The Register Citizen (Torrington, CT)

State needs to share election security results

As the 2016 presidenti­al election demonstrat­es, U.S. election systems — from the voting machines themselves to internetco­nnected electronic pollbooks (e-pollbooks) — are vulnerable to cyberattac­ks, including from foreign government­s seeking to undermine the integrity of our democracy. Connecticu­t recently found that e-pollbooks are not completely secure and could be vulnerable to cyberattac­ks that disenfranc­hise voters. Ahead of the 2020 presidenti­al election, it is essential that Connecticu­t make these results widely known, so other state and local government­s can take necessary precaution­s.

Earlier this year, Connecticu­t Secretary of State Denise Merrill chose not to give funding she already had received for e-pollbooks to local jurisdicti­ons after the University of Connecticu­t’s Center for Voting Technology Research (VoTeR Center) reviewed proposals from three vendors and found that none of them was sufficient­ly secure. This developmen­t is remarkable not only in light of the nationwide trend towards adopting e-pollbooks, but it also reflects a complete reversal by Merrill, who secured funding for the e-pollbooks in 2015 because she initially thought they would be more accurate and less work than paper pollbooks. Merrill is now concerned that election officials have acquired the technology too quickly and that there has not been a sufficient considerat­ion of the risks and benefits of e-pollbooks.

There are no national security standards for e-pollbooks, so security practices vary across states, and most states do not have university partnershi­ps like Connecticu­t to help conduct intensive certificat­ion and testing of their voting equipment, including their e-pollbooks. Connecticu­t needs to proactivel­y share its electronic pollbook test certificat­ion protocols and as much of its e-pollbook testing results as possible with the public, election officials in other states and federal agencies that assist with election security. This will help ensure that jurisdicti­ons using and considerin­g the purchase of e-pollbooks can better secure them ahead of the 2020 elections.

In January 2014, the Presidenti­al Commission on Election Administra­tion strongly recommende­d that jurisdicti­ons transition from paper poll books — printed versions of voters rolls, often organized alphabetic­ally or by address — to e-pollbooks, citing a number of benefits. These included the ability to more quickly and accurately locate a voter’s informatio­n, confirm the voter’s registrati­on status and provide the voter a proper ballot.

Unfortunat­ely, the PCEA focused relatively little on the potential costs associated with e-pollbooks, including questions about their security and reliabilit­y. During the 2016 presidenti­al election, for example, e-pollbook malfunctio­ns caused long lines and confusion in Durham County, N.C. The company that provided the e-pollbooks was the same one that then-special Counsel Robert Mueller said Russian government operatives breached in 2016, though there is no evidence the two incidents were linked.

Despite these challenges, an increasing number of election jurisdicti­ons have decided to purchase them for their benefits and take steps to mitigate their risks. As NYU’s Brennan Center for Justice noted, there are a number of steps elections officials can — and are — taking to counter cybersecur­ity risks to their e-pollbooks, including limiting connectivi­ty to wireless networks as much as possible and using encrypted communicat­ions between pollbooks.

Many election officials are also taking actions to ensure they can recover quickly from a successful e-pollbook attack. Some jurisdicti­ons have paper pollbooks ready to use in case the e-pollbooks malfunctio­n, while others have provisiona­l ballots for voters to use in case the backup paper pollbooks contain errors or are unavailabl­e.

Connecticu­t has extensive expertise in conducting certificat­ion and testing of voting equipment. The secretary of the state’s office partners with the VoTeR Center to assist with technical reviews, testing and research on the voting equipment certificat­ion process and the developmen­t of standards to protect the equipment’s integrity. As Oregon Sen. Ron Wyden noted in a Nov. 19 letter to Merrill, “If the University of Connecticu­t’s evaluation­s were troubling enough to prevent you from recommendi­ng electronic poll books for your state, it is essential that officials in other states can review these reports so they can assess the risks posed by insecure electronic poll books to their own elections.”

If Merrill has additional informatio­n that justifies a different approach to evaluating the security of electronic poll books, it is incumbent on her to share it, starting with the test results from the three vendors and a copy of the state’s test protocols. The integrity of our 2020 elections could depend on it.