American voters received yet another rude awakening last month. Chicago's Board of Elections reported that names, addresses, birth dates and other sensitive information about the city's 1.8 million registered voters had been exposed on an Amazon cloud server for an unknown period. Worse, it appears hackers might have gained access to employees' personal accounts at Election Systems & Software, a major election technology vendor -- info that could be used to hack a future U.S. election.
Earlier, the Department of Homeland Security reported that foreign agents targeted voting systems in 21 states in the 2016 election, and Bloomberg News reported that hackers had successfully compromised various election-technology companies.
In an age of unprecedented cyber risks, these dangers aren't surprising. But lawmakers and election officials' lackadaisical response is both staggering and distressing.
American elections are an increasingly easy target because our election technologies are antiquated, and we have few federal level cybersecurity standards. An estimated 43 states rely on electronic voting or tabulation systems that are at least 10 years old. A survey of 274 election administrators in 28 states found most said their systems need upgrades.
This is a matter of national security, and Congress should treat it as such. Given that we're still dealing with the unfunded mandates of 2002's Help America Vote Act, there's a clear need for action to upgrade security systems and create meaningful standards.
This summer more than 100 experts on election administration, computer science and national security released a plan for Congress to safeguard the vote. The experts include Republicans and Democrats, united in the view that our current patchwork of voting-security measures is insufficient for the emerging threats.
Some in Congress are now finally paying attention. A bipartisan amendment to the National Defense Authorization Act from Sens. Lindsey Graham (R.,S.C.) and Amy Klobuchar (D.,Minn.) would address the challenge in a way that's fiscally responsible, respectful of states' policy-making powers, and proactive in dealing with the most pressing vulnerabilities. It would limit access to election systems to qualified vendors, secure voter registration logs, help ensure proper audits of elections, create more-secure information sharing about threats, and establish proper standards for transparency.
This should be an easy bipartisan win. While many Democrats have been concerned about Russian hacking, President Trump has himself been a leading advocate for the most important security reform: a return to paper ballots as the record of voter intent. As the president said in an interview the morning of the election: "There's something really nice about the old paper ballot system. You don't worry about hacking."
The Chicago episode should be yet another wake-up call. We know what it takes to strengthen election cybersecurity. But we need to start taking the issue seriously.