Elections Are Partisan Affairs. Election Security Isn't.

November 16, 2020

An Open Letter on Election Security

Voting is the cornerstone of our democracy. And since computers are deeply involved in all segments of voting at this point, computer security is vital to the protection of this fundamental right. Everyone needs to be able to trust that the critical infrastructure systems we rely upon to safeguard our votes are defended, that problems are transparently identified, assessed and addressed, and that misinformation about election security is quickly and effectively refuted.

While the work is not finished, we have made progress in making our elections more secure, and ensuring that problems are found and corrected. Paper ballots and risk-limiting audits have become more common. Voting security experts have made great strides in moving elections to a more robust system that relies less on the hope of perfect software and systems.

This requires keeping partisan politics away from cybersecurity issues arising from elections. Obviously elections themselves are partisan. But the machinery of them should not be. And the transparent assessment of potential problems or the assessment of allegations of security failure—even when they could affect the outcome of an election—must be free of partisan pressures. Bottom wine: election security officials and computer security experts must be able to do their jobs without fear of retribution for finding and publicly stating the truth about the security and integrity of the election.

We are profoundly disturbed by reports that the White House is pressuring Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), to change CISA’s reports on election security. This comes just after Bryan Ware, assistant director for cybersecurity at CISA, resigned at the White House’s request. Director Krebs has said he expects to be fired but has refused to join the effort to cast doubt on the systems in place to support election technology and the election officials who run it. (Update Nov 18: Chris Krebs was fired on November 17.) Instead, CISA published a joint statement renouncing “unfounded claims and opportunities for misinformation about the process of our elections.” The White House pressure threatens to introduce partisanship, and unfounded allegations, into the expert, nonpartisan, evaluation of election security.

We urge the White House to reverse course and support election security and the processes and people necessary to safeguard our vote.

Signed,

(Organizations and companies)

• Electronic Frontier Foundation
• Bugcrowd
• Center for Democracy & Technology
• Disclose.io
• ICS Village
• SCYTHE, Inc.
• Verified Voting

(Affiliations are for identification purposes only; listed alphabetically by surname.)

• William T. Adler, Senior Technologist, Elections & Democracy, Center for Democracy & Technology
• Matt Blaze, McDevitt Chair of Computer Science and Law, Georgetown University
• Jeff Bleich, U.S. Ambassador to Australia (ret.)
• Jake Braun, Executive Director, University of Chicago Harris Cyber Policy Initiative
• Graham Brookie, Director and Managing Editor, Digital Forensic Research Lab, The Atlantic Council
• Emerson T. Brooking, Resident Fellow, Digital Forensic Research Lab of the Atlantic Council.
• Duncan Buell, NCR Professor of Computer Science and Engineering, University of South Carolina
• Jack Cable, Independent Security Researcher.
• Joel Cardella, Director, Product & Software Security, Thermo Fisher Scientific
• Stephen Checkoway, Assistant Professor of Computer Science, Oberlin College
• Larry Diamond, Senior Fellow, Hoover Institution and Principal Investigator, Global Digital Policy Incubator, Stanford University
• Renée DiResta, Research Manager, Stanford Internet Observatory
• Kimber Dowsett, Director of Security Engineering, Truss
• Joan Donovan, Harvard Kennedy’s Shorenstein Center on Media, Politics and Public Policy
• Casey Ellis, Chairman/Founder/CTO, Bugcrowd
• David J. Farber. Distinguished Career Professor of Computer Science and Public Policy, Carnegie Mellon University
• Michael Fischer, Professor of Computer Science, Yale University
• Camille François, Chief Innovation Officer, Graphika
• The Gruqq, Independent Security Researcher
• Joseph Lorenzo Hall, Senior Vice President for a Strong Internet at The Internet Society (ISOC)
• Candice Hoke, Founding Co-Director, Center for Cybersecurity & Privacy Protection, Cleveland State University
• David Jefferson, Computer Scientist, Lawrence Livermore National Laboratory (retired)
• Douglas W. Jones, Associate Professor of Computer Science, University of Iowa
• Lou Katz, Commissioner, Oakland Privacy Advisory Commission
• Joseph Kiniry, Principal Scientist, Galois, CEO and Chief Scientist, Free & Fair
• Katie Moussouris, CEO, LutaSecurity
• Peter G. Neumann, Chief Scientist, SRI International Computer Science Lab
• Brandie M. Nonnecke, Director, CITRIS Policy Lab, CITRIS and the Banatao Institute, UC Berkeley
• Sean O’Connor, Threat Intelligence Researcher
• Marc Rogers, Director of Cybersecurity, Okta
• Aviel D. Rubin, Professor of Computer Science, Johns Hopkins University
• John E. Savage, An Wang Emeritus Professor of Computer Science, Brown University
• Bruce Schneier, Cyber Project Fellow and Lecturer, Harvard Kennedy SchoolAlex Stamos, Director, Stanford Internet Observatory
• Barbara Simons, IBM Research (retired)
• Philip B. Stark, Associate Dean, Mathematical and Physical Sciences, University of California, Berkeley
• Camille Stewart, Cyber Fellow, Harvard Belfer Center
• Megan Stifel, Executive Director, Americas; and Director, Craig Newmark Philanthropies Trustworthy Internet and Democracy Program, Global Cyber Alliance
• Sara-Jayne Terp, CEO Bodacea Light Research
• Cris Thomas (Space Rogue), Global Strategy Lead, IBM X-Force Red
• Maurice Turner, Election Security Expert
• Poorvi L. Vora, Professor of Computer Science, The George Washington University
• Dan S. Wallach, Professor, Departments of Computer Science and Electrical & Computer Engineering, Rice Scholar, Baker Institute for Public Policy, Rice University
• Nate Warfield, Security Researcher
• Elizabeth Wharton, Chief of Staff, SCYTHE, Inc.
• Tarah Wheeler, Belfer Center Cyber Fellow, Harvard University Kennedy School, and member EFF Advisory Board
• Beau Woods, Founder/CEO of Stratigos Security and Cyber Safety Innovation Fellow at the Atlantic Council.
• Daniel M. Zimmerman, Principal Researcher, Galois and Principled Computer Scientist, Free & Fair

(Updated November 18 to add news of Chris Krebs being fired, and to add six signers)