July 6, 2022
The Honorable Nellie Gorbea
Secretary of State
82 Smith Street
Providence, RI 02903
Dear Secretary Gorbea:
Recently Governor Daniel McKee signed S 2118 Sub A and S H 6656–An Act Relating to Elections–Mail Ballots, into law. As you know, the legislation will allow certain voters to use an online portal to return their voted ballots. The new statute, § 17-20-6.1(e)(3), requires that any implementation of the online portal must be “Approved by the Secretary of State.” We strongly urge you to not approve any system for the electronic return of ballots.
The risks associated with electronic ballot return are too great at this time. This is not just our conclusion, it is the unanimous conclusion of the election security community, including the National Academies of Science, Engineering, and Medicine, the federal government, and the Rhode Island Board of Elections, among others.
In 2020, the Federal Bureau of Investigations (FBI), Elections Assistance Commission (EAC), National Institute of Standards and Technology (NIST), and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement which said, “the digital return of a voted ballot by the voter, creates significant security risks to the confidentiality of ballot and voter data (e.g., voter privacy and ballot secrecy).” They concluded, “If election officials choose or are mandated by state law to employ this high-risk process, its use should be limited to voters who have no other means to return their ballot and have it counted.”1
17-20-6.1 will allow electronic return for a population far greater than “voters who have no other means to return their ballot.” At the legislative hearing, a representative of the Governor’s Commission on Disabilities testified that 24% of all Rhode Islanders identify as having a disability, meaning that if it is in effect nearly one quarter of all Rhode Islanders who would be able to vote using this technology.
The new law allows for the technology to be used if the technology has one or more independent cybersecurity reviews, meets a cybersecurity standard of NIST, and is approved by your office. NIST does not certify voting systems, the EAC does, and both agencies signed the statement urging states not to employ this technology. The legislation is deliberately worded to present a false sense of security.
Rhode Island has been a national leader in election security since it adopted the use of paper ballots in 1996. In 2017 we became only the second state in the nation to adopt the “gold standard” of election audits, risk-limiting audits; yet, expanding electronic ballot return jeopardizes our ability to conduct those audits effectively. If you fully implement this new law, election security will be seriously and critically threatened in Rhode Island.
Common Cause Rhode Island
President & CEO
- CISA Memo, 2020. https://www.politico.com/f/?id=00000172-9406-dd0c-ab73-fe6e10070001 [↩]