distributed at the Lindell event and would not say who was with her when the copy was made.