Durbin last month sent letters to 110 local election authorities. The letters seek information to help federal and state officials strengthen the cyber security of voting systems.
The correspondence followed reports of Russian cyberattacks on the U.S. electoral system leading up to the 2016 election and a monthlong cyberattack on the Illinois State Board of Elections in June 2016. A state Senate hearing revealed the Illinois breach allowed the attackers access to 80,000 voter profiles.
“Needless to say, election boards across Illinois are part of our national election infrastructure and essential to the continued success of our democratic process,” read the letter sent to local election authorities. “We cannot allow for the unauthorized and malicious interference in elections in Illinois to continue.”
The letter asked six questions. Included was a request for information about any election hacking or cyber-intrusion. The letter asked for details about steps taken to make cyberattacks less successful and measures to secure voter identities.
It asked if and how the county implemented safety standards such as hardware and software configurations and controls on administrative access privileges to the election system.
When Roger Fahnestock, Kane County’s chief information officer, received the letter, he knew what he wanted to say in response — as little as possible.
“The problem with these requests is it’s all public record at the point where you disclose that,” Fahnestock said. “As a matter of security, we don’t give that information out. There’s security through obscurity. If they don’t need to know, don’t tell them. Don’t tell anybody anything. You’re safer that way.”
A copy of Fahnestock’s reply to Durbin, obtained by the Daily Herald, shows one-word answers to four of the six questions as well as subsets to the questions. The most significant answer from Fahnestock stated same-day voter registration as the biggest risk in the election system.
A combination of complex equipment, lightly trained personnel and the time it takes to process a registration on Election Day make same-day registration a security headache, Fahnestock wrote to Durbin.
“The logistics and technical challenges that we must overcome to make this happen in a way that is both practical and secure are very costly,” Fahnestock wrote.
Fahnestock told the Daily Herald he has few worries about the security of election equipment. Any fraud associated with the machines will show up in the certification of the vote count. Machines don’t make mistakes; people do, he said.
“We have this discussion every election,” Fahnestock said. “The technology is not your worst enemy. But I could probably socially engineer any of the election judges to let me do whatever I wanted. If I walked into a polling place, and I told the judges I’m some kind of official, if I was convincing enough, I bet I could get all six of them to do whatever I wanted. That’s especially true if you do it with authority and it intimidates some of our older judges. That’s the thing I worry about.”
In such a situation, any interference would affect the votes only at that one polling place. But that’s enough to cast doubt on elections, especially local ballot questions, Fahnestock said.
Kane County provides specific training to deal with that exact scenario. Each polling place has a special, sealed envelope containing emergency protocol known only to top-level county election officials.
Like Durbin’s questions, that’s information Fahnestock will not share, in any fashion, because it could corrupt the county’s election process.
“There are people that are out there that have bad intentions and would like to disrupt your world,” Fahnestock said. “You don’t need to give them any help.”
Durbin’s staff did not immediately answer questions Friday about the responses they’ve received to the election security letters.
Info: Kane County IT director fears more from people than technology