Monday, June 21, 2021

Masks and Gloves Off

Eventually, this blog will find its voice again.

This post is the beginning, although it’s a bit more of an opinion piece than a straight-up blog post.

A lot has happened since ElectionDiary went on pause in 2015.  ElectionDiary began nearly 10 years ago, in the beginning of 2012, to document behind-the-scenes operations issues associated with election administration in Johnson County, Kansas.  The blog was well-read, and received the Minuteman Best Practice Award from The Election Center in 2014.  

But as I moved to serve as Executive Director of the United States Election Assistance Commission (EAC) in 2015, I didn’t want the blog to interfere with the messaging coming out of the agency.  I even tried to curate the blog, or give it to someone to keep it going, but, probably, just should have kept typing and posting as ElectionDiary. 

When I applied to the EAC, the big question was, “would the EAC even exist in four years?” as legislation had continually been introduced to eliminate the agency.  You will find blog posts here where I thought the EAC had lost its relevance, and I felt a calling to go and, as we said often during my four years, “Make it real.”

The EAC, indeed, began speaking to election officials. Clearly, I underestimated how much the agency existed just for the sake of Washington politics, but Congressional sentiment towards the EAC appeared to shift through 2016 and 2017.  In my opinion at least, the agency is definitely more relevant than in its darkest days—2012 and 2013—and was more relevant when I left in 2019 than it was when I started in 2015. 

The 2016 budget at the EAC was half what it was in the agency’s early days, and through efforts to raise relevancy and tie activities to election administration processes, our efforts in 2018 and 2019 to lift the budget were successfully greeted with budget increases that the agency enjoys today; the budget levels are back to those of 2010, which, sadly, is a major accomplishment.

But for all the good at the EAC, the aftermath of the 2020 presidential election, in retrospect, looks a lot like the 2000 presidential election that led to the agency’s formation through the Help America Vote Act.  “Not my president,” became a phrase often used following 2016, and it is used by others in 2020.  If voter distrust in elections was high in 2000, it would be hard to make a case it is lower in 2020.

It’s hard to know if the country has ever been more divided politically.

It’s hard to know this, at least for me, because I actually have not lived and personally observed the nearly 245 years of our nation’s history.  I'm pretty sure no one has.

I’ve read books, seen the commercials for the Time/Life DVDs, listened to scholars, saw Hamilton, and even sing along to They Might Be Giant’s “James K. Polk,” but, you know….it’s all anecdotal.  I haven’t had a front-row seat to the full history.

Funny thing, the Cybersecurity Infrastructure and Security Agency (CISA) appears to have the ability to assess history differently.  CISA is essentially a unit of the Department of Homeland Security (DHS), and former DHS Secretary Jeh Johnson declared elections as critical infrastructure in January 2017, following the 2016 election and just weeks before he departed with the administration change.

I was personally and extremely involved in standing up the governance for this new critical infrastructure segment, although it technically isn’t a new segment, but rather a sub-segment to the Government Buildings segment.

That distinction is important because election administrators initially wondered about all of their components—buildings, mail, vendors, for instance—and how they would be impacted by the critical infrastructure distinction..  It became clear, as the agency name that makes up CISA suggests, that the focus truly was on cybersecurity.  (The oddities of this will have to wait for further posts.)

For now, though, let’s look back at history, short-term, and long-term.

Just seven months ago, in early November, while votes were still being counted and nine days after election day, CISA, through a small Joint Executive Committee of the two counsels that represent the elections as critical infrastructure governance, declared the November 2020 election as "the most secure in American history."

"In American history," I repeat.

Oh.  Maybe I’ve missed the security scorecard rating for each presidential election.  Maybe there is a letter-grade scorecard, much like the way analysts grade NFL teams after each draft.  If so, I overlooked that.

I’m not sure of the rubric CISA used to grade and make this assessment.   How did the historic 2008 presidential election compare?  For that matter, how was the 1908 election assessed and compared? 

What was the least secure election in American history?  We ought to be on that.  Which election just lost the crown and dropped to number two?  How long can 2020 reign as number one?

And, as most Americans read this statement from CISA, we were unaware of the Solar Winds cyber compromise impacting DHS at that very time.  Another global cyber event was unfolding at that time as well.  Surely, CISA knew of these events and still made this statement? (that question was typed in Hopeful font).  

I’m not convinced that the storyline of the 2020 election cybersecurity success is completely known yet, but the nationwide ironclad security that distinguished this election has been repeated to voters daily since November.

Never mind that CISA, better than anyone, would know that cybersecurity effectiveness is a lagging indicator.  There were no zero-day attacks, or attacks known before election day, but that didn’t mean there weren’t compromises yet to be discovered.

As a reminder, CISA spent all of 2017 and 2018 explaining new and emerging details of potential foreign compromises in 2016.

That’s not really the point here, either, but it gets to the fundamental reason for the blog post:

(um…when you recover your voice for good, could you please get to it a little faster?)

For whatever reason—maybe the COVID pandemic, maybe (and more likely) the politics involved—2020’s election involved a major inflection point that must change.

As a local election administrator, when receiving calls and concerns from voters, I invited them to the office for a tour. I sat down with them. I showed them our procedures.

I often say the three words you never want to hear from an election administrator—“Just trust me.” 

"Just trust me" sounds an awful lot like, "It was the most secure election in American history."

In 2020, voters instead were told the election was secure.  Voters were not shown how the election was secure.

Maybe it was the most secure.  But, let's show voters that.  Let's show what we do as election administrators.  

Let voters see the process and procedures.  Let voters decide if the process and procedures are secure.  If voters contend they are not secure, listen, and either make changes or suggest legislative discussions or changes they may want to pursue.

Many may argue this point, citing recounts and risk-limiting audits, or even verification of signature checks.  For the most part, though, to voters these were explanations of activities.  Voters were told these things occurred.

It’s akin to the person upset at a customer service counter.  It’s common to think, “They aren’t getting this so I must talk more, maybe louder,” rather than determining another way to reach the person. 

We reach voters by being inclusive, not dismissive.

I believe, for instance, in North Dakota, that our elections were secure in 2020.  But, watching activities in other states and nationally, I have to reflect.  What could we have done differently in North Dakota in 2020, or, at least, what can we learn from all of this to change the tenor for 2022 and 2024.

I think the answer is to show.  

The most secure election in history?  Show me and let me decide.

Tupperware-tight chain of custody procedures?  Show me and let me decide.

Security around voting machines?  Show me and let me decide.

Only eligible voters voting, and on time?  Show me and let me decide.

I’m not in any way suggesting our elections were anything but secure.  I haven’t met an election administrator who didn’t take security seriously.  It’s who we are as election administrators. 

We, by our nature, are process control freaks.  And, I submit, that core value was not visible the way it should have been in 2020. 

Maybe this was because of COVID, but now that the masks have come off, so must the gloves.

We must commit to showing what we do, going forward.  Transparency is at the core of election administration, and renewed commitment to transparency has to be the guiding principle leading into 2022's elections.