Voting by Mail: A Markov Chain Model for Managing the Security Risks of Absentee Voting

The scrutiny surrounding vote-by-mail (VBM) in the United States has increased in recent years, highlighting the need for a rigorous quantitative framework to evaluate the resilience of the absentee voting infrastructure. This paper addresses these issues by introducing a dynamic mathematical modeling framework for performing a risk assessment of VBM processes. We introduce a discrete-time Markov chain (DTMC) to model the VBM process and assess election performance and risk with a novel layered network approach that considers the interplay between VBM processes, malicious and nonmalicious threats, and security mitigations. The time-inhomogeneous DTMC framework captures dynamic risks and evaluates performance over time. The DTMC model accounts for a spectrum of outcomes, from unintended voter errors to sophisticated, targeted attacks, representing a significant advancement in the risk assessment of VBM planning and protection. A case study based on real-world data from Milwaukee County, Wisconsin, is used to evaluate the DTMC model. The analysis includes hypothetical worst-case attack scenarios to stress-test VBM processes and to assess the efficacy of security measures and the impact of different attack timings. The analysis suggests that ballot drop boxes and automatic ballot notification systems are crucial for reducing the attack surface to ensure secure and reliable operations.

Funding: This work was supported by the National Science Foundation [Grant 2000986].