Election security threats in 2024 range from AI to … anthrax? – Source: go.theregister.com

In time for the long Presidents’ Day weekend in the US there have been multiple warnings about what will undoubtedly be a challenging and potentially dangerous year for voting processes and government workers.

State and county officials have been urged to use paper ballots wherever possible over electronic ones, and ensure all election offices have procedures in place to handle potentially lethal substances, specifically fentanyl, anthrax, and ricin.

Meanwhile, Uncle Sam and its pals sounded the alarm on election-related disinformation, which does seem to be growing faster than Sam Altman’s bank balance.  

There have already been robocalls spoofing US President Joe Biden telling people not to vote, which is sure to be just a preview of the deepfakes and other AI-assisted disinformation that no doubt will be amplified by good ol’ fashioned social media in the run up to US, UK, and Canadian elections this year.

On election threats, “we anticipate AI being leveraged for deception campaigns,” said Michelle Alvarez, strategic threat analysis manager for IBM X-Force. 

“It could be leveraged against constituents, consumers, even officials, but we don’t necessarily anticipate it being leveraged to target electoral systems,” Alvarez told The Register. “We think this year is going to be the year of deception as it relates to the elections.”

Foreign fake-news seeks to ‘undermine democracies’

Americans have proven we don’t need Russian or Chinese trolls to push election-related fake news on social networks — we are very adept at doing this all on our own, thank you. But on Friday the US, UK and Canadian governments pledged to combat foreign “information manipulation” that aims to “undermine our democracies and human rights globally.”

There’s not a lot of specifics in the joint statement. But the effort does include all three countries endorsing the Framework to Counter Foreign State Information Manipulation, which includes building interoperable digital tools to detect and mitigate these threats.

“The time is now for a collective approach to the foreign information manipulation threat that builds a coalition of like-minded countries committed to strengthening resilience and response to information manipulation,” the allies’ statement says. 

“We can do this through coordinated, whole of society solutions that work with experts, independent media and multilateral organizations, to address these transnational security threats.”

But in addition to disinformation, election administrators also need to worry about how completed ballots are returned to state and county offices, and whether or not they have proper training and equipment in case miscreants mail toxic substances to their facilities.

Paper ballots preferred

Because some voters can’t cast their ballots in person or by postal mail, many states in the US offer email, fax, or web-based apps to facilitate remote voting. This involves providing a blank digital ballot to citizens, allowing those voters to mark their choices via a web portal or other electronic interface, and then electronically sending the marked ballots back to the election offices.

“While there are effective risk management controls to enable electronic ballot delivery and marking, we recommend paper ballot return as electronic ballot return technologies are high-risk even with controls in place,” according to guidance [PDF] from the FBI, CISA, the Election Assistance Commission (EAC) and the National Institute of Standards and Technology (NIST).

• AI political disinformation is a huge problem – but harder to fight than ever
• Iran’s cyber operations in Israel a potential prelude to US election interference
• Uncle Sam wants to make it clear that America’s elections are very, very safe
• Congress told how Chinese goons plan to incite ‘societal chaos’ in the US

These risky e-returns should be limited to voters who can’t return their ballot by any other means, the agencies advise, citing “significant security risks to the confidentiality, integrity, and availability of voted ballots” that are returned in this manner.

“These risks can ultimately affect the tabulation and results and, can occur at scale,” the Feds warn. And in case that’s not worded strongly enough, they make it very clear with this statement: “Securing the return of voted ballots via the internet while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time.”

What’s this powdery substance in this envelope?

A separate CISA alert [PDF] focuses on election workers’ physical safety. It indicates thugs are moving beyond leaving threatening voicemail messages and social media posts, and reverting to early 2000s tactics of sending powdery substances in the mail.

This specifically included suspicious letters mailed to election offices in California, Georgia, Nevada, Oregon, and Washington in 2023, according to the Homeland Security agency.

Because of this, all election offices should have procedures in place to handle potentially dangerous mail and respond to hazardous materials exposure, and all personnel should be trained on these procedures, it advises. 

Fentanyl, anthrax, and ricin are the “potentially lethal powers of greatest concern,” we’re told.

In addition to taking precautionary measures such as handling the post in an isolated area and giving mail handlers a smock, mask, respirator, and gloves, the Feds also suggested having on hand a minimum of two doses of the opiate overdose medication Naloxone for everyone handling mail.

Plus they issued ten best practices (call 911 tops the list) for how to respond should you come into contact with potentially hazardous substances. ®