Ensuring a Paper Trail for Elections

Most elections infrastructure in state and local governments are over a decade old. The aging electronic systems present unique threats that many state and local governments are not equipped to handle.

A bipartisan group of senators proposed legislation that seeks to investigate and eliminate cybersecurity vulnerabilities posed by electronic voting machines. The proposal, called the Secured Elections Act, is sponsored by Senators James Lankford (R., OK), Kamala Harris (D., CA), and others. The SEA attempts to address some of the problems discovered during the 2016 presidential election and other problems experts have warned about for years.

Many states made the switch from paper ballots, or similar, to electronic voting machines in the early- to the mid-2000s. Some states opted for machines that either produced a paper record or read paper ballots, with the latter known as optical scan machines. Some states opted for purely electronic machines known as Direct Recording Electronic (DRE), which produce no paper record.

After more than a decade, a number of states still have and use the machines they purchased using grants from the 2002 Help America Vote Act (HAVA). HAVA was, in large part, the federal government’s response to the 2000 Bush versus Gore recount nightmares in Florida. The electronic machines, almost all of which were purchased before 2006, were supposed to increase accuracy and reporting times, decrease voter confusion and generally make elections more efficient.

With the machines more than a decade old now, bad actors have had plenty of opportunities to locate vulnerabilities and develop plans to attack those vulnerabilities. Because of the machines’ ages, elections officials face a different nightmare scenario than they did in 2000. Instead of endless recounts, elections officials face threats including machine malfunctions and cyber attacks. Machine malfunctions include faulty touch screens and complete failure leading removal from service on election day, leading to long lines and delays. Similarly, cyber attacks include bad actors or foreign governments seeking to improperly influence elections by targeting voting systems, state election systems and the companies that help support the process.

The Secured Elections Act seeks to balance states’ authority and local government authority for administering elections with the federal interest both in protecting the integrity of federal elections and in preventing bad actors from improperly influencing the outcome of future elections. It does so both by inviting states and local governments to participate in the process of setting security standards and by encouraging states to purchase more secure voting machines and modernize election audit laws.

A couple highlights of the SEA are:

• Establishing grants for states to access to modernize their elections infrastructure. There are two types of grants in this section. The first type of grant prioritizes the retirement of DRE machines in states where a large percentage of votes are only electronically recorded. This type of grant permits states, like Pennsylvania, to replace DRE machines with machines having, or producing, a paper trail. The second type of grant is primarily to encourage states to adopt guidelines that will be promulgated by an advisory panel. States can use the funds, for example, to improve hardware or software systems, or improve election administration. For both types of grants, states will have to spend some money—a form of putting skin into the game.
• Establishing an advisory panel of independent experts on election cybersecurity. The panel would include representatives from state and local elections officials. The purpose of the panel would be to advise elections officials regarding election cybersecurity, including ideal standards for “procuring, maintaining, testing, auditing, operating and updating of elections systems.” The panel would also assist with the grant program described above.

Aging election infrastructure places the integrity of elections at stake. The older machines and software get, the more vulnerabilities researchers, bad actors and foreign nations find. Congress is taking the first step in an important discussion on how to secure our elections. And the importance is quite telling since the Secured Elections Act enjoys rare, bipartisan support.