The Senate is working on a bill to secure election infrastructure against cybersecurity threats, but, unless amended, it will widely miss the mark. The current text of the Secure Elections Act omits the two most effective measures that could secure our elections: paper records and automatic risk limiting audits. Cybersecurity threats by their very nature can be stealthy and ambiguous. A skillful attack can tamper with voting machines and then delete itself, making it impossible to prove after the fact that an election suffered interference. Paper records ensure that it is possible to detect and quickly correct for such interference. Automatic audits ensure that such detection actually happens.
Paper Records: Many states still use unsafe voting machines that record votes in only one place: overwritable storage devices like a thumb drive or SD card. Our top priority for election security needs to be funding replacements for these machines. Those replacements must provide a paper trail of each and every vote. The most straightforward and efficient way to do so is voter-marked paper ballots combined with optical scanning machines.
Risk Limiting Audits: Besides building a paper trail for each and every vote cast, actually checking that paper trail must become an automatic part of every election. This is made practical by the most important innovation in election security in recent years: risk limiting audits. Done properly, risk limiting audits allow us to achieve high confidence that an election result is correct through the audit of a small, well-chosen sample of ballots. This makes audits cheaper and quicker, allowing them to be part of every election. Regularizing these audits will increase voter confidence in our democratic system.