The Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Verified Voting Comment on Los Angeles County VSAP 2.0 Certification

The following is a comment on the certification process for Los Angeles County’s VSAP 2.0 system. To view a pdf, click here.

Los Angeles County Voting Systems for All People (VSAP) 2.0 Certification
Comment of Pamela Smith, Senior Advisor, Verified Voting

January 20, 2020 Verified Voting commends Los Angeles County for the decade-long process of reimagining a voting system that must effectively serve the nation’s most populous and most diverse voting jurisdiction, as that system approaches certification and use in California’s upcoming elections. We have appreciated the opportunity to participate on the County’s Technical Advisory Committee since it was established and provide vigorous comment through the development process. We also appreciate the changes brought about by California’s lawmakers and Secretary of State Padilla to establish a more rigorous set of requirements for testing and examination of voting systems prior to approval for use. We believe, however, that there is a gap in the certification process that must be addressed for it to be fully transparent and to enable the public to more fully understand voting system compliance with California’s requirements.

The California Voting System Standards (CVSS)1 framework is supported by a set of regulations1 which govern a sequence of events for certification of a system, from application and provision of documentation and system/s for test, to a series of tests by qualified testing entities on security, software, functionality and more, to a set of reports to be published prior to a public hearing and comment period, and to eventual approval or denial of certification.

The required publications include test reports from the involved testing authorities, and a staff report from the Office of Voting Systems Technology Assessment (OVSTA). Reviewing these reports show test results that are characterized as failing or not complying with requirements in some instances, while the subsequent Staff report indicates that the system is in compliance, which seems contradictory at best, and it is not clear to the public how to reconcile those reports. Read More

Verified Voting Comments on proposed amendments to Georgia State Election Board rules

Download as PDF

Verified Voting welcomes the opportunity to comment on the proposed amendments to Georgia’s State Election Board rules published on December 19, 2019. These amendments are wide-ranging, and we recognize that substantial work has gone into drafting them. Our comments focus on certain aspects especially relevant to cybersecurity and election verification. We substantially endorse the comments jointly submitted by the Brennan Center and Common Cause, but we have prepared these comments separately and more briefly.

Georgia’s new statewide voting system combines ballot marking devices, printers, and scanners on an unprecedented scale. The new system raises questions about voter verification and resilient election procedures about which little direct evidence exists. Accordingly, our recommendations our based on our review of this preliminary research recognizing that more research needs to occur.

Rule 183-1-12-.10 Before the Opening of the Polls

Voters will be instructed to verify their ballots, but it is unclear where or how. Providing a “station” for voters to verify their ballots – ideally, with good lighting and a magnifying glass available for any who need it – will help some voters to do so, and will encourage others even if they prefer not to use the station.

  • We recommend that election superintendents provide a verification station and/or otherwise accommodate voter verification in every polling place (and advance voting location).
  • We recommend that election superintendents provide a combination of interventions, some of which are described below, to encourage voters to check the accuracy of the printed ballots.
Read More

Verified Voting Statement on Ballot Marking Devices and Risk-limiting Audits

Download the pdf here

This statement is intended to clarify Verified Voting’s position regarding the use of ballot-marking devices (BMDs) in elections, and the use of risk-limiting audits (RLAs).  It is approved by the President, Board of Directors, and Staff of Verified Voting.

Ballot-marking devices

Verified Voting believes that voters should vote on paper ballots, but we recognize an important distinction between hand-marked and machine-marked ballots. Hand-marked paper ballots are not subject to inaccuracies or manipulation from software bugs or malicious code. In contrast, machine-marked paper ballots produced using BMDs might not accurately capture voter intent if the software or ballot configuration is buggy or malicious.

Verified Voting specifically opposes the purchase and deployment of new voting systems in which all in-person voters in a polling place are expected to use BMDs. The trustworthiness of an election conducted using BMDs depends critically on how many voters actually verify their ballots, and how carefully they do it. All voters who vote on BMDs should be made aware of the importance of carefully and conscientiously verifying their ballots before casting them, and should be actively encouraged to do so. However, empirical research thus far shows that few voters using BMDs carefully verify their printed ballots. Moreover, if voters do verify BMD-marked ballots and find what they believe are discrepancies, there is no reliable way to resolve whether the voters made mistakes or the BMDs did. For these and other reasons (such as cost) Verified Voting recommends that the use of BMDs be minimized. Read More

Letter to Georgia Secretary of State regarding Verified Voting’s position and involvement with risk-limiting audit pilots

The following letter was sent to Georgia Secretary of State Brad Raffensperger on December 16, 2019. The letter addresses Verified Voting’s concerns following the November 2019 election in Georgia and provides clarity on Verified Voting’s position and involvement with risk-limiting audit pilots in the state.

Download the Letter (PDF)

Dear Secretary Raffensperger,

I am writing to address a few issues that have concerned us since the November election and so that you and your staff have clarity on Verified Voting’s position.

As an initial matter, Verified Voting did not recommend that Georgia purchase all ballot marking devices for all in-person voters. We made our position clear in a letter to the co-chairs of the SAFE Commission dated January 4, 2019 attached for your reference. Verified Voting stands by its position and notes that this continues to be our recommendation for jurisdictions who are deciding what system to purchase among commercially-available voting systems. The fact that Georgia did not follow our recommendation and purchased Dominion BMDs for all in- person voters does not change our position.

Since the summer of 2019, Verified Voting has been working with the staff of the Secretary of State to implement post-election risk-limiting audits. Mark Lindeman, Director of Science & Tech Policy at Verified Voting has been the primary contact for your staff and is a subject-matter expert on RLAs. Our work with you on the implementation phase in no way endorses Georgia’s decision to move forward with BMDs instead of our prior recommendation of both hand-marked paper ballots and ballot marking devices in the polling place.

A risk-limiting audit is a tabulation audit: it uses statistical methods to provide confidence that the paper ballots were correctly tabulated. It checks only the tabulation, namely whether a full hand-count of the cast paper ballots would reveal something different than the reported outcome. It does not check — among other things — that voters actually verified their paper ballots, or that the paper ballots being tabulated are exactly those paper ballots that should be tabulated. Nor does it check whether strong chain of custody procedures, proper ballot accounting or other processes necessary to create a trustworthy record were observed. To express or imply that doing an RLA pilot demonstrates the security of the system is simply not true. Read More

Letter to North Carolina Board of Elections Regarding Certification Waiver for ES&S EVS 5.2.4.0

Download the Letter (pdf)

Dear Members of the North Carolina Board of Elections,

I am writing to you in my capacity as President of Verified Voting. Please forgive the lateness of the communication as I only recently learned of your meeting today. I am writing to urge the State Board of Elections to proceed with caution and decline to waive certification requirements for the ES&S EVS 5.2.4.0 to allow Mecklenburg County to purchase uncertified ExpressVote HW2.1 ballot marking devices (“BMDs”) for all voters. Not only would such a decision run contrary to North Carolina statutory law, but the failure to carefully examine the differences between this system and the certified system could needlessly expose Mecklenburg County to increased security risks in the upcoming election. Because Mecklenburg County insists on buying computerized ballot marking devices for all voters, the increased risk to North Carolina voters is grave indeed.

As we discuss more fully below, the differences between the two systems in both software and hardware are substantial. We believe elevating the security risk is needless because Mecklenburg County has other options in two certified systems by two other vendors. Additionally, in our view, there is time for Mecklenburg to institute a more secure system in which voters primarily mark paper ballots with a pen and the county also supplies sufficient operable ballot marking devices for voters who need or wish to use them. According to the Board, a prerequisite to use of the certified ES&S system in Mecklenburg County is the use of the system in at least one precinct in the November 2019 election. That has apparently already occurred with ExpressVote HW1.0 ballot marking device. To avoid waiving any legislative requirements, Mecklenburg could institute hand-marked paper ballots that are scanned by the DS 200 and BMDs with the vendor’s existing supply of BMDs. If the vendor represents that it does not have enough systems to even supply a small number of BMDs for each precinct, the State Board of Elections should consider the vendor’s presentation of the system for certification as offered in bad faith, especially if the vendor knew it would no longer manufacture that version of its equipment and would be unable to adequately supply counties that chose it. Read More

Verified Voting staff and partners comment on California’s proposed risk-limiting audit regulations

Verified Voting Director of Science and Technology Policy Mark Lindeman and Senior Advisor Pamela Smith collaborated with the California Voter Foundation and other partners in submitting a public comment letter responding to California’s proposed risk-limiting audit regulations. Visit the California Secretary of State’s website to view the proposed regulations. Download the Letter (pdf)

Dear Secretary Padilla:

We write in response to your recent request for public comment on proposed regulations that would impact the procedures used by election officials to conduct risk-limiting audits.1

Thank you for your office’s efforts in developing the proposed regulations. As most of us are members of the workgroup that your office convened earlier this year, we appreciate the amount of work that went into developing these proposed regulations. We especially applaud the inclusion of the provisions regarding chain of custody, certification of contest results and reporting of audit results, public education, and the requirement for posted written audit procedures.2

We do, however, urge four modifications to the regulations. First, the regulations appear to conflict with California law which requires that when a county conducts a risk-limiting audit in place of the one percent manual tally, it must do so for each and every contest; as we discuss below, the language of the proposed regulations only requires RLAs for three contests and establishes a new auditing procedure not found in the statute. Second, we recommend that the final regulations require the Secretary to disclose the source code of the RLA software tool. Third, we urge the Secretary to ensure in the regulations that cast vote records be made publicly available online sufficient to allow the public to verify that the RLA is being conducted appropriately. Finally, we recommend that the Secretary clarify how partial RLAs will work. Read More

The Role of Risk-Limiting Audits in Evidence-Based Elections

In the aftermath of the 2016 election cycle, interest in securing American elections from tampering or hacking has intensified. Given that 99% of our votes are counted by computers, and that computers are used in every aspect of the electoral process, election security is a top priority. For over a decade, Verified Voting has advocated for the widespread adoption of post-election risk-limiting audits (RLAs) alongside other best practices to facilitate a trustworthy and auditable record of votes cast.

A post-election risk-limiting audit (RLA) is one of the pillars of cyber security. In this day and age of nation state attacks on our election systems, it is very important for election systems to be resilient and provide a way for jurisdictions to identify problems and to recover from them. Security experts agree that the best method is voter-marked paper ballots (which voters choose to mark by hand or with a ballot marking device), having a deliberate and intentional step for voters to verify their ballot selections, providing a strong chain of custody of the ballots, and checking that the computers counted them correctly (RLAs).

Evidence-Based Election Ecosystem

Risk-limiting audits are one piece of the larger ecosystem of evidence-based elections that depend upon a trustworthy record to give confidence to election outcomes. There are some things that risk-limiting audits do not do. They do not tell us whether the voting system has been hacked. They do not and cannot determine whether voters actually verified their ballots. But they can detect and correct tabulation errors that could alter election outcomes — or provide strong evidence that a full hand count would yield the same outcomes.   Read More

Verified Voting supports respectful public observation of elections

For more than a decade Verified Voting has supported and encouraged respectful public observation of the election process consistent with a state or jurisdiction’s regulations governing observers, and promoted transparency as a key element of reliable, evidence-based elections. Election observers should be free from harassment and intimidation. Observation enables parties, candidates, citizen groups and independent organizations to deploy observers to witness the electoral process without interfering with it.

Election observation offers many benefits. The presence of election observers can “build public trust in a transparent and verifiably democratic process.” Credible election observers can help ensure that procedures are correctly followed, can alert busy election officials when issues arise, and can offer recommendations that make each election better than the last one. States and localities should welcome information gathered by observers. Verified Voting has partnered with the Election Protection Coalition for many years who have also advocated for this kind of nonpartisan observation. Read More

ICYMI: John Oliver Takes on Voting Machines

John Oliver took a deep dive into voting machines on the November 3, 2019 episode of “Last Week Tonight with John Oliver” and the Verified Voting team was excited to advise on the feature and provide our data from the Verifier. The 20 minute segment noted that while America’s voting systems are still vulnerable, the solution to securing our elections is surprisingly simple: voter-marked paper ballots, a strong chain of custody of those ballots, and risk limiting audits. Check out the segment here: 
Read More

Verified Voting Releases Guide Comparing Available Ballot Marking Devices

Characteristics of Currently Available Ballot Marking Devices

Verified Voting Releases Guide Comparing Available Ballot Marking Devices

Today, Verified Voting published a guide comparing the features of ballot marking devices (BMDs) available in the United States: “Characteristics of Currently Available Ballot Marking Devices By Vendor.”

Download the guide here.

The guide is intended to be a useful comparison chart between the various BMD vendors and devices for informational purposes. We attempted to collect the most meaningful characteristics that would help in evaluating the differences among systems. As detailed in Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices, Verified Voting does not endorse any specific vendor or device. Check out The Verifier to see an interactive map of voting equipment in use throughout the United States.

Please send questions and feedback to voting-system-features@verifiedvoting.org. Read More

Verified Voting Praises Pennsylvania’s Election Reform Package that Helps Counties Purchase Voting Machines

View the statement here: Verified Voting Statement on Election Reform Package

Marian K. Schneider:This funding ensures the smooth transition to secure and verifiable voting systems.”

“Verified Voting is pleased with the Pennsylvania General Assembly and Gov. Tom Wolf’s commitment to an election reform package that includes funding for counties to help pay for the replacement of electronic voting systems. The passage of the legislation removes all doubt about the legal authority of the Commonwealth to issue $90 million in bond financing.

“State funding for voting system replacement will greatly reduce the budgetary strain on counties and allow them to fund staff training, poll worker training and voter education efforts, all of which are important to ensure a smooth transition. Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle. Counties’ access to these funds is what is needed to ensure a smooth transition to paper-based electronic systems and routine, robust audits.

“A significant number of Pennsylvania counties have already moved forward towards replacement and we applaud their efforts. Without voting systems that retain a voter-marked paper ballot for recounts and audits, Pennsylvania’s elections will be dogged by legitimacy questions and will be the easiest targets for motivated attackers. This legislation as a whole will make voting easier, but the replacement of voting systems will assure Pennsylvanians that they have a verifiable method of voting and their votes will be counted as cast. Read More

DEFCON Voting Village Report highlights election system vulnerabilities and solutions

Verified Voting staff joined the Voting Village at the 27th annual DEFCON conference in Las Vegas in August. DEFCON brings security professionals, journalists, lawyers, researchers, and – of course – hackers under one roof at the world’s largest annual hacking convention. Since its launch in 2017, the Voting Village has served as an “open forum to identify vulnerabilities within the US election infrastructure and to consider solutions to mitigate these vulnerabilities.”

The conference addressed the risks of mobile and internet-only voting and featured a talk by Verified Voting President Marian K. Schneider cheekily titled, “If the voting machines are insecure, let’s just vote on our phones!” She outlined the risks of voting by mobile phone and noted that even voting mobile app creators are unable to guarantee that their own technology is unhackable, as demonstrated by the FBI’s investigation into a hack of the Voatz mobile voting app in West Virginia. Read More

Verified Voting Urges Congress to Pass Comprehensive, Bipartisan Election Security Funding

With the 2020 election rapidly approaching, Verified Voting continues to urge Congress to pass comprehensive election security legislation and allocate adequate funding for state and local officials to make critical improvements to our country’s election infrastructure.

Congress is negotiating a spending package for the U.S. Election Assistance Commission (EAC) to allocate funding for states to make much-needed election security upgrades. The House approved a $600 million package in June, while late last week the Senate offered a $250 million amendment. The House and Senate will work to reconcile the final funding amount and spending parameters in a conference committee, and Verified Voting urges Congress to act quickly while crucial election security funding remains on the line.

In a statement on the Senate’s version last week, Verified Voting President Marian K. Schneider said:

“The additional $250 million in election security funding today is promising, but more is needed to help states upgrade their systems and validate the 2020 election. This amount falls short of the $600 million that passed in the House, which is much closer to meeting the need for proper investment in election security. Congress has the obligation to protect the country from threats to national security and has the opportunity to act on this nonpartisan issue – after all, everyone votes on the same equipment. Read More

Election Security Experts Urge Congress for Additional Funding;  Say $250 Million in Election Security Funding is Progress, but Not Enough

Download the PDF

Marian K. Schneider: “Despite the progress shown today, Congress still needs to vote on bipartisan, comprehensive election security legislation to protect and ensure trustworthy elections.” 

The following is a statement from Marian K. Schneider, president of Verified Voting, on Senate Majority Leader Mitch McConnell’s (R-KY) backing of an amendment that will provide another $250M to help states bolster election security on September 19, 2019. For additional media inquires, please contact aurora@newheightscommunications.com 

“The additional $250 million in election security funding today is promising, but more is needed to help states upgrade their systems and validate the 2020 election. This amount falls short of the $600 million that passed in the House, which is much closer to meeting the need for proper investment in election security. Congress has the obligation to protect the country from threats to national security and has the opportunity to act on this nonpartisan issue – after all, everyone votes on the same equipment.

“By making federal funds available, states will be able to replace aging, insecure voting equipment and implement modern security best practices, which include using voter-marked paper ballots and robust post-election audits. Despite the progress shown today, Congress still needs to vote on bipartisan, comprehensive election security legislation to protect and ensure trustworthy elections backed by adequate funds for state and local governments to implement such measures.” Read More

Report on Rhode Island Risk Limiting Audit Pilot Implementation Study Released

Download the Full Report (PDF)

In October 2017, Rhode Island Governor Gina Raimondo signed into law a groundbreaking election security measure. Now, state law requires Rhode Island election officials to conduct risk-limiting audits, the “gold standard” of post-election audits, beginning with the 2020 primary. A risk-limiting audit (“RLA”) is an innovative, efficient tool to test the accuracy of election outcomes. Instead of auditing a predetermined number of ballots, officials conducting an RLA audit enough ballots to find strong statistical evidence that outcomes are correct. The law, enacted in the aftermath of two critical events relating to the 2016 elections, stems from decades of advocacy aimed at increasing the efficiency, transparency, and verifiability of political contests in the state. Rhode Island is now the second state, joining trailblazing Colorado, to mandate use of this modern tool statewide.

Following the law’s enactment, a group of professionals with expertise in election security and election administration formed the Rhode Island Risk-Limiting Audit (“RIRLA”) Working Group. As its name suggests, the RIRLA Working Group was established to assess the conditions in Rhode Island to help the state as it prepares to implement the law. The RIRLA Working Group recommended – and Rhode Island officials agreed – that the state should conduct pilot RLAs in advance of the 2020 deadline. The Rhode Island Board of Elections chose January 2019 as the date for the pilots and, based on several factors, selected Bristol, Cranston, and Portsmouth, Rhode Island as participating municipalities.

Leading up to the pilots, the RIRLA Working Group had regular conference calls, meetings, and other correspondence to gain greater familiarity with Rhode Island’s election laws, practices, and voting equipment. In partnership with the state, the RIRLA Working Group set a goal to plan and develop a trio of pilot audits that would both meet the state’s needs and adhere to the Principles and Best Practices for Post-Election Tabulation Audits. Ultimately, the RIRLA Working Group drafted three separate audit protocols, step-by-step instructions to guide those who would conduct the RLAs over the course of two days. Read More

Verified Voting Praises the DNC for Action on Virtual Caucuses

Verified Voting commends the Democratic National Committee on its recommendation that the Iowa and Nevada state parties cease their plans to allow voters to participate in next year’s presidential primary caucuses by phone.  Citing cybersecurity threats, the DNC concluded “that currently, there is no tele-caucus system available that is sufficiently secure and reliable, given the magnitude and timing of the Iowa and Nevada caucuses this cycle.”

Sources indicate that the DNC, still wary from their data being compromised in the lead up to the 2016 election, took an essential step in protecting their methods for running their elections – they brought in an outside team of election security experts to evaluate the system. Verified Voting recognizes that laudable goals can make new technology attractive.

Voters with disabilities should have the opportunity to take part in caucuses. In geographically large districts, not everyone can afford the travel time to gather in a central location. However, as our experts have frequently noted, internet and phone voting offer no means of verifying that tabulations match voter intent. Read More

Verified Voting’s Policy on DREs and BMDs

Download VerifiedVoting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices

On November 21, 2019 we revised Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices to remove a reference to parallel testing on page 8 of the original document.

Although the concept of parallel testing has been discussed for more than a decade, we recognize that few if any jurisdictions have actually used it and its utility for detecting any problems with elections has not been demonstrated. Consequently, we are removing the reference.

To see the originally published version, click here.

Today, Verified Voting published its policy statement on Direct Recording Electronic voting systems and Ballot Marking Devices. We published this statement because many jurisdictions either have replaced or are in the process of replacing older vulnerable systems.  In striking contrast to the last time states replaced voting systems after the passage of the Help America Vote Act in 2002, this time the consensus is that voting systems must have a paper record.

But it’s not enough for a voting system to “check the box” on paper – to print paper records that voters may not even notice or examine. To be trustworthy, elections need to be based on voter-marked paper ballots. Whether these ballots are marked by hand or by device, for them to be considered voter-marked, voters should know what they say! Read More

Verified Voting Praises Pennsylvania Gov. Tom Wolf for Announcing Bond Financing to Reimburse Counties for Purchasing Voting Machines

Marian K. Schneider: This move will ensure the smooth transition to secure and verifiable voting systems and will free up money for counties to use toward cybersecurity training and voter education.”

“Verified Voting is pleased with Gov. Wolf’s commitment to replace electronic voting systems. The availability of this $90 million financing will allow counties to fund the necessary replacement of unverifiable systems with verifiable ones. We are gratified that the Governor, as well as the Pennsylvania General Assembly, recognized the need to reimburse counties.

“This move will ensure the smooth transition to secure and verifiable voting systems and could free up money for counties to use toward cybersecurity training and voter education. Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle. Counties’ access to these funds is what is needed to ensure a smooth transition to paper-based electronic systems and routine, robust audits. Read More

Statement to House Committee on Science, Space, and Technology Joint Investigations & Oversight and Research & Technology Subcommittee

Download as PDF

Chairwoman Sherrill, Ranking Member Norman, Chairwoman Stevens, Ranking Member Baird and committee members, thank you for the invitation to submit a written statement in connection with the Joint Investigations & Oversight and Research & Technology Subcommittee Hearing on “Election Security: Voting Technology Vulnerabilities.” Our statement will focus on 1) a brief overview of technologies in use for election administration; 2) describe some of the risks associated with those technologies as well as solutions for mitigating those risks; 3) review the role that NIST and other agencies have played in developing technologies for secure elections; and 4) suggest regulatory changes necessary to address advances in voting technology and the changing threat model facing our elections.

The scale and scope of threats to U.S. elections go far beyond what the current federal policy framework can address. Since the Help America Vote Act was passed, technology has advanced and the security threat landscape has also evolved. It’s time to re-think the regulatory framework to align it with the current environment. Your committee plays a crucial role in shaping our collective response. We urge the committee to take the steps necessary to enact mandatory security measures for all technology that touches election administration, to ensure that the foundation of our democracy is protected from ongoing threats. Read More