Media Release: Election Security Experts Applaud City of Fairfax, VA and Orange County, CA for Leading in New Election Integrity Methods

New Reports from Verified Voting Show How Risk-Limiting Audits in California and Virginia Can Improve Election Security and Public Confidence

Robust post-election audits are changing the election security landscape and the City of Fairfax, Virginia and Orange County, California are leading the way. Risk-limiting audits (RLAs) of voter-marked paper ballots can promote election security and public confidence by providing rigorous statistical evidence that election outcomes match the ballots — and a means to detect and correct outcomes that don’t match. If the method is widely adopted it will bolster confidence in elections. In the months leading up to the midterms, the City of Fairfax and Orange County implemented pilot projects that, as documented in two new reports by the Verified Voting Foundation, with funding support from Microsoft, demonstrated the benefits of risk-limiting audits.

The “Pilot Risk-Limiting Audit” reports, released today at the MIT Election Audit Summit, detail how Orange County and the City of Fairfax conducted pilots — in June and August 2018, respectively — and how these pilots provide lessons for election officials and policymakers around the country.

Verified Voting Blog: Why voters should mark ballots by hand | Andrew Appel

Because voting machines contain computers that can be hacked to make them cheat, “Elections should be conducted with human-readable paper ballots. These may be marked by hand or by machine (using a ballot-marking device); they may be counted by hand or by machine (using an optical scanner).  Recounts and audits should be conducted by human inspection of the human-readable portion of the paper ballots.”

Ballot-marking devices (BMD) contain computers too, and those can also be hacked to make them cheat.  But the principle of voter verifiability is that when the BMD prints out a summary card of the voter’s choices, which the voter can hold in hand before depositing it for scanning and counting, then the voter has verified the printout that can later be recounted by human inspection.

But really?  As a practical matter, do voters verify their BMD-printed ballot cards, and are they even capable of it?  Until now, there hasn’t been much scientific research on that question.

A new study by Richard DeMillo, Robert Kadel, and Marilyn Marks now answers that question with hard evidence:

  1. In a real polling place, half the voters don’t inspect their ballot cards, and the other half inspect for an average of 3.9 seconds (for a ballot with 18 contests!).
  2. When asked, immediately after depositing their ballot, to review an unvoted copy of the ballot they just voted on, most won’t detect that the wrong contests are presented, or that some are missing.

This can be seen as a refutation of Ballot-Marking Devices as a concept.  Since we cannot trust a BMD to accurately mark the ballot (because it may be hacked), and we cannot trust the voter to accurately review the paper ballot (or even to review it at all), what we can most trust is an optical-scan ballot marked by the voter, with a pen.  Although optical-scan ballots aren’t perfect either, that’s the best option we have to ensure that the voter’s choices are accurately recorded on the paper that will be used in a recount or random audit.

Voting Blogs: Florida is the Florida of ballot-design mistakes | Andrew Appel/Freedom to Tinker

This article was originally posted at Freedom to Tinker on November 14, 2018.

Well designed ballot layouts allow voters to make their intentions clear; badly designed ballots invite voters to make mistakes.  This year, the Florida Senate race may be decided by a misleading ballot layout—a layout that violated the ballot design recommendations of the Election Assistance Commission. In Miami, Florida in the year 2000, the badly designed “butterfly ballot” misled over 2000 voters who intended to vote for Al Gore, to throw away their vote.  (That’s a strong statement, but it’s backed up by peer-reviewed scientific analysis.) In Sarasota, Florida in the year 2006, in a Congressional race decided by 369 votes, over 18,000 voters failed to vote in that race, almost certainly because of a badly designed touch-screen ballot layout. In Broward County, Florida in the year 2018, it appears that a bad optical-scan ballot design caused over 26,000 voters to miss voting in the Senate race, where the margin of victory (as of this writing, not yet final) is 12,562 votes.

Media Release: Verified Voting Outlines Steps Voters Can Take to Report Problems on Election Day

Recent reports of possible threats to voting systems and registration databases are alarming, but voters should not be deterred from voting this Election Day. Election officials at the state-level are more prepared for cybersecurity threats or problems with computers than they were two years ago.

“The only way to ensure your vote doesn’t count is if you don’t vote,” said Marian K. Schneider, president of Verified Voting.

Verified Voting urges voters who notice anything wrong with their voter registration or at their polling place to call the Election Protection Hotline: 866-OUR VOTE / 1-888-Ve-y-vota or check out 866OURVOTE.org. Voters should also report any problems to their local county board of elections or to the Secretary of State’s office or both. Doing so will allow officials to understand how widespread the issue is and assist in efforts to pinpoint the cause.

For statewide information about polling place equipment, please visit the Verifier.

Media Release: Verified Voting Calls on Texas to Investigate Straight-Ticket Voting Issues; Voters Should Carefully Check Choices

Marian K. Schneider: “Verified Voting urges Secretary of State Rolando Pablos to move Texas toward reliable, verifiable voting systems that include a voter-marked paper ballot statewide.”

The following is a statement from Marian K. Schneider, president of Verified Voting, in response to reports that voters in six counties in Texas (Harris, Montgomery, Fort Bend, Travis, Tarrant, and McLennan) experienced straight-ticket voting issues using the Hart eSlate voting machines. At a minimum, 5.1 million Texas voters in six of the largest counties in Texas that use Hart eSlate voting machines may be affected by this issue. For additional media inquires, please contact aurora@newheightscommunications.com

“Verified Voting calls on Secretary of State Rolando Pablos to launch a broader and more robust statewide public information effort to advise voters to carefully check their choices as displayed before submitting them on direct recording electronic (DRE) voting machines manufactured by Hart InterCivic.

“Verified Voting appreciates that the Secretary of State issued an advisory warning voters to check their choices carefully before submitting the ballot. More work needs to be done to ensure that all voters in the affected counties are equipped to cast their votes as they intend.

“The reported problems underscore the design flaw in voting systems that do not incorporate a voter-marked paper ballot. Paper ballots that are retained can be later sampled to check if the software is correctly reporting the voters’ selections. Without such a safeguard, public confidence in elections diminishes. Verified Voting urges Secretary Pablos to move Texas toward reliable, verifiable voting systems that include a voter-marked paper ballot statewide.

“Verified Voting also calls on Secretary Pablos to investigate the reports of voting problems, determine the root cause of the issue and publicize the results of such an investigation. Voters should be instructed to report any problems to their local county board of elections or to the Secretary of State’s office or both. Doing so will allow officials to understand how widespread the issue is and assist in efforts to pinpoint the cause.

“Verified Voting also urges voters who experience problems to call the Election Protection hotline at 866-OUR VOTE / 1-888-VE-Y-VOTA.

Verified Voting Blog: An unverifiability principle for voting machines | Andrew Appel

This article was originally posted at Freedom to Tinker on October 22, 2018.

In my last three articles I described the ES&S ExpressVote, the Dominion ImageCast Evolution, and the Dominion ImageCast X (in its DRE+VVPAT configuration).  There’s something they all have in common: they all violate a certain principle of voter verifiability.

  • Any voting machine whose physical hardware can print votes onto the ballot after the last time the voter sees the paper,  is not a voter verified paper ballot system, and is not acceptable.
  • The best way to implement this principle is to physically separate the ballot-marking device from the scanning-and-tabulating device.  The voter marks a paper ballot with a pen or BMD, then after inspecting the paper ballot, the voter inserts the ballot into an optical-scan vote counter that is not physically capable of printing votes onto the ballot.

The ExpressVote, IC-Evolution, and ICX all violate the principle in slightly different ways: The IC-Evolution one machine allows hand-marked paper ballots to be inserted (but then can make more marks), the ExpressVote in one configuration is a ballot-marking device (but after you verify that it marked your ballot, you insert it back into the same slot that can print more votes on the ballot), and IC-X configured as DRE+VVPAT can also print onto the ballot after the voter inspects it.  In fact, almost all DRE+VVPATs can do this:  after the voter inspects the ballot, print VOID on that ballot (hope the voter doesn’t notice), and then print a new one after the voter leaves the booth.

Verified Voting Blog: Continuous-roll VVPAT under glass: an idea whose time has passed | Andrew Appel

This article was originally posted at Freedom to Tinker on October 19, 2018.

States and counties should not adopt DRE+VVPAT voting machines such as the Dominion ImageCast X and the ES&S ExpressVote. Here’s why.

Touchscreen voting machines (direct-recording electronic, DRE) cannot be trusted to count votes, because (like any voting computer) a hacker may have installed fraudulent software that steals votes from one candidate and gives them to another. The best solution is to vote on hand-marked paper ballots, counted by optical scanners. Those opscan computers can be hacked too, of course, but we can recount or random-sample (“risk-limiting audit”) the paper ballots, by human inspection of the paper that the voter marked, to make sure.

Fifteen years ago in the early 2000s, we computer scientists proposed another solution: equip the touchscreen DREs with a “voter verified paper audit trail” (VVPAT). The voter would select candidates on a touchscreen, the DRE would print those choices on a cash-register tape under glass, the voter would inspect the paper to make sure the machine wasn’t cheating, the printed ballot would drop into a sealed ballot box, and the DRE would count the vote electronically. If the DRE had been hacked to cheat, it could report fraudulent vote totals for the candidates, but a recount of the paper VVPAT ballots in the ballot box would detect (and correct) the fraud.

By the year 2009, this idea was already considered obsolete. The problem is, no one has any confidence that the VVPAT is actually “voter verified,” for many reasons:

  1. The VVPAT is printed in small type on a narrow cash-register tape under glass, difficult for the voter to read.
  2. The voter is not well informed about the purpose of the VVPAT. (For example, in 2016 an instructional video from Buncombe County, NC showed how to use the machine; the VVPAT-under-glass was clearly visible at times, but the narrator didn’t even mention that it was there, let alone explain what it’s for and why it’s important for the voter to look at it.)
  3. It’s not clear to the voter, or to the pollworker, what to do if the VVPAT shows the wrong selections. Yes, the voter can alert the pollworker, the ballot will be voided, and the voter can start afresh. But think about the “threat model.”  Suppose the hacked/cheating DRE changes a vote, and prints the changed vote in the VVPAT. If the voter doesn’t notice, then the DRE has successfully stolen a vote, and this theft will survive the recount.  If the voter does notice, then the DRE is caught red-handed, except that nothing happens other than the voter tries again (and the DRE doesn’t cheat this time). You might think, if the wrong candidate is printed on the VVPAT then this is strong evidence that the machine is hacked, alarm bells should ring– but what if the voter misremembers what he entered in the touch screen?  There’s no way to know whose fault it is.
  4. Voters are not very good at correlating their VVPAT-in-tiny-type-under-glass to the selections they made on the touch screen.

Verified Voting Blog: Design flaw in Dominion ImageCast Evolution voting machine | Andrew Appel

This article was originally posted at Freedom to Tinker on October 16, 2018.

The Dominion ImageCast Evolution looks like a pretty good voting machine, but it has a serious design flaw: after you mark your ballot, after you review your ballot, the voting machine can print more votes on it!. Fortunately, this design flaw has been patented by a rival company, ES&S, which sued to prevent Dominion from selling this bad design. Unfortunately, that means ES&S can still sell machines (such as their ExpressVote all-in-one) incorporating this design mistake.

When we use computers to count votes, it’s impossible to absolutely prevent a hacker from replacing the computer’s software with a vote-stealing program that deliberately miscounts the vote. Therefore (in almost all the states) we vote on paper ballots. We count the votes with optical scanners (which are very accurate when they haven’t been hacked), and to detect and correct possible fraud-by-hacking, we recount the paper ballots by hand. (This can be a full recount, or a risk-limiting auditan inspection of a randomly selected sample of the ballots.)

Some voters are unable to mark their ballots by hand–they may have a visual impairment (they can’t see the ballot) or a motor disability (they can’t physically handle the paper). Ballot-marking devices (BMDs) are provided for those voters (and for any other voters that wish to use them); the BMDs are equipped with touchscreens, and also with audio and tactile interfaces (headphones and distinctively shaped buttons) for blind voters, and even sip-and-puff input devices for motor-impaired voters. These BMDs print out a paper ballot that can be scanned by the optical scanners and can be recounted by hand.

Media Release: What Would an Attack on the U.S. Elections Look Like?

Election Experts to Discuss How Hackers Might Target Voter Rolls, Registration in the 2018 Elections, What Signs to Look For and How to Respond. For more information, please contact Aurora Matthews, aurora@newheightscommunications.com, (301)-221-7984.

What
Press call to discuss election day security preparedness and “What Would a 2018 Election Hack Look Like?”

When
Monday, October 15, 2018, 1pm EDT

Where
Dial-in number: 408-638-0968;
Meeting ID: 363 129 912
Webinar link: https://zoom.us/j/363129912

Verified Voting, the Brennan Center for Justice at NYU Law School and Public Citizen will hold a telepresser and webinar on Monday, October 15 to discuss what a hacking of the 2018 election system might look like. Hackers have different avenues they could take either by altering voter registration rolls, disrupting websites or changing vote counts. Detecting an attack might be obvious, such as disappearing votes, or subtle, like voting tallies not matching exit polls.

Verified Voting Blog: David Jefferson: The Myth of “Secure” Blockchain Voting

Click here to download a pdf version of this blog

In the last couple of years several startup companies have begun to promote Internet voting systems, this time with a new twist – using a blockchain as the container for voted ballots transmitted from voters’ private devices. Blockchains are a relatively new system category somewhat akin to a distributed database. Proponents promote them as a revolutionary innovation providing strong security guarantees that can render online elections safe from cyberattack.

Unfortunately, such claims are false. Although the subject of considerable hype, blockchains do not offer any real security from cyberattacks. Like other online elections architectures, a blockchain election is vulnerable to a long list of threats that would leave it exposed to hacking and manipulation by anyone on the Internet, and the attack might never be detected or corrected.

In its recent report, “Securing the Vote – Protecting American Democracy” the National Academy of Sciences summarized its findings:

Conducting secure and credible Internet elections will require substantial scientific advances.

The use of blockchains in an election scenario would do little to address the major security requirements of voting, such as voter verifiability. The security contributions offered by blockchains are better obtained by other means. In the particular case of Internet voting, blockchain methods do not redress the security issues associated with Internet voting.

In this short paper we attempt to explain why blockchains cannot deliver the security guarantees required for safe online elections. But the summary is simple: Most of the serious vulnerabilities threaten the integrity and secrecy of voting before the ballots ever reach the blockchain.

Media Release: Wisconsin Proves It’s Not Too Late for States to Take Key Election Security Steps Before November

Nearly 20 U.S. States Do Not Audit Election Results by Checking Paper Ballots Against Machine Counts or Lack a Paper Ballot to Conduct Effective Audits

WASHINGTON, D.C. – Wisconsin’s action last week requiring a post-election audit will help secure the November vote and should be followed by states that lack such protections, according to Public Citizen and Verified Voting.

On Tuesday, the Wisconsin Election Commission (WEC) took a key step to secure the vote by requiring an audit of November’s election results before they are made official. The commission voted to randomly select five percent of voting machines in the state to be audited the day after the 2018 general election. For the audit, municipal clerks will hand count ballots from randomly selected machines, comparing what’s on the paper ballot to what the machine recorded. They will do this across four races before the vote count is finalized. (See WEC meeting minutes pages 34 and 49.)

Wisconsin’s action shows that it’s not too late to commit to auditing the 2018 vote counts before finalizing results, Public Citizen and Verified Voting said. Votes can – and should – be checked against voter-marked paper ballots for accuracy.

Verified Voting Blog: Verified Voting Testimony before the Pennsylvania Senate State Government Committee

Written Testimony of Verified Voting.org President Marian K. Schneider before the Pennsylvania Senate State Government Committee Public Hearing on Senate Bill 1249 and Voting Machine Demonstration, September 25, 2018. Download as PDF.

Thank you Chairman Folmer, Minority Chair Williams, and members of the Committee for allowing Verified Voting to submit written testimony in connection with the Senate State Government Committee hearing. We write to address the security risks presented for Pennsylvania’s counties and the need to expeditiously replace aging and vulnerable electronic voting systems. We urge the Committee to recommend that the Commonwealth appropriate adequate funding to permit counties to replace their aging electronic voting systems as soon as possible.

Verified Voting is a national non-partisan, non-profit research and advocacy organization committed to safeguarding elections in the digital age. Founded by computer scientists, Verified Voting’s mission is to advocate for the responsible use of emerging technologies to ensure that Americans can be confident their votes will be cast as intended and counted as cast. We promote auditable, accessible and resilient voting for all eligible citizens. Our board of directors and board of advisors include some of the top computer scientists, cyber security experts and statisticians working in the election administration arena as well as former and current elections officials. Verified Voting has no financial interest in the type of equipment used. Our goal is for every jurisdiction in the United States to have secure and verifiable elections.

There are two basic kinds of electronic voting systems in use in Pennsylvania: Direct recording electronic (DRE) or optical scan systems. Both types of systems are computers, and both are prepared in similar ways. The primary difference is that an optical scan system incorporates a voter-marked paper ballot, marked either with a pen or pencil or with a ballot marking device and that ballot is retained for recounts or audits. Optical scan systems leverage the speed of the computer to report unofficial results quickly. The presence and availability of that paper ballot provides a trustworthy record of voter intent and allows jurisdictions to monitor their system for problems, detect any problems, (either hacking or error), respond to them and recover by, if necessary, hand counting the paper ballots. Seventeen counties in Pennsylvania already benefit from the security protection of paper ballots.

Verified Voting Blog: Serious design flaw in ESS ExpressVote touchscreen: “permission to cheat” | Andrew Appel

This article was originally posted at the Freedom to Tinker blog.

Kansas, Delaware, and New Jersey are in the process of purchasing voting machines with a serious design flaw, and they should reconsider while there is still time!

Over the past 15 years, almost all the states have moved away from paperless touchscreen voting systems (DREs) to optical-scan paper ballots.  They’ve done so because if a paperless touchscreen is hacked to give fraudulent results, there’s no way to know and no way to correct; but if an optical scanner were hacked to give fraudulent results, the fraud could be detected by a random audit of the paper ballots that the voters actually marked, and corrected by a recount of those paper ballots.

Optical-scan ballots marked by the voters are the most straightforward way to make sure that the computers are not manipulating the vote.  Second-best, in my opinion, is the use of a ballot-marking device (BMD), where the voter uses a touchscreen to choose candidates, then the touchscreen prints out an optical-scan ballot that the voter can then deposit in a ballot box or into an optical scanner.  Why is this second-best?  Because (1) most voters are not very good at inspecting their computer-marked ballot carefully, so hacked BMDs could change some choices and the voter might not notice, or might notice and think it’s the voter’s own error; and (2) the dispute-resolution mechanism is unclear; pollworkers can’t tell if it’s the machine’s fault or your fault; at best you raise your hand and get a new ballot, try again, and this time the machine “knows” not to cheat.

Verified Voting Blog: Four ways to defend democracy and protect every voter’s ballot | Douglas W. Jones

This article was originally posted at phys.org.
As voters prepare to cast their ballots in the November midterm elections, it’s clear that U.S. voting is under electronic attack. Russian government hackers probed some states’ computer systems in the runup to the 2016 presidential election and are likely to do so again – as might hackers from other countries or nongovernmental groups interested in sowing discord in American politics.

Fortunately, there are ways to defend elections. Some of them will be new in some places, but these defenses are not particularly difficult nor expensive, especially when judged against the value of public confidence in democracy. I served on the Iowa board that examines voting machines from 1995 to 2004 and on the Technical Guidelines Development Committee of the United States Election Assistance Commission from 2009 to 2012, and Barbara Simons and I coauthored the 2012 book “Broken Ballots.”

Election officials have an important role to play in protecting election integrity. Citizens, too, need to ensure their local voting processes are safe. There are two parts to any voting system: the computerized systems tracking voters’ registrations and the actual process of voting – from preparing ballots through results tallying and reporting.

Verified Voting Blog: The National Academies of Sciences, Engineering, and Medicine releases report on “The Future of Voting”

Today the National Academies of Sciences, Engineering, and Medicine released a report on election security, “Securing the Vote: Protecting American Democracy.” The Committee for The Future of Voting, which includes Verified Voting Board member Ron Rivest and Advisory Board member Andrew Appel, released the report at a public event in Washington, DC, where the report’s findings and key recommendations were discussed. Included in the Committee’s recommendations, which echo many of Verified Voting’s policies, were:

  • Human-readable paper ballots, made available for all elections as soon as 2018
  • State-mandated risk-limiting audits
  • Increased funding to state and local governments for cybersecurity and election infrastructure

In addition to Ron Rivest and Andrew Appel, Verified Voting’s own Barbara Simons, David Dill, Philip Stark, Matt Blaze, Doug Kellner, and Alex Halderman reviewed the report ahead of its release.

To read the full report and recommendations, visit nap.edu/FutureOfVoting

Verified Voting Blog: The Myth of “Secure” Blockchain Voting

Several startup companies have recently begun to promote Internet voting systems, but with a new twist – using a blockchain as the container for voted ballots transmitted over the Internet from the voter’s private device. Blockchains are a relatively new system category a little akin to a distributed database. Proponents of blockchain voting promote it as a revolutionary innovation providing strong security guarantees that enable truly secure online elections. Unfortunately, these claims are false. Blockchains do not offer any real election security at all.

Internet voting has been studied by computer security researchers for over twenty years. Cyber security experts universally agree that no technology, including blockchains, can adequately secure an online public election. Elections have unique security and privacy requirements fundamentally different from and much more stringent than those in other applications, such as e-commerce. They are uniquely vulnerable because anyone on Earth can attack them, and a successful cyberattack might go completely undetected, resulting in the wrong people elected with no evidence that anything was amiss.

Media Release: Audit Language of the Secure Elections Act Falls Short of Standard for Effective Election Cyberdefense

Marian K. Schneider: “Verified Voting cannot in good conscience support the Secure Elections Act unless the previous audit language of the bill is restored

The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, regarding the Chairman’s mark of the Secure Elections Act. For additional media inquiries, please contact christy@newheightscommunications.com.

“Voter-verified paper ballots and manual post-election audits provide robust assurance that election outcomes are not manipulated in a cyberattack, and the most important thing elected officials can do to effectively secure the voting process is to require this combination of safeguards, together.

Unfortunately, the Chairman’s mark of the Secure Elections Act falls short of this standard. Unlike previous versions of the language, including the House companion bill introduced last month, the Chairman’s mark removes language that would have required audits to be conducted ‘by hand and not by device.’ This omission would permit software-based audits of digital records that do not provide a meaningful verification of the software that counted the votes. Cybersecurity experts agree that a manual inspection of the actual ballots marked by voters is essential to detecting interference or programming errors.

Verified Voting cannot in good conscience support the Secure Elections Act unless the previous audit language of the bill is restored and the SEA ensures that elections are defended by effective audit processes.”

Verified Voting Blog: Pamela Smith: Testimony Submitted to the Little Hoover Commission

Download Testimony as a PDF

Honorable Members of the Commission: I serve as Senior Advisor to Verified Voting, a national non-partisan non-profit educational and advocacy organization committed to safeguarding elections in the digital age. Verified Voting advocates for the responsible use of emerging technologies to ensure that Americans can be confident their votes will be cast as intended and counted as cast. We promote auditable, accessible and resilient voting for all eligible citizens. I previously served as President of Verified Voting for more than a decade. I have provided information and testimony on voting technology and policy issues at federal and state levels, including to the US House of Representatives Committee on House Administration, and earlier this year at the Joint Hearing of Assembly Elections and Redistricting and Senate Elections and Constitutional Amendments Committees, on Cybersecurity and California’s Elections.[1. March 7, 2018. https://selc.senate.ca.gov/content/oversightinformational-hearings]

I have curated an extensive information resource on election equipment and regulations nationwide, and co-authored several key works on election security policy, including Principles & Best Practices for Post Election Audits[2. Electionaudits.org/principles] and the introductory chapter of Confirming Elections: Creating Confidence and Integrity through Election Auditing.[3. Palgrave/MacMillan, 2012.] I participate in the Future of California Elections, a collaboration between election officials, civil rights organizations and election reform advocates to examine and address the unique challenges facing the State of California’s election system.[4.  Futureofcaelections.org] I also serve on the Los Angeles County Voting Systems for All People (VSAP) Technical Advisory Committee.[5. vsap.lavote.net]

In my capacity at Verified Voting I have worked with advocates, election officials and lawmakers from all across the country. In my view, the states that do the best on metrics relating to voting system security are often the ones that continue to look for and embrace opportunities to improve. As security threats do not stand still, neither can those whose work it is to safeguard our elections and consequently our democracy. I applaud the Little Hoover Commission for taking up this crucial topic of investigation, and am pleased to participate in and contribute to that effort.

Election security is not an on-off switch, where a thing either is secure or it is not. Rather it involves incrementing layers of effort, analysis, systems and procedures, all created or conducted by people, all while balancing costs and priorities. Such incremental measures harden a system, making it more secure than before and solving for problems when they occur. Perfect security is not attainable, but diligence in the pursuit of secure elections is.

Post Election Audits: Verified Voting’s Guide to RLAs in One Infographic

Verified Voting debuted its latest infographic, “A Flowchart for Conducting Risk-Limiting Audits,” at the National Association of Secretaries of States (NASS) 2018 Summer Conference in Philadelphia. In addition to sharing this with election officials at the conferences this summer, Verified Voting is working closely with jurisdictions to demonstrate how to implement robust post-election audits. Check it out below:

RLA Flowchart

This handy flowchart explains the process of conducting a risk-limiting-audit (RLA)

The infographic is part of a series of visuals Verified Voting is creating. This piece breaks down RLAs in a flowchart, and follows the release of “Safeguarding Our Elections: The Solutions to Vulnerabilities in Election Security,” this past June. You can download the infographic here or find it on our Twitter or Facebook.

Media Release: Security Experts Call on ES&S to Provide States with Steps to Disable Problematic Software Installed on Voting Machines

Marian K. Schneider: “Verified Voting calls on all the voting system vendors to be full partners in the effort to secure our elections.”

The following is a statement from Marian K. Schneider, president of Verified Voting, following news that ES&S, the country’s top voting-machine maker, admitted installing problematic remote-access software on election-management systems that it sold over a period of six years. For additional media inquires, please contact aurora@newheightscommunications.com

“Computer security experts agree the computers that program precinct voting devices should never contain any type of remote access software because the presence of this software could lead to hacking that can change election results. To safeguard election systems and instill confidence in the voting process, ES&S should be transparent about which states’ computers have this remote access software installed and provide information about the steps needed to disable or remove it.

“Verified Voting calls on all the voting system vendors to be full partners in the effort to secure our elections. We must all stand shoulder to shoulder to defend our democracy against both internal and external threats that seek to undermine our elections.”

Media Release: Congressional Briefing on Election Cybersecurity

Washington, D.C. — On Tuesday, July 10, a bipartisan group of leading authorities on election administration and cybersecurity will be on Capitol Hill to present an overview of current election security challenges facing federal and state policymakers. Introduced by Senator James Lankford (R-OK), the panel conversation comes one day ahead of a Senate Rules Committee hearing on the issue and months before November’s midterm elections.

When:
Tuesday, July 10, 2018
1:30 PM – 3:30 PM EDT

Where:
Capitol Visitors Center, Room SVC 202/203
First St NE, Washington, DC 20515

Experts will discuss key steps states should be taking to shore up electronic voting systems, which remain not only vulnerable to cyber-attacks but also a prime target of them. According to a recent report issued by the Senate Intelligence Committee, foreign agents targeted election systems in 18 states, conducted malicious access attempts on voting-related websites in at least six states, and additionally gained access to voter registration databases in a small number of states.

Verified Voting Blog: Verified Voting Designs New Ways to Think About Election Security

Summer is here and that means Verified Voting’s work is heating up! In the past few months Verified Voting has added staff, increased our state work, produced a valuable toolkit for election officials and advocates that received press in POLITICO and The Hill and created a set of infographics and maps which appeared in the Wall Street Journal and NPR (make sure to scroll down to see Verified Voting’s latest infographic: “Safeguarding Our Elections: The Solutions to Vulnerabilities in Election Security”).

The media continues to be instrumental in helping us raise awareness about safeguarding elections. Here are some recent highlights:

Fast Company – How U.S. Election Officials Are Trying To Head Off The Hackers
Bloomberg – Hack-Resistant Vote Machines Missing as States Gird for ’18 Vote
Reuters – Ahead of November election, old voting machines stir concerns among U.S. officials
Washington Post – How Colorado became the safest state to cast a vote
Associated Press – Election Hacking Puts Focus on Paperless Voting Machines
Axios – Exclusive poll: Majority expects foreign meddling in midterms
POLITICO – Election system experts debate merits of wireless tech in voting machines

Verified Voting Blog: Verified Voting’s Guide to Election Security in One Infographic

Verified Voting has gone visual! In addition to recently collaborating with the Wall Street Journal and NPR on maps depicting voting technology across the states, Verified Voting created its own infographic: “Safeguarding Our Elections: The Solutions to Vulnerabilities in Election Security.”

The infographic is the first in a series of visuals Verified Voting is creating. This piece breaks down the state of our elections, which states are most vulnerable, the solution and what people can do. We urge you to take a look and share with your networks. You can download infographic or find it on our Twitter or Facebook.

Media Release: Toolkit Advises Advocates and Election Officials on How to Secure the Nation’s Voting Machines

A joint project from Verified Voting, the Brennan Center, Common Cause and the National Election Defense Coalition suggests ways states can use Congressional election security funds.

Download the toolkit as a PDF. For additional media inquires, please contact aurora@newheightscommunications.com.

A new toolkit designed for advocates and election officials offers suggestions for best practices for conducting post-election audits as well as tips for local jurisdictions considering purchasing new voting machines. The toolkit, “Securing the Nation’s Voting Machines,” is a joint project between Verified Voting, the Brennan Center for Justice, Common Cause and the National Election Defense Coalition.

“Cyber security experts agree that our voting systems need to be resilient and allow jurisdictions to monitor, detect, respond and recover from an event that interferes with the software. Resilient systems incorporate a paper ballot that is retained for recounts and post-election audits,” said Marian K. Schneider, president of Verified Voting. “This toolkit provides a roadmap for election officials nationwide who are looking to implement these resilient systems.”

Verified Voting Blog: Letter to State Election Officials on Best Practices for Voting Funds

Download letter as PDF

On March 23rd, Congress allocated $380 million to states to upgrade election security. This is a positive development. In the age of unprecedented hacking risks, researchers have found that electronic voting infrastructure — including voting machines and registration databases — have serious vulnerabilities. While there’s no evidence that vote totals were hacked in 2016, there’s strong evidence that hackers have been testing the waters.

While federal funding can help states address these issues, simply upgrading or replacing election infrastructure is not sufficient. It is essential that states work with the Department of Homeland Security or other trusted providers to scan their systems for cyber vulnerabilities, and follow best practices identified by computer scientists, national security leaders, and bipartisan experts in elections administration to mitigate hacking risks. On March 20, the Senate Select Committee on Intelligence released its long-awaited recommendations on election security and concluded that requiring paper ballots, banning wireless components and implementing statistically sound audits of election results are essential safeguards. Last year, a group of 100 leading computer scientists and other election administration experts voiced the same conclusion. Through years of researching voting equipment security in real election administration environments, the National Institute of Standards and Technology (NIST) has come to similar conclusions about what it will take to defend elections.

Verified Voting Blog: Bruce Schneier: American elections are too easy to hack. We must take action now.

This article was published by The Guardian on April 18, 2018Bruce Schneier is a fellow and lecturer at Harvard Kennedy School and a member of the advisory board of Verified Voting.

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them.

Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper.

Recently, there have been two graphic demonstrations of how bad our computerized voting system is. In 2007, the states of California and Ohio conducted audits of their electronic voting machines. Expert review teams found exploitable vulnerabilities in almost every component they examined. The researchers were able to undetectably alter vote tallies, erase audit logs, and load malware on to the systems. Some of their attacks could be implemented by a single individual with no greater access than a normal poll worker; others could be done remotely.

Verified Voting Blog: Federal Funds for Election Security: Will They Cover the Costs of Voter Marked Paper Ballots?

Download the Brennan Center/Verified Voting Full Report (PDF)

Under the terms of the omnibus spending bill voted on by the House, states will receive $380 million within months to start to strengthen the security of our nation’s election infrastructure. This near-term funding is the product of tireless work by members of both parties, and a critical acknowledgment from Congress that protecting our elections is a matter of national security. States can use the funding immediately to begin deploying paper ballots, post-election audits, and other essential cybersecurity improvements. However, the new funding is only a first step, as many in Congress have acknowledged, and further Congressional action will be necessary in order to ensure that future elections are secure.

Most significantly, the omnibus funding as allocated to the states under the Help America Vote Act (HAVA) will not be enough for some states to replace their insecure voting machines. Because paperless electronic voting systems are highly vulnerable to cyberattacks, it is urgent that those systems be replaced as soon as possible, as the Senate Select Committee on Intelligence (SSCI) recommended earlier this week. Until this is done, it will be impossible to ensure that election results as reported by the voting system have not been corrupted by a cyberattack.

Thirteen states, including key swing states like Pennsylvania, continue to use paperless voting today. One of the main reasons is cost: cash-strapped states simply can’t afford to replace this aging equipment. Unfortunately, our analysis shows that under the new federal funding, five of the 13 states with paperless machines will receive less than 25 percent of the money they may need to replace them. Moreover, most states will also need to use some of the new funding to pay for improved auditing and other security measures, leaving even less for crucial technology upgrades.

Media Release: Georgia: Election Integrity Experts Do Not Support the Current House Version of SB 403

Marian K. Schneider: The only people who are happy with SB 403 are voting system vendors who are salivating over the chance to sell many more machines than necessary.”

The following is a statement from Marian K. Schneider, president of Verified Voting, about why Georgia’s current Senate Bill 403 cannot ensure a verifiable and accurate election system. For additional media inquires, please contact aurora@newheightscommunications.com

“Election Integrity experts are not happy with Senate Bill 403 because it leaves the door wide open for Georgia to select insecure systems rather than slamming that door shut in favor of secure and verifiable systems. SB 403 does not mandate a voter-marked paper ballot, marked either by hand or accessible ballot marking device that is counted by a ballot scanner. It allows that possibility, but it also allows for insecure voting machines that record, count and report the voter’s selections while purporting to offer a paper record to the voter. Not only is the door to insecure voting wide open, but the bill language could be read to require all voters to vote on an electronic ballot marking device. That outcome would be needlessly expensive for Georgia taxpayers but it would be more than a welcome outcome for voting system vendors who are anxious to sell as many machines as possible.

Media Release: Senate Intelligence Committee’s Recommendations Outline Urgent Need for Paper Ballots, Post-Election Audits

Marian K. Schneider: The recommendations…make the case that states need immediate federal support to build a stronger defense.”

(March 21 2018) — The Senate Select Committee on Intelligence released a report today about Russian targeting of election infrastructure during the 2016 election. Read the full set of recommendations here. The following is a statement from Marian K. Schneider, president of Verified Voting:

“The Senate Select Committee on Intelligence (SSCI) report recognizes that voter-verified paper ballots and post-election audits are the best way – given current technology – to ensure that an attack on our voting systems can be detected and the outcome verified.

“As the Intelligence Committee hearing established again this morning, there was foreign interference during the 2016 election and a real possibility that similar acts to undermine faith in our democratic system will occur again. Security experts agree that safeguarding and protecting our election systems is important, and the Intelligence Committee report is another indication that Congress and state governments must urgently address the vulnerabilities in our election systems, both by mandating voter-verified paper records and audits as well as allocating resources to accomplish these goals.

Media Release: Verified Voting Opposes Georgia’s Current Voting Machine Legislation

Marian K. Schneider:[T]he current bill will perpetuate the cycle of unverifiable voting in Georgia. Verified Voting cannot support the bill unless significant changes are made.”

The following is a statement from Marian K. Schneider, president of Verified Voting, about why Georgia’s current Senate Bill 403 cannot ensure a verifiable and accurate election system. For additional media inquires, please contact aurora@newheightscommunications.com

“Georgia voters need a secure voting system with voter-marked paper ballots and audits, but instead, Georgia’s electoral system is left insecure and unverifiable. The current version of Senate Bill 403, which recently passed the House Government Affairs Committee, has morphed into a sweetheart deal for a group of voting machine vendors. Georgia voters are simply demanding a verifiable secure election system …nothing more.