The Iowa caucuses debacle was a reminder of some of the most important principles in election security, among them that transparency in elections is important, paper ballot backups are crucial to ensuring an accurate count, voting should not take place on smartphone apps, and running elections should be left to professionals. But missing from the round-the-clock media coverage was another valuable lesson from Iowa: Private tech companies are central to our elections, and our failure to engage in real oversight of their practices leaves our elections vulnerable to breakdown and attack.
The reporting in the aftermath of Iowa identified a 6-month-old private tech company called Shadow as the supplier of the failed app at the root of the mess. In an attempt to help precinct captains report out three separate sets of results, the Iowa Democratic Party had paid Shadow $60,000 to develop an app to convey the vote totals. Precincts would take and upload pictures of results, which would go to party headquarters. But on caucus day, the app failed, as did backup phone lines. This prompted many to ask how something as important as reporting vote totals in a presidential election could be left in the hands of a shoestring tech company. The follow-up question should have been: What are the controls on private vendors that sell the equipment and technology that run our elections?
Election officials from across the country buy much of their election infrastructure from private vendors. These companies build and maintain registration databases. They create election websites that explain how to register and where to vote. They manufacture and configure voting machines. Yet unlike vendors in sectors the federal government has designated as “critical infrastructure”—like defense and energy—companies in the election technology space operate under very little federal regulation. While voting systems face some functional requirements through voluntary submission to federal testing and certification, vendors themselves are largely free from oversight.
That leaves the public—and election officials—in the dark about key information. For example, vendors don’t have to disclose whether or not they’re controlled by foreign nationals, share information about the supply chain for parts they use, or reveal their employee screening and cybersecurity practices. Vendors aren’t even required under federal law to report if they’ve been hacked.
There needs to be more oversight of these critical players in our elections. While state and local governments are primarily responsible for running elections, only the federal government has the resources and constitutional responsibility to ensure that the more than 8,000 local election jurisdictions can safeguard federal elections from insecure vendor practices.
Unfortunately, comprehensive federal oversight is not likely to happen in the next nine months. So what can be done to protect our elections in 2020?
A lot. Most important of all, state and local election officials must double down on resiliency plans to detect and recover from cyberattacks or malfunctions with critical systems like electronic poll books and voting machines.
Consider the elections happening on Super Tuesday. In many polling places, poll workers will use electronic poll books, laptops, or tablets (generally built and maintained by private vendors) instead of paper lists to look up voters as they arrive. When they function properly, electronic poll books expedite the administration process and shorten lines. But when they fail, they can bring polling locations to a standstill. Of the 14 states holding primaries on Super Tuesday, 11 use electronic poll books. (The exceptions are Maine, Oklahoma, and Vermont.)
Every state that uses electronic poll books should ensure that paper backups are required in the polling place. That way, if the electronic poll books fail or show inaccurate information, poll workers can turn to the backup to process voters, instead of forcing them to wait hours for the problem to be fixed, or turning them away, as happened in Indiana in 2018 and Durham County, North Carolina, in 2016.
Voting machines also need contingency plans in case of failure. Three voting system vendors control about 90 percent of the voting machine market, and these and other private companies program the files needed for those systems to function.
Most jurisdictions use optical-scan voting machines as their primary polling place equipment. For these systems, voters fill out a paper ballot by hand. So even if the scanner that reads the ballots goes down, voters can still vote, and poll workers can store their completed ballots until machines are fixed or count them after the polls close.
That’s not true in the 20 states where a significant number of voters use electronic voting machines to directly mark or cast their ballots. In those states, including many counties in the Super Tuesday states of Arkansas, California, North Carolina, Tennessee, Texas, and Utah, voting machine breakdowns mean voters have no way to fill out their ballots if election officials haven’t supplied the polling place with emergency paper ballots. That’s why the Brennan Center, where we work, has recommended such states require emergency ballots for two to three hours’ worth of peak voting activity. It is critical that all polling places in these states that use such machines have enough emergency paper ballots to get them through system failures; too many have failed to make that a requirement in the past.
Finally, all states should conduct postelection audits that can spot software errors in vote tallies and fix them. These audits entail a manual check to ensure that the voting machines recorded votes accurately, performed before certifying election results. Officials compare some percentage of paper records to the vote tally reported by the voting system software. Half of all states require such audits.
Nearly 90 percent of Americans vote on paper ballots or systems that produce redundant paper records of their votes, and that includes voters in all Super Tuesday states except Texas and Tennessee (where some but not all voters will vote on paper). But paper ballots only add security if we use them to check and correct the software on the voting machines that report vote totals.
None of these resiliency recommendations cost much money or require new technology. Given everything we know—from the warnings of intelligence officials to the lack of vendor oversight—these preparations are the least we can do to ensure all Americans can vote with confidence this year.