This is what secure tabulation looks like

Up to now, the Wisconsin Elections Commission’s interest in elections security has focused on the voter-registration system (WisVote), rather than the vote-tabulation system (the voting machines). When the Commission has paid attention to concerns about voting-machine security, it typically has been for only as long as it took commissioners to ask the vendors “Tell us how to refute these concerns.”

The Commission has also made a habit of limiting its own information sources. Earlier this year when they felt the need for advice on election security, they convened an Election Security Advisory Panel consisting entirely (not making this up) of county and municipal clerks. That was a revealing indication of the Commission’s level of interest in seeking advice from anyone else … say, disinterested IT professionals or highly interested voters.

This image has an empty alt attribute; its file name is CAPQuote.jpg

But the Commission’s interest in voting-machine system security may be showing signs of life.

Last week, the Commission announced the formation of a new Elections Security Council of “federal, state and local partners” that will “formalize collaboration between these key groups and the public to improve communication and maximize election security.”

As usual, the Commission’s idea of “key groups” is limited to government officials. It’s also possible their idea of ‘communication’ remains limited to outgoing messages to reassure voters that all is well.

Oh, well, it’s a start. Give the new council a chance to join the fight for voting-machine security. We’ll know more after their first meeting on October 16, when they will discuss whether and how they want to involve any stakeholders.

Realistically, though, it’s possible this new council is mostly for show. At its June 2019 meeting, the Commission responded to voters’ and experts’ concerns about the security flaws of a ballot-marking device by 1) approving sale of the machine in Wisconsin and 2) hiring a public-relations firm to reassure voters with a $341,000 campaign paid with federal election-security funds. For that amount of money, the firm should darn well have advised the Commission of the PR value of something like this new council.

It’s also possible the new council will — as the Commission itself has always done — focus its efforts exclusively on the voter registration system (WisVote) rather than voting-machine system security. Nothing in the press release specifically indicated the Commission is looking to expand its election-security efforts beyond WisVote.

Nevertheless, just in case this council represents an awakening, its members should know what a secure tabulation system would look like.

So here’s a welcome gift to the new Elections Security Council:
A list of what would be in place if our voting-machine system was secure.

Most of the elements listed below are common sense, not rocket science. It’s just sensible, prudent management of a highly critical IT system. Some elements are present for Wisconsin. Others are missing. State and local election officials cannot create all the missing elements, which means they need to look for ways to make up for their absence.

If any members of the new council are curious to know which of these elements are in place and which are missing, multiple nationallyrespected electionsecurity authorities stand ready to share critical insights. Those experts’ interest in security is unaffected by financial interests and by any reflexive defense of the status quo.

In a secure vote-tabulation system:

Voting equipment manufacturers would…

  • Manufacture only those systems that are as secure as possible given current technology and customers’ budgets.
  • Manufacture only systems that allow voters to verify that their votes were recorded accurately on paper (verified ballots), and that allow local officials to verify the votes were tabulated accurately (auditable ballots).
  • Cooperate fully with the federal Department of Homeland Security monitoring of the companies’ own computers and security practices.
  • Cooperate fully with state and local governments’ security requirements.

The federal government would…

  • Promulgate strong, clear, and frequently updated regulations for secure, auditable voting systems, and for the independence of private testing labs.
  • Actively and rigorously apply those regulations when certifying new systems or updates.
  • Actively monitor and enforce compliance with those regulations.

The state government would…

  • Through law and regulations, implement strong security and auditability requirements for voting systems used in this state, and rigorously enforce those through certification.
  • Provide guidance and technical assistance to local governments related to voting-machine system security, so that vendors are not their customers’ only source of information and advice.
  • Adopt laws and regulations for local governments’ voting-system security practices.
  • Monitor local compliance with required voting-system security practices, and have the ability to correct poor practices.
  • Coordinate strong post-election tabulation audits, involving all the counties’ boards of canvassers, that verify the correct winners in all statewide races before certification.

County government election officials would…

  • Follow federal and state requirements for securing county elections-management system hardware and software.
  • Have professional IT staff capable of and assigned to working with the voting-system vendor on security-related matters. (If not county staff, an independent contractor who is unaffiliated with voting-machine sales and service.)
  • On Election Night, obtain electronic election records (including CVR and digital ballot images) from municipalities. Maintain strong internal control and to support voter confidence and ballot security, post digital ballot images to the internet within 24 hours of poll closing.
  • During the county canvass, use the paper ballots to verify that the computers identified the correct winners. If problems are found, correct results before certification.
  • Between elections, audit various election-security practices and take action to improve whenever any issues are found.

Municipal government election officials would…

  • Maintain year-round strong internal control of marked and unmarked ballots; other election records (e.g., CVR, digital ballot images); and voting-system hardware and software.
  • Maintain equipment according to manufacturer recommendations. Routinely and reliably inspect equipment inside and out for signs of tampering or malfunction; take action to correct any issues noted.
  • Conduct strong pre-election testing of both tabulators and ballot-marking devices; take action to correct any problems noted. Make sure all voting machines are equally reliable and operable.
  • Train election workers in how to maintain security; how to notice trouble signs; how to document and respond to trouble signs or lapses.
  • Monitor performance of elections workers to ensure that no bad habits develop, that any departures from standard procedures are quickly noted and corrected.

Voters would…

  • Volunteer to serve as poll workers and hand-counters for audits.
  • Pay attention to election security issues, getting neither too excitable nor too complacent.
  • Be willing to hold their local officials accountable for verified accurate election results.

Journalists are awakening!

June 14, 2017 —  Over the past five years, I’ve read every commercial media story I could find regarding election technology.  Sadly, that has not been a big job. Few reporters ever mentioned the risks, and those who did tended to interview only election officials. The typical news item would hint ‘some are concerned’ and then quote some official saying “We see no evidence of problems.” The question of whether the officials had been monitoring for problems–or whether they even knew how to–was left unasked and unanswered.

But recently, I am noticing progress in commercial news media’s coverage of the risks of elections technology. America’s reporters are catching up with millions of citizens and all IT professionals. They are realizing that computerized elections have risks, and that IT experts understand those risks better than election officials do.

That’s not the only recent improvement. Some reporters have noticed the solution, too. This morning I saw a news story in national mainstream media that went beyond hand-wringing over the risks and mentioned routine election verification.

Under the headline If Voting Machines Were Hacked, Would Anyone Know?, NPR’s Pamela Fessler gave listeners the answer: No.  Then instead of musing about hypothetical alternate technologies, she finished the piece with a plug for routine election audits. A few weeks ago, the Atlantic also had a good article focusing on election audits, with the subtitle “A low-tech solution to America’s voting problems.”

Don’t get me wrong. We are still not seeing the sort of explanatory or investigative journalism that our elections deserve. But things are looking up. Commercial journalists have finally found the phone numbers of election-technology experts. In recent weeks, Reuters turned to the University of Michigan’s Alex Halderman and ABC News quoted the University of Iowa’s Douglas W. Jones.

Even a city reporter, Kristian Torres of the Atlanta Journal-Constitution, now knows to pick up the phone to interview Princeton’s cybersecurity expert, Edward W. Felten, when she has questions about elections technology. A local lawsuit there challenged Georgia’s failure to preserve an auditable paper trail.

But when the same opportunity (that is, renowned experts explaining the local angle on a topic of national interest) presented itself to Wisconsin journalists, they missed the opportunity. Last November, when three crème de la crème national experts testified in Dane County Court, Wisconsin reporters focused on mundane, predictable angles, such as the cost of the recount.

The currently trending issue–Russian hacking–might blow over, but I don’t think the improvement in reporters’ understanding of the larger issues will fade. National-beat journalists are truly waking up to this issue.  So it’s only a matter of time before state and local journalists, too, bring some gravitas to their reporting on the topic.

I’m optimistic that we will see fewer formulaic stories approvingly quoting a clerk saying “It’s all good because we have no evidence of miscounts.” I’m looking forward to seeing more actual IT experts quoted.

And I can’t wait to hear Wisconsin officials’ answers after the next election when for the first time they face a reporter who asks, “Got it–no evidence of hacking. Now can you show us the evidence of accuracy?”