How Secure Are U.S. Electronic Voting Systems?
The Fletcher School, Tufts University
Elections present several opportunities for adversaries to compromise the electronic voting systems used by many states. However, despite evidence that such systems are vulnerable to a variety of different attacks, there is little indication that voting through these systems has been altered in U.S. elections. But just because it hasn’t happened before does not mean that it could not happen in the future. Experts have increasingly converged on a set of best practices for security. However, different states have not adopted the same security standards — in fact, some states’ authorities have at times been openly resistant to efforts by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to work with their governments to improve the security of their voting systems. The diversity and decentralization of states’ voting systems that make it more difficult to hack elections at any large scale also contribute to the challenges of implementing uniform security standards for U.S. voting equipment.
The diversity and decentralization of states’ voting systems make it more difficult to hack elections at any large scale but present challenges for implementing uniform security standards.
- Electronic voting machines currently in use by several states are known to have serious potential security vulnerabilities. University of Michigan professor J. Alex Halderman identified “multiple severe security flaws” in Georgia’s Dominion Voting Systems touch screen voting machines last year as part of a confidential expert report prepared for a lawsuit related to Georgia’s election processes. The vulnerability would potentially allow for someone to “install malicious software, either with temporary physical access (such as that of voters in the polling place) or remotely from election management systems,” according to Halderman’s report, and this would then enable the ability to “alter voters’ votes while subverting all the procedural protections practiced by the State'' (cited here).
- There is no evidence that these security vulnerabilities have been exploited to date. There is no evidence of voting irregularities due to manipulation of electronic voting machines during the 2020 elections. A review by federal government cybersecurity officials determined that the vulnerabilities in Dominion Voting Systems equipment had not been exploited in that election. But widespread attempts to undermine the integrity of that election have placed government cybersecurity officials in the difficult position of attempting to reassure voters that the election was secure while acknowledging that there are serious security risks that still need to be addressed in U.S. voting infrastructure.
- One of the most important ways to secure electronic voting systems is to use election equipment that creates a paper record of every vote cast. Not every state currently requires the use of paper ballots, voter-verifiable paper records of votes, or permanent paper records for voting machines, but these safeguards are widely considered the most important security measures to protect against vote tampering. Paper records enable vote tallies to be audited and confirmed manually in the event of any suspected manipulation.
- Risk-limiting audits of paper vote records to confirm electronically tallied vote counts are another best practice intended to reduce the risk of any malicious election manipulation. In a risk-limiting audit, a small sample of paper ballot records are manually tallied following an election to determine whether the breakdown of votes reflects the final tally. If a significant discrepancy is found, a larger sample of paper vote records is tallied. This process continues until the breakdown of paper votes reflects the final electronic vote tally. In this way, any persistent discrepancy between the actual vote totals will be identified through a full recount of the paper vote records.
- Basic cybersecurity hygiene measures can also be important factors for promoting the security of elections. Besides risk-limiting audits and paper vote records, several other important security measures, including securing voting equipment from physical tampering, installing software updates, disconnecting voting machines from the internet, and maintaining thorough logs of their use can further contribute to securing voting systems.
What this Means:
In November 2020, the Elections Interference Government Coordinating Council and the Election Infrastructure Sector Coordinating Executive Committee issued a joint statement calling the election on November 3, 2020, “the most secure in American history.” But even while that may be the case, there remains a need to make future elections still more secure. The very real risks posed by vulnerabilities in voting equipment and practices used by many states can be reduced through the implementation of best practices including paper records of digitally cast votes and regular risk-limiting audits. It is essential that in their eagerness to affirm the integrity of the voting process, government officials do not lose sight of the imperative to make it even harder for adversaries to hack elections and vote totals.