The Institute for the Future, the Elections Group, and the Brennan Center for Justice have published a new guide on AI threats to election administration, authored by David Evan Harris, Lawrence Norden, Noah Praetz, and Elizabeth Howard. The guide provides an overview of the major risks AI poses to elections—including voice, text, and video impersonation and novel malware—and lays out how officials can prepare for and respond to a wide range of scenarios in which those risks might present themselves. The report also recommends steps elections officials can take more generally to prevent bad actors from impersonating government offices online, facilitate rapid-response communication, and improve cyber and physical security. The findings are based on a table-top exercise the authoring groups conducted with Arizona elections officials.
From the report:
As the scenarios in this planner show, most of the current threats to elections posed by AI are not entirely novel. For the 2024 U.S. election, the real challenge is that AI provides agitators new tools to increase the scale of such attacks at little cost and in more sophisticated form than we have previously seen.
For years, experts have been warning about the threats that AI poses to elections — even before recent advancements — including those from misinformation directed at the public, phishing attacks against election offices, and denial-of-service attacks against election infrastructure. Many election offices have already implemented significant and successful steps to protect their infrastructure and staff from these threats. Our hope is that this scenario planner will help election officials build on their preexisting security plans to prepare for the more sophisticated and widespread attacks that AI may bring.
The Brennan Center, a nonpartisan law and policy group, and the Elections Group, which consults with election officials across the country, helped develop parts of the tabletop exercise for Arizona after studying and writing about the impact of AI on elections and hearing from election officials that they didn’t feel they had enough direction about how to deal with the threats from this new technology, said Larry Norden, senior director for elections and government at the Brennan Center. . . .
In December, 10 teams of roughly eight to 10 employees from 14 of the 15 Arizona counties — representing the secretary of state, law enforcement, private vendors, as well as some federal employees — came together. To start, organizers assigned each group a fictitious county and a limited budget, one that could not possibly pay for all the offered security measures. The constraints were meant to mimic the real-life restrictions facing election workers today. A team could purchase anti-phishing training, for example, and then, as a result, would not face a simulated phishing attack but also might not have the budget to purchase a backup communications system.