Protector Of N.H. Primary Claims 'You Can't Hack This Pencil,' But Worries Persist

Enlarge this image toggle caption Elise Amendola/AP Elise Amendola/AP

Amidst fears about cybersecurity and the spread of disinformation, New Hampshire's first-in-the-nation presidential primary — along with the guardian of that tradition - is under scrutiny like never before.

New Hampshire Secretary of State Bill Gardner, the nation's longest serving elections chief, has long projected confidence about the security of his state's elections. In the fall of 2016, as national security officials were warning state elections offices to "be vigilant and seek cybersecurity assistance" from federal partners, Gardner declined — saying New Hampshire didn't need the extra help.

"We have a system that, we don't have to be concerned that it's going to be something different this time because of some imaginary foreign element out there or something that might be interfering with this election," said Gardner, who has been secretary of state since 1976, at the time.

But Gardner's approach to election security was called into question by both of the opponents who tried to unseat him as Secretary of State in 2018, a race he ultimately won by only a handful of votes.

Since then, some have continued to worry that Gardner's office was too slow to acknowledge the scale of the problem — too focused on the parts of the system that are hard to tamper with, and not enough on other, more complex vulnerabilities.

"New Hampshire is a top tier target as a first in the nation primary state," said Democratic state Sen. Jon Morgan, who also works for the cybersecurity company that recently discovered a major Russian hack into the Ukrainian company at the center of the ongoing impeachment case. "We need to be taking that much more seriously than we are."

Since 2016, Gardner continued to downplay the risk facing New Hampshire. When asked about election security at a meeting of the state's Ballot Law Commission a few months before the 2018 midterms, he had a simple response.

"You want to know about being hacked? You see this pencil here?" Gardner said, holding up a writing instrument for emphasis. "Want me to give it to you and see if you can hack this pencil? We have this pencil. This is how people vote in this state. And you can't hack this pencil."

And in many ways, there are reasons to be confident about New Hampshire's election security.

While other states have to worry about tampering with electronic voting machines, online registration and other election technology, with few exceptions, New Hampshire voters register and cast ballots on paper, in pencil — or pen — and in person. That will still be the case when voters head to the polls for the primary on February 11.

Disinformation, soft targets

But according to Gardner's counterpart at New Hampshire's Department of Information Technology, Commissioner Denis Goulet, that's not all the state has to worry about.

"I've said this to the Secretary of State, I think our biggest risk isn't in the sense that the election results could be affected, because it would be really hard to do that," Goulet said. "But what could happen is undermining the confidence of the system, which I think is at least as bad."

Ahead of its closely watched presidential primary in February, New Hampshire's IT and elections teams have been collaborating more closely, and the Secretary of State's office has stepped up its election security measures on several fronts: investing in new software to protect its voter database, more cybersecurity training for local pollworkers and programs to monitor the so-called "dark web" for looming hacking threats.

At the same time, New Hampshire election officials have turned down more hands-on cybersecurity help from federal and state agencies, instead contracting with private vendors to perform security tests.

"We want to make sure that we're the ones that are responsible for our elections," Gardner's Deputy Secretary of State Dave Scanlan said. "I think we have a healthy distrust of outside agencies trying to get access to our databases to perform certain functions."

Enlarge this image toggle caption Ryan McBride/AFP via Getty Images Ryan McBride/AFP via Getty Images

Morgan, the state senator and cybersecurity consultant, says his biggest concern is that hackers might target what amounts to the front lines of New Hampshire's elections: holding cities or towns hostage with ransomware attacks, or trying to scam a local pollworker into giving up access to the state's voter files.

While the state elections office has significantly expanded its cybersecurity training for local pollworkers in the last few years, that training isn't mandatory. Some pollworkers are also preparing for the upcoming primary on computers with expired security protections.

The New Hampshire Secretary of State got $3.1 million dollars from the federal government in 2018 to help make these kinds of improvements, but most of its spending so far has gone toward security and equipment expenses at the state level. While state elections officials have warned cities and towns that they need to patch up their election security protections, it hasn't provided any financial support to help offset the costs of those local upgrades.

Backups but no audits

If there is a security breach, Scanlan says the state has backups in place to make sure the election still proceeds.

Local voter lists are backed up on a daily basis leading up to the vote. If someone shows up to the polls to find their registration is missing, they can still register on Election Day. If a ballot counting machine breaks down, a regular occurrence since the model New Hampshire uses is no longer on the market, the results can be tallied by hand — and already are in many towns.

"We're confident that we're going to conduct an election on February 11th regardless of what else might happen," Scanlan said. "And I say that with the understanding that we have to be vigilant and that any electronic system can be targeted."

New Hampshire also lacks one election safeguard used by more than three dozen other states: post-election audits. Audits are widely viewed as a simple way to instill confidence in elections by verifying the accuracy of the outcome.

But Gardner has opposed past efforts to bring the practice to the Granite State, and has fought local voting activists — like Deborah Sumner — who have pushed for more transparency in the ballot counting process.

"I know this is heresy," Sumner said. "I would rather we gave up the New Hampshire primary and had elections we have reason to trust in New Hampshire."

The way Sumner sees it, the case for post-election audits is only strengthened because of the national spotlight on New Hampshire races — not just in the primary, but also the general elections. In 2016, the race for president and U.S. Senate were decided by less than one percent.