Op-Ed in Politico by two former secretaries of state, one D and one R: Election Security Isn’t That Hard <read>
That’s not to say that it’s easy, particularly given the decentralized nature of our election administration system. Most states administer elections locally and only a few states have uniform equipment in each locality. For many years, election administration has been woefully underfunded, leading to wide variability in capacity and resources. But, as long as the equipment incorporates a voter-marked paper ballot, officials can adjust existing processes to instill confidence in elections, regardless of the equipment in place.
First, we need to dispel one misconception. Many people (including many election officials) believe that if a voting system or scanner is never connected to the internet, it will always be safe. Alas, that’s not the case…
What this means is that while we must make our election infrastructure as secure as possible, we need to accept that it is essentially impossible to make those systems completely secure.
We completely agree. Its important to take strong security measures to protect election systems – voting systems, registration systems – yet that can never be sufficient. We need systems, manual, and computer that are not dependent of electronics. Paper voter lists at every polling place to backup electronic pollbooks and online voter databases. Paper ballots to vote on when the systems fail or the power goes out. Independent audits and recounts of the paper to detect problems and to recover from errors, fraud, and disasters.
The three parts work together. Voter-verifiable paper ballots are required as a check on the computers that tabulate the ballots. The strong chain of custody prevents ballot box stuffing, as well as the theft or alteration of voted ballots. And ballot audits, known as Risk-Limiting Audits (RLAs), make it possible to recover from an attack, or even from malware or unintended mistakes, by randomly selecting ballots and using them to check the accuracy and correctness of the scanner.
It’s not enough to just have paper ballots – it’s also important that they be checked by voters. If a voter makes a mistake while marking her ballot or if a machine that marks a paper ballot for the voter misrecords the voter’s selections, then the voter’s choices will not be correctly counted. This is an important step to raise confidence in the validity of any system. A strong chain of custody also increases confidence.
Overall, we agree as far as this goes. Yet, Risk Limiting Tabulation Audits alone are not sufficient. We need additional audits to check the rest of the process, “process audits” e.g. chain-of-custody/ballot security audits, check-in process audits (appropriate voters allowed or excluded from voting?), accuracy of the voter registration database and lists etc. Like many officials the authors focus on cyber attack, yet we must also protect our systems from insider attack.
Connecticut has a way to go to meet these standards. We do have voter marked paper ballots and air-gaped systems. Yet we have insufficient protection of those paper ballots and insufficient election audits.
