Election Infrastructure and the Market for Voting Technology
The Fletcher School, Tufts University and EconoFact
Voting technology should ideally be reliable, secure, and easy-to-audit, but elections often encounter technological problems from poorly designed custom apps to breaches of voter records. Despite all of the attention focused on improving election security in the aftermath of the 2016 election, voting systems in the United States remain notoriously vulnerable. Yet there are agreed upon technological options and auditing strategies that could make systems more robust. However, the adoption and deployment of these expert-recommended fixes faces challenges from the interplay of funding availability; the fragmentation of purchases, oversight and standards in a federalist system; and the way in which products and services are provided and contracted between private vendors and electoral localities.
Technological options and auditing strategies could make voting systems more robust, but their adoption and deployment faces challenges.
- Computers and software play key roles in almost every aspect of the election process. In the United States private vendors and contractors supply many of the components of the system (see here). Election infrastructure involves the physical voting equipment as well as many "back end" functions. While many of the concerns voiced have focused on the electronic voting equipment used at polling stations, the "back end" functions are just as important. Components include: maintaining a database of registered voters; creating the data files for each ballot before the election; configuring individual precinct voting machines; processing absentee and early voting ballots; and tabulating the results for each race and reporting the overall outcomes. The risk presented by the voting equipment depends on the type of equipment used, which varies from one location to another. Some locations use optical scanners that read paper ballots and leave a paper record of the vote; others use purely electronic voting; and others allow voters to vote electronically and then print a paper version of the ballot to be read by an optical scanner.
- Voting technology is subject to numerous attacks, manipulations, and malfunctions. In August 2019, participants at the DEFCON hacker conference were given access to more than 100 different voting machines used in different places around the country and they were able to identify vulnerabilities in every single voting machine they tested. Hackers were able to compromise the machines in ways that could alter stored vote tallies, change the ballots displayed to voters, or alter the software that controlled the machines. Moreover, the report noted that many specific vulnerabilities that had been reported over a decade earlier were still present in systems currently in use. In addition to the DEFCON report on voting machine vulnerabilities, numerous other studies and analyses have shown that voting technologies have significant vulnerabilities that could be exploited by malicious actors to manipulate elections, alter vote totals, or delete crucial records.
- The purchase of election technology is very fragmented. There are no federal standards for the security of voting systems or auditing election results in the United States, all of these decisions are handled at the state or local level. Unlike other countries that have a centralized election authority, each individual state in the United States is responsible for setting their own election standards and procedures. In practice, the majority of election management functions are delegated to county and town governments in many states, which means that the potential customers for election technology number in the thousands with varying levels of resources and technical expertise. The U.S. Election Assistance Commission (EAC) provides guidance to states on security issues through its Voluntary Voting System Guidelines and its Voting System Test Laboratories, but it is entirely up to states whether they wish to participate in these programs. This leaves a tremendous amount of power in the hands of individual states when it comes to deciding how to operate elections and which kinds of technology to use.
- In contrast, the market for voting machines has become increasingly consolidated into three firms that dominate sales of election technology. Dominion Voting Systems, ES&S and Hart InterCivic acquired several of their smaller competitors in the first decade of the 2000s. Together, these three companies provide voting equipment to roughly 92 percent of the voting population in the United States, according to a 2017 report from the Penn Wharton School Public Policy Initiative. However, not much is known about their finances and operations because they are not public and they are not subject to the same oversight that exists of private suppliers in other critical infrastructure sectors such as defense and nuclear. For instance, election technology vendors are not required to report security breaches, screen employee backgrounds, patch security flaws, report foreign ownership, or open up to scrutiny the contractors or subcontractors in their supply chain, according to a report by the Brennan Center for Justice.
- While greater competition could potentially help, there are very high barriers to entry for the voting technology market, including figuring out how to comply with audits and certification processes, breaking into a market with many existing long-term contracts, and dealing with highly litigious competitors. The firms in the voting technology market typically sell a package of products that include hardware, software, services and support. States and counties often lock themselves into ten- or fifteen-year contracts for voting machines because of how expensive this equipment is and its lack of interoperability with other systems, which requires them to completely replace their equipment if they want to switch to a different vendor. Because of this, existing vendors tend to compete aggressively for contracts of new equipment when an electoral jurisdiction is looking to replace its existing system. Yet, this competition does not necessarily translate into a contest between firms for more secure or innovative products. Standards set by counties and states make investments in new products riskier. Vendors report that acquiring EAC certification, which some states require, can take two years or more and can run above $1 million per voting system — and this does not include other costs for certification by the state or jurisdiction. This discourages new firms from entering the industry and makes it more likely that incumbent firms will stick with existing technologies and avoid changes that would require re-certification, according to the Penn Wharton report. In many cases, competition for contracts between existing firms involves investments in direct marketing to election administrators, lobbying activities, and even litigation over unsuccessful bids. In 2018 for instance, when Cook County, Illinois, awarded a $30 million contract to Dominion, ES&S initially filed a federal lawsuit a intended to block the Cook County Board from signing a ten-year contract with Dominion on the grounds that Dominion’s voting systems had not yet been certified by the Illinois State Board of Elections when the contract was awarded. That same year, ES&S also filed a complaint against Louisiana for awarding a $95 million contract to Dominion, forcing the state to rescind the award.
- While known risks exist, there are also known technologies and strategies that could be used to make elections more secure. Experts recommend that all voting machines should provide paper audit trails of votes so that vote totals can be reviewed by manually checking those ballots against calculated vote totals. In addition, it is important to have a systematic and reliable process for determining whether the results being reported are anomalous. A 2018 report of the National Academies of Sciences, Engineering and Medicine recommends that states mandate the use of risk-limiting audits, in which a small sample of ballots is checked manually and the results are compared to the overall tally to identify any anomalies or irregular results and determine whether a further audit is required prior to certifying election results. In 2017, Colorado conducted the first statewide risk-limiting election audit but it is still not a common practice in most states.
What this Means:
Improving and maintaining the country's election infrastructure is a moving target that has to balance a federalist system with the needs of national security, and requires sustained attention and dedicated funding. Federal legislation has been suggested as one possible, partial solution to the cybersecurity challenges facing election technology: The proposed Securing America’s Federal Elections Act would impose cybersecurity standards for voting systems and require that all voting machines generate paper audit trails, but it is currently stalled in the Senate. ES&S CEO and president Tom Burt testified in favor of federal legislation that would mandate security testing and paper records of votes, signaling the willingness of incumbent firms to adhere to stricter security standards.