The 2016 election catapulted ballot security into the spotlight. Four years later, experts say our voting machines are still old and vulnerable to hackers. Now what?

Last summer, a report by the Senate Intelligence Committee concluded that Russia had attempted to interfere in election systems in all 50 states. While there is no evidence that hackers changed any votes, they certainly came too close for comfort. The report found that in Illinois, for example, Russian hackers “were in a position to delete or change voter data” in the state’s voter database.

States need tools to ensure that election results actually reflect the will of the people. Fortunately, experts say there are several measures we can take to confirm that our vote tallies are accurate – or to identify problems. This week, we take a look at two of them.

Paper Ballots
Elections may be the one area where paper is the best technology. Experts broadly agree that paper records provide the best evidence that an election went smoothly, and make a physical recount possible if necessary. The most common type of voting machine in the U.S. is the optical scan machine, which makes it easy for officials to compare the machine’s tabulation with the physical ballots that voters completed. Some other states use machines called ballot marking devices, which record votes on a computer then print a paper confirmation. In 2018, voters in 36 states and the District of Columbia cast ballots on machines that produced a paper record.

In 14 other states, however, at least some voters cast their ballots on paperless machines that provide no way to verify election results. A common type of paperless equipment is the direct-recording electronic (DRE) machine, a touch screen device that has been known to flip votes cast for one candidate to another (this is usually due to technical failure rather than malfeasance). Because DRE machines produce no physical record of a voter’s choice, checking the validity of elections that use them can be difficult, if not impossible.

“Many of the leading opponents of paperless voting machines were, and still are, computer scientists,” Barbara Simons, a computer scientist, told The Atlantic in a 2017 interview, “because we understand the vulnerability of voting equipment in a way most election officials don’t.”

As we near the 2020 presidential election, cybersecurity journalists at Politico are tracking 596 states and counties that use at least some paperless voting machines. Some jurisdictions have made significant progress since the investigation began: South Carolina and Delaware are now using paper statewide, while some counties in Pennsylvania, Texas, Florida, and a few other states have jettisoned their old voting machines. Still, 194 jurisdictions have no plans to replace their paperless machines, and another 196 have not responded to Politico’s inquires.

Risk-Limiting Audits (RLAs)
Once an election is over, officials need a way of checking for irregularities in the vote tally. Thirty-four states and the District of Columbia require some kind of post-election audit, but experts increasingly recommend a particular method called a risk-limiting audit. Advocates say this method is more accurate than the other models currently in use, and it can verify election results by counting relatively few ballots. Colorado began using RLAs in 2017, and Virginia, Rhode Island, and Nevada are rolling them out over time.

In a traditional audit, officials examine some fixed percentage of ballots to determine whether the results are accurate. But RLAs are more targeted, explain Ron Rivest and Philip Stark, two professors who have advised the U.S. Election Assistance Commission. How do RLAs work? Let’s use the 2016 presidential election as an example.

The audit would begin by checking voting results in the states Trump won. In states where Trump appeared to win by a large margin, Rivest and Stark say the process would be a quick one; just a small random sample should verify that the winner was indeed the winner. Auditing a state like Missouri, where Trump won handily, would require examining only ten ballots. But in states where the contest was closer, officials would need to check more ballots to feel confident that the results were correct. In Texas, that would mean checking about 700 ballots. In Michigan, where the race was especially close, officials would need to check tens of thousands of ballots.

Because RLAs take into account how close the initial vote tally is in a given state or district, they can provide a high degree of confidence in the final count by looking at a relatively small portion of ballots (many in Michigan but very few in Missouri). Rivest and Stark say that officials could have conducted an RLA of the 2016 presidential election by looking at only one half of one percent of all ballots cast.

While many states are making progress on election security, updating our voting systems isn’t cheap. A majority of states are using voting machines that are at least a decade old, and by one estimate, the price tag for updating that equipment is at least $1 billion.

The cost of risk-limiting audits is manageable by comparison. J. Alex Halderman, director of the University of Michigan Center for Computing and Society, says that to audit every federal election to a high degree of confidence would cost roughly $25 million a year.

Surveys show that many Americans are concerned about the safety and accuracy of our upcoming elections, especially at the national level. With voter turnout already trailing most developed nations, we can’t afford to let doubt keep people away from the polls. Safety measures like paper records and sophisticated audits can go a long way toward rebuilding confidence in our elections.

Learn More

Never Truly Offline: Election officials have long maintained that because voting machines are not connected to the internet, they are not vulnerable to hackers. But security experts say many voting machines have remote access software or use modems operating over cellular networks, giving attackers a way in – via The New York Times

Audits 2.0: Traditional audits only look at a fixed percentage of voting districts or machines, making them less precise than risk-limited audits. What are the key differences, and what issues will legislators need to address if they want to implement RLAs? – via National Conference of State Legislatures

So Easy a Child Could Do It: At the DEF CON digital security conference, an 11-year-old girl gained access to a replica of the Florida election database, a security expert demonstrated how to break into a voting machine, and much more – via This Week in Tech

Double Standard: The federal government regulates practically every industry, often extensively. But when it comes to election technology, that bureaucracy is conspicuously absent – via Fortune

Clear Recommendations: A report entitled “Securing the Vote: Protecting American Democracy” makes recommendations for securing U.S. elections.  In this short video, the co-chair of the committee that issued the report explains what officials should do to secure our ballots – via The National Academies of Sciences, Engineering and Medicine