In recent months, the security of absentee voting, widely used due to the threat of the COVID-19 pandemic, has been called into question. But are these processes any less secure than the electronic voting systems used on a “normal” election day?
Introduction to Electronic Voting System Security
Electronic voting systems come in a number of different forms. At the polls, a voter may experience a few different types of voting systems:
- Paper Ballots: Paper ballot systems have voters fill out ballots by hand with paper and pens/pencils or hole punches. These ballots may then be scanned in order to rapidly tally votes.
- Electronic Systems: Purely electronic systems allow voters to vote on a touchscreen computer. In some states, votes are only stored and tallied electronically with no backups.
- Hybrid Systems: Some systems will allow voters to cast votes with a touchscreen, then print a paper ballot for them to verify. This leaves a paper trail of their choices, however, a study indicated that 94% of voters didn’t notice that their votes had been changed.
Known Security Issues of Electronic Voting Systems
Electronic voting machines have a number of different security issues, many of them known for over a decade. The issues with electronic voting and the challenges of fixing them have been demonstrated by a number of different cases, including:
- Insecure Voting Machines: An assessment of the security of over 100 voting machines at the 2019 DEFCON conference found that all of them contained exploitable vulnerabilities, including weak default passwords, built-in backdoors, etc.
- Lack of Support for Penetration Testing: Security assessments of voting machines are limited by a lack of manufacturer support, and interpretations of the Computer Fraud and Abuse Act that make such assessments illegal. An amicus brief to the Supreme Court regarding the case advocated for limiting security research to researchers authorized by the company under test, enabling the company to conceal any findings.
- Use of Outdated Software: A survey completed in July and August 2019 of 56 election commissions and Secretaries of state found that over half of voting systems in use ran Windows Server r2 2008, which reached end-of-life January 14, 2020.
These issues point to the conclusion that a determined attacker could easily breach the US election infrastructure if they chose to do so. The fact that this has not occurred is attributed to the fact that no threat actor has chosen to do so. In fact, Russia is believed to have gained access to voter registration systems in several states in 2016 but chose not to take action on it.
However, this lack of discovered breaches may have resulted from a lack of looking for them. In 2018, Netragard performed an analysis of the Crosscheck system designed to detect voters casting multiple ballots in different jurisdictions. Based upon analysis of public information, several vulnerabilities were discovered, but they could not be followed up on because hacking election infrastructure is illegal.
After hearing of the assessment, a Kansas official claimed that our team “didn’t succeed in hacking it.” Later a different claim by another Kansas legislator claimed that a “complete scan” did not find any evidence of attackers exploiting the vulnerabilities to breach the system. This is despite the fact that no vulnerability scan could detect a breach and that no evidence exists of a digital forensics investigation occurring to identify a potential breach.
At the end of the day, the answer to the question of whether or not a hacker could breach US election infrastructure is “almost certainly”. However, no evidence exists of this occurring, potentially because no conclusive investigation has been performed.
Introduction to Mail-In Ballot Security
In most states, voting via an absentee or mail-in ballot is a two step-process. The first step is submitting an absentee ballot request. If this request is validated, an absentee ballot is sent to the voter’s registered address to be completed and returned via mail or an election dropbox.
The validation steps for absentee ballot requests and ballots vary from state to state. Each state performs at least one (and often several) of the following checks:
- Envelope Verification: A ballot is only valid if returned in the official envelope. All ballots returned in a different envelope are discarded.
- Signature Verification: Many states require a signed affidavit by the voter, and, in some states, election officials compare the signatures on the ballot and on a voter’s official registration. Mismatched signatures are the most common method by which voter fraud is detected.
- Voter Identification: Many states will require a voter to submit some form of identification with their ballot, such as a photocopy of their driver’s license or part of their Social Security Number (SSN).
- Witness Signature: Some states require the signatures of one or more witnesses or a public notary on a mail-in ballot.
Known Security Issues of Mail-In Ballots
The Heritage Foundation keeps a record of every case of alleged voter fraud that has been reported to date. This database includes a variety of different voting crimes, including fraudulent registrations, misuse of absentee voting, coercion of voters at the polls, and more. To date the Heritage Foundation has recorded 1,298 cases of alleged voter fraud between 1988 and 2020, though some of its claims are unsupported or incorrect.
Of these 1,298 cases, the Heritage Foundation claims that 207 individuals have been involved in 153 distinct cases of voter fraud that involved the use of absentee ballots. Of these cases, 39 (involving 66 individuals) have included a deliberate attempt to change the results of an election. Other cases involve people voting for a recently deceased spouse or relative, a single person voting twice in different jurisdictions, using a previous mailing address on a ballot, mailing in the ballot of a non-relative (which is illegal in many jurisdictions), and other small-scale errors or attempts at fraud.
In general, attempts to change the results of an election via mail-in voter fraud have focused on local elections with a small margin. One of the larger cases of fraud on record (Miguel Hernandez, 2017) involved an individual forging absentee ballot requests and collecting and mailing the ballots after the voters had completed them. This incident included only 700 mail-in votes, and the actual voting was performed by the authorized voters. Even if Hernandez forged the votes, the impact on a US Presidential election would be negligible.
For comparison, over 125 million votes were cast in the 2016 election. According to the Heritage Foundation, there were six attempts at absentee ballot fraud in the 2016 Presidential Election:
- Audrey Cook voted on behalf of deceased husband
- Steven Curtis (head of Colorado Republican Party) forged his wife’s signature on her ballot
- Terri Lynn Rote tried to vote twice due to her fear that the election was rigged
- Marjory Gale voted for herself and her daughter who was away at college
- Randy Allen Jumper voted twice in two different jurisdictions
- Bret Warren stole and submitted five absentee ballots that voters complained about never receiving and were allowed to cast provisional ballots
These cases are clear examples of voter fraud in the 2016 election. However, even if they were undetected and all voted the same way, ten votes are unlikely to have any impact on the election. In fact, an election commission looked into the claims of 3-5 million fraudulent votes being cast in the 2016 election. Claims were was disbanded with no findings.
Comparing Electronic Voting Systems and Mail-In Ballot Security
At the end of the day, there is no evidence of election interference or voter fraud using electronic voting machines or mail-in ballots. While six counts of misuse of absentee ballots were detected in the 2016 Presidential election, they comprised a total of ten votes.
If anything, the threat of glitches in electronic voting machines should be considered a major threat to election security. In 2019, analysis of the paper record of a “glitchy” voting machine led to the discovery that in a local Pennsylvania election, a candidate who only had 15 recorded votes actually won the election by over 1,000.
While mail-in ballots have their issues (like an overburdened postal system), electronic voting machines are much less secure and reliable. The fact that an unknown number of electronic voting systems are connected to the Internet, making them accessible to hackers and vulnerable to malware, creates a much greater exposure to election meddlers than absentee ballots, which must be physically collected and filled out to be used in fraud.