Up to now, the Wisconsin Elections Commission’s interest in elections security has focused on the voter-registration system (WisVote), rather than the vote-tabulation system (the voting machines). When the Commission has paid attention to concerns about voting-machine security, it typically has been for only as long as it took commissioners to ask the vendors “Tell us how to refute these concerns.”
The Commission has also made a habit of limiting its own information sources. Earlier this year when they felt the need for advice on election security, they convened an Election Security Advisory Panel consisting entirely (not making this up) of
But the Commission’s interest in voting-machine system security may be showing signs of life.
Last week, the Commission announced the formation of a new Elections Security Council of “federal, state and local partners” that will “formalize collaboration between these key groups and the public to improve communication and maximize election security.”
As usual, the Commission’s idea of “key groups” is limited to government officials. It’s also possible their idea of ‘communication’ remains limited to outgoing messages to reassure voters that all is well.
Oh, well, it’s a start. Give the new council a chance to join the fight for voting-machine security. We’ll know more after their first meeting on October 16, when they will discuss whether and how they want to involve any stakeholders.
Realistically, though, it’s possible this new council will — as the Commission itself has always done — focus its efforts exclusively on the voter registration system (WisVote) rather than voting-machine system security. Nothing in the press release specifically indicated the Commission is looking to expand its election-security efforts beyond WisVote.
Nevertheless, just in case this council represents an awakening, its members should know what a secure tabulation system would look like.
So here’s a welcome gift to the new Elections Security Council:
A list of what would be in place if our voting-machine system was secure.
Most of the elements listed below are common sense, not rocket science. It’s just sensible, prudent management of a highly critical IT system. Some elements are present for Wisconsin. Others are missing. State and local election officials cannot create all the missing elements, which means they need to look for ways to make up for their absence.
If any members of the new council are curious to know which of these elements are in place and which are missing,
In a secure vote-tabulation system:
Voting equipment manufacturers would…
- Manufacture only those systems that are as secure as possible given current technology and customers’ budgets.
- Manufacture only systems that use or produce ballots that voters have verified as accurate records of their intent, and that allow local officials to verify the votes were tabulated accurately.
- Cooperate fully with the federal Department of Homeland Security monitoring of the companies’ own computers and security practices.
- Cooperate fully with state and local governments’ security requirements.
The federal government would…
- Promulgate strong, clear, and frequently updated regulations for secure, auditable voting systems, and for the independence of private testing labs.
- Actively and rigorously apply those regulations when certifying new systems or updates.
- Actively monitor and enforce compliance with those regulations.
The state government would…
- Through law and regulations, implement strong security and auditability requirements for voting systems used in this state, and rigorously enforce those through certification.
- Provide guidance and technical assistance to local governments related to voting-machine system security, so that vendors are not their customers’ only source of information and advice.
- Adopt laws and regulations for local governments’ voting-system security practices.
- Monitor local compliance with required voting-system security practices, and have the ability to correct poor practices.
- Coordinate strong post-election tabulation audits, involving all the counties’ boards of canvassers, that verify the correct winners in all statewide races before certification.
County government election officials would…
- Follow federal and state requirements for securing county elections-management system hardware and software.
- Have professional IT staff capable of and assigned to working with the voting-system vendor on security-related matters. (If not county staff, an independent contractor who is unaffiliated with voting-machine sales and service.)
- On Election Night, obtain electronic election records (including CVR and digital ballot images) from municipalities. Maintain strong internal control and to support voter confidence and ballot security,
post digitalballot images to the internet within 24 hours of poll closing.
- During the county canvass, use the paper ballots to verify that the computers identified the correct winners. If problems are found, correct results before certification.
- Between elections, audit various election-security practices and take action to improve whenever any issues are found.
Municipal government election officials would…
- Maintain year-round strong internal control of marked and unmarked ballots; other election records (e.g., CVR, digital ballot images); and voting-system hardware and software.
- Maintain equipment according to manufacturer recommendations. Routinely and reliably inspect equipment inside and out for signs of tampering or malfunction; take action to correct any issues noted.
- Conduct strong pre-election testing of both tabulators and ballot-marking devices; take action to correct any problems noted. Make sure all voting machines are equally reliable and operable.
- Train election workers in how to maintain security; how to notice trouble signs; how to document and respond to trouble signs or lapses.
- Monitor performance of elections workers to ensure that no bad habits develop, that any departures from standard procedures are quickly noted and corrected.
- Volunteer to serve as poll workers and hand-counters for audits.
- Pay attention to election security issues, getting neither too excitable nor too complacent.
- Be willing to hold their local officials accountable for verified accurate election results.