WASHINGTON — With less than 41 weeks until the 2020 presidential election, Congress continues to grapple with the challenge of election vulnerability.
At a January hearing on voting security, lawmakers from both sides of the aisle pressed voting systems CEOs on the security of their machine design and company practices.
“Why do you consider to sell a machine we all know puts the integrity of our voter’s ballot at risk?” asked Rep. George Kenneth Butterfield, D-N.C., as he questioned Hart InterCivic CEO Julie Mathis, emphasizing that a paperless direct-recording electronic ballot-casting device is still being sold by the Austin-based voting systems vendor.
“We actually believe our DREs are secure,” said Hart InterCivic President and CEO Julie Mathis. “We have had those products federally certified. ”
But election security expert Juan Gilbert of the University of Florida recommended phasing out paperless voting, citing potential security risks.
“At this time, any election that is paperless is not secure,” he said in his testimony to congressional leaders. “Elections should be conducted with human-readable paper ballots …recounts and audits should be conducted by human inspection of the human-readable portion of the paper ballots.”
On June 27, the House passed a bill that would require that all voting machines include “the use of an individual, durable, voter-verified paper ballot of the voter’s vote.”
In addition, some experts have expressed concerns that the systems can have bugs. In November 2018, several voters complained to Texas election officials that their votes had been switched by a Hart InterCivic’s eSlate machine.
“The malfunction can lead to straight-ticket Democratic voters casting a ballot for Republican Sen. Ted Cruz if they don’t review and correct their ballot before pressing the red cast button,” said the Texas Democratic Party in a statement.
Over 10 years earlier, the Texas Democratic Party filed a lawsuit against the secretary of state because the eSlate machines failed to record straight-party votes accurately.
The Election Assistance Commission is tasked with testing and certifying voting systems under the Help America Vote Act of 2002, which lawmakers said was outdated for current demands.
The agency did receive a substantial increase in funding after a 2019 report showed the commission’s budget for salaries and administration had declined from a high of $18 million in 2010, to just $8 million in 2019.
Donald Palmer, commissioner of the Election Assistance Commission, said that new funding will be used to add staff in the agency’s Testing and Certification program, which will help the EAC handle security updates while “while fulfilling its other duties of conducting
training for election administrators, performing on-site audits of voting system manufacturing and test lab facilities, and overseeing a Risk-Limiting Audit assistance program.”
Almost 70 million American votes are counted through machines by Election Systems & Software, which is based in Omaha, Nebraska.
After the 2018 midterm elections, some voters filed a lawsuit against the state of Georgia, citing abnormalities in the lieutenant governor’s election, in which paperless ESS machines were used. In 2017, election integrity groups filed a lawsuit, citing security concerns and lack of a paper audit trail.
Voting experts expressed concern that voting officials continue to purchase vulnerable systems.
Elizabeth L. Howard, counsel at the Democracy Program at the Brennan Center for Justice at New York, highlighting the lack of regulation for maintenance and service contractors for voting machines, noted the “myriad rules from the handling of classified information to the security of their supply chains” that defense contractors must pass.
“Even colored pencils are subject to more federal regulation than voting systems,” she said.
After the intelligence community reported that Russia interfered in the 2016 presidential election, there has been concern that cyberattacks could disrupt the 2020 elections.
The University of Florida’s Juan Gilbert said a cyberattack could feature changing votes in favor of the attacker’s preferred candidate or it could be a more general attack on the credibility of the election itself.
“An additional threat that is often ignored is chaos,” he said. “Instead of tipping the election in favor of a specific candidate, the goal is chaos …The hack would be to simply delete all the encrypted ballots. Essentially, this would nullify the election because all ballots would be lost.”
The CEOs of Hart InterCivic, Dominion Voting Systems and Election Systems & Software said they were not aware of any cyberattacks to their internal systems, corporate data or consumer data.