Currently, the most surprising revelation of the 2016 presidential election was Donald Trump’s unpredictable victory. But long after the surprise victory and the dust settles it won’t be President Trump’s victory that the history books of 2016 will focus on, it will be the revelation that the world’s freest and most powerful democracy, had its election security sabotaged by one of the world’s least freest and most powerful kleptocracy.

Deputy Attorney General Rod Rosenstein announced last February that Special Counsel Robert Mueller indicted 13 Russians and three companies. They acted as a sophisticated network designed to subvert the 2016 election and to support the Trump campaign. Last Friday Rosenstein announced that Mueller had indicted 12 Russian intelligence officers for hacking the Democratic National Committee, the Clinton presidential campaign, and attempting to break into several state elections boards’ infrastructure. Based on these multiple breaches of America’s electoral systems, processes, and procedures it’s now obvious that election security in America is almost non-existent.

During Friday’s announcement Rosenstein said “Free and fair elections are hard-fought and contentious, and there will always be adversaries who work to exacerbate domestic differences and try to confuse, divide and conquer us,” “So long as we are united in our commitment to the shared values enshrined in the Constitution, they will not succeed.” But based on the ingenuity and the success rate of Russian hacking before the election of 2016, it’s going to take more than a commitment to shared values to guarantee election security.

Special Counsel Mueller’s investigation and the Senate’s Intelligence Committee investigation both provide evidence of Russia hacking our election system. In September of 2017, the U.S. Department of Homeland Security (DHS) announced attempted election hacking in 21 states before the 2016 election. Fortunately only the state of Illinois reported that hackers had succeeded in breaching its voter systems.

Free and fair elections are the foundation of American democracy. Through them, Americans make choices about America’s future, what policies will be enacted and who will represent their interests in the States, Congress, and the White House. Russian hacking in 2016 exposed cracks to America’s election security.

A Brennan Center for Justice at New York University School of Law study, Securing Elections from Foreign Interference, makes 4 key security recommendations to pump up election security in all 50 states, they are:

Replace Antiquated Voting Machines with New, Auditable Systems . Our election infrastructure is aging. It is time for Congress, states, and local governments to assist election officials in replacing antiquated equipment that is costly and difficult to maintain, has an increased risk of failure and crashes, and remains a significant security risk. Perhaps most importantly, Congress should act to help states and counties replace the old, paperless Direct Recording Electronic (DRE) machines that are still used in 14 states, with more secure, accessible systems. Fortunately for voters in the State of Virginia election officials aren’t waiting for federal assistance. Last year they decertified all DRE voting machines, meaning they can no longer be used in any Virginia elections.

. Our election infrastructure is aging. It is time for Congress, states, and local governments to assist election officials in replacing antiquated equipment that is costly and difficult to maintain, has an increased risk of failure and crashes, and remains a significant security risk. Perhaps most importantly, Congress should act to help states and counties replace the old, paperless Direct Recording Electronic (DRE) machines that are still used in 14 states, with more secure, accessible systems. Fortunately for voters in the State of Virginia election officials aren’t waiting for federal assistance. Last year they decertified all DRE voting machines, meaning they can no longer be used in any Virginia elections. Conduct Audits of Paper Ballots or the Voter Verified Paper Record . Paper records of votes have limited value against a cyber-attack if they are never used to check that the software-generated total has not been hacked. Today, only 26 states require that election officials conduct post-election audits of paper records. Even in states where they are conducted, they are often insufficiently robust to ensure an election-changing software error would be found or to prevent voter fraud on voting machines.

. Paper records of votes have limited value against a cyber-attack if they are never used to check that the software-generated total has not been hacked. Today, only 26 states require that election officials conduct post-election audits of paper records. Even in states where they are conducted, they are often insufficiently robust to ensure an election-changing software error would be found or to prevent voter fraud on voting machines. Complete a Full Assessment of Threats to Our Voter Registration Systems . State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis to ensure safe elections, but the study found that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time.

. State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis to ensure safe elections, but the study found that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time. Upgrade and Replace IT Infrastructure, Including Databases. The Brennan Center estimates that 41 states are using voter registration databases that were initially created at least a decade ago. Experts interviewed by the Brennan Center agreed that many states will require upgrades to their databases and to the security of election materials and infrastructure in the near future, and that the need is particularly great at the local level, where systems often run on discontinued software like Windows XP or Windows 2000 that is more vulnerable to cyber-attack because it is no longer vendor supported.

Another study, Election Security in All 50 States Defending America’s Elections, done by the Center for American Progress, has a 5th recommendation for accuracy and election security:

• Eliminate Electronic Absentee Voting Electronic absentee voting or the return of voted absentee ballots electronically via email, fax, or web portal is risky because there is no way for absentee voters to know whether the votes they cast are being accurately recorded. 29 states only allow electronic submission for the military and citizens living overseas through the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA), and 3 states allow any absentee voter to return completed ballots electronically.

Homeland Security’s Cyber Security Division warned that “online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accounting and security of their votes and provides an avenue for malicious actors to manipulate the voting results.” The National Institute of Standards and Technology has also warned against online voting. Furthermore, it is impossible to carry out meaningful post-election audits on voted ballots submitted electronically because there is no reliable paper record that can be referenced during the auditing process.

It’s important that military personnel and U.S. citizens stationed and living overseas are provided opportunities to vote and have their voices heard in our democracy. It is equally important, however, that their votes are delivered securely and their privacy protected. Currently, that means returning a hard copy paper ballot via U.S. mail. Requiring UOCAVA voters to return ballots by mail does not appear to have a significant impact on ballot return rates. Pew Trust surveys of unreturned UOCAVA ballots in 2012 and 2014 indicate that states requiring UOCAVA voters to return ballots via mail, actually had a slightly higher return rate than states that permitted voted ballots to be returned electronically.

The 2016 election revealed a brand new threat to the security of election systems in America, foreign interference through secret, targeted and misleading advertisements on social media platforms. Russia’s use of social media to influence the 2016 election raises questions on what happens to American democracy when we don’t know who is behind political ads. Campaign finance rules must be retooled and upgraded in order to be effective in the social media era.

It’s estimated that half of American adults visit Facebook every day, in 2016 $ 1.4 billion was spent on political ads that ran on social media platforms like Facebook, this was 8 times more than was spent in the 2012 election. According to current campaign laws, none of those $ 1.4 billion political ads that ran on social media had to identify who paid for the ads, unlike political ads that run on TV, radio or billboards. This created a loophole that Russia drove an 18 wheeler Mack truck full of false and misleading ads right through without ever having to reveal its true identity.

For the sake of preserving the golden rule of American democracy, one person one vote, America must make the necessary security upgrades to prevent voter fraud, foreign influence campaigns and hacking of our voter registration and election infrastructure. Passage of the Secure Elections Act, which has bi-partisan support, would be a great start to securing America’s elections. Failure of the Senate and House to do anything will mean American democracy as we know it today will be an illusion tomorrow.