Our election systems are vulnerable to error, hacking, and fraud.

This may not be news to you, but it is news that the Pennsylvania Senate is seriously considering new legislation to mitigate the risks.

On March 18, the Pennsylvania Senate House committee on State Government held a hearing regarding the state of the science of securing elections from cybersecurity experts, to be considered for new legislation regarding election security. The Senate committee Chair Chris Dush and Minority Chair Amanda Cappelletti moderated testimony, including questions and answers with three distinguished experts.

It also published written contributions from several sources, including a “Suggested Principles…” document signed by 20 election security experts, which was provided to both the Senate and the House State Government committees.

Often, hearings are held, but no legislation makes it through the long process of becoming law. This one, though, may have a chance. Both Republicans and Democrats on the committee were rapt during the experts’ testimony. No one expressed reluctance to act on the recommendations.

In the hearing, a great deal of time was spent discussing the two incidences of election machine errors in Northampton County using the ExpressVote XL all-in-one ballot marking device. The errors (in two elections) were caused by a mistake in programming how the machine relates the vote entered on its screen to the wrong candidate’s vote tally. No human could verify how the votes were attributed – the paper record of the ballot printed for the voter showed the candidates who received the votes as an unreadable QR code. The ExpressVote XL is also used for Cumberland and Philadelphia Counties.

The recorded testimony and submitted documents provide eye-opening accounts of other vulnerabilities that new legislation could mitigate. I urge all citizens to view the hearing’s recording or read the 11-page linked document if you don’t have 2 hours to view the recording.

On the table are suggestions regarding exposures to (1) voting machine hacks, (2) ballot marking devices (for the disabled), (3) internet and flash drive connectivity, (4) chain of custody gaps, and (5) existing risk-limiting audits.

To summarize the suggested principles, these 20 experts stated, “The vulnerabilities inherent in technology should be counterbalanced by incorporating non-technological verification methods, such as subjecting outcomes to statistically probative audits of the paper ballots.”

The implications of vulnerabilities and mitigation recommendations are very significant.  The chain of custody for mail-in ballots is impossible to secure. These 20 experts recommend that voting should only be done by hand-marking optically scannable paper ballots in their local polling location on Election Day.

But, they recommend that the election management systems be retained and used to scan the ballots and tally the votes.

They say a chain of custody for in-person voting ballots is an exposure.  Not only is it difficult to secure, but Pennsylvania offers no standards for establishing a trusted chain of custody.

Its auditing of voting could be more effective.  In most cases, it is done by re-scanning the election’s ballots with the same machinery without any protections to prevent the “ballot pool” from being polluted by ballots being swapped or added to. The two0 percent risk-limiting audit performed a week after the election by a “return board,” statistically, will always confirm the Election Day results. There needs to be hand-counting of ballots as close to the time and location of voting as possible.

As for computer hacking, our election systems are all designed and certified to meet standards published in 2005, not the revised standards published in 2015 and 2021! Thus, they are wholly unable to stop the emerging threats our election systems face.

 

Please follow DVJournal on social media: Twitter@DVJournal or Facebook.com/DelawareValleyJournal