On March 23rd, Congress allocated $380 million to states to upgrade election security. This is a positive development. In the age of unprecedented hacking risks, researchers have found that electronic voting infrastructure — including voting machines and registration databases — have serious vulnerabilities. While there’s no evidence that vote totals were hacked in 2016, there’s strong evidence that hackers have been testing the waters.
While federal funding can help states address these issues, simply upgrading or replacing election infrastructure is not sufficient. It is essential that states work with the Department of Homeland Security or other trusted providers to scan their systems for cyber vulnerabilities, and follow best practices identified by computer scientists, national security leaders, and bipartisan experts in elections administration to mitigate hacking risks. On March 20, the Senate Select Committee on Intelligence released its long-awaited recommendations on election security and concluded that requiring paper ballots, banning wireless components and implementing statistically sound audits of election results are essential safeguards. Last year, a group of 100 leading computer scientists and other election administration experts voiced the same conclusion. Through years of researching voting equipment security in real election administration environments, the National Institute of Standards and Technology (NIST) has come to similar conclusions about what it will take to defend elections.
As you begin to make use of the new federal funding, we strongly urge you to follow best practices identified by these and other leading experts for election security:
(1) Replace paperless voting machines with systems that count a paper ballot — a physical record of the vote that is out of reach from cyberattacks.
(2) Conduct robust post-election audits in federal elections. Congress explicitly requested that states “implement a post-election audit system that provides a high-level of confidence in the accuracy of the final vote tally” as part of its report language accompanying the Omnibus. Well-designed audits involve election officials checking only a small random sample of the voters’ choices on paper ballots so that they can quickly and affordably provide high assurance that the election outcome was accurate.
(3) Upgrade systems to ensure that states’ election websites, statewide registration systems, and election night reporting systems are defended against threats of intrusion and manipulation.
(4) Prohibit wireless connectivity in voting machines to limit vulnerabilities to hacking risks.
(5) Train and educate election officials at all levels on how they need to incorporate security into their elections practices.
We, the undersigned, believe that these represent sensible and cost-effective solutions to the rising challenges of election security. We urge you to take steps to safeguard elections using these proven best practices.
NCR Professor of Computer Science and Engineering, University of South Carolina
Former Secretary of Homeland Security
President, Lawyers’ Committee for Civil Rights Under Law
Former Commissioner of Elections, Virginia
David L. Dill
Donald E. Knuth Professor, Emeritus, in the School of Engineering, Stanford University
Senior Fellow, German Marshall Fund
Karen Hobert Flynn
President, Common Cause
Former Secretary of State, Kentucky
Professor of Computer Science, University of Michigan
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy and Technology
General Michael Hayden (Ret.)
Former Director of the National Security Agency and Director of Central Intelligence
David Jefferson (Ret.)
Lawrence Livermore National Laboratory
Douglas W. Jones
Department of Computer Science, University of Iowa
Former Deputy Director of the National Security Agency
Ambassador Douglas Lute (Ret.)
Former US Ambassador to NATO, Lieutenant General, US Army
Former Acting Director and Deputy Director of the Central Intelligence Agency
Deputy Director, Democracy Program, Brennan Center for Justice at NYU School of Law
President, Americans for Tax Reform
Senior Fellow, Brookings Institution
Senior Advisor at Democracy Fund; Former Member of the Presidential Commission on Election Administration
National Election Defense Coalition
Former Secretary of State, Minnesota
Ronald L. Rivest
MIT Institute Professor
Former Member of Congress (R-MI); Chair of the House Intelligence Committee
Director, Alliance for Securing Democracy
Senior Fellow, R Street Institute; Former Deputy Assistant Secretary of Homeland Security for Policy
Former Director for Defense Strategy at the National Security Council
President, Verified Voting Foundation; Former Deputy Secretary of Elections and Administration, Pennsylvania Department of State
Fellow and Lecturer, Harvard Kennedy School and Berkman-Klein Center for Internet and Society
Co-Founder and Senior Fellow, Institute for Critical Infrastructure Technology
Lt. Col. Tony Shaffer (Ret.)
Vice President, London Center for Policy Research
IBM Research (Ret.); Board Chair, Verified Voting Foundation
Rev. DeForest Soaries
Former Chair, Election Assistance Commission
Admiral James Stavridis (Ret.)
Former NATO supreme Allied Commander
President and CEO, Center for American Progress
Former Secretary of State, West Virginia
Poorvi L. Vora
Professor of Computer Science, The George Washington University
Dan S. Wallach
Professor of Computer Science, Rice University
President, Public Citizen
Former Deputy US Chief Technology Officer
*Affiliations listed for Identification Purposes Only