In 33 states in America, millions of voters are still at risk of having their ballots deliberately changed, uncounted, undercounted, misrecorded or otherwise subverted. Why? Simply because these states either permit some form of Internet voting or because one or more parts of their voting processes are connected to the Internet.
This should disturb us. What is doubly worrying is the fact that, even if an intrusion is detected in these systems, there is no way to determine with certainty the impact on vote counts from the malicious hacks without paper ballots. There is no paper-based, traceable record of citizens’ votes without paper ballots. This means there is no way to reliably audit the election results. While paper ballots don’t prevent hacks, they can nullify the impacts of hacks because they allow authorities to reliably and accurately recount votes. The ability to retrace elections is critical in many ways: to restore the will of the people by accurately reflecting their votes, and to maintain confidence in our elections and our democracy.
The National Election Defense Coalition, a bi-partisan organization that closely studies election audits across the United States, estimates that 24 states have inadequate vote audit programs, and the audit programs of an additional 11 states need improvement. Especially in the case of extremely close contests, accurate audits and the public’s faith in them are literally what our democracy depends upon.
These aren’t theoretical concerns. There is substantial evidence that in the last election our voter registration and other election systems were attacked in almost every state. The FBI reports that an average of 6-9 months elapse between a breach and its detection: we cannot conclude that no breach occurred the moment an election is over, but rather, we need to continue to be vigilant year-round. For example, the recent, massive Wawa data breach started on March 4, but wasn’t detected until December
Though election officials cannot determine the full impact of the damage done, it is doubtful that hackers broke in just to harmlessly look around.
With less than a year to the next election, there are three non-technical actions to be taken, all of which we can and must do immediately. In doing so, we can make it more difficult for foreign governments and others to successfully use technology to interfere with our elections, and to undermine our confidence in the electoral process.
- First, to address pervasive pre-election vulnerabilities, Congress must mandate the “unplugging” of every “back office” part of the voting process from the Internet: that includes ballot design, voting machine programming and voter identification.
- Second, once voting begins, election officials must provide all voters with a paper ballot on which to permanently record their choices. To be clear, this step cannot be replaced with just a touch screen or another electronic voting vehicle, nor can it be replaced with a ballot printed from an email that the voter never saw, as was the case in some recent experiments. Additionally, this step cannot be circumvented by merely replacing old, vulnerable touch screen voting machines with newer, but equally vulnerable, touch screen voting machines - as several states are doing now.
- Third, once the polls close, we need to make sure that all elections can be, and are, accurately, robustly, and securely audited. Here is where paper ballots - an essential election security tool - come into play. Paper ballots are good protection, but they’re only as good as the audit that verifies them.
At first blush, it should be clear why preventing outsiders from corrupting voter registration and authentication databases before voting begins is critical. To accomplish this, we need paper ballots.
By unplugging our elections and by relying on paper ballots, we can rest easy knowing that you can’t hack a piece of paper. What’s more, if securely stored, election officials can rely on that paper later to verify results if a hack is suspected.
Moreover, even if a paper ballot is tampered with, that paper ballot represents just one vote, rather than a database of thousands or millions that’s been compromised. An election system relying on paper ballots effectively compartmentalizes and secures the entire election.
Our state election officials and poll-workers provide a vital service, and they need to be set up for success. If we truly want hackers to see a “Keep Out” sign on our election systems instead of “Door’s Open,” we have to act like we mean it: immediately, and consistently.
For 2020 and beyond, it is high time for Congress to mandate or incentivize all states’ use of paper ballots and robust audit procedures.
Jeremy Epstein is a computer security expert and vice chair of the U.S. Technology Policy Committee of the Association for Computing Machinery (ACM). ACM is the world’s largest association of computing professionals.