Wisconsin’s Election Security Council sees the gorilla.

The first meeting of the Wisconsin Elections Commission’s new Election Security Council was both reassuring and scary.

First, the good news. I’m genuinely not sure whether WEC created the council more to promote belief in security or to promote security itself. But whatever WEC’s intention, the members of the new council are there to promote security.

They uniformly exhibited a desire for actual security. Understandably, they showed some legitimate interest in appearances, but their primary concern seemed to be for real security.

Hang on to that idea as I describe the bad news. I do think intention matters.

The second piece of good news is that the members did not seem to share—even slightly—WEC’s hesitance to include voters on the council. (See note at the end of this post.)

A bit of background: the state election agency’s longstanding attitude toward citizen participation is not normal. After 30 years working as a state bureaucrat in three agencies and auditing dozens of others for the legislature, I know “normal.” Even agencies running unpopular programs like septic-tank regulation or state-forest timber harvest seek citizen participation as a routine matter of course.

In contrast, the WEC runs a popular function—people like elections—and yet they hide under their desks when someone mentions voter participation. I’ve never understood why; it makes no sense. I sincerely think that, overall, their objectives are in line with those of the voters.

Fortunately, the council members know normal. When WEC administrator Meagan Wolfe asked whether they wanted to add voter representatives to the council, the members’ brief discussion can be summarized: “Well, duh.”

The representative from the Wisconsin Counties Association, whose name I didn’t catch, pointed out that legislative advisory councils routinely include representatives from citizen groups. Then, after Wolfe said she would bring a detailed proposal for selecting voter representatives to the next meeting, Governor Evers’ representative, Jenny Dye, said that would be too late. The council’s work was “already short on public input,” she said, and it wouldn’t do to have the public members miss the first two meetings. WEC agreed to work out the details and get voters’ representatives to the table by the council’s December meeting.

Okay, now the bad news.

The level of naivete in the room was frightening. Among the utterances that made me shudder:

  • In the limited discussion of specific threats to election security, I heard reference only to external hackers. I detected no awareness that insider corruption (e.g., a rogue employee of a voting-machine company) is the single greatest threat to vote-counting security—one that our election clerks have no reliable defense against. When a representative from the Wisconsin Statewide Intelligence Center listed the threats to look for, he described only external threats. Later, WEC Assistant Administrator Richard Rydecki explained to me that was because external threats are the only ones WSIC has noticed. Well … yes … that is why the other threats are more serious. Wisconsin officials don’t have any way to detect unauthorized remote-control software in the county election-management computers or dicey Serbian programmers working for Dominion.
  • Hearing Mike Davis from the League of Wisconsin Municipalities open his question with “I don’t know much about elections administration, but…” Yikes! Municipalities run Wisconsin’s elections! (On the other hand: his ‘but…’ led into a question about what we do with our paper ballots—displaying that he has good intuitive sense about how we could be securing our elections from that rogue programmer or service technician.)

Ignorance doesn’t have to be a problem. No one was born knowing this stuff. They can learn.

However, WEC’s conduct of the meeting gave me some concern that the council members might not get the education they need.

Put it this way: If you convened a new council to get advice on election security, how would you have opened the first meeting? If it had been me, I would have started by describing the basic elements of a secure election system. Then, I would have given the council a quick overview of Wisconsin’s strengths and weaknesses vis-a-vis these elements–which are covered, and where are the weak spots or holes?

Instead, WEC staff presented a rosy overview of all the good things. When they were done, I’m guessing some council members were wondering why they were there, given that things are already as good as can be.

Wolfe wasn’t making stuff up–a lot of good security measures are already working. She was leaving stuff out—specifically, stuff relating to voting machines.

One fact is critical to understanding election security: Two separate systems must be secured. (See the chart below). These two systems have practically no overlap. They have different creators and different owners. They operate on different computers, managed by different agencies. They face different threats and require different safeguards.

WisVote–the voter-registration system–is secure, thanks to the good, hard work of the state elections agency. I wouldn’t trade our voter-registration system for any other in the nation.

Security for the vote-tabulation system–that is, our voting machines–is closer to an honor system.

Yet Wolfe danced over the tabulation system so lightly I’m not even sure she said the words “voting machine.” For example, one of her Powerpoint slides listed the steps in an “End-to-end Election Administration System.” The list went right from “prepare the poll lists” to “report results to the State.” I wonder whether any of the council members noticed the missing step: “Count the votes.”

I’ve seen this tunnel-vision focus on WisVote security from WEC staff many times before. Whenever they are asked about “election security” (with or without specific reference to voting machines), they respond by describing safeguards that protect only the WisVote system. Dozens of reporters have failed to notice.

But for some reason, I didn’t expect it to be on full display in the meeting today. Perhaps I was thinking that creating an advisory council was something like going to a therapist. You want help, right? So be honest about the problems that bring you there.

(Spoiler alert. If you’ve never taken the selective perception test where you watch a brief video and count the number of times a white-shirted team passes a basketball, do that before reading further. I don’t want to spoil anyone’s opportunity to experience this phenomenon firsthand.)

I’m not a mind reader and so cannot say how much of this relentless tunnel vision on WisVote security is strategic, and how much stems from the fact that tabulation-system security is simply not the WEC’s job.

But as I listened, I started to see WisVote as WEC’s white-shirted basketball team. They are so intently focused on it—absolutely, fully engrossed—that they cannot see the gorilla that is the tabulation system.

Here’s my best hope, and I think it’s a real possibility: I think this council might be able to provide WEC staff with more guidance and education than they realize they need.

After WEC staff had shared all the lovely information about WisVote security, they turned the microphone over to the council members. They asked each member to say a few words about their organization and describe how they see their role in election security over time.

The county clerks went first—and promptly ignored the instructions. Instead, they immediately started to talk about voting-machine security and the fact that they are not getting the IT support they need. Then the League of Municipalities representative popped in with his question about the role of paper ballots in securing election results.

The WEC staff may not see the gorilla, but it was the first and only thing council members wanted to talk about.

In summary, this seems like a good bunch of sensible people. In addition, on my way out, I had a quick but solid discussion with Rydecki about some nuts-and-bolts details regarding the sort of risk-limiting audits that could work to secure Wisconsin election results.

So progress is underway, and I’m okay with that.

* * *

NOTE: After reading this blog post in mid-November, Assistant Administrator Richard Rydecki reached out to explain what had appeared to me to be WEC’s hesitance to include members of the voting public on the new Election Security Council. Our conversation was easy and pleasant and provides a window into WEC’s thinking about its various stakeholders.

The idea to form such a council is not new. In early 2019, the WEC created its first election-security advisory committee, limiting membership to county and municipal clerks. So in March, both Wisconsin Election Integrity and the League of Women Voters of Wisconsin publicly urged the WEC to seek election-security advice from additional stakeholders. We suggested that they either expand that committee to include public representatives (particularly those with security expertise), or to form a separate election-security advisory group with broader membership.

I cannot speak for the LWV-WI, but WEI received no response. If the WEC gave the proposal even momentary consideration, it was quickly forgotten. Rydecki made no mention of it when he explained that the idea for this new election-security advisory council arose in June, in discussion among government officials at a Department of Homeland Security training exercise.

Apparently, the officials who proposed its creation did not mention anything at the time about public members. Nevertheless, Rydecki said, WEC staff did consider how public input might be handled. Some clerks “were not terribly enthused” about having public members on the Council and might not have agreed to participate if public members were included.

One option, according to Rydecki, was that officials’ trepidation might be accommodated by allowing a short period for public comment at the beginning of each meeting, as the Elections Commission itself does.

But ‘professional courtesy’ required WEC staff to refrain from making a ‘unilateral decision’ on how or whether anyone who is not a government official would participate. So WEC formed the council exclusively with government officials and then presented it with the question of how or whether it would have public participation.

I’ll let the reader decide whether that information supports or contradicts the observations I made, above, about WEC’s attitude about citizen participation.

Leave a Reply

Your email address will not be published. Required fields are marked *