Jump on this chance to improve Wisconsin election security!

Friday, March 30, 2018 – In defense of our right to self-government, please contact the Wisconsin Elections Commission in the next few days to tell them: Include routine election auditing in Wisconsin’s application for federal election-security funding.

Chances like this don’t come along very often. Congress sits on its hands for years, ignores problems, messes around, and then–when an issue is hot–throws some money at the states and says “Spend it quick!”

When that happens, states need to be able to grab the money and spend it on something worthwhile.

That is just what has happened with election security. Voters have been warning, shouting, complaining, and worrying for years about the dangers of poorly managed election technology, and then all of a sudden Congress awoke and leapt out of bed. (Thank you, Vladimir!) Last Friday, Congress passed a federal budget bill that includes $380 million for grants to the states for improving election security.*

Just short of $7 million of that is earmarked for Wisconsin–pending the Wisconsin Elections Commission’s submission of a plan for spending it.

Thirteen states should definitely spend their money to replace unauditable voting machines–the kind that don’t use or create a paper record of each ballot. But that’s not Wisconsin’s problem. Paperless vote-counting computers have always been illegal here.

Wisconsin’s big election-security hole–where we lag most other states–is not that our elections are unauditable. Wisconsin elections are simply unaudited.

Wisconsin is in relatively good shape on most other aspects of election security. The WEC has done a good job with those systems they control, which are the voter-registration system and the ‘canvass reporting system,’ the automated system that counties use to report results they have already counted and certified. In addition to having respectable security, both these systems also have effective backup in case of manipulation or failure. With same-day registration at the polls, hackers have to ask themselves how much effort they are going to waste deleting Wisconsin voters’ registrations when we will be able immediately to vote anyway, with only about five minutes’ re-registration inconvenience. And the canvass reporting system kicks in only after our votes have already been counted in the polling places and municipal clerks’ offices. Any hacking of that would be easily detectable and reversible, even without a serious audit effort.

But Wisconsin has no more security for our voting machines than any other state that uses paper ballots, and a paper trail is merely decorative if the ballots are sealed on Election Night and never seen again.

Our elections’ biggest unprotected vulnerability is that our county boards of canvass make a habit of declaring election results final without lifting a finger to check to see whether the vote-counting computers counted our votes correctly. That practice is justifiably illegal in 25 states (26 if you count D.C.) and contrary to every national election authority’s recommendation.

The practical solution: Wisconsin law provides county election officials with paper ballots and allows them to check accuracy before they certify, but they choose not to. The problem isn’t time or money. Wisconsin’s county clerks have as much time for the canvass as their counterparts in states that do audit, and modern election-audit methods are so efficient they could almost be funded from petty cash.

So we can only guess why our county officials continue to force us to trust our franchise to unaudited computer output–something they wouldn’t tolerate for a millisecond from their banks and ATMs. My best guess is that they’ve been allowed to ignore that basic managerial responsibility for so long that they fear they will find a host of problems when they start to look. Look at the panic this county official exhibited as she refused an observer’s request for verification during the 2016 recount. That level of distress looks to me like she knew the machines’ unreliability would be revealed if she allowed verification, so she refused to hand count “even five ballots.” And she was right: the machines were, in fact, miscounting and were later decertified by the Wisconsin Elections Commission.

What voters need to do: 
Contact the WEC and tell them that you want them to include funding for routine audits during the county canvass in Wisconsin’s federal grant application. WEC staff are up to date on national election-administration trends, and I believe they understand the need for, and practicality of, routine election audits. In addition, I sense that WEC Commissioners are favorably disposed to effective election audits and will do the right thing if enough citizens express interest and support.  

You can:

  • Tweet to @WI_Elections to say that you want to see county election audits in the application for federal funding;
  • Email Chair Mark Thomsen and Administrator Meagan Wolfe at elections@wi.gov. 
  • Snail-mail them at Wisconsin Elections Commission,  P.O. Box 7984, Madison, Wisconsin 53707-7984, with copies to U.S. Election Assistance Commission, 1335 East West Highway, Suite 4300, Silver Spring, MD 20910, and to Jill Lau, Chair, Wisconsin County Clerks Association, 421 Nebraska St, Sturgeon Bay, Wisconsin  54235.

If you want to do more, you can use these web-contact forms to tell Senator BaldwinSenator Johnson, and the US Election Assistance Commission that they, too, should encourage the WEC to seek funds for election auditing in Wisconsin.

Also, please, tell other voters about this so that they, too, can weigh in for election audits. The WEC hardly ever gets any citizen input on election security issues, and they will definitely sit up and take notice if they get a lot now. So go for it!

—-

* It would be unfair to accuse every member of Congress of inaction. Wisconsin’s very own Mark Pocan introduced an excellent elections-security bill, the Secure America’s Future Elections (SAFE) Act a year ago. As other representatives wake up to the issue, it’s still collecting new co-sponsors. If you live outside Wisconsin’s Second Congressional District, contact your congressperson today and ask them to sign on. If  you live in Rep. Pocan’s district, tell him “Thank you!”

Wisconsin’s county clerks need a better story

Main point: Wisconsin’s elections officials have been telling themselves a simple story–“The only threat to election results is Internet hacking, so we can keep elections safe just by keeping the voting machines unconnected.”

There’s an equally simple–but more true–story they could be telling themselves: “We don’t have the power to prevent every type of miscount, but we can keep elections safe anyway by using the paper ballots to detect and correct miscounts, regardless of cause.”


February 21, 2018  — In a recent newspaper article, I wrote that election officials should check the accuracy of our computer-tabulated election results as routinely as city treasurers check our computer-tabulated property tax bills.

That proposal is uncontroversial. Every national election expert promotes routine audits. So do other authorities, such as the US Department of Homeland Security. When presented with the idea that election clerks should verify the right winners before they declare election results final, every voter responds with either “Well, duh” or a wide-eyed “You mean they don’t do that now?!?!”

Wisconsin election officials, however, think that all the rest of us are wrong about that. In response to my article, I received the following email from the county clerk in a mid-sized Wisconsin county:

“Good afternoon, Ms. McKim: Please tell me if a piece of Wisconsin certified equipment has ever been hacked, or how one could even attempt to hack said equipment.  The equipment used in my county is never connected to the Internet. It’s not even connected to our county network. Unless someone has figured out a way to hack through the unit’s power cord, our equipment is basically unhackable.”

Except for that last word, my correspondent’s few facts are correct. It’s the same argument that county clerks have used for yearsLet’s review a few additional facts. You won’t need to be an IT security expert or a Russian hacker to see the possibilities…

First, Wisconsin’s county clerks need to know that voters don’t want their votes miscounted for any reason–not hacking, not human error, and not machine malfunction. Even if we believe you that you’ve perfected the world’s only unhackable computers, that’s no reason to fail to check of any other type of miscount.

Hacking might be a risk, but mistakes and malfunctions are a reality. Our voting machines are operated by a  lightly trained and lightly supervised temporary workforce. None get more than four days of on-the-job experience every year. Even the election managers—the municipal and county clerks—work only part-time on that task. The 2016 presidential recount—for most election officials, a once-in-a-career opportunity to check their work—revealed that more than 1 in every 170 votes were incorrectly certified in the original canvass—mostly because of human error.

My correspondent and his fellow clerks also know that electronic malfunctions have already miscounted Wisconsin votes. They know voting machines are manufactured to be affordable for local government budgets. Many are old. Among all the businesses and government offices you enter in a year, the polling place is where you are most likely to encounter a 10- or even 20-year-old computer. They know that just last year, the Wisconsin Elections Commission had to decertify one model of voting machine because it was so unreliable it failed to detect up to 30% of the valid votes in individual precincts–in an actual election, not a test.

And when it comes to tampering, they know that many insiders have both means and opportunity—even without an Internet connection. Private companies manufacture Wisconsin’s vote-counting computers, and independent service companies maintain them. Those companies do not allow anyone to inspect the software, updates, and patches they install.

And no one has the ability to enforce good security practices. No state or federal official oversees either the local officials’ or the companies’ internal security. If the computers used by the private companies to update the voting-counting software had poor security, no one but the companies and hackers would know.

Between elections, the voting machines themselves reside in storage rooms all around the county. They are also off limits to inspection. I once asked another county clerk if he had ever inspected them for unauthorized wireless communications chips—something professionals warn about. That clerk told me that such an inspection would void the machines’ warranty. (Update: See the first comment below. The day after I wrote this blog post, the New York Times reported that county clerks in Pennsylvania–who DID have their elections technology independently inspected–discovered that ES&S technicians had installed unauthorized remote communications capacity.)

My correspondent knows all that. And yet he proclaims, on faith, that the vote-counting software exists in a state of virginal purity as each Election Day dawns.

I don’t believe this county clerk is stupid. I’d bet my mortgage he would know better than to patronize a bank where managers employ only temporary staff; rely on antiquated equipment; refuse to audit unless a customer pays the cost of a full recount; and proclaim the ATMs are always accurate merely because they are not connected directly to the Internet.

And aside from his resistance to rigorous auditing, I see no signs he is corrupt. So what is he thinking?

Like most other normal human beings, he might not be thinking anything.

Walter Fisher, of the Annenberg School for Communication, has studied the question: Why does thinking explain so little of our behavior? He concluded we are guided more by narratives—stories we tell ourselves—than by logical reasoning.

OnlyHackers.jpg

The human brain is a marvelous organ, but continuously encounters more twists and turns than it can process with its reasoning faculties.

So it invents stories. Some are true, some are false. But all are oversimplified because that’s their function—to help our brains make simple sense of complexity, to help us feel we’re in control.

My correspondent’s story fits that description: “Only one thing can produce incorrect vote totals: Internet hacking. So if we just keep voting machines offline on Election Day, our elections will be safe from hackers.”

Human error, malfunction, and insider corruption would complicate this narrative, so they are excluded. Not mentioned. Not seen.

County clerks have reason to embrace that narrative. Election administration is only one of their jobs, and they have only a few staff. The workforce on which they depend consists mainly of people who are hired by and report to someone else: municipal clerks; temps hired by the municipal clerks; and county canvassers sent by the two major political parties.

The county clerks’ own education and experience tends to be clerical or political, not managerial or technological. And because the State Constitution assigns certain duties only to them—no one else—they’re on their own. They are elected officials without a manager who can train and coach them, or share the blame when something goes wrong.

Sensible voters need to help our election managers switch to a new narrative. It needs to be simple. It needs to be clear.

It needs to give them courage to face up to their responsibilities as prudent managers of elections technology. I propose this one:

“As local election officials, we have the paper ballots and we control the canvass procedures. 

If we just use those to check that we’ve identified the right winners, our elections will be safe from every risk.”