As U.S. midterm elections fast approach and security concerns mount, new survey finds three-quarters of local election websites don’t use domain .gov to enhance site security and engender a higher degree of user trust.
The .gov domain is used across government, is overseen by the Cybersecurity and Infrastructure Security Agency (CISA), and provides users with a degree of trust in the authenticity of websites. Using the .gov domain also provides security benefits, such as two-factor authentication at the .gov registrar and notifications of DNS changes to administrators.
A Research study from the Center for Democracy & Technology (CDT) found that of the 7,010 websites included in the analysis, only 1,747 (25%) used the .gov domain. CDT said it was particularly troubling as fake websites began targeting voters.
Among other steps leading up to the elections, state and local authorities have worked tirelessly to combat misinformation about the authenticity of the vote by having websites that users can trust. They were also advised to have a strong web presence –– such as verified Twitter and Facebook accounts –– to demystify and respond effectively to bad actors.
“We know that one of the most effective ways to mitigate the spread of misinformation is to empower local election officials to be trusted voices in election administration,” said senior adviser Kim Wyman. in electoral security at CISA, at MeriTalk.
“Helping election officials transition to a .gov domain supports this effort,” Wyman said. “The public can easily identify an official government website or email address when it ends in .gov.”
Identifying the .gov domain on a website works similarly to a blue checkmark on Twitter that indicates authenticity. In March 2021, CISA received exclusive authority to confer .gov identification on verified state, local, and federal entities.
Local election websites are where voters complete essential tasks like registering to vote or requesting mail-in ballots. For this reason, CISA has made it easier for election officials to obtain a .gov domain by making registration free.
“Over the past few years, we have engaged state and local authorities on the value of moving to a .gov platform and looked for ways to ease the transition, such as eliminating the $400 registration fee that served as a barrier to entry for smaller jurisdictions,” Wyman said. “We continue to encourage election officials to make this transition if they haven’t already.”
So why have so many official election websites neglected to make the switch?
The CDT speculated that many officials may not be aware that the .gov domain is available and free to them, and many local election teams are strapped for funds and staff. CISA acknowledged that moving a .gov domain is a heavy burden, forcing already resource-strapped election officials to update emails, business cards and signage.
To help officials secure online election infrastructure from cyberattacks and misinformation, CISA has released a fact sheet detailing the importance of a .gov domain – including technical benefits, such as mandatory multi-factor authentication and notifications of domain name system changes.
Election officials can take the CISA step-by-step instructions on how to apply for a .gov domain.