It’s no exaggeration to say the US election ecosystem faces a number of challenges in the wake of the 2016 election cycle. We learned of new threats from disinformation campaigns, to attacks on state voter registration websites, to direct attacks on election officials themselves. While the philanthropic sector has been very active from grants to organizations like ours to funding deep academic analysis of threats to the election system, the private sector has been slower to recognize the important role they can play to help better protect US elections. That is clearly changing, and I want to talk about a particularly important project launched today, Cloudflare’s Athenian Project, which will provide free-of-charge protection and content distribution for official election websites.
The relatively small overtures that the private sector has made in the name of better protecting election officials has been a sore spot with me and many in the elections community, and I’m so glad to see Cloudflare stepping up to the plate. We’ve heard, alarmingly, of increasing reports from election officials of “hard sells” from certain cybersecurity product and service providers. They often start with, “Oh, we’re smart at cybersecurity and we found a number of vulnerabilities in your system. I’m sure you’d like those problems to go away. But it’s going to cost you.” This is disappointing, to say the least. While election officials are always eager to improve their systems, without actionable information about specific flaws, this feels a lot like being coerced, held hostage, or shaken down. And election officials are some of the most underfunded parts of government, at every level. There isn’t a pool of “cybersecurity reserve” funds that election officials have lying around – every new product or service they have to purchase means money has to come out of their budget elsewhere, a classic “zero-sum” game.
Elections are essential to a healthy democracy and I hope more companies demonstrate their commitment to making them far more secure.
CDT has worked with Cloudflare for many years, and we are a core partner in Cloudflare’s Project Galileo – an initiative to make sure that nonprofits and small businesses cannot be “shouted” off the internet. Project Galileo provides the enterprise Cloudflare service for free, allowing these sites to better distribute their content, while saving enormous amounts of bandwidth by bringing the content closer to eyeballs requesting it. It also protects these sites from many types of automated attacks, including denial-of-service attacks, while “learning” from attacks around the world to protect their users from new types of attacks as quickly as possible.
Cloudflare has a long history of working with political campaigns, having worked with14 out of 15 of candidates for Presidential office in the 2016 election cycle, including President Trump. But this is the first time such a broad and important level of protection has been offered by the private sector to any official state, county, or municipal website that involves election administration, voter registration, or the reporting of election results. This means that all manner of automated attacks and other kinds of malicious traffic will never even reach the election official’s technical operations team (if they even have one). This also means that the traffic on and around election day will be much easier to manage as Cloudflare also works as a content distribution network (CDN), meaning much of the popular content that people request from these websites will load from Cloudflare’s “caches” of previously requested content close to the users themselves, removing massive loads from these websites at the times we most need them to be up and responsive.
We’ve seen other positive efforts from the private sector – including Facebook’s donation to the Harvard Belfer Center for their amazing Defending Digital Democracy Project and Google has been making a number of its experts from Jigsaw available to think through what a new level of protection for the 2018 cycle might look like. Cloudflare is going even further, and I know I speak for a number of us in the election community when I say I’d like to see even more products and services offered for free (or at steep, steep discounts) to official government election entities. I’d like to see less of the rumors of hard sells happening where cybersecurity firms think they can make a quick buck by scaring election officials. Elections are essential to a healthy democracy and I hope more companies demonstrate their commitment to making them far more secure.