The Verified Voting Blog
This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.
Election Security Experts Urge Congress for Additional Funding; Say $250 Million in Election Security Funding is Progress, but Not Enough
Marian K. Schneider: “Despite the progress shown today, Congress still needs to vote on bipartisan, comprehensive election security legislation to protect and ensure trustworthy elections.”
The following is a statement from Marian K. Schneider, president of Verified Voting, on Senate Majority Leader Mitch McConnell’s (R-KY) backing of an amendment that will provide another $250M to help states bolster election security on September 19, 2019. For additional media inquires, please contact firstname.lastname@example.org
“The additional $250 million in election security funding today is promising, but more is needed to help states upgrade their systems and validate the 2020 election. This amount falls short of the $600 million that passed in the House, which is much closer to meeting the need for proper investment in election security. Congress has the obligation to protect the country from threats to national security and has the opportunity to act on this nonpartisan issue – after all, everyone votes on the same equipment.
“By making federal funds available, states will be able to replace aging, insecure voting equipment and implement modern security best practices, which include using voter-marked paper ballots and robust post-election audits. Despite the progress shown today, Congress still needs to vote on bipartisan, comprehensive election security legislation to protect and ensure trustworthy elections backed by adequate funds for state and local governments to implement such measures.” Read More
In October 2017, Rhode Island Governor Gina Raimondo signed into law a groundbreaking election security measure. Now, state law requires Rhode Island election officials to conduct risk-limiting audits, the “gold standard” of post-election audits, beginning with the 2020 primary. A risk-limiting audit (“RLA”) is an innovative, efficient tool to test the accuracy of election outcomes. Instead of auditing a predetermined number of ballots, officials conducting an RLA audit enough ballots to find strong statistical evidence that outcomes are correct. The law, enacted in the aftermath of two critical events relating to the 2016 elections, stems from decades of advocacy aimed at increasing the efficiency, transparency, and verifiability of political contests in the state. Rhode Island is now the second state, joining trailblazing Colorado, to mandate use of this modern tool statewide.
Following the law’s enactment, a group of professionals with expertise in election security and election administration formed the Rhode Island Risk-Limiting Audit (“RIRLA”) Working Group. As its name suggests, the RIRLA Working Group was established to assess the conditions in Rhode Island to help the state as it prepares to implement the law. The RIRLA Working Group recommended – and Rhode Island officials agreed – that the state should conduct pilot RLAs in advance of the 2020 deadline. The Rhode Island Board of Elections chose January 2019 as the date for the pilots and, based on several factors, selected Bristol, Cranston, and Portsmouth, Rhode Island as participating municipalities.
Leading up to the pilots, the RIRLA Working Group had regular conference calls, meetings, and other correspondence to gain greater familiarity with Rhode Island’s election laws, practices, and voting equipment. In partnership with the state, the RIRLA Working Group set a goal to plan and develop a trio of pilot audits that would both meet the state’s needs and adhere to the Principles and Best Practices for Post-Election Tabulation Audits. Ultimately, the RIRLA Working Group drafted three separate audit protocols, step-by-step instructions to guide those who would conduct the RLAs over the course of two days.
Verified Voting Praises Pennsylvania Gov. Tom Wolf for Announcing Bond Financing to Reimburse Counties for Purchasing Voting Machines
Statement to House Committee on Science, Space, and Technology Joint Investigations & Oversight and Research & Technology Subcommittee
Verified Voting Applauds Oregon’s Senate for Passing Bill Requiring Robust Post-Election Audits to Verify Elections
“According to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS, one in five national elections held worldwide since 2016 were potentially influenced by foreign interference, … “Democracies around the world have been struggling to grapple with foreign interference from state actors during elections,” International Cyber Policy Centre head Fergus Hanson said. “More empirical data means they can respond in a more targeted way calibrating policy responses to the likely risk, methods and adversary.” Technology Decisions
In an extensive Roll Call article this morning, Gopal Ratnam reports that despite the best intentions of election officials and many lawmakers, in 2020 many jurisdictions will be using “voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results.”
In addition to eliminating direct recording electronic (DRE) voting machines and requiring routine post-election audits, many of the legislative efforts have addresses cybersecurity vulnerabilities in voting systems. Edgardo Cortés, election security advisor at the Brennan Center for Justice noted, “In some sense, anything that has an internet connection can be hacked. Wireless capability, even if the functionality can be turned off through hardware or software, poses risks of remote access by adversaries, he said.”
Verified Voting President Marian Schneider explained inthe article that beyond prohibiting voting equipment that can connect to the internet, “machines may still need to have some type of wireless communication system so that administrators can upload new ballot information ahead of each election. Some counties and precincts insert manual cartridges into machines to upload ballot information, but others push out that information wirelessly because it’s easier.”
“The software on new models of voting machines would also need routine updates, and that would require some type of connectivity,” Schneider continued, “the question is, how you do it safely? Because we can’t reduce the risk to zero, we need to do audits to check the results after. Post-election audits, in which samples of cast paper ballots are recounted, is considered the gold standard for verifying election results, but few states conduct them.”
The concern over election cybersecurity was reflected in the many federal election cybersecurity related bills that have been introduced in the past several days. Those bills met an icy reception yesterday, as Senate Rules Committee Chairman Roy Blunt (R-MO) said he doesn’t expect to hold hearings on any election security bills this Congress because he doesn’t think Senate Majority Leader Mitch McConnell (R-KY) will bring them to a floor vote.
On May 10 House Democrats introduced the Election Security Act, portions of which were included in H.R. 1, the For the People Act, an omnibus bill including a broad range of electoral reforms. Read More
Counting Votes: Paper Ballots and Audits in Congress, Crisis at the EAC?, Florida’s Mystery Counties
To download the PDF click here.
Verified Voting supports Maryland House Bill 706 (Senate Bill 919) as an immediate, short-term mitigation to reduce risks inherent in Maryland’s current online absentee ballot system by limiting its use to only those who would otherwise be unable to vote. Going forward, substantial changes are necessary to provide Maryland’s voters with secure, reliable, accessible means of voting absentee.
Verified Voting supports the objective of helping voters to obtain their ballots and cast their votes, but any technology used for this purpose must be carefully evaluated. Regrettably, computer scientists and others have found that Maryland’s system has several grave shortcomings.
Because Maryland does not check signatures on returned absentee ballots, there is no way to distinguish legitimate from illegitimate ballots. Using information that is widely available, an attacker could readily request, electronically receive (at multiple fake email addresses), and cast any number of absentee ballots.1 Even if the attacker did not cast the ballots, any voters purported to have requested absentee ballots would be required to cast provisional ballots, creating chaos and suspicion and increasing the likelihood that the voter will be disenfranchised. Read More
Verified Voting Applauds Rep. Daryl Metcalfe, Rep. Garth Everett and Lt. Col. Anthony Shaffer’s Nonpartisan Call for the Penn. General Assembly to Appropriate Funding to Replace Vulnerable Electronic Voting Machines
Marian K. Schneider: “Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle.”
The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, following the press conference with Lt. Col. Anthony Shaffer this morning in Harrisburg, PA. Lt. Col. Shaffer also testified during the Senate Committee on State Government Hearing on Senate Bill 48 this morning.
“Verified Voting applauds Lt. Col. Anthony Shaffer’s testimony this morning urging Pennsylvania to replace all paperless DREs and for underscoring that this is a cybersecurity threat that needs to be addressed. The Pennsylvania legislature needs to appropriate additional funding to reimburse counties for the cost of replacing aging and vulnerable electronic voting machines with ones that have a voter-marked paper ballot of votes cast before the 2020 election. Read More
The following is a statement from Verified Voting's president, Marian K. Schneider:
"Verified Voting congratulates Christy McCormick on her election as Chair of the Election Assistance Commission and her three priorities for her tenure: election preparedness, replacing aging voting equipment, and working towards improving accessibility for all voters including voters with disabilities, military and overseas voters and limited English proficient voters.
"With those laudable goals in mind, Verified Voting urges Christy McCormick and the EAC to ensure that the next generation of voting systems provide most voters the opportunity to mark their ballots by hand and support robust post-election tabulation audits. These post-election audits can protect the integrity of the election outcomes with the existing systems.Technology has evolved so that improved security, verifiability and accessibility are not mutually exclusive, but can give everyone, the candidates, voters, the press and the public assurance that our voting system is resilient against attack."
This article originally appeared on Electronic Frontier Foundation’s website on February 4th, 2019
Experts agree: Internet voting would be an information security disaster. Unfortunately, the Commonwealth of Virginia is considering a pair of bills to experiment with online voting. Pilot programs will do nothing to contradict the years of unanimous empirical research showing that online voting is inherently vulnerable to a variety of threats from malicious hackers, including foreign nations.
EFF strongly opposes Virginia H.B. 2588 and S.J.R. 291, and all online voting. Instead, EFF recommends that absentee voting, like all voting, be conducted with paper records and risk-limiting audits, the current state-of-the art in election security.
Verified Voting Calls on Governor Tom Wolf and the Pennsylvania General Assembly to Appropriate Funding to Replace Vulnerable Electronic Voting Machines
Marian K. Schneider: “Verified Voting calls on the Pennsylvania legislature to appropriate additional funding to subsidize the cost of replacement.”
The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, following Gov. Tom Wolf’s budget address to the joint legislative session on Tuesday morning.
“The security of Pennsylvania’s elections is at a crossroads. In 2018, 83 percent of Pennsylvanians have voted on unverifiable direct recording electronic (DRE) systems. The state already recognizes the need to replace aging and vulnerable electronic voting machines with ones that have a voter-verifiable paper ballot or record of votes cast before the 2020 election. Governor Tom Wolf committed to this nearly a year ago, yet his budget address to the joint legislative session today falls short of providing the resources counties need to implement best election security practices. In light of the inadequacy of the funding request and the timing of the directive, the Governor should allow the 17 counties that already vote on paper ballots to keep their systems until more resources are available. Regardless, the remaining counties who do not have a plan to replace their systems are risking another presidential election in which the reported outcome cannot be verified. Read More
Rhode Island is making good on its promise to road-test risk-limiting election audits, following 2017 passage of legislation by the Rhode Island General Assembly, requiring them. Beginning with the presidential primary in April 2020, Rhode Island will become the second state to require these audits to verify election results. A “risk limiting” audit checks if the election result is correct. Specifically it checks the counting of the votes. A “risk-limiting” audit limits the risk that the wrong election result will be certified. It can catch errors which change the result and correct a wrong result.
To prepare for next year’s full implementation, the Rhode Island Board of Elections will conduct three pilot audits on January 16 and 17 at 50 Branch Avenue in Providence, Rhode Island beginning at 9:30 a.m. These pilot audits will be conducted with local election officials from Bristol, Cranston and Portsmouth, Rhode Island. Read More
Verified Voting sent a letter to the Secure, Accessible, Fair Elections (SAFE) Commission on Friday, January 4 with their recommendations for a new voting system in Georgia. Read the letter below or download it here
Verified Voting submits the following statement endorsing hand-marked paper ballots that are scanned as the primary voting method for voters. Verified Voting respectfully requests that this statement be shared with the entire SAFE commission in advance of the next meeting scheduled for January 10, 2019.
Recommendation. In light of the pervasive security vulnerabilities of all electronic voting systems, including Ballot Marking Devices (BMDs), as well as the considerable cost of BMDs, Verified Voting Foundation endorses the use of hand-marked paper ballots as the best primary method for recording votes in public elections. BMDs do play an important role for some voters, including voters with disabilities, that prevent them from hand-marking paper ballots. However, the primary voting method for most voters should be hand-marked paper ballots.
Rationale. Hand-marked paper ballots offer better voter verification than can be achieved with a computerized interface. A paper ballot that is indelibly marked by hand and physically secured from the moment of casting is the most reliable record of voter intent. A hand-marked paper ballot is the only kind of record not vulnerable to software errors, configuration errors, or hacking. With hand-marked paper ballots, voters are responsible only for their own errors, while with a BMD, voters are responsible for catching and correcting errors or alterations made by the BMD. Consequently, well-designed hand-marked paper ballots combined with a risk-limiting post-election tabulation audit provide the gold standard for ensuring that reported election results accurately reflect the will of the people. Read More