Ex-CISA Head Chris Krebs: ‘Impeachment Is the Right Mechanism’
Our work on Rumor Control didn’t just start the week or two before the election. The preparation, the due diligence, the discipline that we developed was three-and-a-half to four years in the making. And so when that bad day came that all this disinfo was popping up, we were ready to go. Although again, when you’re fighting a head of state and battling that sort of disinformation, it’s incredibly challenging.
I’m going to combine two related audience questions in the interest of time. What issues prevent us from putting the entire voting system online, and can we convince people that the election was fair through some sort of blockchain voting system? I know there have been a lot of objections to both of those approaches over the years, but if you could talk through why they haven’t been implemented broadly.
CK: If you look at the National Academy of Sciences voting security report, they had a couple of recommendations. First was that every vote in the United States needs to have a paper ballot associated with it. There’s a “keep it simple, stupid” element here where you have a record that you can touch, and you can go back and count it and count it and count it.
That’s what they did in Georgia. They counted three times. They’re conducting a risk-limiting audit right now up in Michigan. They’re doing a risk-limiting audit of the runoff from last week in Bartow County, Georgia. it’s important that you have evidence-based elections with meaningful post-election audit processes.
The problem with going to the internet-based voting system is that we’re still not in a position where we can conduct trusted transactions in an anonymous fashion. People say, hey, if it’s good enough to bank online, well, credit cards get popped every day. Bank accounts get popped every day. And the problem is, money is fungible. A vote is not.
Blockchain is a great mechanism for tracking transactions on a distributed ledger, but the problem is garbage in, garbage out. If you’re voting on one of these platforms and it’s not secure and you can’t trust the device, then you’re just putting garbage into the blockchain. Also, not everyone has smartphones.
The key takeaway from that National Academy of Sciences report was that we’re just not in a spot where internet-based voting or online voting could be deemed trustworthy, and let’s get back to the basics. Let’s make sure every vote’s got a piece of paper associated with it. That should be the priority, along with these meaningful post-election audits.
We have time for one more audience question: What kind of threats are the general public not thinking of? Where has our imagination failed? And I’ll add to that: What’s keeping you up at night when you think about threats to the US?
I think from a US government perspective we tend to overthink or over-focus on the exquisite threats. We have a fetish for state actors like Russia, China, Iran. In the meantime, America’s state and local governments are just getting crushed right now by ransomware.
I’ve been encouraged by the increased attention on countering ransomware actors over the last year or so. And I’ve seen recently the private sector led by Microsoft and a few others step up. We’ve got to put these bad guys out of business; we can defend all we want but we have to change the business model. We have to disrupt the way they’re paid, whether it’s through bitcoin or whatever, then we have to go after the bad guys. It’s just basic blocking and tackling, but we haven’t done enough of it.
And then with disinformation, we are facing a significant challenge to confidence in democracy and civil society, writ large. Long term, we need to increase digital literacy in our children, in our school system, our education system. It’s not where it needs to be right now. Too many people are susceptible to what they come across online.
This transcript has been lightly edited for clarity and length. You can watch the full video of WIRED’s interview with Chris Krebs below.
More Great WIRED Stories