In the past week, reports of foreign interference in American elections have reached what appears to be a crescendo, with multiple reports about foreign influence operations and targeting of our election infrastructure as well as federal and state efforts to push back. Amid these reports, it’s important for the American public to understand that in the nearly two years since November 2016, election officials (in coordination with state and federal agencies) have done much to secure our voting infrastructure. Perhaps most importantly, federal and state agencies as well as security experts have worked with election officials to provide cybersecurity trainings, risk assessments, and new tools for preventing and detecting attacks. But no election is perfect. Whether or not there are additional attacks against our election system, there will inevitably be some failures. For both glitches and cyberattacks, there are critical, immediate steps that officials can take (and in most cases, are already taking) to ensure that all citizens can vote and that their votes will be accurately counted. The infrastructure we use to administer and vote in elections in the United States is vast and includes election websites that provide voters information on their polling places, voting machines, and systems that report unofficial results on election night. Past attacks on election systems, both here and abroad, show that we should assume any part of them could be a target, and act with measures to prevent, detect, and recover against such attacks. Here are the kinds of election-security issues and voting-system glitches that we need to be most aware of—as well as the steps we can take to ensure they don’t interfere with our ability to cast and count ballots—as we approach both the 2018 midterms and the 2020 presidential race.
… Even under the best of circumstances, equipment failures occur. Machines can freeze or fail to start. Candidates’ names might be missing from the ballot, as recently happened on some voting machines in Arkansas. On older touch-screen machines, in particular, there might be “vote flipping,” where voters select one candidate on a touch-screen machine but another choice shows up on the review screen. We’ve seen reports of vote flipping in both Georgia and Texas this year. (Vote flipping is disconcerting, can undermine confidence in our elections, and even potentially costs votes if voters don’t carefully check their review screens. But it is almost certainly the result of a malfunction or other error, rather than a hack—if someone were going to steal a vote by messing with the software, he wouldn’t let the voter know he was doing it.)
Direct-recording electronic machines that do not require a voter to use a paper ballot can cause more problems at the polls in the event of a failure. These machines—used by 22 states as primary polling-place equipment in at least some jurisdictions—will not function until repaired or replaced, and jurisdictions using them will need to print “emergency ballots” in advance of the election to allow voting to continue in case of machine failure.
Emergency ballots are different than provisional ballots that are provided to voters when their eligibility is unclear. Emergency ballots should be counted after the election without any additional scrutiny of voter qualifications, unlike provisional ballots that require research of voter eligibility.
We should also audit all voting systems that have paper backups. Eighty percent of Americans will vote on a paper ballot or a machine with a paper trail this November. By using the paper to check the machines in a public review after election night, we can verify that the software on voting machines has produced the correct outcome. According to the National Conference of State Legislatures, 33 states mandate some kind of postelection audit, though most are not as robust as they should be.