The Register Citizen (Torrington, CT)
State needs to share election security results
As the 2016 presidential election demonstrates, U.S. election systems — from the voting machines themselves to internetconnected electronic pollbooks (e-pollbooks) — are vulnerable to cyberattacks, including from foreign governments seeking to undermine the integrity of our democracy. Connecticut recently found that e-pollbooks are not completely secure and could be vulnerable to cyberattacks that disenfranchise voters. Ahead of the 2020 presidential election, it is essential that Connecticut make these results widely known, so other state and local governments can take necessary precautions.
Earlier this year, Connecticut Secretary of State Denise Merrill chose not to give funding she already had received for e-pollbooks to local jurisdictions after the University of Connecticut’s Center for Voting Technology Research (VoTeR Center) reviewed proposals from three vendors and found that none of them was sufficiently secure. This development is remarkable not only in light of the nationwide trend towards adopting e-pollbooks, but it also reflects a complete reversal by Merrill, who secured funding for the e-pollbooks in 2015 because she initially thought they would be more accurate and less work than paper pollbooks. Merrill is now concerned that election officials have acquired the technology too quickly and that there has not been a sufficient consideration of the risks and benefits of e-pollbooks.
There are no national security standards for e-pollbooks, so security practices vary across states, and most states do not have university partnerships like Connecticut to help conduct intensive certification and testing of their voting equipment, including their e-pollbooks. Connecticut needs to proactively share its electronic pollbook test certification protocols and as much of its e-pollbook testing results as possible with the public, election officials in other states and federal agencies that assist with election security. This will help ensure that jurisdictions using and considering the purchase of e-pollbooks can better secure them ahead of the 2020 elections.
In January 2014, the Presidential Commission on Election Administration strongly recommended that jurisdictions transition from paper poll books — printed versions of voters rolls, often organized alphabetically or by address — to e-pollbooks, citing a number of benefits. These included the ability to more quickly and accurately locate a voter’s information, confirm the voter’s registration status and provide the voter a proper ballot.
Unfortunately, the PCEA focused relatively little on the potential costs associated with e-pollbooks, including questions about their security and reliability. During the 2016 presidential election, for example, e-pollbook malfunctions caused long lines and confusion in Durham County, N.C. The company that provided the e-pollbooks was the same one that then-special Counsel Robert Mueller said Russian government operatives breached in 2016, though there is no evidence the two incidents were linked.
Despite these challenges, an increasing number of election jurisdictions have decided to purchase them for their benefits and take steps to mitigate their risks. As NYU’s Brennan Center for Justice noted, there are a number of steps elections officials can — and are — taking to counter cybersecurity risks to their e-pollbooks, including limiting connectivity to wireless networks as much as possible and using encrypted communications between pollbooks.
Many election officials are also taking actions to ensure they can recover quickly from a successful e-pollbook attack. Some jurisdictions have paper pollbooks ready to use in case the e-pollbooks malfunction, while others have provisional ballots for voters to use in case the backup paper pollbooks contain errors or are unavailable.
Connecticut has extensive expertise in conducting certification and testing of voting equipment. The secretary of the state’s office partners with the VoTeR Center to assist with technical reviews, testing and research on the voting equipment certification process and the development of standards to protect the equipment’s integrity. As Oregon Sen. Ron Wyden noted in a Nov. 19 letter to Merrill, “If the University of Connecticut’s evaluations were troubling enough to prevent you from recommending electronic poll books for your state, it is essential that officials in other states can review these reports so they can assess the risks posed by insecure electronic poll books to their own elections.”
If Merrill has additional information that justifies a different approach to evaluating the security of electronic poll books, it is incumbent on her to share it, starting with the test results from the three vendors and a copy of the state’s test protocols. The integrity of our 2020 elections could depend on it.