Lessons Unlearned: Misguided Efforts in the Guise of Election Security

With the dust settled on the 2020 United States presidential election, an election that had the highest voter turnout of the 21st century [1] and was praised as the “most secure in American history” by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) [2], now is the time to reflect on how elections are conducted, the impact of expanded mail voting, and how to further ease the burdens to enable all Americans with the right to vote to participate in this most fundamental democratic process. Of course, this must be done in the context of maintaining the security and integrity of the election and its results, as election interference is a continued goal of U.S. adversaries [3].

Unfortunately, progress isn’t always linear. In the wake of record voter participation that saw nearly half of all voters (46%) reporting voting by either absentee or mail ballot [4], mail voting showed no specific political party benefited [5], no evidence of widespread election fraud [6], nor any compromise of voting systems [7]. Even so, several statewide efforts are underway to limit and/or make mail voting in future elections more difficult [8-10]. Further, these proposed, and in some cases newly passed, statewide election laws fail in supporting and securing the election process in two ways: 1) mail voting is secure with existing processes in place to ensure integrity; and 2) election poll workers are the vital, overlooked and under-resourced component guarding election security and integrity.  

Mail-in Voting

Voting by mail isn’t new [11]. It has had a history of very few legitimate cases of election fraud out of “literally billions of votes cast” [12] and has been extensively used as a primary method of voting in several states prior to the COVID-19 pandemic. For example, Oregon, Washington and Colorado have fully conducted elections by mail since at least 2013 [13], and Hawaii and Utah planned to hold the 2020 elections entirely by mail even before COVID-19. According to a U.S. Election Assistance Commission report, at least three additional states (Arizona, California and Montana) had a majority of voters vote by mail during the 2016 U.S. presidential election [14]. Indeed, academic research bears out the security of mail voting.

In our research, we have investigated voting-by-mail processes to identify new potential threats, develop a revised attack tree, and, using an established assessment framework, determine the relative likelihood of each mail-voting attack tree scenario [15]. Further, we developed process models for mail voting and mapped all cyber, physical and insider threats to the process [16, 17]. The results from these research efforts identify threat scenarios and provide election officials insight on how voting system vulnerabilities develop, as well as when and where to employ mitigating security measures. Furthermore, the fundamental conclusion is that broadening voter access, through distributed mail voting, makes the election process more difficult and unlikely to exploit in an impactful way [18].

The Importance of Poll Workers

That is not to say we should do nothing to continuously improve the security and integrity of our elections processes, whether it be in-person or mail voting. Our research also found that a majority of the mail voting threat scenarios are tied to insider actions [15], not to those of external malicious actors or voters. Like many systems and processes, facilitating elections involves many process insiders (e.g., elections officials, poll workers, observers, auditors, etc.). The nearly 1 million election poll workers who help operate the more than 110,000 polling locations across the U.S. [19] are the public facing, first line of defense in elections security and are critical in ensuring elections security and integrity.

Yet, the highly seasonal, temporary nature of election poll workers is often overlooked in light of elections security and integrity. As trusted insiders to the election process, poll workers directly interact with and manage election infrastructure [20] (e.g., voting systems, polling places) that the Department of Homeland Security deemed to be critical national infrastructure in 2017. As such, poll workers need to be able to identify and prevent election security threats, either intentional or accidental, that could compromise the security or integrity of votes. Unfortunately, election poll workers receive very little or no training specific to identifying the cyber, insider and physical threats that can occur during elections [21]. In some cases, election poll workers are hired as late as Election Day.

To address this, our ongoing research has partnered directly with several Boards of Elections to develop, pilot, evaluate and implement training modules specific for election poll workers [21]. Adopting a “see something, say something” approach, the training modules have been shown to improve poll workers’ awareness of the cyber, physical and insider threats specific to election processes [21].

Sadly, local Boards of Elections’ budgets remain so limited that they’ve simply been unable to address such training on a widespread basis, and election security-specific training widely varies amongst counties. Simply stated, given the important role that election poll workers play in the election process, patchwork, homegrown, local solutions to election security training for poll workers does not suffice. For those state lawmakers that are truly interested in improving the security and integrity of our elections, they need to prioritize their efforts and resources on election poll worker training and not on making the voting process more difficult.

Democracy is predicated on the fact that we must learn from our past to form a more perfect union. The 2020 U.S. presidential election saw record turnout and expanded mail voting in what was the “most secure in American history” [2]. Thus far, several states’ efforts are ignoring the lessons learned following this election cycle and directing legislation and resources to efforts that will inhibit democratic participation and not actual election process threat scenarios.

References

1. https://www.census.gov/library/stories/2021/04/record-high-turnout-in-2020-general-election.html
2. https://www.cisa.gov/news/2020/11/12/joint-statement-elections-infrastructure-government-coordinating-council-election
3. Eric Tucker and Aamer Madhani, 2021, “US expels Russian diplomats, imposes sanctions for hacking,” AP News, April 15, https://apnews.com/article/us-expel-russia-diplomats-sanctions-6a8a54c7932ee8cbe51b0ce505121995.
4. https://www.pewresearch.org/politics/2020/11/20/the-voting-experience-in-2020/
5. Nicholas Riccardi, 2021, “Study: No partisan benefit from mail voting in 2020 election,” AP News, March 5, https://apnews.com/article/donald-trump-coronavirus-pandemic-elections-voting-cfde3aa17d7cecb9e1f2d58f3582dd0d.
6. Michael Balsamo, 2020, “Disputing Trump, Barr says no widespread election fraud,” AP News, Dec. 1, https://apnews.com/article/barr-no-widespread-election-fraud-b1f1488796c9a98c4b1a9061a6c7f49d.
7. https://www.census.gov/library/stories/2021/04/record-high-turnout-in-2020-general-election.html
8. “A look at the changes in Florida’s election laws,” AP News, May 6, 2021, https://apnews.com/article/florida-voting-rights-voter-registration-elections-election-2020-4fbb4676378536d39311dd958a1fefc8.
9. Acacia Coronado, 2021, “Texas GOP’s voting restriction bill passes House,” AP News, May 7, https://apnews.com/article/donald-trump-texas-bills-voting-health-93713455d3bce1959f55a12c287a5e51.
10. Ben Nadler and Anila Yoganathan, 2021, “Georgia House passes GOP bill rolling back voting access,” AP News, March 1, https://apnews.com/article/senate-elections-bills-legislation-elections-georgia-842d9ad16a78901322f4b952f6c0d8dd.
11. https://www.history.com/news/vote-by-mail-soldiers-war
12. https://www.washingtonpost.com/opinions/2020/04/09/trump-is-wrong-about-dangers-absentee-ballots/
13. https://en.wikipedia.org/wiki/Postal_voting_in_the_United_States#In_states
14. https://eac.gov/sites/default/files/eac_assets/1/6/2016_EAVS_Comprehensive_Report.pdf
15. M. Scala et al., 2021, “Evaluating mail-in security for electoral processes using attack trees,” submitted for publication.
16. Locraft, P. Gajendiran, M. Price, N.M. Scala and P.L. Goethals, 2019, “Sources of risk in elections security,” Proceedings of the 2019 IISE Annual Conference, May 18-21.
17. M. Scala et al., 2021, “A process map and risk assessment for mail-based voting,” Proceedings of the 2021 IISE Annual Conference, May 23-25.
18. https://youtu.be/kzhyKqGYZA0
19. https://www.eac.gov/documents/2017/11/15/eavs-deep-dive-poll-workers-and-polling-places
20. https://www.dhs.gov/topic/election-security
21. M. Scala et al., 2020, “Empowering election judges to secure our elections,” Baltimore Business Review: A Maryland Journal, pp. 8-12.