The NCSL Blog

01

By Wendy Underhill

Unless you’ve taken a French-style, month-long August vacation, you’ve probably noticed that elections and security are in the news.

Voters on Election DayWe started August off with the secretary of the Department of Homeland Security calling for election systems to be deemed “critical infrastructure,” while offering his agency’s assistance on cybersecurity issues to state election officials. 

And we ended the month with news that at least two states’ voter registration databases (not voting systems) have been hacked.

The fact that two states’ databases have been attacked points out something that may not be obvious: There’s no such thing as a “U.S. system of elections.” Instead, we have 50 states, D.C. and the territories all running their own elections. That means that if you are interested in election integrity or security, the first place to go might be to your local or state election official’s office.

And if you decide to go, go armed—with questions:

  • What physical security measures do you use? The answer might be that equipment is locked up with tamper-proof seals; that there is a log or record of all activity relating to voting equipment; that bipartisan teams are required for virtually all work; that the numbers of ballots handed out is reconciled with the number of ballots actually cast, to help prevent errors such as a missing ballot box that turns up later in someone’s trunk.
  • What equipment testing do you do? Nearly all election officials do “logic and accuracy testing” before an election, which means they run every piece of equipment through its paces before Election Day. Many do post-tests, too, to show that the equipment is still functioning properly at the close of business. Ask if there is also a post-election audit performed (which may or may not be required by law).
  • How are the vote totals backed up? Expect to hear that the machine counts the votes in a couple of places—plus on a removable storage device (think of a flash drive, but it’s probably a much older medium).
  • How do you guard against hacking? Probably you’ll learn that the equipment people vote on is not connected to the internet in any way.  Do ask if the internet plays any role in vote casting, vote counting, or in the transmission of vote totals.  Your state may have a cybersecurity commission or director—have they looked at the voting system?
  • Is your equipment kept up-to-date based on any service bulletins coming from the vendor? These bulletins are akin to recalls for cars—you can ignore them, but at your peril.
  • What measures are you taking to protect voters’ data?  While statewide voter registration databases are not connected to the casting and counting of ballots, and therefore don’t threaten the outcome of an election, their security matters. First, states must do all they can to prevent personal data from being stolen. And, second, if that data could be modified or deleted by a hacker, voter check-in could be a mess on Election Day.  Probably the systems manager has a modification log from the database that can provide clues to any data integrity problems. Again, your state cybersecurity director may have something to say about this.
  • What contingency plans do you have? Contingencies are not just for security breaches, of course. Just ask East Baton Rouge election officials, who are relocating a couple dozen polling places based on the floods there a couple of weeks ago. Every election office needs a backup plan, and maybe a backup for that.
  • When is a good time to tackle any concerns? Is it now, a couple of months away from Election Day, or later? For legislative action, the answer is definitely at the start of the 2017 sessions.

If you’d like to have more questions at the ready on election security (or more background), NCSL has linked a couple of presentations from Legislative Summit that relate: one by Merle King, executive director of the Center for Election Systems, and the other from Commissioner Matt Masterson, from the U.S. Election Assistance Commission. 

Wendy Underhill is part of NCSL’s elections team. She recommends checking out NCSL’s Elections Technology Toolkit, with information geared toward legislators on how tech works at all stages of an election.

Email Wendy

Actions: E-mail | Permalink |

Subscribe to the NCSL Blog

Click on the RSS feed at left to add the NCSL Blog to your favorite RSS reader. 

About the NCSL Blog

This blog offers updates on the National Conference of State Legislatures' research and training, the latest on federalism and the state legislative institution, and posts about state legislators and legislative staff. The blog is edited by NCSL staff and written primarily by NCSL's experts on public policy and the state legislative institution.