November 20, 2020 4:21PM

Voting Machine Conspiracy Theories Harm U.S. Cybersecurity

Last week, I wrote about a crackpot conspiracy theory making the rounds: The allegation that voting machines or tabulation software produced by Dominion Voting Systems had somehow been “hacked” or “rigged” to alter the outcome of the presidential election. At the time, I worried I might be giving undue attention to an outlandish claim that—given how thin and easily debunked was the “evidence” for it—would surely fade away on its own. Apparently, I need not have worried. Since then, the Dominion Theory has not only led to the firing of Chris Krebs, the well‐​respected head of the Department of Homeland Security’s cybersecurity agency, but featured in a press conference held by Trump attorney Sidney Powell, who made it the centerpiece of a wildly implausible case that Donald Trump had won the presidency by a “landslide” and been deprived of victory by massive and systematic vote fraud. According to Powell’s increasingly byzantine version of the theory:

“The Dominion Voting Systems, the Smartmatic technology software, and the software that goes in other computerized voting systems here as well, not just Dominion, were created in Venezuela at the direction of Hugo Chavez to make sure he never lost an election after one constitutional referendum came out the way he did not want it to come out.”

None of this is true. Dominion and Smartmatic are separate companies, and indeed competitors; the tenuous connection between them is that Dominion once purchased assets from a firm that had been owned and sold off by Smartmatic years earlier. Smartmatic is an American company, though its founders are Venezuelan, and its software was not used in any of the swing states currently under scrutiny. (It has provided software used in Venezuelan elections, but the company itself has called out electoral fraud there.) Powell’s claim appears to be little more than an effort to insinuate guilt by (very indirect) association with an authoritarian regime. 

The other supposed “evidence” for chicanery linked to Dominion is equally shoddy. Election‐​night tabulation errors in Michigan—detected and corrected almost instantly—were speculatively attributed to Dominion software by online conspiracy theorists, but local election officials have since explained that they were the result of human errors, not computers misbehaving. Claims amplified by Trump that millions of votes had been “deleted” in Pennsylvania were unequivocally refuted by state officials. Trump appears to have picked up the notion from a report on the One America News Network, which got the idea from a blog post citing data from the polling firm Edison Research—though Edison itself had produced no such report

Evidence against the theory is overwhelming, and has only become stronger in the week since my original post. Georgia recently completed a manual recount of paper ballots, supervised by the Republican secretary of state, and found no sign of any significant tabulation errors. (The states electronic voting machines generate voter‐​verifiable paper records, and in most battleground states the in‐​person votes that would have used such voting machines favored Trump, with Biden having the advantage in hand‐​marked mail ballots.) In an open letter, 59 of the country’s most prominent election security experts said they’d found no evidence of systemic fraud—cyber or otherwise. 

None of this, alas, was enough to save Chris Krebs, until recently director of the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. For the sin of issuing a statement that the agency had found no evidence of voting systems being compromised, Krebs was summarily terminated by tweet, with Trump declaring the agency’s expert analysis “highly inaccurate.” 

Since the evidence‐​free Dominion theory is unlikely to persuade any court, Krebs’ dismissal may be its most damaging consequence, at least in the short term. This is not merely because Krebs was widely respected and viewed as highly competent, but because the firing sends a clear signal to all government employees: if your own analysis contradicts the president’s claims about vote fraud, you shouldn’t expect to remain employed for long. This undermines CISA’s core mission, which includes assisting and coordinating with states which may lack the federal government’s capabilities when it comes to monitoring and detecting sophisticated cyber‐​threats. Now the specter of political interference hangs over any warnings the agency may provide in the future. The agency may now hesitate to provide state officials—and the general public—with reassurances about the integrity of local elections, while warnings about actual threats may be viewed with suspicion given Trump’s clear desire to find evidence of fraud. Nor is the harm limited to CISA. The Intelligence Community at large is on notice: produce reporting at odds with the president’s public claims, and you place your career at risk. 

This is particularly poisonous because it distorts what’s known as the “intelligence cycle”: the process by which agencies gather intelligence, analyze it, disseminate reporting, and then use that information to allocate resources and prioritize the next round of intelligence collection. Any distorting effect on what is reported—either because employees feel obliged to emphasize information that confirms what the president wants to hear or suppress information that contradicts his presuppositions—risks creating a feedback loop, infecting the next round of planning and intelligence collection, and diverting resources and energy away from genuine threats and toward spurious ones. We should hope the president‐​elect has the wisdom to avoid such potentially toxic interference.