Democratic caucuses' phone-in plan opens new risks
Illustration: Rebecca Zisser/Axios
Democrats in Iowa and Nevada want to boost participation in their 2020 caucuses by opening them up to telephone voting. Hacking-spooked Democrats have worked to protect the process from interference, but some experts still see notable risks.
Why it matters: Security concerns have long troubled digital voting systems. Many of the same problems with online voting carry over to telephone voting.
The big picture: Caucuses are a complex process that typically requires hours of participation on the part of voters. That’s prohibitive for many, especially those in places like Las Vegas, with a tourism-based economy forcing many to work non-standard hours.
- The DNC this year issued a directive to allow for absentee voting, which Kevin Geiken, Iowa Democratic Party executive director, called the right decision.
The state parties are taking steps to limit the phone vulnerabilities. Though the process has not been finalized in either case, both states will require in-person signup to receive individualized credentials for the phone caucus.
- ”We are working closely with DNC Tech Team so our planning is informed by the current threat landscape and security best practices,” Geiken said. “Potential technology vendors are being aggressively vetted for their security histories and capabilities.”
- The process will allow for independent vetting of the system, giving the public a chance to demonstrate security flaws in the system before caucus day. That’s more than can be said for most in-person voting machines.
Threat level: No system is without risk. Even paper ballots can be tampered with. The question is whether the risk is low enough to confidently manage.
- For Joseph Lorenzo Hall, an election security expert with the Center for Democracy and Technology, the answer is no. While the call center collecting votes might be secure, and while it's possible to verify users with confidence, there’s room in the telephone network for a hacker to intercede.
- There’s no encryption on phone calls, so a malicious phone company employee, for example, could change votes or link callers to ballots. Likewise, a sophisticated, rarely seen technique known as SS7 hacking, which requires high-level access to a mobile phone company’s systems, can manipulate mobile calls.
- These tactics are very limited — but they are possible.
The bottom line: Doubt in the caucus process wielded by an angry runner-up could be as dangerous to public confidence as actual vote-tampering.