LetterVerified Voting Letter

Download PDF

February 16, 2024 

Maryland House of Delegates 

Ways and Means Committee 

Maryland State House 

Annapolis, MD 21401 

Verified Voting Urges Rejection of House Bill 775 

Dear Chair Atterbeary and Committee Members, 

On behalf of Verified Voting, I write in opposition to House Bill 775, which would allow  electronic return of voted ballots. Verified Voting is a nonpartisan nonprofit organization  whose mission is to strengthen democracy for all voters by promoting the responsible use of  technology in elections. Since our founding in 2004 by computer scientists, we have acted  on the belief that the integrity and strength of our democracy rely on citizens’ trust that each  vote is counted as cast. With this in mind we oppose allowing voted ballots to be returned  electronically through insecure means. 

Four federal government agencies have concluded in a recent risk assessment that  electronic ballot return is “High” risk, even with security safeguards and cyber precautions in  place. The agencies warn that electronic ballot return “faces significant security risks  to the confidentiality, integrity, and availability of voted ballots,” and that these risks  can “ultimately affect the tabulation and results and can occur at scale,” and explicitly  recommends paper ballots.1 The risk assessment was issued by the Federal Bureau of  Investigation (FBI), the Department of Homeland Security’s Cybersecurity Infrastructure  Security Agency (CISA), the U.S. Elections Assistance Commission (EAC) and the National  Institute for Standards and Technology (NIST).  

At a time where the integrity and veracity of election results are continuously called into  question, it would not be prudent to ignore the security warning issued by the four  government agencies charged with protecting our nation’s election infrastructure. 

We recently learned that “the F.B.I., working with other countries, disrupted a Russian  hacking operation that infiltrated more than 1,000 home and small-business internet routers  in the United States and around the world.”2 This is just another example, in a long string of  examples, of how the U.S. is under persistent threat from bad actors attempting to disrupt  our critical infrastructure, including election infrastructure, and must be ever vigilant in  pushing back on such actions.  

It is our understanding that an amendment to this bill may be offered which includes  replacing electronic ballot return with a process whereby voted ballots are transmitted  through the use of a removable media device or flash drive. We acknowledge the creative  approach in attempting to ease the burden of access but we must also caution moving too  quickly. Some of the same risks of electronic ballot return exist with a process that has the  voter inserting a flash drive into their personal computer and then that same flash drive  being inserted into a computer at the election office. The presence of malware on the  voter’s personal computer or device could wreak havoc if that malware is transmitted to the  election office through the flash drive with the voted ballot on it. If the state of Maryland is  interested in exploring how to deploy a voting process that includes removable  media, we urge this committee to bring together experts, including election security,  computer security, and network security experts, to study this issue and report back  to the committee with findings and potential standards prior to engaging in an  unproven way to cast ballots.  

We would welcome the opportunity to provide you—or other lawmakers—further information  about the technical aspects and unavoidable and severe inherent risks of electronic ballot  return or be a part of a study or workgroup about a flash drive voting process.  

At a time when election security and public confidence are under relentless attack,  Maryland should not rely on insecure technology for voters that produces unprovable  election results. Again, we urge you to vote “no” on HB 775 and reject any other proposal  that includes electronic return of voted ballots. 

Respectfully submitted, 

C.Jay Coles 

Senior Government Relations Associate

  1. 1 U.S. Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, National Institute of  Standards and Technology and the U.S. Election Assistance Commission, Risk Management for Electronic Ballot  Delivery, Marking, and Return 1 (2020), available at https://www.cisa.gov/resources-tools/resources/risk management-electronic-ballot-delivery-marking-and-return.  
  2. 2 See https://www.nytimes.com/2024/02/15/us/politics/hacking-russian-intelligence-routers.html