For more information on vulnerabilities in election infrastructure and commonsense solutions, read the Center for American Progress’ “9 Solutions to Secure America’s Elections.”1
In June 2017, the American people learned that Russian operatives had targeted 39 state election systems in the lead-up to the 2016 elections.2 Beyond the states, Russians targeted an election equipment vendor.3 These cyberintrusions and other Election Day disruptions exposed the country’s voting infrastructure as outdated and vulnerable to attack, weakening confidence in the electoral process. One poll found that 1 in 4 Americans will consider abstaining from voting in future elections due to concerns over cybersecurity.4 Election officials at all levels of government must invest in America’s election infrastructure and defend the security of our election system.
Outdated voting machines are vulnerable to cyberintrusions and system failure
- An estimated 42 states use voting machines that are more than a decade old. This is beyond the predicted 10-year life span of most models.5
- Outdated voting machines pose serious security risks and are susceptible to system crashes, “vote flipping,” and hacking, as many rely on outdated computer operating systems that do not accommodate modern-day cybersecurity protections.6 Moreover, upkeep for outdated machines is becoming increasingly difficult, since many parts are no longer manufactured.7 Studies have shown how easy it is to hack election machines.8
- Election administrators should replace and upgrade all voting machines and components that still use outdated operating systems to new models that meet modern standards and up-to-date cybersecurity protections.
Voter registration systems are prone to hacking
- Last year, hackers breached voter registration databases in Illinois, compromising the voting records of as many as 90,000 people.9
- The U.S. Department of Homeland Security (DHS) found that Russian cyber actors specifically targeted voter registration databases before the 2016 elections.10
- Voter registration systems and equipment—including e-poll books—contain sensitive information, such as eligible voters’ political affiliations, partial Social Security numbers, and driver’s license numbers.11 If voter registration records are hacked and altered, eligible Americans may be turned away at the polls or prevented from casting ballots that count on Election Day.
- Election administrators must update and secure voter registration lists and e-poll books. Paper copies of voter registration lists must be made available at each polling location in order to ensure that eligible Americans are able to cast ballots that count when they show up to the polls. In addition, states should establish contingency plans with clear guidance for election officials and poll workers on switching to paper backups when problems arise.
The lack of verified paper ballots or records puts election outcomes at risk
- Thirteen states employ electronic voting machines that fail to produce paper ballots or records, making robust postelection audits, or “double checks,” impossible to conduct.12
- In 2016, some 20 percent of registered voters cast votes without leaving any voter-verified paper ballot or record—a number significantly larger than the margin of victory needed to swing the election.13
- Voter-verifiable paper ballots or records are necessary for conducting meaningful postelection audits that confirm election outcomes and detect malicious activity. Paperless touch-screen voting systems should be replaced with paper ballots and optical scanners.
- Voting systems that use electronic machines are often costlier because they require more equipment.14 Each precinct, for example, requires several electronic voting machines to ensure that polling places can accommodate multiple voters at once.15 In contrast, paper-ballot voting systems require as few as one optical scanner and one ballot-marking station per precinct to assist voters with disabilities or language barriers.16
Cybersecurity standards are needed to protect election infrastructure
- While many states already have some form of cybersecurity incident and disruption response plan in place to protect against and respond to cyberthreats generally, few have standards designed specifically for protecting election systems.17
- A security failure in Georgia’s voter registration database, first discovered in August 2016, left the voter registration records of up to 6.7 million people vulnerable to outside infiltration and potential manipulation.18
- Local election officials should receive cybersecurity training to identify and deter election security risks. These hardworking individuals are on the front lines of our elections and are often targeted by spear-phishing attempts and other malicious activity.19 A survey of Pennsylvania counties found that only 8 of the 42 counties that responded said their workers received cybersecurity training.20
- States and localities must implement cybersecurity standards for voting machines, voter registration systems, and training programs for election officials.
Postelection audits must be conducted to confirm election outcomes
- Because all voting machines are vulnerable to hacking and even misprogramming, it is of the utmost importance that election officials commit to conducting robust audits after every election in order to confirm election outcomes and to detect manipulation of vote totals.
- Conducting postelection audits is critical for ensuring confidence in election outcomes. Currently, only New Mexico and Colorado have audit processes “robust enough to detect cyberattacks.”21
- By selecting an initial sample of ballots and interpreting them by hand, then determining whether the audit must expand, “risk-limiting” audits offer election administrators an efficient and effective way to test the accuracy of their elections without breaking the bank.22
Conducting tests on voting machines and equipment before elections can help mitigate risks
- While most states already have laws in place requiring state officials to test voting machines and equipment leading up to an election, their scope varies depending on the jurisdiction.23
- Testing should be conducted on all election machines and equipment prior to the start of early voting and Election Day, performed enough in advance to allow for effective remediation. Furthermore, testing should take place in a public forum with appropriate public notice, thereby increasing transparency and public confidence.
- In addition to conducting tests on voting machines and equipment prior to an election, vulnerability assessments—including regular system penetration testing and vulnerability scans of election infrastructure—should be required by law. In some states, the National Guard has been employed to conduct cybersecurity testing on public networks and election systems.24
- It is important to remember that pre-Election Day voting machine testing is not foolproof. Sophisticated hackers can manipulate pre-election testing procedures by installing malware that remains inactive during pre-election tests but activates during voting periods.25
Transmitting ballots over the internet poses security risks
- While most states only allow online voting for military personnel and U.S. citizens living abroad, some states—such as Alaska—allow all absentee voters to submit ballots over the internet.26
- Submitting ballots online is risky because there is no way for voters to confirm that the vote they cast is the same as that ultimately recorded..
- An official from DHS’ Cyber Security Division warned “that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results.”27 The National Institute of Standards and Technology has also warned against online voting.28
Officials across all levels of government must work together to detect and address cyberthreats
- While it is important for states to retain a level of autonomy over the administration of their elections, many lack the personnel and resources necessary to thoroughly probe and analyze complex election databases, machines, and cyber vulnerabilities.
- Federal agencies with expertise in cybersecurity should be responsible for carrying out comprehensive threat assessments on election infrastructure. Some states have already sought assistance in securing their election systems. Before the 2016 elections, 33 states and 36 localities requested assessments of their voting systems by DHS.29
- State officials—who are more familiar with the intricacies of their local systems—and federal agencies must work together to protect the security of our elections. By combining their expertise on cybersecurity threats and insight into the unique qualities of localized election infrastructure, they can better assess and deter attempts at electoral disruption.
Funding is needed to improve election security
- The cost of updating outdated voting machines across the country is estimated at approximately $1 billion, while the cost of replacing the country’s paperless machines is projected to be somewhere between $130 million and $400 million.30 Conducting nationwide threat assessments for voter registration databases is estimated to cost between $1 million and $5 million annually.31
- According to one study conducted by the Brennan Center for Justice, of the 274 election officials surveyed in 28 states, more than half said that they will need new voting machines by 2020.32 Unfortunately, 80 percent of those officials said they did not have the necessary funds.
- The federal government and Congress have a duty to allocate funding, to assist in the implementation of these protective measures, and to guard against disruptions in future elections—at the very least in federal elections. This would not be the first time Congress provided funds to upgrade election infrastructure. After the 2000 presidential election, it passed the Help America Vote Act of 2002, providing more than $3 billion to help states upgrade to high-tech voting machines, among other things.33