Oct. 15, 2018

Election Security Experts Discuss Election Security Risks and Recovery Steps for Voter Rolls, Voting Machines and Election Websites

Experts Fear Hackers Could Target Registration Rolls, Voting Machine Memory Cards and Websites During Critical 2018 Midterms

*View a recording of our web press conference here.*

WASHINGTON, D.C. – Dozens of state election systems remain vulnerable to hacking, but there are steps election officials can take to protect the vote, Public Citizen, Verified Voting and the Brennan Center said today during a livestreamed press conference (view it here).

Hackers have many avenues they can take to disrupt the vote, including altering voter registration databases, cutting a polling location’s electricity, shutting down websites, breaching county or state workstations, and even changing vote counts, the groups said. But these problems also could be caused by human error or natural disasters, so it pays to be prepared no matter what.

The groups said that to properly protect the vote, states need to have paper ballots for each vote cast, and stronger audits are needed to verify that election results are correct.

“One of the biggest shifts we’ve seen since the 2016 election is a resounding chorus of security experts, election officials and advocates calling for voter-marked paper ballots and robust post-election audits. While a hack on Election Day is a risk, not a certainty, we can never get that risk down to zero, which is why it’s important to have a recovery plan,” said Marian K. Schneider, president of Verified Voting and former deputy secretary for election and administration for the Commonwealth of Pennsylvania.

Voting systems themselves can be hacked – both optical scanning systems for paper ballots and digital voting systems. Roughly a dozen states still use insecure voting systems that use direct-recording electronic voting machines instead of paper ballots for some voters. Memory cards in centralized election management computers used to program voting machines can be compromised, even if the voting machines themselves are not online during voting.

“As the midterms approach, voters and election officials across the country can take simple, commonsense precautions, in case an electronic voting machine or an electronic poll book breaks down on Nov. 6,” said Lawrence Norden, deputy director of the democracy program at the Brennan Center for Justice at NYU Law School. “We encourage voters to check their voter registration between now and Election Day, and alert election officials if any information seems wrong. At the same time, every polling station should be ready to recover quickly from an electronic failure so that eligible voters can cast ballots without delay and their ballots can be accurately counted and verified. Backup copies of electronic poll books, an ample supply of paper ballots and pre-election testing will go a long way to protect the vote, whether from human error, power failure or cyberattack.”

Early voting for this year’s midterm elections already has started in several states, so many states can’t change their voting equipment to more secure machines within the next three weeks, Norden said. But there are some safeguards that can be implemented, including making sure each polling location has sufficient provisional ballots in case there is a problem with the registration rolls.

Some states and localities have taken major steps to improve their voting security since 2016. About 1,100 local election officials have signed up for security alerts from the Center from Internet Security. Arkansas updated most of its voting machines to include a paper record; Wisconsin and Washington state improved their audit systems; and Pennsylvania and Delaware aim to have paper records by 2020. But not enough has been done.

Twelve states have jurisdictions reliant on paperless voting systems for in-person voting, and nine states have no post-election audit requirements. Many local and state election officials have cited costs as the reason for not taking additional steps to protect their voting systems.

What More Can Be Done?

Election officials on the ground also have a responsibility to investigate any problem that appears on Election Day or before, and provide the public transparent information about the process and what they find, the groups said.

“It’s inaccurate to say hackers did not affect election outcomes in recent elections. Hacks can take years to detect when we’re looking for them,” said Aquene Freechild, co-director of Public Citizen’s Democracy Is For People campaign. “Looking forward, the only votes we know for sure won’t be counted are those that are never cast. Voters concerned about election security should tell elected officials to fund paper ballots and audits, and voters should make sure to get out and vote.”

Larger steps can and should be taken, including passage of the bipartisan Secure Elections Act, which, if signed by early 2019, could be implemented by the 2020 elections.

‘Part of the Russian attack on our elections in 2016 was to undermine confidence in our systems, and this legislation will bolster that confidence,” said Schneider. “It is urgent that we undo this undermining of our elections.”

###