Security news that informs and inspires

Competing Election Security Bills Stuck in Senate

A showdown may be looming over a pair of competing election-security bills currently making their way through the Senate, with the use of paper trails and audits as the key points of contention.

In March, Sen. James Lankford (R-Okla.) introduced the Secure Elections Act, a bill aimed at improving the security of elections through the use of information sharing among state and federal officials about threats and vulnerabilities and incidents affecting elections. The bill also would establish a commission made up of independent experts who would have authority to develop guidelines on election security. Lankford’s bill is designed to address weaknesses in the security of the election process as whole and is a direct response to the attacks in the lead-up to the 2016 presidential election.

“During the 2016 election, Russian entities hacked presidential campaign accounts, launched cyber-attacks against at least 21 state election systems, and attacked a US voting systems software company. This revised Secure Elections Act adequately helps the states prepare our election infrastructure for the possibility of interference from not just Russia, but possibly another adversary like Iran or North Korea or a hacktivist group,” Lankford said.

Meanwhile, a separate bill sponsored by Sens. Ron Wyden (D-Ore.), Elizabeth Warren (D-Mass.), and several other Democratic senators and introduced in June takes a different tack. The Protecting American Votes and Elections Act focuses on the issues with the voting process itself, requiring paper ballots and audits for all federal elections. Wyden has been advocating for changes to the federal election process for several years, and his bill recently gained the support of several outside groups, including the Brennan Center Democracy Program and Color of Change, a racial justice organization.

“For Americans to have confidence that their votes count, and that election results are free and fair, there absolutely have to be paper ballots and mandatory audits for each and every federal election,” Wyden said.

“Leaving the fate of America’s democracy up to hackable election machines is like leaving your front door open, unlocked and putting up a sign that says ‘out of town.’ It’s not a question of if bad guys get in, it’s just a question of when.”

“Optical scan paper ballots coupled with risk limited audits represent the state of the art in voting system security."

Both the Secure Elections Act and the PAVE Act are currently in committee, but security experts and digital rights organizations say that the requirement for audits and paper ballots is a must for any change to the election laws. Paper ballots are considered more secure and more resistant to tampering than electronic voting machines, but many states have gone to electronic voting over the last decade or so.

“Optical scan paper ballots coupled with risk limited audits represent the state of the art in voting system security, an approach already in successful use in several states,” Matt Blaze, a professor of computer science at the University of Pennsylvania, said in a statement.

The Electronic Frontier Foundation, which has endorsed the PAVE Act, also stressed the importance of paper ballots and audits of every election, not just close ones.

“Currently, U.S. elections are usually audited only when they are extremely close or in other unusual situations. There is a cheap and effective way to audit all of our elections, using a system that statisticians call ‘risk-limiting audits.’ By hand-verifying a small number of randomly chosen ballots, election officials can check, with a high degree of certainty, that the election results were recorded properly,” Joe Mullin of the EFF wrote.

“Because they don’t involve massive statewide recounts, such audits can and should be performed after each election. Election audits should be like an annual checkup, not like a visit to the emergency room.”

Election security has been at the forefront of conversations in Washington and in the security community since 2016 and in addition to the two bills currently in the Senate, there are a number of other proposed measures and changes to federal regulations to help prevent attacks on future elections. Lankford and several other senators recently sent a letter to the CEO of Election Systems & Software asking that the company allow independent security researchers access to their voting machines in order to perform security assessments.