The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

ICYMI: John Oliver Takes on Voting Machines

John Oliver took a deep dive into voting machines on the November 3, 2019 episode of “Last Week Tonight with John Oliver” and the Verified Voting team was excited to advise on the feature and provide our data from the Verifier. The 20 minute segment noted that while America’s voting systems are still vulnerable, the solution to securing our elections is surprisingly simple: voter-marked paper ballots, a strong chain of custody of those ballots, and risk limiting audits. Check out the segment here: 
Read More

Verified Voting Releases Guide Comparing Available Ballot Marking Devices

Characteristics of Currently Available Ballot Marking Devices

Verified Voting Releases Guide Comparing Available Ballot Marking Devices

Today, Verified Voting published a guide comparing the features of ballot marking devices (BMDs) available in the United States: “Characteristics of Currently Available Ballot Marking Devices By Vendor.” 

Download the guide here.

The guide is intended to be a useful comparison chart between the various BMD vendors and devices for informational purposes. We attempted to collect the most meaningful characteristics that would help in evaluating the differences among systems. As detailed in Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices, Verified Voting does not endorse any specific vendor or device. Check out The Verifier to see an interactive map of voting equipment in use throughout the United States. 

Please send questions and feedback to voting-system-features@verifiedvoting.org. Read More

Verified Voting Praises Pennsylvania’s Election Reform Package that Helps Counties Purchase Voting Machines

View the statement here: Verified Voting Statement on Election Reform Package

Marian K. Schneider:This funding ensures the smooth transition to secure and verifiable voting systems.”

“Verified Voting is pleased with the Pennsylvania General Assembly and Gov. Tom Wolf’s commitment to an election reform package that includes funding for counties to help pay for the replacement of electronic voting systems. The passage of the legislation removes all doubt about the legal authority of the Commonwealth to issue $90 million in bond financing.

“State funding for voting system replacement will greatly reduce the budgetary strain on counties and allow them to fund staff training, poll worker training and voter education efforts, all of which are important to ensure a smooth transition. Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle. Counties’ access to these funds is what is needed to ensure a smooth transition to paper-based electronic systems and routine, robust audits.

“A significant number of Pennsylvania counties have already moved forward towards replacement and we applaud their efforts. Without voting systems that retain a voter-marked paper ballot for recounts and audits, Pennsylvania’s elections will be dogged by legitimacy questions and will be the easiest targets for motivated attackers. This legislation as a whole will make voting easier, but the replacement of voting systems will assure Pennsylvanians that they have a verifiable method of voting and their votes will be counted as cast. Read More

DEFCON Voting Village Report highlights election system vulnerabilities and solutions

Verified Voting staff joined the Voting Village at the 27th annual DEFCON conference in Las Vegas in August. DEFCON brings security professionals, journalists, lawyers, researchers, and – of course – hackers under one roof at the world’s largest annual hacking convention. Since its launch in 2017, the Voting Village has served as an “open forum to identify vulnerabilities within the US election infrastructure and to consider solutions to mitigate these vulnerabilities.” The conference addressed the risks of mobile and internet-only voting and featured a talk by Verified Voting President Marian K. Schneider cheekily titled, “If the voting machines are insecure, let’s just vote on our phones!” She outlined the risks of voting by mobile phone and noted that even voting mobile app creators are unable to guarantee that their own technology is unhackable, as demonstrated by the FBI’s investigation into a hack of the Voatz mobile voting app in West Virginia.

Verified Voting Urges Congress to Pass Comprehensive, Bipartisan Election Security Funding

With the 2020 election rapidly approaching, Verified Voting continues to urge Congress to pass comprehensive election security legislation and allocate adequate funding for state and local officials to make critical improvements to our country’s election infrastructure. Congress is negotiating a spending package for the U.S. Election Assistance Commission (EAC) to allocate funding for states to make much-needed election security upgrades. The House approved a $600 million package in June, while late last week the Senate offered a $250 million amendment. The House and Senate will work to reconcile the final funding amount and spending parameters in a conference committee, and Verified Voting urges Congress to act quickly while crucial election security funding remains on the line.  In a statement on the Senate’s version last week, Verified Voting President Marian K. Schneider said: “The additional $250 million in election security funding today is promising, but more is needed to help states upgrade their systems and validate the 2020 election. This amount falls short of the $600 million that passed in the House, which is much closer to meeting the need for proper investment in election security. Congress has the obligation to protect the country from threats to national security and has the opportunity to act on this nonpartisan issue – after all, everyone votes on the same equipment.

Election Security Experts Urge Congress for Additional Funding;  Say $250 Million in Election Security Funding is Progress, but Not Enough

Download the PDF

Marian K. Schneider: “Despite the progress shown today, Congress still needs to vote on bipartisan, comprehensive election security legislation to protect and ensure trustworthy elections.” 

The following is a statement from Marian K. Schneider, president of Verified Voting, on Senate Majority Leader Mitch McConnell’s (R-KY) backing of an amendment that will provide another $250M to help states bolster election security on September 19, 2019. For additional media inquires, please contact aurora@newheightscommunications.com 

“The additional $250 million in election security funding today is promising, but more is needed to help states upgrade their systems and validate the 2020 election. This amount falls short of the $600 million that passed in the House, which is much closer to meeting the need for proper investment in election security. Congress has the obligation to protect the country from threats to national security and has the opportunity to act on this nonpartisan issue – after all, everyone votes on the same equipment.

“By making federal funds available, states will be able to replace aging, insecure voting equipment and implement modern security best practices, which include using voter-marked paper ballots and robust post-election audits. Despite the progress shown today, Congress still needs to vote on bipartisan, comprehensive election security legislation to protect and ensure trustworthy elections backed by adequate funds for state and local governments to implement such measures.” Read More

Report on Rhode Island Risk Limiting Audit Pilot Implementation Study Released

Download the Full Report (PDF)

In October 2017, Rhode Island Governor Gina Raimondo signed into law a groundbreaking election security measure. Now, state law requires Rhode Island election officials to conduct risk-limiting audits, the “gold standard” of post-election audits, beginning with the 2020 primary. A risk-limiting audit (“RLA”) is an innovative, efficient tool to test the accuracy of election outcomes. Instead of auditing a predetermined number of ballots, officials conducting an RLA audit enough ballots to find strong statistical evidence that outcomes are correct. The law, enacted in the aftermath of two critical events relating to the 2016 elections, stems from decades of advocacy aimed at increasing the efficiency, transparency, and verifiability of political contests in the state. Rhode Island is now the second state, joining trailblazing Colorado, to mandate use of this modern tool statewide.

Following the law’s enactment, a group of professionals with expertise in election security and election administration formed the Rhode Island Risk-Limiting Audit (“RIRLA”) Working Group. As its name suggests, the RIRLA Working Group was established to assess the conditions in Rhode Island to help the state as it prepares to implement the law. The RIRLA Working Group recommended – and Rhode Island officials agreed – that the state should conduct pilot RLAs in advance of the 2020 deadline. The Rhode Island Board of Elections chose January 2019 as the date for the pilots and, based on several factors, selected Bristol, Cranston, and Portsmouth, Rhode Island as participating municipalities.

Leading up to the pilots, the RIRLA Working Group had regular conference calls, meetings, and other correspondence to gain greater familiarity with Rhode Island’s election laws, practices, and voting equipment. In partnership with the state, the RIRLA Working Group set a goal to plan and develop a trio of pilot audits that would both meet the state’s needs and adhere to the Principles and Best Practices for Post-Election Tabulation Audits. Ultimately, the RIRLA Working Group drafted three separate audit protocols, step-by-step instructions to guide those who would conduct the RLAs over the course of two days.

Verified Voting Praises the DNC for Action on Virtual Caucuses

Verified Voting commends the Democratic National Committee on its recommendation that the Iowa and Nevada state parties cease their plans to allow voters to participate in next year’s presidential primary caucuses by phone.  Citing cybersecurity threats, the DNC concluded “that currently, there is no tele-caucus system available that is sufficiently secure and reliable, given the magnitude and timing of the Iowa and Nevada caucuses this cycle.” Sources indicate that the DNC, still wary from their data being compromised in the lead up to the 2016 election, took an essential step in protecting their methods for running their elections – they brought in an outside team of election security experts to evaluate the system. Verified Voting recognizes that laudable goals can make new technology attractive. Voters with disabilities should have the opportunity to take part in caucuses. In geographically large districts, not everyone can afford the travel time to gather in a central location. However, as our experts have frequently noted, internet and phone voting offer no means of verifying that tabulations match voter intent.

Verified Voting’s Policy on DREs and BMDs

Download VerifiedVoting's Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices Today, Verified Voting published its policy statement on Direct Recording Electronic voting systems and Ballot Marking Devices. We published this statement because many jurisdictions either have replaced or are in the process of replacing older vulnerable systems.  In striking contrast to the last time states replaced voting systems after the passage of the Help America Vote Act in 2002, this time the consensus is that voting systems must have a paper record. But it’s not enough for a voting system to “check the box” on paper – to print paper records that voters may not even notice or examine. To be trustworthy, elections need to be based on voter-marked paper ballots. Whether these ballots are marked by hand or by device, for them to be considered voter-marked, voters should know what they say! For Ballot Marking Devices (BMDs), that means the systems, and the procedures around them, should demonstrably support voter verification. They should ensure that voters deliberately and intentionally check their printed ballots carefully enough to detect, correct, and report any errors. It also means that pollworkers should be trained to follow specific protocols if BMDs are not recording voters’ intent accurately during voting.

Verified Voting Praises Pennsylvania Gov. Tom Wolf for Announcing Bond Financing to Reimburse Counties for Purchasing Voting Machines

Marian K. Schneider: “This move will ensure the smooth transition to secure and verifiable voting systems and will free up money for counties to use toward cybersecurity training and voter education.” “Verified Voting is pleased with Gov. Wolf’s commitment to replace electronic voting systems. The availability of this $90 million financing will allow counties to fund the necessary replacement of unverifiable systems with verifiable ones. We are gratified that the Governor, as well as the Pennsylvania General Assembly, recognized the need to reimburse counties. “This move will ensure the smooth transition to secure and verifiable voting systems and could free up money for counties to use toward cybersecurity training and voter education. Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle. Counties’ access to these funds is what is needed to ensure a smooth transition to paper-based electronic systems and routine, robust audits. “A significant number of Pennsylvania counties have already moved forward towards replacement and we applaud their efforts. Without voting systems that retain a voter-marked paper ballot for recounts and audits, Pennsylvania’s elections will be dogged by legitimacy questions and will be the easiest targets for motivated attackers. State financial assistance for counties will greatly reduce their budgetary strain and allow them to fund staff training, poll worker training and voter education efforts, all of which are vitally important to ensure a smooth transition.”

Statement to House Committee on Science, Space, and Technology Joint Investigations & Oversight and Research & Technology Subcommittee

Download as PDF Chairwoman Sherrill, Ranking Member Norman, Chairwoman Stevens, Ranking Member Baird and committee members, thank you for the invitation to submit a written statement in connection with the Joint Investigations & Oversight and Research & Technology Subcommittee Hearing on “Election Security: Voting Technology Vulnerabilities.” Our statement will focus on 1) a brief overview of technologies in use for election administration; 2) describe some of the risks associated with those technologies as well as solutions for mitigating those risks; 3) review the role that NIST and other agencies have played in developing technologies for secure elections; and 4) suggest regulatory changes necessary to address advances in voting technology and the changing threat model facing our elections. The scale and scope of threats to U.S. elections go far beyond what the current federal policy framework can address. Since the Help America Vote Act was passed, technology has advanced and the security threat landscape has also evolved. It’s time to re-think the regulatory framework to align it with the current environment. Your committee plays a crucial role in shaping our collective response. We urge the committee to take the steps necessary to enact mandatory security measures for all technology that touches election administration, to ensure that the foundation of our democracy is protected from ongoing threats.

Verified Voting Public Comments on VVSG 2.0 Principles and Guidelines

Download the PDF Verified Voting is pleased to see the VVSG 2.0 principles and guidelines finally moving forward. We are enthusiastic about the VVSG 2.0 structure and, with some reservations, about the content of the principles and guidelines. Full implementation of the VVSG 2.0 will, in time, help bring about voting systems that set new standards for universal usability, security, and verifiability. All these properties – backed by sound procedures – are essential to enable officials to run resilient elections, and to reassure voters that their votes have been cast as intended and counted as cast. We urge the EAC to allow the technical requirements and test assertions to be approved and revised without a vote of the commissioners. We agree with the TGDC, the NASED executive council, and others that for several reasons, these documents are best managed by technical staff, adhering to a well-defined process with broad consultation and opportunity for public comment. Verification and the VVSG Verified Voting especially welcomes Principle 9, which stipulates that a voting system “is auditable and enables evidence-based elections,” and the associated guidelines. No matter how otherwise usable and reliable a voting system may be, it is unacceptably dangerous if it cannot provide trustworthy, software-independent evidence that people’s votes have been accurately recorded and counted. A voting system alone can “enable” evidence-based elections but cannot provide them. As Philip Stark and David Wagner wrote in their seminal paper, the basic equation is that “evidence = auditability + auditing.” A voting system with a voter-verifiable audit trail, such as a voter-marked paper ballot, provides auditability. Compliance audits to ensure that the audit trail is substantially complete and accurate, and risk-limiting tabulation audits of the audit trail, provide actual evidence that outcomes are correct.

Verified Voting Testimony before the Allegheny County Pennsylvania Board of Elections

Download the pdf Thank you, Chairman Baker and members of the Board, for allowing Verified Voting to submit written testimony in connection with the Public Meeting on the Purchase of Voting Systems. We hope to provide background on the security needs that counsel for the adoption of a new voting system with a verifiable and auditable paper ballot, and provide some high-level recommendations for consideration by the Board as it deliberates the purchase of new voting equipment for Allegheny County. Election administration depends on computers at multiple points in the election process. Equipment for voting is but one part of a broad array of election technology infrastructure that supports the conduct of elections today. Some of that technology infrastructure includes voter registration databases, internet facing applications such as online voter registration and polling place lookup, network connections between state government and local jurisdictions, the computers that program the voting devices that record and count votes in addition to the voting devices themselves. Some jurisdictions also use electronic poll books to check voters in at polling sites and most states and localities report election night returns via a website. To the extent that any of these can be compromised or manipulated, can contain errors, or can fail to operate correctly—or at all—this can potentially affect the vote. Election system security requires not only efforts to prevent breaches and malfunctions, but also fail-safes that address breaches or malfunctions that do occur and procedures to confirm the correctness of election outcomes.

Verified Voting Applauds Oregon’s Senate for Passing Bill Requiring Robust Post-Election Audits to Verify Elections

Marian K. Schneider: “Oregon is leading the way towards better integrity and security with the passage of SB 944.” The following is a statement from Marian K. Schneider, president of Verified Voting, on Oregon’s Senate passage of SB 944, offering counties the option to audit elections using a process known as risk-limiting audits, which are designed to bolster public confidence in elections. For additional media inquiries, please contact aurora@newheightscommunications.com   “Oregon is leading the way towards better election integrity and security with the Senate’s passage of SB 944. This bill requires county clerks across the state to conduct audits after every election -- not just general elections -- and lets them choose between a partial hand count and risk-limiting audits (RLAs). An RLA examines a sample of the paper ballots to check if the election outcome is correct.  RLAs provide strong evidence when election outcomes are correct, and have a guaranteed large chance of correcting wrong outcomes or, outcomes that are wrong because of counting errors.

Election Cybersecurity Legislation Hits a Wall, RobinHood Visits Baltimore, and of course Florida

“According to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS, one in five national elections held worldwide since 2016 were potentially influenced by foreign interference, … “Democracies around the world have been struggling to grapple with foreign interference from state actors during elections,” International Cyber Policy Centre head Fergus Hanson said. “More empirical data means they can respond in a more targeted way calibrating policy responses to the likely risk, methods and adversary.” Technology Decisions

In an extensive Roll Call article this morning, Gopal Ratnam reports that despite the best intentions of election officials and many lawmakers, in 2020 many jurisdictions will be using “voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results.”

In addition to eliminating direct recording electronic (DRE) voting machines and requiring routine post-election audits, many of the legislative efforts have addresses cybersecurity vulnerabilities in voting systems. Edgardo Cortés, election security advisor at the Brennan Center for Justice noted, “In some sense, anything that has an internet connection can be hacked. Wireless capability, even if the functionality can be turned off through hardware or software, poses risks of remote access by adversaries, he said.”

Verified Voting President Marian Schneider explained inthe article that beyond prohibiting voting equipment that can connect to the internet, “machines may still need to have some type of wireless communication system so that administrators can upload new ballot information ahead of each election. Some counties and precincts insert manual cartridges into machines to upload ballot information, but others push out that information wirelessly because it’s easier.”

“The software on new models of voting machines would also need routine updates, and that would require some type of connectivity,” Schneider continued, “the question is, how you do it safely? Because we can’t reduce the risk to zero, we need to do audits to check the results after. Post-election audits, in which samples of cast paper ballots are recounted, is considered the gold standard for verifying election results, but few states conduct them.”

The concern over election cybersecurity was reflected in the many federal election cybersecurity related bills that have been introduced in the past several days. Those bills met an icy reception yesterday, as Senate Rules Committee Chairman Roy Blunt (R-MO) said he doesn’t expect to hold hearings on any election security bills this Congress because he doesn’t think Senate Majority Leader Mitch McConnell (R-KY) will bring them to a floor vote.

On May 10 House Democrats introduced the Election Security Act, portions of which were included in H.R. 1, the For the People Act, an omnibus bill including a broad range of electoral reforms. Read More

Counting Votes: Paper Ballots and Audits in Congress, Crisis at the EAC?, Florida’s Mystery Counties

In her testimony at an election security hearing before the Committee on House Administration last week, Verified Voting President Marian Schneider joined advocates and election officials in calling on Congress to help states and local jurisdictions replace aging voting systems, conduct risk-limiting audits and enhance election infrastructure security. In order to prepare for 2020, Congress must provide “adequate financial investment in cyber security best practices, replacement equipment and post-election audit processes … immediately and continue at a sustainable level moving forward.” Writing in Governing, Graham Vyse highlighted the significant bipartisan agreement between the two secretaries of state who testified, Jocelyn Benson (D-MI) and John Merrill (R-AL), on efforts needed to address emerging threats to election security. Significantly, the state election officials, along with all the witnesses, were unanimous in recommending the replacement of direct recording electronic voting machines with paper ballot voting systems and conducting post-election ballot audits. Two days after the hearing, House Homeland Security Committee Chairman Bennie Thompson (D-MS), House Administration Committee Chairwoman Zoe Lofgren (D-CA) and Rep. John Sarbanes (D-MD), the chairman of the Democracy Reform Task Forcereintroduced The Election Security Act. Aimed at reducing risks posed by cyberattacks by foreign entities or other actors against U.S. election systems, the bill would establish cybersecurity standards for voting system vendors and require states to use paper ballots during elections. Last month legislation was introduced in both chambers intended to strengthen election security by providing government grants to assist states, as well as local and tribal governments, in developing and implementing plans to address cybersecurity threats or vulnerabilities. This week Verified Voting wrote an open letter to the bills’ sponsors supporting their efforts and encouraging them to add provisions specifically prohibiting these funds from being used for internet-based voting. The letter notes that “[c]ybersecurity experts agree that no current technology, including blockchain voting, can guarantee the secure, verifiable, and private return of voted ballots over the internet.” The departure of Ryan Macias from his position as acting head of the Election Assistance Commission’s head of voting system testing and certification program reflects an agency in crisis, according to Politico’s Morning Cybersecurity. Macias’ departure may be related to an exchange at an EAC field hearing, when Chairwoman Christy McCormick repeatedly asked Macias why EAC commissioners didn’t have final approval over the details of federal voting system standards.

Verified Voting Letter in Support of Congressional Election Cybersecurity Legislation

This letter was sent to Senators Cory Gardner (R-CO), Mark Warner (D-VA) and Representatives Derek Kilmer (D-WA) and Michael McCaul (R-TX) on May 14, 2019. Download the PDF. Thank you for introducing legislation aimed at increasing cybersecurity at the state and local levels of government. We recognize the need for this important legislation, which is aimed at hardening cyber resiliency efforts and preventing vulnerabilities from becoming nightmare realities. For the states that would respond to the proposed grants in H.R. 2130 and S.1065, and for the protection of the citizens who live in them, we applaud your support in the battle against cyberattacks. At the same time that you are bolstering cybersecurity defenses, we encourage you to add provisions specifically prohibiting these funds from being used for internet-based voting. Cybersecurity experts agree that internet return of marked ballots lacks sufficient safeguards for security and privacy. We urge you to specifically name internet voting as a threat and prohibit the funding provided by your legislation from being used to support internet voting programs and pilots. Cybersecurity experts agree that no current technology, including blockchain voting, can guarantee the secure, verifiable, and private return of voted ballots over the internet. Both because vote-rigging malware could already be present on the voter's computer and because electronically returned ballots could be intercepted and changed or discarded en route, local elections officials would be unable to verify that the voter’s ballot accurately reflects the voter’s intent. Furthermore, even if the voter's selections were to arrive intact, the voted ballot could be traceable back to the individual voter, violating voter privacy.

Statement on Maryland HB706/SB919 Online Delivery and Marking of Absentee Ballots

To download the PDF click here.

Verified Voting supports Maryland House Bill 706 (Senate Bill 919) as an immediate, short-term mitigation to reduce risks inherent in Maryland’s current online absentee ballot system by limiting its use to only those who would otherwise be unable to vote. Going forward, substantial changes are necessary to provide Maryland’s voters with secure, reliable, accessible means of voting absentee.

Verified Voting supports the objective of helping voters to obtain their ballots and cast their votes, but any technology used for this purpose must be carefully evaluated. Regrettably, computer scientists and others have found that Maryland’s system has several grave shortcomings.

Because Maryland does not check signatures on returned absentee ballots, there is no way to distinguish legitimate from illegitimate ballots. Using information that is widely available, an attacker could readily request, electronically receive (at multiple fake email addresses), and cast any number of absentee ballots.1 Even if the attacker did not cast the ballots, any voters purported to have requested absentee ballots would be required to cast provisional ballots, creating chaos and suspicion and increasing the likelihood that the voter will be disenfranchised. Read More

Verified Voting Applauds Rep. Daryl Metcalfe, Rep. Garth Everett and Lt. Col. Anthony Shaffer’s Nonpartisan Call for the Penn. General Assembly to Appropriate Funding to Replace Vulnerable Electronic Voting Machines

Marian K. Schneider: “Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle.”

The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, following the press conference with Lt. Col. Anthony Shaffer this morning in Harrisburg, PA. Lt. Col. Shaffer also testified during the Senate Committee on State Government Hearing on Senate Bill 48 this morning.

“Verified Voting applauds Lt. Col. Anthony Shaffer’s testimony this morning urging Pennsylvania to replace all paperless DREs and for underscoring that this is a cybersecurity threat that needs to be addressed. The Pennsylvania legislature needs to appropriate additional funding to reimburse counties for the cost of replacing aging and vulnerable electronic voting machines with ones that have a voter-marked paper ballot of votes cast before the 2020 election. Read More

Verified Voting Statement on EAC Chair Christy McCormick

The following is a statement from Verified Voting's president, Marian K. Schneider:

"Verified Voting congratulates Christy McCormick on her election as Chair of the Election Assistance Commission and her three priorities for her tenure: election preparedness, replacing aging voting equipment, and working towards improving accessibility for all voters including voters with disabilities, military and overseas voters and limited English proficient voters.

"With those laudable goals in mind, Verified Voting urges Christy McCormick and the EAC to ensure that the next generation of voting systems provide most voters the opportunity to mark their ballots by hand and support robust post-election tabulation audits. These post-election audits can protect the integrity of the election outcomes with the existing systems.Technology has evolved so that improved security, verifiability and accessibility are not mutually exclusive, but can give everyone, the candidates, voters, the press and the public assurance that our voting system is resilient against attack."