From cyberattacks on election infrastructure, to attempted hacking of voting machines, to attacks on campaign websites, the last few years have brought us unprecedented attempts to use online vulnerabilities to affect elections both in the United States and abroad. In the United States, the Department of Homeland Security reported that individuals tried to hack voter registration files or public election sites in 21 states prior to the 2016 elections. In Europe, hackers targeted not only the campaign of Emmanuel Macron in France, but government election infrastructure in the Czech Republic and Montenegro.
Cyber attack is only one of the many online challenges facing election officials. Unpredictable website traffic patterns are another. Voter registration websites see a flood of legitimate traffic as registration deadlines approach. Election websites must integrate reported results and stay online notwithstanding notoriously hard-to-model election day loads.
We at Cloudflare have seen many election-related cyber challenges firsthand. In the 2016 U.S. presidential campaign, Cloudflare protected most of the major presidential campaign websites from cyberattack, including the Trump/Pence campaign website, the website for the campaign of Senator Bernie Sanders, and websites for 14 of the 15 leading candidates from the two major parties. We have also protected election websites in countries like Peru and Ecuador.
Although election officials have worked hard to address the security and reliability of election websites, as well as other election infrastructure, budget constraints can limit the ability of governments to access the technology and resources needed to defend against attacks and maintain an online presence. Election officials trying to secure election infrastructure should not have to face a Hobson’s choice of deciding what infrastructure to protect with limited available resources.
The Athenian Project
Since 2014, Cloudflare has protected at-risk public interest websites that might be subject to cyberattack for free through Project Galileo. As part of Project Galileo, we have supported a variety of non-governmental election efforts helping to ensure that individuals have an opportunity to participate in their democracies. This support included protection of Electionland, a project to track and cover voting problems during the 2016 election across the country and in real-time.
When Project Galileo began, we did not anticipate that government websites in the United States might be similarly vulnerable because of resourcing concerns. The past few years have taught us otherwise. We at Cloudflare believe that the integrity of elections should not depend on whether state and local governments have sufficient resources to protect digital infrastructure from cyber attack and keep it online.
The common mission of those working on elections is to preserve citizen confidence in the democratic process and enhance voter participation in elections1. To protect voters’ voices, election websites and infrastructure must be stable and secure. Prior to an election, websites provide critical information to the public such as registration requirements, voting locations and sample ballots. After an election, websites provide election results to citizens.
The institutions in which we place our trust must have the tools to protect themselves. Voter registration websites must stay online before a registration deadline, making it possible for voters who want to register to do so. Election websites should be available on election day notwithstanding increased traffic. Voters should have confidence that officials are doing everything they can to safeguard the integrity of election and voter data, and that election results will be available online.
That is why today, we are launching the Athenian Project, which builds on our work in Project Galileo. The Athenian Project is designed to protect state and local government websites tied to elections and voter data from cyberattack, and keep them online.
U.S. state and local governments can participate in the Athenian Project if their websites meet the following criteria:
- The website is managed and owned by a state, county, or municipal government; and
- The website is related to
- The administration of elections, including the provision of information related to voting and polling places; or
- Voter data, including voter registration or verification; or
- The reporting of election results.
For websites that meet these criteria, Cloudflare will extend its highest level of protection for free.
We recognize that different government actors may have different challenges. We therefore intend to work directly with relevant state and municipal officials to address each site’s needs.
Protecting our Elections
In the last few months, we have been talking to a number of government officials about how we can help protect their elections. Today, we are proud to report that we helped the State of Alabama protect its website during its special general election for the U.S. Senate on Tuesday.
“In this year’s historic Senate Special election, it was crucial that our website be able to handle spikes in traffic and remain online in the event of attack,” said Jim Purcell, Acting Secretary of Information Technology for the State of Alabama. “It is very important to our state government and democracy as a whole that voters and the public be able to access registrar, election information, and election results. Cloudflare proved to be an excellent partner, helping us achieve this goal.”
By allowing voters to exercise their rights to register to vote, speak, and access information, the Internet can and should play a helpful role in democracy. Democracies depend on voters’ voices being enabled, not silenced. Helping to provide state and local governments the tools they need to keep websites online and secure from attack as they hold and report on elections restores the Internet’s promise and serves Cloudflare’s mission of helping to build a better Internet.