ACM TPC Member Testifies before Congress on Election Security
June 26, 2019
Latanya Sweeney, Professor and Director of Harvard University's Data Privacy Lab and an incoming member of ACM’s new Technology Policy Council, testified yesterday on Capitol Hill before a joint hearing of the oversight and research subcommittees of the US House Committee on Science, Space and Technology. The hearing, called by Congress in the wake of documented Russian interference in America’s 2016 national elections, addressed “Election Security: Voting Technology Vulnerabilities.”
Sweeney discussed her research on voter information website vulnerabilities, conducted at Harvard’s Institute for Quantitative Social Science. Her team identified a number of ways attackers can adversely impact elections. These include: changing voter registration information online (such as voter addresses and party affiliations), deleting voter registrations, or requesting absentee ballots. Each of these mechanisms, she told the subcommittees, could permit hackers to disenfranchise voters.
Her research uncovered websites in 35 of 50 states that allowed voters to change registration information online, making them vulnerable to these kinds of attacks. In addition, many online voter databases could be accessed by providing personal information (e.g., name, date of birth, and zip code) that is readily available from voter lists, data brokers and the dark web. This allows attackers to impersonate voters in a way that can impact elections when implemented at scale, creating fundamental cybersecurity vulnerabilities.
ACM has a long history of providing technical expertise to policymakers on voting and election security through its Technology Policy Committee in the US, including testimony by ACM Fellows Barbara Simons, Eugene Spafford, and Ed Felten, and a recent white paper on threats posed by online and email voting. ACM’s new global Technology Policy Council will bring together work in the US, Europe and beyond, to provide policymakers with nonpartisan technical expertise to inform legislative and regulatory processes.
Recent ACM Election Security Policy Resources and Key Research
- Comments on US Election Assistance Commission's Voluntary Voting System Guidelines, Version 2.0, ACM US Technology Policy Committee (May 29, 2019)
- “Russia hacked us: We made it far too easy—and still do,” OpEd by US Technology Policy Committee Vice Chair Jeremy Epstein, The Hill (May 29, 2019)
- Email and Internet Voting: The Overlooked Threat to Election Security , Joint Report by ACM US Technology Policy Committee, Common Cause, National Election Defense Coalition and R Street Institute (October 2018)
- Sweeney L, Yoo J, Zang J. Voter Identity Theft: Submitting Changes to Voter Registrations Online to Disrupt Elections. Technology Science. 2017090601. (September 6, 2017. Version 2)