Verified Voting Blog

This blog contains posts authored by the Verified Voting Team and by members of the Verified Voting Board of Advisors.

Verified Voting Blog: Verified Voting’s Guide to Election Security in One Infographic

Verified Voting has gone visual! In addition to recently collaborating with the Wall Street Journal and NPR on maps depicting voting technology across the states, Verified Voting created its own infographic: “Safeguarding Our Elections: The Solutions to Vulnerabilities in Election Security.”

The infographic is the first in a series of visuals Verified Voting is creating. This piece breaks down the state of our elections, which states are most vulnerable, the solution and what people can do. We urge you to take a look and share with your networks. You can download infographic or find it on our Twitter or Facebook.

Verified Voting Blog: Letter to State Election Officials on Best Practices for Voting Funds

Download letter as PDF

On March 23rd, Congress allocated $380 million to states to upgrade election security. This is a positive development. In the age of unprecedented hacking risks, researchers have found that electronic voting infrastructure — including voting machines and registration databases — have serious vulnerabilities. While there’s no evidence that vote totals were hacked in 2016, there’s strong evidence that hackers have been testing the waters.

While federal funding can help states address these issues, simply upgrading or replacing election infrastructure is not sufficient. It is essential that states work with the Department of Homeland Security or other trusted providers to scan their systems for cyber vulnerabilities, and follow best practices identified by computer scientists, national security leaders, and bipartisan experts in elections administration to mitigate hacking risks. On March 20, the Senate Select Committee on Intelligence released its long-awaited recommendations on election security and concluded that requiring paper ballots, banning wireless components and implementing statistically sound audits of election results are essential safeguards. Last year, a group of 100 leading computer scientists and other election administration experts voiced the same conclusion. Through years of researching voting equipment security in real election administration environments, the National Institute of Standards and Technology (NIST) has come to similar conclusions about what it will take to defend elections.

As you begin to make use of the new federal funding, we strongly urge you to follow best practices identified by these and other leading experts for election security:

(1) Replace paperless voting machines with systems that count a paper ballot — a physical record of the vote that is out of reach from cyberattacks.

(2) Conduct robust post-election audits in federal elections. Congress explicitly requested that states “implement a post-election audit system that provides a high-level of confidence in the accuracy of the final vote tally” as part of its report language accompanying the Omnibus. Well-designed audits involve election officials checking only a small random sample of the voters’ choices on paper ballots so that they can quickly and affordably provide high assurance that the election outcome was accurate.

(3) Upgrade systems to ensure that states’ election websites, statewide registration systems, and election night reporting systems are defended against threats of intrusion and manipulation.

(4) Prohibit wireless connectivity in voting machines to limit vulnerabilities to hacking risks.

(5) Train and educate election officials at all levels on how they need to incorporate security into their elections practices.

We, the undersigned, believe that these represent sensible and cost-effective solutions to the rising challenges of election security. We urge you to take steps to safeguard elections using these proven best practices.

Sincerely,

Adam Brandon
President, FreedomWorks

Duncan Buell
NCR Professor of Computer Science and Engineering, University of South Carolina

Michael Chertoff
Former Secretary of Homeland Security

Kristen Clarke
President, Lawyers’ Committee for Civil Rights Under Law

Edgardo Cortes
Former Commissioner of Elections, Virginia

David L. DillDonald E. Knuth Professor, Emeritus, in the School of Engineering, Stanford University

Jamie Fly
Senior Fellow, German Marshall Fund

Karen Hobert Flynn
President, Common Cause

Trey Grayson
Former Secretary of State, Kentucky

Alex Halderman
Professor of Computer Science, University of Michigan

Joseph Lorenzo Hall
Chief Technologist, Center for Democracy and Technology

General Michael Hayden (Ret.)
Former Director of the National Security Agency and Director of Central Intelligence

David Jefferson (Ret.)
Lawrence Livermore National Laboratory

Douglas W. Jones
Department of Computer Science, University of Iowa

Rick Ledgett
Former Deputy Director of the National Security Agency

Ambassador Douglas Lute (Ret.)
Former US Ambassador to NATO, Lieutenant General, US Army

Michael Morell
Former Acting Director and Deputy Director of the Central Intelligence Agency

Lawrence Norden
Deputy Director, Democracy Program, Brennan Center for Justice at NYU School of Law

Grover Norquist
President, Americans for Tax Reform

Michael O’Hanlon
Senior Fellow, Brookings Institution

Tammy Patrick
Senior Advisor at Democracy Fund; Former Member of the Presidential Commission on Election Administration

Ben Ptashnik
National Election Defense Coalition

Mark Ritchie
Former Secretary of State, Minnesota

Ronald L. Rivest
MIT Institute Professor

Mike Rogers
Former Member of Congress (R-MI); Chair of the House Intelligence Committee

Laura Rosenberger
Director, Alliance for Securing Democracy

Paul Rosenzweig
Senior Fellow, R Street Institute; Former Deputy Assistant Secretary of Homeland Security for Policy

Kori Schake
Former Director for Defense Strategy at the National Security Council

Marian Schneider
President, Verified Voting Foundation; Former Deputy Secretary of Elections and Administration, Pennsylvania Department of State

Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School and Berkman-Klein Center for Internet and Society

James Scott
Co-Founder and Senior Fellow, Institute for Critical Infrastructure Technology

Lt. Col. Tony Shaffer (Ret.)
Vice President, London Center for Policy Research

Barbara Simons
IBM Research (Ret.); Board Chair, Verified Voting Foundation

Rev. DeForest Soaries
Former Chair, Election Assistance Commission

Admiral James Stavridis (Ret.)
Former NATO supreme Allied Commander

Neera Tanden
President and CEO, Center for American Progress

Natalie Tennant
Former Secretary of State, West Virginia

Poorvi L. Vora
Professor of Computer Science, The George Washington University

Dan S. Wallach
Professor of Computer Science, Rice University

Rob Weissman
President, Public Citizen

Nicole Wong
Former Deputy US Chief Technology Officer

*Affiliations listed for Identification Purposes Only

Verified Voting Blog: American elections are too easy to hack. We must take action now. | Bruce Schneier/The Guardian

This article was published by The Guardian on April 18, 2018Bruce Schneier is a fellow and lecturer at Harvard Kennedy School and is on the advisory board of Verified Voting.

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them.

Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper.

Recently, there have been two graphic demonstrations of how bad our computerized voting system is. In 2007, the states of California and Ohio conducted audits of their electronic voting machines. Expert review teams found exploitable vulnerabilities in almost every component they examined. The researchers were able to undetectably alter vote tallies, erase audit logs, and load malware on to the systems. Some of their attacks could be implemented by a single individual with no greater access than a normal poll worker; others could be done remotely. Read More

Verified Voting Blog: Verified Voting Hacks into Voting Machine in New Video from the New York Times

Demonstration Shows Vulnerability of Voting Machines With No Paper Backup

The New York Times published an interactive piece on election security today that included a video featuring Verified Voting fellow, Alex Halderman. The piece, “I Hacked an Election. So Can the Russians,” was the result of a months-long collaboration between Verified Voting and the New York Times.

How Will My Vote Be Counted?

“Alex Halderman, along with the New York Times, successfully demonstrated how vulnerable these voting machines can be,” said Marian K. Schneider, president of Verified Voting. “We want people to understand in a visual way how something like this might happen. Although it is only a risk and not a certainty that something like this could occur, we need to be prepared and able to recover. These machines don’t allow us to do that. It’s time we prepare to monitor, detect, respond and recover from any potential attacks that undermine our democracy.”

“All cyber security experts who have given electronic voting machines any thought agree, these machines have got to go,” said Alex Halderman in the video. “Paper plus audits; all elections should be done this way,”

During the four-minute video, Alex Halderman demonstrates how to hack into electronic voting machines while holding a mock election at the University of Michigan. After students were asked to choose between their own university and rival Ohio State, Alex is able to manipulate the vote causing Ohio State to win.

The demonstration shows voting machines’ vulnerability and why using paper ballots and implementing widespread, statistically sound audits like RLA’s is needed to verify our vote.

MEDIA CONTACT: Aurora Matthews 

Verified Voting is a national non-partisan, non-profit educational and advocacy organization committed to safeguarding elections in the digital age. Founded by computer scientists, Verified Voting advocates for the responsible use of emerging technologies to ensure that Americans can be confident their votes will be cast as intended and counted as cast. We promote auditable, accessible and resilient voting for all eligible citizens.

Verified Voting Blog: Proposed election security panel for Netroots Nation 2018

Election security is the way we protect our elections from interference and allow voters to feel confident that their vote is being counted. Being able to trust election results is a cornerstone of democracy. 2016 was a harsh reminder of what can happen when we don’t have secure election systems- and demonstrates the need for us to act quickly. Luckily, we can all ensure the safety of our elections, by working with our local and state election officials to make sure all of our votes are counted.

The key takeaways are that the reforms (paper ballots and robust audits) are not only totally possible, but super important. Every major reform that has been passed at the state level has been lead by grassroots activists who knew how important it was to make sure our votes are counted. The progressive movement, in light of the interference in the 2016 election, has been calling on us to understand how to advocate for these campaigns.Election Security is often seen as a wonky, insider issue. Over the past year, the Secure Our Vote coalition has trained hundreds of local leaders to work with their election officials to demand better election machines and audits. The connection between these issues and passing a progressive agenda is clear, as only if we trust our votes will be counted if we have secure systems. We want to build upon that work to make the connections clear to the leading progressive activists. Read More

Verified Voting Blog: Federal Funds for Election Security: Will They Cover the Costs of Voter Marked Paper Ballots?

Download the Brennan Center/Verified Voting Full Report (PDF)

Under the terms of the omnibus spending bill voted on by the House, states will receive $380 million within months to start to strengthen the security of our nation’s election infrastructure. This near-term funding is the product of tireless work by members of both parties, and a critical acknowledgment from Congress that protecting our elections is a matter of national security. States can use the funding immediately to begin deploying paper ballots, post-election audits, and other essential cybersecurity improvements. However, the new funding is only a first step, as many in Congress have acknowledged, and further Congressional action will be necessary in order to ensure that future elections are secure.

Most significantly, the omnibus funding as allocated to the states under the Help America Vote Act (HAVA) will not be enough for some states to replace their insecure voting machines. Because paperless electronic voting systems are highly vulnerable to cyberattacks, it is urgent that those systems be replaced as soon as possible, as the Senate Select Committee on Intelligence (SSCI) recommended earlier this week. Until this is done, it will be impossible to ensure that election results as reported by the voting system have not been corrupted by a cyberattack.

Thirteen states, including key swing states like Pennsylvania, continue to use paperless voting today. One of the main reasons is cost: cash-strapped states simply can’t afford to replace this aging equipment. Unfortunately, our analysis shows that under the new federal funding, five of the 13 states with paperless machines will receive less than 25 percent of the money they may need to replace them. Moreover, most states will also need to use some of the new funding to pay for improved auditing and other security measures, leaving even less for crucial technology upgrades. Read More

Verified Voting Blog: Pennsylvania Takes Critical Steps Toward Election Security by Purchasing Voter-Verifiable Paper Systems

Marian K. Schneider: “We applaud this decision today to increase the integrity of Pennsylvanias elections and its move to safeguard elections.”

The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, on Pennsylvania’s announcement that it will no longer purchase paperless DREs and that going forward all new voting machines must have a voter-verifiable paper ballot or paper record. For additional media inquires, please contact aurora@newheightscommunications.com 

“Pennsylvania is taking a critical step towards safeguarding elections by replacing its aging voting systems and restoring voters’ faith that their votes will be counted as cast. The only way to address the risk of software problems is to require a physical paper ballot that can be used to check the computer-generated votes.

“Since 2006, 83 percent of Pennsylvanians have voted on unverifiable direct recording electronic (DRE) systems. This directive begins to change that. As the Commonwealth moves forward with these steps to increase security, it also serves as an example for other states to do the same. But it shouldn’t stop there. Pennsylvania needs to continue this momentum by decertifying all its remaining DREs and only certify voting systems that include a paper record of voter’s choices.

“We applaud Governor Wolf’s commitment to ensuring the integrity of Pennsylvania’s elections.  The administration’s move to safeguard Pennsylvania elections by requiring counties to purchase these new voting systems will allow jurisdictions to detect any problems with the election outcome and recover from them. This is exactly why security experts recommend that voting machines are resilient. Pennsylvania’s actions reflect the understanding that our election infrastructure must be secure.”

Verified Voting Blog: It’s time to safeguard our elections | Marian K. Schneider

This oped was originally published in the York Dispatch on February 1, 2018.

An oversight in York County, Pennsylvania on the eve of last November’s Election Day questioned the rightful winner of the election, but thankfully the potential damage stopped there. Still, the discovery of a technical error — one that allowed voters to cast multiple votes for a candidate in races with cross-filed candidates — risked the integrity of the election. This could’ve been easily preventable with paper ballots.

Most Pennsylvania voters are using paperless electronic voting machines to cast their ballot. The problem is that these outdated machines — also known as direct recording electronic (DRE) systems —are unverifiable. DREs, or voting machines without paper ballot back-up, have been the source of controversy for years because of their inability to allow anyone to verify the results. Instilling confidence in election outcomes can only occur by replacing these systems with newer ones that provide a software independent record of voter intent and implementing statistically meaningful audits of those records.

We know there was foreign interference during the 2016 election cycle, and that similar acts to undermine faith in America’s democratic systems are a possibility. Security experts agree that safeguarding and protecting election systems is important and that no system is completely secure. That’s why security experts recommend ensuring that all computer-based systems, including voting machines are resilient, that is, they have the ability to identify a problem and recover from it. Replacing the outdated voting systems with resilient machines is imperative before the 2018 elections because, for more than 80 percent of Pennsylvania voters in 50 counties, no one has any way of knowing whether the paperless voting machines correctly captured voter intent.

Read More

Media Release: Verified Voting Says Paper Ballots and Post-Election Audits Can Safeguard our Elections as State and Local Election Officials Discuss Election Security

Marian K. Schneider: “Passing the bipartisan Security Elections Act will advance our nation’s efforts to protect and ensure trustworthy elections.”

The following is a statement from Marian K. Schneider, president of Verified Voting, regarding the U.S. Election Assistance Commission (EAC) summit held today in Washington, D.C. For additional media inquires, please contact aurora@newheightscommunications.com  

“As officials look to address the risks our elections face today, it is essential that voter-verified paper ballots and post-election audits are recognized as the best way – given current technology – to ensure that an attack on our voting systems can be detected and the outcome verified. With midterm elections quickly approaching, it’s time we also prepare to monitor, detect, respond and recover from these potential attacks. The good news is that we can, and Congress has a bill that goes a long way in doing so.

“The bipartisan Secure Elections Act, introduced late last month by Sen. James Lankford (R-OK) and co-sponsored by Sen. Amy Klobuchar (D-MN), Sen. Lindsey Graham (R-SC), Sen. Kamala Harris (D-CA), Sen, Susan Collins (R-ME) and Sen. Martin Heinrich, (D-NM), aims to provide states with the resources needed to implement these safeguards.  Read More

Media Release: Verified Voting Urges Congress to Pass the Secure Elections Act; Bipartisan Legislation Empowers States to Protect Themselves

Marian K. Schneider: “Passing the bipartisan Secure Elections Act will advance our nation’s efforts to protect and ensure trustworthy elections.”

The following is a statement from Marian K. Schneider, president of Verified Voting, on the Secure Elections Act, which was introduced by Sen. James Lankford (R-OK) and co-sponsored by Sen. Amy Klobuchar (D-MN), Sen. Lindsey Graham (R-SC),Sen. Kamala Harris (D-CA), Sen, Susan Collins (R-ME) and Sen. Martin Heinrich,(D-NM) on December 21, 2017.

“The Secure Elections Act addresses the new reality that our election infrastructure must be protected as matter of national security. At a time when our democracy needs increased protection, Congress should fast-track the newly introduced Secure Elections Act to provide resources for states to safeguard our voting systems and ensure election infrastructure is resilient.

“This bipartisan legislation establishes a structured grant program that creates incentives for states to adopt good cyber hygiene measures in accordance with guidelines developed by an advisory panel of experts. Coupling grants to the states with effective guidelines on spending will ensure the money is used well and moves toward strengthening our elections. In addition, the bill improves the exchange of information about security threats among the different levels of government to allow timely response and action. Read More