As local officials across the country scramble to hack-proof their voting systems ahead of the midterm elections, there’s one state that is paving the way as a leader in election security. Colorado has done virtually everything election experts recommend states do to stave off a repeat of 2016, when Russian hackers targeted 21 states as part of the Russian government’s massive election interference campaign. The state records every vote on a paper ballot. It conducts rigorous post-election audits favored by voting researchers. Nearly every county is equipped with up-to-date voting machines. Election officials take part in security trainings and IT workers test computer networks for weaknesses. Secretary of State Wayne Williams told me the state benefited from having some of those measures in place before 2016. Once the extent of Russia’s digital campaign in the presidential election became clear, he made it a priority to invest more in them, he said. “If people perceive a risk, they’re less likely to participate in voting,” Williams said. “We want to protect people from that threat, and we want to people to perceive that they are protected from that threat.”
New measures to bolster security for Michigan’s 2018 midterm elections were announced this month, but experts said they don’t address all past gripes with state procedures. During this year’s May election and November general election, Michigan will hand-count ballots for all precincts selected in the post-election audit, secretary of state spokesman Fred Woodhams said. The state currently uses paper ballots that are scanned through optical voting machines. Past elections’ audits required reviewing voting machine equipment as well as procedural compliance of poll workers, he said, but did not entail recounting paper ballots. … But the reforms don’t fully reassure Alex Halderman, a professor of computer science and engineering at the University of Michigan. He noted that under Michigan procedure, post-election audits occur after the results are already certified, rendering the practice moot when it comes to disputing a race outcome.
Media Release: Senate Intelligence Committee’s Recommendations Outline Urgent Need for Paper Ballots, Post-Election Audits
Marian K. Schneider: “The recommendations…make the case that states need immediate federal support to build a stronger defense.”
(March 21 2018) — The Senate Select Committee on Intelligence released a report today about Russian targeting of election infrastructure during the 2016 election. Read the full set of recommendations here. The following is a statement from Marian K. Schneider, president of Verified Voting:
“The Senate Select Committee on Intelligence (SSCI) report recognizes that voter-verified paper ballots and post-election audits are the best way – given current technology – to ensure that an attack on our voting systems can be detected and the outcome verified.
“As the Intelligence Committee hearing established again this morning, there was foreign interference during the 2016 election and a real possibility that similar acts to undermine faith in our democratic system will occur again. Security experts agree that safeguarding and protecting our election systems is important, and the Intelligence Committee report is another indication that Congress and state governments must urgently address the vulnerabilities in our election systems, both by mandating voter-verified paper records and audits as well as allocating resources to accomplish these goals.
“Some states are already taking steps to safeguard their voting systems. Virginia made the move to decertify all of its voting machines last year, acknowledging that its voting machines were computerized and like all computers they are vulnerable, while Colorado became the first state to implement risk-limiting audits (RLAs) statewide. Other states are following suit, but states need resources to replace aging, insecure voting equipment and implement robust post-election audits.
“The Intelligence Committee’s report correctly identified that by making federal funds available to states that need them, states will be able to help defray the costs of audits and improve cybersecurity. But legislation like the Secure Elections Act would also help states replace aging systems and move toward a truly secure paper-based voting system. In order to adopt the Intelligence Committee’s recommendations, Congress must immediately pass this legislation and support states’ efforts to safeguard elections.
“It’s time we prepare to monitor, detect, respond and recover from any potential attacks that undermine the democracy of our elections. The recommendations laid out by the Intelligence Committee make the case that states need immediate federal support to build a stronger defense by using paper ballots or having a voter-verified paper trail and implementing widespread, statistically sound audits like RLAs.”
Verified Voting is a national non-partisan, non-profit educational and advocacy organization committed to safeguarding elections in the digital age. Founded by computer scientists, Verified Voting advocates for the responsible use of emerging technologies to ensure that Americans can be confident their votes will be cast as intended and counted as cast. We promote auditable, accessible and resilient voting for all eligible citizens.
MEDIA CONTACT: Aurora Matthews
Media Release: Pennsylvania Special Election Underscores Urgent Need for Voter-Verifiable Paper Systems to Check Computer-Generated Votes
Marian K. Schneider: “All races should be audited – whether they are close or not.”
The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, about Tuesday’s special election in Pennsylvania’s 18th Congressional District. For additional media inquires, please contact firstname.lastname@example.org
“Pennsylvania law does not mandate a recount in this race, although candidates can petition for a recount, a difficult and expensive process. In Pennsylvania, 83 percent of voters, including all the voters in the 18th Congressional District, cast their votes on electronic voting machines that record the choices directly onto computer memory. Because no paper record of the voters’ choices exist, there is no way to double check if those machines correctly captured voter intent. All races should be audited – whether they are close or not – but elections like this underscore the need to have processes in place to instill confidence in the results. While there is no indication that there is any need to question the results of yesterday’s election, a ‘recount’ of a paperless voting machine will not catch software bugs, election programming errors or vote rigging malware in the voting machines.
“Pennsylvania announced earlier this year that it would no longer purchase unverifiable direct recording electronic (DRE) systems, but the special election yesterday demonstrates exactly why there is an urgent need for physical paper ballots that can be used to check the computer-generated votes. Verified Voting advocates for a quality assurance process that uses statistical methods and random sampling to verify the accuracy of the results.”
Russian hackers poked and prodded voting systems throughout the country during the election of 2016, failing to change votes or alter registration rolls but succeeding in pointing out where the United States is vulnerable. In just a few months, they’ll almost certainly be back again, and if not the Russians, then any one of a number of nations or groups hoping to sow discord and cause chaos around the signature event of our democracy. If they’re successful, we’ll have no one to blame but ourselves. The hackers mostly took aim at voter registration rolls, which because they are shared between computers and often undersecured are open to outside attack. By altering or deleting names on such lists, hackers could keep people from voting; on a wide scale, that would certainly cast a pall of distrust and anger over the system, and throw any results into question. There is some disagreement on how many states were targeted in these attacks, but the hackers were successful in compromising voter information in at least Illinois, where voter registration rolls were downloaded before the intrusion was detected.
Editorials: Vote auditing can ensure integrity of Virginia’s elections | Audrey Malagon/Virginian-Pilot
It’s time for better quality control in our election processes. Virginia’s 94th District in the House of Delegates drew names after disputes over a single ballot’s validity. In the 28th District, many voters were told to vote in the wrong district. A single district can determine party control of the House, affecting health care, taxes and education. Yet how can we be sure the ballots we cast are even read and counted correctly? Mathematics makes checking the integrity of our elections simple and inexpensive, and Virginia should do this more often. My grandmother worked in a syringe factory in my hometown. Her supervisor used to pull a few syringes off the line and inspect them. He didn’t check every syringe, but if the ones he randomly checked looked OK, he was confident that the products going out were the right quality. This idea of random checking isn’t just for factories; we rely on it to make sure smoke detectors will save us in a fire and restaurants won’t make us sick.
State Rep. Kathleen Clyde, a Democratic candidate for Ohio secretary of state, said Wednesday she’s preparing to introduce a pair of bills designed to safeguard the state’s elections against cyberattacks. Clyde spoke about the bills at the Ohio Association of Elections Officials annual conference in Columbus. She was motivated to draft the legislation after it was reported that Russia attempted to interfere in the presidential election in 2016. “Many believe that this problem will only continue and we need to make sure that we are preparing for any attempts to hack our voting systems,” Clyde said in a phone interview prior to the conference. Unless Clyde is able to get Republican sponsors, her bill is unlikely to get through the GOP-dominated Ohio state legislature.
Editorials: Decertifying Virginia’s vulnerable voting machines is just the first step | Fredericksburg Free Lance Star
The Virginia State Board of Elections has belatedly decided that all electronic touchscreen voting machines still in use throughout the commonwealth cannot be used for the Nov. 7 general election because they are vulnerable to hacking, even though they are not connected to the internet. This revelation is not new. For more than a decade, computer scientists at Princeton, Johns Hopkins, and other top universities have demonstrated that hackers can surreptitiously change votes on these machines without leaving a trace. In 2005, Finnish computer programmer Harri Hursti successfully hacked into Diebold voting machines that were in a locked warehouse in Leon County, Fla., under the watchful eyes of elections officials, a feat still referred to today as the Hursti Hack. But it took another demonstration of successful hacking at the DEFcon cybersecurity conference in Las Vegas this summer to finally convince board members that they needed to immediately decertify all touchscreen voting machines still in use in Virginia. Better late than never, as the old saying goes, but that left 22 cities and counties that still use them to tabulate election results in the lurch. Decertification should have happened years ago.
Amid national news reports about potential election-hacking by Russia — and a machine ballot miscount in North Kingstown last year — state lawmakers have added audits of vote tallies to their special-session agenda. At a rare Friday afternoon meeting in September, the House Judiciary Committee is also scheduled to vote on a criminal-sentencing overhaul that stalled out in the 2016 legislative session, and then got caught up in end-of-session chaos this past June. … That was expected. But the committee will also likely approve — and send along to the full House for action at Tuesday’s special session — a bill requiring post-election audits to make sure that the state’s voting machines — which are actually optical scanners — got the winners and losers right. The Senate has already passed a version of the bill, sponsored by Sen. James Sheehan. But that bill — and a matching House version with Republican and Democrat-sponsors — had not made it all the way when the regular session ended abruptly in June.
To stop cyberattacks on voting, America should follow the state’s lead on paper ballots. There’s no evidence that hacking impacted the 2016 elections. But there’s growing evidence that elections in 2018 and 2020 could be at risk. The threat could come from North Korea, Iran, or any of a host of foreign adversaries. The challenges are getting clearer. In August, Chicago’s Board of Elections reported that sensitive information about the city’s 1.8 million registered voters was left exposed online for an unknown period. Earlier in the summer, the Department of Homeland Security confirmed that foreign agents targeted voting systems in 21 states in the last election. Other news reports found that hackers successfully compromised election technology vendors who program voting systems. In the fight to secure America’s voting systems, Alabama is already employing the most crucial defensive weapon: paper ballots. The transparency and simplicity of the state’s system is tough to hack and relatively easy to verify. To guard against a foreign attack on our nation’s election systems, we need action to ensure others follow Alabama’s example.