The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

American elections are too easy to hack. We must take action now. | Bruce Schneier/The Guardian

This article was published by The Guardian on April 18, 2018Bruce Schneier is a fellow and lecturer at Harvard Kennedy School and is on the advisory board of Verified Voting.

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them.

Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper.

Recently, there have been two graphic demonstrations of how bad our computerized voting system is. In 2007, the states of California and Ohio conducted audits of their electronic voting machines. Expert review teams found exploitable vulnerabilities in almost every component they examined. The researchers were able to undetectably alter vote tallies, erase audit logs, and load malware on to the systems. Some of their attacks could be implemented by a single individual with no greater access than a normal poll worker; others could be done remotely.

Pennsylvania Takes Critical Steps Toward Eliminating Paperless Voting by Next Presidential Election, but Not Before the 2018 Midterms

Pennsylvania took a critical step earlier this year to replace its aging voting systems. The announcement this week that it will eliminate paperless voting machines by the 2020 election is an important step because we know the only way to address the risk of software problems is to require a physical ballot that can be used to check computer-generated votes. But it still leaves many counties in the largest swing state unable to monitor, detect, respond and recover from any possible attack in the upcoming midterm election.

Since 2006, 83 percent of Pennsylvanians have voted on unverifiable direct recording electronic (DRE) systems. This announcement guarantees that the most severely vulnerable systems will be on the path towards replacement, but it will not be in time for the 2018 midterms. Still, as the Commonwealth moves forward with these steps to increase security, it also serves as an example for other states to do the same.

Verified Voting calls on the Pennsylvania legislature to appropriate additional funding to subsidize the cost of replacement. In addition, we urge the Department of State to insist that all newly certified voting systems include the most secure features and will be ready for robust post-election tabulation audits.

Verified Voting Hacks into Voting Machine in New Video from the New York Times

The New York Times published an interactive piece on election security today that included a video featuring Verified Voting fellow, Alex Halderman. The piece, “I Hacked an Election. So Can the Russians,” was the result of a months-long collaboration between Verified Voting and the New York Times.

“Alex Halderman, along with the New York Times, successfully demonstrated how vulnerable these voting machines can be,” said Marian K. Schneider, president of Verified Voting. “We want people to understand in a visual way how something like this might happen. Although it is only a risk and not a certainty that something like this could occur, we need to be prepared and able to recover. These machines don’t allow us to do that. It’s time we prepare to monitor, detect, respond and recover from any potential attacks that undermine our democracy.”

Proposed election security panel for Netroots Nation 2018

Election security is the way we protect our elections from interference and allow voters to feel confident that their vote is being counted. Being able to trust election results is a cornerstone of democracy. 2016 was a harsh reminder of what can happen when we don’t have secure election systems- and demonstrates the need for us to act quickly. Luckily, we can all ensure the safety of our elections, by working with our local and state election officials to make sure all of our votes are counted.

The key takeaways are that the reforms (paper ballots and robust audits) are not only totally possible, but super important. Every major reform that has been passed at the state level has been lead by grassroots activists who knew how important it was to make sure our votes are counted. The progressive movement, in light of the interference in the 2016 election, has been calling on us to understand how to advocate for these campaigns.Election Security is often seen as a wonky, insider issue. Over the past year, the Secure Our Vote coalition has trained hundreds of local leaders to work with their election officials to demand better election machines and audits. The connection between these issues and passing a progressive agenda is clear, as only if we trust our votes will be counted if we have secure systems. We want to build upon that work to make the connections clear to the leading progressive activists.

Federal Funds for Election Security: Will They Cover the Costs of Voter Marked Paper Ballots?

Most significantly, the omnibus funding as allocated to the states under the Help America Vote Act (HAVA) will not be enough for some states to replace their insecure voting machines. Because paperless electronic voting systems are highly vulnerable to cyberattacks, it is urgent that those systems be replaced as soon as possible, as the Senate Select Committee on Intelligence (SSCI) recommended earlier this week. Until this is done, it will be impossible to ensure that election results as reported by the voting system have not been corrupted by a cyberattack.

Download the Brennan Center/Verified Voting Full Report (PDF)

Under the terms of the omnibus spending bill voted on by the House, states will receive $380 million within months to start to strengthen the security of our nation’s election infrastructure. This near-term funding is the product of tireless work by members of both parties, and a critical acknowledgment from Congress that protecting our elections is a matter of national security. States can use the funding immediately to begin deploying paper ballots, post-election audits, and other essential cybersecurity improvements. However, the new funding is only a first step, as many in Congress have acknowledged, and further Congressional action will be necessary in order to ensure that future elections are secure.

Most significantly, the omnibus funding as allocated to the states under the Help America Vote Act (HAVA) will not be enough for some states to replace their insecure voting machines. Because paperless electronic voting systems are highly vulnerable to cyberattacks, it is urgent that those systems be replaced as soon as possible, as the Senate Select Committee on Intelligence (SSCI) recommended earlier this week. Until this is done, it will be impossible to ensure that election results as reported by the voting system have not been corrupted by a cyberattack.

Thirteen states, including key swing states like Pennsylvania, continue to use paperless voting today. One of the main reasons is cost: cash-strapped states simply can’t afford to replace this aging equipment. Unfortunately, our analysis shows that under the new federal funding, five of the 13 states with paperless machines will receive less than 25 percent of the money they may need to replace them. Moreover, most states will also need to use some of the new funding to pay for improved auditing and other security measures, leaving even less for crucial technology upgrades.

Thirteen states, including key swing states like Pennsylvania, continue to use paperless voting today. One of the main reasons is cost: cash-strapped states simply can’t afford to replace this aging equipment. Unfortunately, our analysis shows that under the new federal funding, five of the 13 states with paperless machines will receive less than 25 percent of the money they may need to replace them. Moreover, most states will also need to use some of the new funding to pay for improved auditing and other security measures, leaving even less for crucial technology upgrades.

Download the Report (PDF)
Most significantly, the omnibus funding as allocated to the states under the Help America Vote Act (HAVA) will not be enough for some states to replace their insecure voting machines. Because paperless electronic voting systems are highly vulnerable to cyberattacks, it is urgent that those systems be replaced as soon as possible, as the Senate Select Committee on Intelligence (SSCI) recommended earlier this week. Until this is done, it will be impossible to ensure that election results as reported by the voting system have not been corrupted by a cyberattack.

Thirteen states, including key swing states like Pennsylvania, continue to use paperless voting today. One of the main reasons is cost: cash-strapped states simply can’t afford to replace this aging equipment. Unfortunately, our analysis shows that under the new federal funding, five of the 13 states with paperless machines will receive less than 25 percent of the money they may need to replace them. Moreover, most states will also need to use some of the new funding to pay for improved auditing and other security measures, leaving even less for crucial technology upgrades.

Download the Report (PDF)

Georgia: Election Integrity Experts Do Not Support the Current House Version of SB 403

Election Integrity experts are not happy with Senate Bill 403 because it leaves the door wide open for Georgia to select insecure systems rather than slamming that door shut in favor of secure and verifiable systems. SB 403 does not mandate a voter-marked paper ballot, marked either by hand or accessible ballot marking device that is counted by a ballot scanner. It allows that possibility, but it also allows for insecure voting machines that record, count and report the voter’s selections while purporting to offer a paper record to the voter. Not only is the door to insecure voting wide open, but the bill language could be read to require all voters to vote on an electronic ballot marking device. That outcome would be needlessly expensive for Georgia taxpayers but it would be more than a welcome outcome for voting system vendors who are anxious to sell as many machines as possible.

The other major flaw with SB 403 is its failure to ensure that the voter marked paper ballots are preserved and available for recounts and audits. It also fails to mandate that the human readable marks and texts on paper ballots control over any electronic reporting of voter choices. Even though Verified Voting and others tried to insert language in the bill that would require audits and recounts to be conducted using the human readable parts of the paper ballots, that language was stripped out of the bill in the House. Without a trustworthy record of the voters’ choices and without an audit process that is a meaningful check that the electronically recorded and reported results are accurate, SB 403 will perpetuate the cycle of unverifiable voting in Virginia.

“Georgia voters need a verifiable and secure voting system so that they can be confident election results are accurate. SB 403 does not guarantee that. The only people who are happy with SB 403 are voting system vendors who are salivating over the chance to sell many more machines than necessary.

Senate Intelligence Committee’s Recommendations Outline Urgent Need for Paper Ballots, Post-Election Audits

The Senate Select Committee on Intelligence (SSCI) report recognizes that voter-verified paper ballots and post-election audits are the best way – given current technology – to ensure that an attack on our voting systems can be detected and the outcome verified.

As the Intelligence Committee hearing established again this morning, there was foreign interference during the 2016 election and a real possibility that similar acts to undermine faith in our democratic system will occur again. Security experts agree that safeguarding and protecting our election systems is important, and the Intelligence Committee report is another indication that Congress and state governments must urgently address the vulnerabilities in our election systems, both by mandating voter-verified paper records and audits as well as allocating resources to accomplish these goals.   

“Some states are already taking steps to safeguard their voting systems. Virginia made the move to decertify all of its voting machines last year, acknowledging that its voting machines were computerized and like all computers they are vulnerable, while Colorado became the first state to implement risk-limiting audits (RLAs) statewide. Other states are following suit, but states need resources to replace aging, insecure voting equipment and implement robust post-election audits.

Verified Voting Opposes Georgia’s Current Voting Machine Legislation

Georgia voters need a secure voting system with voter-marked paper ballots and audits, but instead, Georgia’s electoral system is left insecure and unverifiable. The current version of Senate Bill 403, which recently passed the House Government Affairs Committee, has morphed into a sweetheart deal for a group of voting machine vendors. Georgia voters are simply demanding a verifiable secure election system …nothing more..

“If the intent of the Georgia legislature was to replace its current vulnerable and unverifiable voting systems with a verifiable paper-based system, SB 403 falls so far short of this goal that Verified Voting is compelled to oppose it based on its current language. The legislation does not provide voters with a secure and verifiable voting system based on paper ballots and meaningful audits; it instead sets a framework for needlessly expensive, electronic and insecure voting machines that could be subject to manipulation.

Pennsylvania Special Election Underscores Urgent Need for Voter-Verifiable Paper Systems to Check Computer-Generated Votes

Pennsylvania law does not mandate a recount in this race, although candidates can petition for a recount, a difficult and expensive process. In Pennsylvania, 83 percent of voters, including all the voters in the 18th Congressional District, cast their votes on electronic voting machines that record the choices directly onto computer memory. Because no paper record of the voters’ choices exist, there is no way to double check if those machines correctly captured voter intent. All races should be audited – whether they are close or not – but elections like this underscore the need to have processes in place to instill confidence in the results. While there is no indication that there is any need to question the results of yesterday’s election, a ‘recount’ of a paperless voting machine will not catch software bugs, election programming errors or vote rigging malware in the voting machines.

“Pennsylvania announced earlier this year that it would no longer purchase unverifiable direct recording electronic (DRE) systems, but the special election yesterday demonstrates exactly why there is an urgent need for physical paper ballots that can be used to check the computer-generated votes. Verified Voting advocates for a quality assurance process that uses statistical methods and random sampling to verify the accuracy of the results.

Pennsylvania Takes Critical Steps Toward Election Security by Purchasing Voter-Verifiable Paper Systems

Pennsylvania is taking a critical step towards safeguarding elections by replacing its aging voting systems and restoring voters’ faith that their votes will be counted as cast. The only way to address the risk of software problems is to require a physical paper ballot that can be used to check the computer-generated votes.

Since 2006, 83 percent of Pennsylvanians have voted on unverifiable direct recording electronic (DRE) systems. This directive begins to change that. As the Commonwealth moves forward with these steps to increase security, it also serves as an example for other states to do the same. But it shouldn’t stop there. Pennsylvania needs to continue this momentum by decertifying all its remaining DREs and only certify voting systems that include a paper record of voter’s choices.

We applaud Governor Wolf’s commitment to ensuring the integrity of Pennsylvania’s elections.  The administration’s move to safeguard Pennsylvania elections by requiring counties to purchase these new voting systems will allow jurisdictions to detect any problems with the election outcome and recover from them. This is exactly why security experts recommend that voting machines are resilient. Pennsylvania’s actions reflect the understanding that our election infrastructure must be secure.