If the 2016 midterm elections go off without a hitch, don’t assume that it’s safe to give the all clear signal. Not just yet.
A recent report by the National Academy of Sciences argues that there’s considerable work ahead to secure the nation’s voting infrastructure, particularly at the local level where states have been left free to go their own way.
In a report that spans more than 100 pages, the Academy offered a detailed look into how the 50 states and District of Columbia run their elections. Their conclusion: Every state does something a little different from the others. Securing them to hold national elections theoretically also means taking on 50 different kinds of problems.
Oddly enough, this crazy quilt of systems may work to the nation’s ultimate benefit by avoiding technological monocultures that might otherwise lead to a single point of failure.
Still, the systems will need a thorough inspection, down to the most mundane counting mechanisms, according to the study. Every election involves glitches and buggy software that delay final tallies. But with memories of past election controversies in 2000 and 2016 still fresh in their minds, election officials need to do whatever’s possible in order to avoid situations that might inject more uncertainty into the process.
Indeed, Steve Bellovin, professor of computer science department at Columbia University and a member of the Academy’s committee on computing and telecommunications, expressed alarm at the general state of voter registration systems across the nation.
But with memories of past election controversies in 2000 and 2016 still fresh in their minds, election officials need to do whatever’s possible in order to avoid situations that might inject more uncertainty into the process.
He said that the registration systems and the poll books used to verify voter identities at polling places mostly come from a handful of vendors. That makes them more vulnerable than some parts of the systems. What’s more, Bellovin noted, they run on common Windows and Linux servers, both of which are fully understood by national governments that might want to disrupt U.S. elections.
But according to the panel, there are actionable measures the states can take to fix, or at least mitigate the potential threat to future elections.
We need them for the simple reason that no digital system we have today can be relied upon to give the fool-proof audit trail that paper gives us. At a minimum, there should be a paper ballot that voters can mark – with their own hand or machine – that can then be transferred to a separate counting device such as a scanner. The report suggests that every effort should be made to use human-readable paper ballots in the upcoming federal election. All local, state, and federal elections should be conducted using human-readable paper ballots by the 2020 presidential election. That shouldn’t be a stretch as the study found that most jurisdictions can comply today.
A corollary to paper ballots is the importance of auditing up and down the line. From registration to poll books to ballots and the final count, everything in the chain needs to be verifiable to a high degree of reliability, the report says - before and after election day, alike.
We have dozens of different systems in place across the U.S., all of varying levels of digitization. Countering threats from nation-states and other entities means assisting states and local authorities that need better security. The report’s authors recommend Congress assure funding for the low-profile United States Election Assistance Commission, as well as the Commerce Department’s National Institute of Standards and Technology, which is researching ways to further harden computer systems used in elections.
Forget about Internet Voting
If we can’t fully secure voter registration, there’s simply no way we can risk exposing results to hackers. Someday, it could be possible. But not now.
Insist on Adherence to Standards
The report doesn’t mince words: The U.S. Election Assistance Commission and U.S. Department of Homeland Security should continue to develop and maintain a detailed set of cyber security best practices for state and local election officials and vendors. It’s up to them to follow Uncle Sam’s lead.