February 16, 2024
Maryland House of Delegates
Ways and Means Committee
Maryland State House
Annapolis, MD 21401
Verified Voting Urges Rejection of House Bill 775
Dear Chair Atterbeary and Committee Members,
On behalf of Verified Voting, I write in opposition to House Bill 775, which would allow electronic return of voted ballots. Verified Voting is a nonpartisan nonprofit organization whose mission is to strengthen democracy for all voters by promoting the responsible use of technology in elections. Since our founding in 2004 by computer scientists, we have acted on the belief that the integrity and strength of our democracy rely on citizens’ trust that each vote is counted as cast. With this in mind we oppose allowing voted ballots to be returned electronically through insecure means.
Four federal government agencies have concluded in a recent risk assessment that electronic ballot return is “High” risk, even with security safeguards and cyber precautions in place. The agencies warn that electronic ballot return “faces significant security risks to the confidentiality, integrity, and availability of voted ballots,” and that these risks can “ultimately affect the tabulation and results and can occur at scale,” and explicitly recommends paper ballots.1 The risk assessment was issued by the Federal Bureau of Investigation (FBI), the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), the U.S. Elections Assistance Commission (EAC) and the National Institute for Standards and Technology (NIST).
At a time where the integrity and veracity of election results are continuously called into question, it would not be prudent to ignore the security warning issued by the four government agencies charged with protecting our nation’s election infrastructure.
We recently learned that “the F.B.I., working with other countries, disrupted a Russian hacking operation that infiltrated more than 1,000 home and small-business internet routers in the United States and around the world.”2 This is just another example, in a long string of examples, of how the U.S. is under persistent threat from bad actors attempting to disrupt our critical infrastructure, including election infrastructure, and must be ever vigilant in pushing back on such actions.
It is our understanding that an amendment to this bill may be offered which includes replacing electronic ballot return with a process whereby voted ballots are transmitted through the use of a removable media device or flash drive. We acknowledge the creative approach in attempting to ease the burden of access but we must also caution moving too quickly. Some of the same risks of electronic ballot return exist with a process that has the voter inserting a flash drive into their personal computer and then that same flash drive being inserted into a computer at the election office. The presence of malware on the voter’s personal computer or device could wreak havoc if that malware is transmitted to the election office through the flash drive with the voted ballot on it. If the state of Maryland is interested in exploring how to deploy a voting process that includes removable media, we urge this committee to bring together experts, including election security, computer security, and network security experts, to study this issue and report back to the committee with findings and potential standards prior to engaging in an unproven way to cast ballots.
We would welcome the opportunity to provide you—or other lawmakers—further information about the technical aspects and unavoidable and severe inherent risks of electronic ballot return or be a part of a study or workgroup about a flash drive voting process.
At a time when election security and public confidence are under relentless attack, Maryland should not rely on insecure technology for voters that produces unprovable election results. Again, we urge you to vote “no” on HB 775 and reject any other proposal that includes electronic return of voted ballots.
Respectfully submitted,
C.Jay Coles
Senior Government Relations Associate
-
1 U.S. Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, National Institute of Standards and Technology and the U.S. Election Assistance Commission, Risk Management for Electronic Ballot Delivery, Marking, and Return 1 (2020), available at https://www.cisa.gov/resources-tools/resources/risk management-electronic-ballot-delivery-marking-and-return.
-
2 See https://www.nytimes.com/2024/02/15/us/politics/hacking-russian-intelligence-routers.html.