Does Our Vote Count? The Safest Way to Hold an Election
Election security has been a major issue since the 2020 U.S. election. Policymakers and members of the public must take several concrete steps to ensure that elections are secure and free from interference.
June 29, 2023 10:47 am (EST)
- Post
- Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.
Recently, many questions have been raised about our elections. If we want to increase confidence in our elections and make them more secure, we need to provide election officials with the resources they need, improve the cybersecurity of elections, properly check that our votes are accurately counted, and embed the best principles for democracy in our election regulations and guidelines.
First, even though they are the cornerstone of our democracy, elections are notoriously underfunded. Most citizens think that election officials have to deal with only a very small number of elections, such as the midterms and presidential elections. But in fact election officials typically are responsible for many other elections, such as primaries and local ballot initiatives, that require considerable resources. We need to provide significantly more funding, especially as election officials are increasingly being challenged to demonstrate the accuracy and security of elections.
More on:
While there are many legitimate questions about elections, during the past few years election officials of both parties have been subjected to an unprecedented level of intimidation and threats. It's disturbing, but not surprising, that, according to a recent Brennan Center study, roughly one in nine have resigned since the 2020 election, and another 11 percent are likely to leave their jobs before the 2024 election. That means that in addition to increased funding for elections, we must provide resources for election officials so that they can do their jobs without fear for themselves and their families.
Second, computers have been widely integrated into our elections, but most election officials have little to no access to computer or cybersecurity expertise. Even if they did, implementing secure voting online is currently impossible. In 2018, the National Academies of Science, Engineering, and Medicine wrote in Securing the Vote: Protecting American Democracy, “We do not, at present, have the technology to offer a secure method to support internet voting. It is certainly possible that individuals will be able to vote via the internet in the future, but technical concerns preclude the possibility of doing so securely at present.”
As the Academies’ report explains:
Malware–malicious software that includes worms, spyware, viruses, Trojan horses, and ransomware–is perhaps the greatest threat to electronic voting. Malware can be introduced at any point in the electronic path of a vote–from the software behind the vote-casting interface to the software tabulating votes–to prevent a voter’s vote from being recorded as intended.
The Department of Homeland Security, FBI, Election Assistance Commission, and National Institute of Standards and Technology (NIST) subsequently concurred with the Academies’ statement.
Given these serious threats, how could a local election official protect her voting system from attack by a powerful nation-state that wants to affect the outcome of the election? It's an impossible task, especially since most people don’t have the technical knowledge to evaluate the security of election systems, leaving the door open for charlatans to propose faux solutions.
More on:
An example of a fake solution is the assertion that blockchains can make online voting secure because they use blockchains. In fact, a blockchain is simply a relatively safe structure for storing data. If the votes stored in a blockchain have been modified via a cyberattack or an unscrupulous insider, the blockchain will store those sham results, and no one will be the wiser. As the National Academies report states, “blockchain technology does little to solve the fundamental security issues of elections, and indeed, blockchains introduce additional security vulnerabilities.” This is the case even without unscrupulous online voting companies attempting to buy positive press, hype up blockchains, and bury embarrassing security failures.
Unfortunately, there are well intentioned individuals who are actively advocating for various insecure forms of remote electronic voting–including voting online via email, fax, a web portal, or a mobile phone app. In supporting the use of voting over the internet, they ignore or are unaware of the fact that all forms of online voting have been analyzed and found insecure by virtually all cybersecurity experts for the past twenty years.
Third, there is some good news. Election cybersecurity has been steadily improving since the watershed years of 2012 and 2016, after which influence operations from Russia caused state and local officials to begin listening to cybersecurity experts and fixing the most obvious vulnerabilities. The general consensus across the board for all but election deniers is that the 2020 elections were the most secure we’ve had so far, but there are more improvements to be made. Also, most of the country is using the best type of voting systems for checking the accuracy of the results: hand marked paper ballots with computerized ballot marking devices for those who need them, and post-election risk limiting audits of the paper ballots to check the results. Risk limiting audits, which are based on statistics, are the gold standard for conducting post-election ballot audits that validate the initial results or correct them if they’re wrong. You can think of them as being like an exit poll, except that instead of querying the voters, the risk limiting audit queries the ballots. Unlike voters, ballots don’t lie.
Fourth, here are the actions we think policymakers should engage in to keep our elections secure. Policymakers should update election laws to stay current with the use of computers in our elections. That means requiring voter marked paper ballots and post-election risk limiting audits to check on the scanners (which are also computers), as well as total manual recounts for extremely close elections. It’s also important that those ballots be protected by a strong chain of custody.
In addition, state election laws need to be updated to demonstrate the understanding that voting won’t be done on a single day. Tracking mechanisms for mail-in ballots should be implemented so voters know when their ballots have been received and counted, and states should accept late-arriving but appropriately-postmarked ballots to ensure our service members overseas have time to participate in the democracy they’re defending.
To sum up, our understanding of the tools and policies that are required for safe, accurate, and accessible elections has grown over the past two decades. While the national trend has been positive, there still is much work to be done. No matter what party we belong to, each of us must do all that we can to protect election officials and prevent the replacement of legitimate election officials with individuals whose goals conflict with running unbiased elections.
A good way to learn more about our elections is to become a poll worker. It's a long and tiring day, but you should do it. If we all familiarize ourselves with the voting laws of our states and work to improve them, including updating them to reflect the realities of modern elections, elections will become increasingly resilient and trustworthy for us all.
And, of course, vote!
Barbara Simons is the Board Chair of Verified Voting and a member of the Board of Advisors of the Election Assistance Commission.
Tarah Wheeler is a Senior Fellow for Global Cyber Policy at the Council on Foreign Relations and the CEO of Red Queen Dynamics, Inc.
The views expressed here are personal and do not reflect the policy or position of any entity or organization.