In August at DEFCON, the annual hackers’ convention in Las Vegas, J. Alex Halderman, a professor of computer science and an expert in cybersecurity, brought along several of his Diebold Accuvote TSX voting machines.
The Accuvote is a touch-screen voting device known as a direct-recording electronic voting machine, which, as the name suggests, records votes and stores them on a memory device. Halderman’s machines were set up as part of the Voting Village, an area dedicated to the cybersecurity of voting machines, where visitors were asked to cast votes in a mock presidential election between George Washington and Benedict Arnold.
“Because this is DEFCON, of course almost everyone thought they were clever and voted for Benedict Arnold,” said Halderman. At the end of the mock election, with over 100 votes cast, the machine produced the totals and the winner of the two-man race: the Dark Tangent.
That victor, unsurprisingly, was no accident. The Dark Tangent is the hacker name of DEFCON founder Jeff Moss, and before voting began, Halderman had corrupted the machines with malware that overrode all of the recorded votes and replaced them with the homage. Though the context was lighthearted, what Halderman really demonstrated is staggeringly serious: that these kinds of direct-recording electronic voting machines—ones that will still be in use in many states come November—are not secure from remote hacking.
The Center for American Progress recently released a study that highlighted that 42 states use electronic voting machines with software a decade old or more that leaves them especially vulnerable to hacking and malware. What’s more, five states rely solely on machines that leave no paper trail, and another 10 will use them in at least some districts. These paperless voting machines are especially problematic because even if such a machine were known or suspected to have been hacked, there’s no physical backup ballot to check it against—and therefore no way to determine for certain whether the vote an individual cast matched with the vote that the machine recorded. Worse still, some of the states with the poorest voting-system security are also electoral heavyweights, including Georgia, Texas, Pennsylvania, and Florida. It’s a state of vulnerability that’s especially concerning considering recent warnings from leaders like Director of National Intelligence Dan Coats, who in July cautioned that “the warning lights are blinking red” for potentially catastrophic cyberattacks on the nation’s most important digital infrastructure, including on our election systems.
So what is the cure for our voting-system woes? How do we fix such complex and entrenched problems? A growing number of voting-rights advocates and cybersecurity experts—among them organizations like the National Academies of Sciences, Engineering, and Medicine and Verified Voting—feel that the way forward is in a return to the past: paper ballots. This low-tech solution—which first gained popularity in the 1830s and later became an object of scrutiny and, after the hanging-chad fiasco of 2000, ignominy—may be poised to make a comeback.
For one, the hand-marked, hand-counted paper ballot has the appeal of being immune to hacking. There’s no need to for backup ballots to perform audits, and it’s almost as cheap as paper. But of course, there are reasons these ballots fell out of favor, including that hand-counting paper ballots is time-consuming, inefficient, and potentially prone to human error.
Marian Schneider, the president of Verified Voting, a nonprofit, nonpartisan organization that advocates for transparent and verifiable election processes, says her organization recommends that states use voter-marked paper ballots (marked either by hand or by a ballot-marking device) and then use a scanner to count those votes. That way, she says, you still get the benefits of paper but leverage technology to quickly tabulate those ballots.
It’s an idea that has had some traction at the state level. In 2017, Virginia became the first state after the 2016 elections to completely replace electronic voting machines in all of its cities, towns, and counties with paper ballots and electronic scanners. This change was hailed by voting-rights groups, which hoped it signaled a growing trend.
Indeed, there is still a concerted effort to get states to follow Virginia’s example and switch to universal hand-marked paper ballots. Or, at the very least, to require that voting machines produce backup ballots to allow voters to double-check that the machines recorded their votes correctly, and to conduct systematic postelection audits.
Yet, amid growing national alarm over hacking threats, there is little urgency coming from the White House on issues of election security. Likewise, in the Senate, the Secure Elections Act, a bill that, among other security measures, would have mandated backup paper ballots and postelection audits, recently died in committee due to a lack of Republican support. The failure of federal leadership on the issue has left it to states to step up to better protect their own election processes.
As it stands, 21 states and the District of Columbia will use only paper ballots in the upcoming midterm elections, and another 14 states will use a mix of paper ballots and voting machines that create a paper trail. However, the 15 remaining states will use paperless voting machines in some or all of their districts, and few of those have made recent changes to increase security for their election systems. This includes the state of Georgia, which a group of voters and election-security advocates recently sued in an attempt to block it from using its centrally run system of paperlesss electronic voting machines (the same kind that Halderman hacked for DEFCON) and instead switch to paper ballots. As the Washington Post summarized, the advocates argued that “failure to do so would deprive Georgia’s 6.8 million voters of their constitutional right to vote and the machines themselves were vulnerable to hacking—especially by foreign governments like Russia.” A federal judge denied a motion that would have forced the state to make the change in time for the midterm elections. But the same judge also warned that the state’s posture against fixing the vulnerabilities indicated that “State election officials had buried their heads in the sand” and that “further delay is not tolerable in their confronting and tackling the challenges before the State’s election balloting system.”
Even in states that use voting machines that do leave a paper trail, only three (Colorado, New Mexico, and Rhode Island) mandate “risk-limiting audits,” the gold standard in election security that uses statistical models to conduct postelection audits of voter-verified paper records to identify machine errors or other issues that could change the outcome of a race. As a recent Brennan Center report points out, paper records of votes have limited value against a cyberattack if officials don’t use them to check the accuracy of the software-generated totals to check for fraud.
Given the lack of both federal and state action in time for the midterm elections in November, is there anything a concerned citizen can do on her own to secure her vote?
Some have suggested that voters who find electronic voting machines at their polling places ask to vote with paper ballots instead. However, this isn’t an option everywhere. The rules vary widely from state to state over whether poll workers are allowed to offer paper ballots upon request. In some states, like California, voters who go to their stations on Election Day have the option of voting on a machine or with a paper ballot. Others, like Maryland, explicitly forbid voters who don’t want to vote on machines from obtaining paper provisional ballots (a special type of ballot generally reserved for voters whose identity or eligibility to vote is in question and, in some states, the only type of paper ballots available at the polls). In any event, voting-rights groups advise citizens not to use a provisional ballot if it can be avoided. For one, provisional ballots are set aside and counted separately and, sometimes, not counted at all. These ballots can also be rejected (in 2016, for example, 615,000 provisional votes were reported as rejected), and in some cases, the arbiters don’t give a specific reason for the rejection.
A more certain option for getting a paper ballot is to vote absentee. Although 20 states require an excuse for absentee voting, 27 (plus the District of Columbia) don’t, meaning any eligible citizen who requests a mail-in absentee ballot can receive one. Three additional states—Oregon, Colorado, and Washington—conduct vote-by-mail elections (also known as all-mail elections) in which every registered voter receives a mail-in ballot in the post, a sort of absentee voting by default.
Opting to cast an absentee ballot provides an especially appealing alternative for residents of Georgia and New Jersey, both states that rely on paperless voting machines but also offer no-excuse absentee voting. (Of course, voters planning on pursuing this option should be mindful of their state’s deadlines for requesting and mailing in absentee ballots.) It’s also an increasingly popular option: Data suggests that as many as one-third of voters will vote absentee or by mail in November. And it’s one way to get the peace of mind that your vote won’t be tampered with electronically.
But absentee voting isn’t a silver bullet for all the ills that plague our current system. Some people, such as former Oregon Secretary of State Phil Keisling, advocate that all states should scrap traditional polling places altogether and instead switch to universal vote by mail systems like those used in Oregon, Washington, and Colorado (and offered as an option in states such as California) where registered voters automatically receive a ballot in the mail that can either be sent back for the price of a stamp (or, in the case of Washington and soon California, for no cost since the ballots come with prepaid postage) or dropped off at a designated ballot drop-off station. The benefits are multifold: It is less expensive, significantly increases voter participation (especially among younger voters), negates the need for provisional ballots, and is inherently more secure since the mailed-in paper ballots can be audited with confidence. It also saves citizens from contentious voter-ID laws, long waits at the polls, and other same-day voting issues such as getting time off work or caregiving duties or showing up at the wrong precinct.
“The traditional polling place, whether it is paper ballots or DRE machines [direct-recording electronic] is the single biggest mechanism of voter suppression in America,” says Keisling. “Why, at the end of the day, do we place an obstacle between people and their most fundamental constitutional right?”
If these kinds of vote-by-mail systems offer such a simple fix, why don’t all states implement it or at least offer it as an alternative? On its face, voting by mail shouldn’t be a partisan issue. In fact, it advances stated conservative goals. It saves the taxpayers money. It eliminates the right-wing bugbear of in-person voter fraud. And it shrinks the size and role of the government. However, since higher turnout in elections generally favors Democrats, many conservative politicians, unsurprisingly, have opposed its spread. Some cite concerns about voter fraud and coercion, though, it’s worth noting, we haven’t seen evidence that this is a significant problem in the states that use vote-by-mail systems.
It may be too late for states to do much more to secure their elections systems for 2018. But for the presidential election in 2020, 33 states will need to replace outdated electronic voting machines. Advocates such as Keisling see this as a fork in the road. States can buy new, more expensive versions of their current voting machines, doubling down with the 10-year service agreements that voting-machine vendors often require and giving them little motivation to choose a more secure alternative down the road. Or they can choose to use paper ballots at polling stations or vote-by-mail systems.
Some fear that the foundation of our democracy—free and fair elections—is at risk if vulnerable states don’t do more to protect the integrity of the ballot box. Even if Russia or some other nefarious actor doesn’t successfully hack into a specific voting system or alter voter tallies in November or beyond, a lack of trust in the system alone may be enough to sow general discord, chaos, and mistrust in these foundational democratic institutions. Going forward, it’s incumbent on election officials not only to protect voting systems against intrusion and sabotage but also to adopt strong contingency plans in case of a breach and be transparent about the entire process with the voters they serve. Citizens need to be reassured that even in the face of serious threats or attacks, their votes will be accurately counted.
“I don’t believe this democracy has ever been on more shaky ground than since the 1860s,” says Gregory Miller of the nonprofit Open Source Election Technology Institute. “If we lose trust in our democracy we lose our democracy.”