Last week the Senate Select Committee on Intelligence, Senator Richard Burr (R-NC) proprietor, issued the first volume of a five-volume report on Russia’s active measures campaign and interference in the 2016 U.S. election. This first volume focused on and is entitled, Russian Efforts Against Election Infrastructure.

The key takeaway is that the Russians were able to penetrate and infiltrate by hacking. This was a planned cyber operation on election systems in all 50 states. However, it did not alter any votes. This is a very significant finding as the previous reporting on the Department of Homeland Security’s conclusions was that the Russians had hacked into 29 or 33 state election systems, but did not alter any votes. And the finding of not altering any votes is how much of the reporting and analysis of this new report was framed. The Russians got in, looked around, did not change any votes, and got out.

I think that not changing any votes is both the wrong metric and focus. If I were the Russians, or anyone else looking to make trouble by cyber-infiltration of election systems in each state, I would not be trying to adjust votes cast or tallied. Instead, my focus for the operation would be to mess with the voter rolls and voter registrations.

Specifically, I would want the cyber operators to change a middle name or initial here and adjust an address or a zip code there. They would also be changing male to female and female to male on some registrations. If you do several thousands of those in the right states, electoral districts and precincts, you do not have to do anything to actual voting tallies and results.

Instead, you have ensured that people will either be required to vote provisional ballots, which may not be counted or turned away entirely. If you do the targeting in the states where the leadership has decided to take action on voter registration fraud, using the much-criticized crosscheck or related/similar programs, the programs will do the work for you.

The outcomes in the 2018 Florida gubernatorial and senatorial elections, as well as Georgia’s gubernatorial election, were very close. The ability to adjust a couple of thousand registrations, so voters either run afoul of crosschecks or other purging programs. Or force enough voters to either vote on a provisional ballot or be turned away and never vote because of the hassle of fixing things on election day. This provides one the ability to change the outcome of a close election without doing anything to actual votes cast.

My real and ongoing concern regarding the reports of Russian hacking into state election systems over the past two years is something I suspected they were doing as far back as 2016. My other real fear is for election integrity as we approach the 2020 election. Unless someone has a reason to go looking, the errors I have described in the previous paragraph would just be assumed to be human error.

We have examples of some of them in the news reporting on errors made in voter registration. For instance, the New York State Board of Elections announced in December 2017 that they had accidentally and unintentionally registered Jared Kushner as female on his voter registration. This is not the only example of this happening somewhere in the U.S. As far as we know, they are examples of human error made without malice by officials handling voter registration information.

The same thing has also happened with middle initials or having a number flipped on an address or zip code. Similarly, these types of errors would also make it possible, where districts and precincts border each other, to direct voters to the wrong precinct on election day. You may recall that this happened in the last Virginia state election. The Republican candidate won by 10 votes, but 26 voters in his district were sent to vote in the neighboring and wrong district. From what was reported this seems to be solely human error, but will we always know for sure?

The real concern regarding Russian, or other hostile foreign actors, hacking into electoral systems is whether they have or will adjust voter registrations and voter rolls. Not the votes cast or vote tallies to influence the outcome of an election. The reality of these Russian cyber operations targeting electoral systems in all 50 states may make it impossible to know when an election has to be certified if errors were unintentionally made by those entering the registrations or intentionally made by a hostile foreign actor.

One of the major complications is that if the cyber operators doing the infiltrating know their business, it will be tough to differentiate deliberate manipulation from human error. Typos and keystroke entry errors for information on registrations happen every day. I do not know what that error rate is county to county and state to state across the country. I do not know if anyone does.

So one of the real concerns is how do you distinguish the actual signal of a cyber operation to manipulate voter registrations and the voter rolls to influence an election from the everyday noise of human error? What the Senate Select Committee on Intelligence’s report delineates is the creation of an electoral ‘wilderness of mirrors’ to borrow James Jesus Angleton’s phrase. It creates a reality that we may never be able to know the actual outcome of close elections in very competitive states and districts. This creates a huge political legitimacy problem, which is exactly what Putin wants.