Future of Voting2021-02-19T03:39:29-07:00

Future of Voting

Contact Us
Grant Application

Election Resiliency – 2021 Grant Pilot Project

Examining Opportunities to Improve Resiliency and Accessibility in the Election System

Who:

 The National Cybersecurity Center (NCC), in partnership with Tusk Philanthropies

What:

The National Cybersecurity Center’s Secure the Vote seeks to increase confidence in the integrity of elections and improve security around gaps in the infrastructure. With this mission, Secure the Vote looks forward to launching voting pilots in 2021 to ask the question of how different technology options might make the overall election infrastructure more resilient and accessible. The pilots will occur via a grant application in which jurisdictions will identify a key resiliency challenge that they seek to remedy via some level of an alternative voting method.

Where:

Pilots will take place in jurisdictions that successfully apply for the grant. 

Why:

Voting behaviors are changing. The percentage of voters casting a ballot in-person on election day has fell from 89.5% in 1996, to below 60% in each major election since 2014.[1]

Voting regulations are changing. More voters are now able to register online, or in-person on election day, take advantage of early-voting periods, and vote through different methods (absentee & mail-in voting) that enable a larger number of voters to submit ballots without setting foot in a polling station.

Voting technology is changing. Despite security concerns, four states now allow for electronic ballot delivery/return via a web portal: one state uses a blockchain app for UOCAVA voters, 19 states plus DC allow limited number of voters to return a ballot via email or fax, and seven states allow some voters to return a ballot via fax.[2] Voting trends have changed significantly over the past few decades, and the 2020 response to a pandemic, opening even more alternatives to voters, may lead to an even greater shift in what voters and jurisdictions need or want for a resilient, secure and safe voting experience. With that in mind, Secure the Vote looks to explore how the adoption of different voting methods might improve resilience and accessibility.

[1] https://www.pewresearch.org/fact-tank/2020/11/03/amid-pandemic-the-long-decline-of-in-person-voting-on-election-day-is-likely-to-accelerate-this-year/

[2] https://www.ncsl.org/research/elections-and-campaigns/internet-voting.aspx

FAQ’s On Electronic Voting

 

 

The increasing interest in electronic voting options drives increased voter accessibility and efficiencies; it also drives greater concerns over election integrity and interference. In order to address concerns and demonstrate the security levels involved in electronic voting methods, the following questions outline the security measures employed to ensure the integrity of the ballot.

What is electronic voting?2021-01-28T08:37:17-07:00

Electronic voting is a lay term that attempts to broadly capture methods by which a ballot might be delivered, or returned, electronically. The context for electronic voting, however, may depend on where the voting takes place, and how the ballot is stored or processed.

In-person electronic voting

The majority of voting in the United States takes place in person, and recently more people have had the opportunity vote via a mail-in ballot. While voting in person, a voter may have the option to use an electronic ballot marking device such as a direct recording electronic voting machine (DRE), or an electronic ballot marking device (BMD). The BMD enables a voter to make their choices via an electronic interface but prints out a paper ballot for the voter to turn in; it does not record a voter’s vote. The DRE allows the voter to select their vote on an electronic interface, but does not print out a paper ballot for the voter to turn in; instead, it records the voter’s vote as an individual, anonymized record on the device.

For voters voting overseas, however, electronic voting may be characterized by the ability to receive and/or deliver electronically.

Electronic Ballot Delivery (EBD) is defined by the National Institute of Standards and Technology (NIST) as the delivery of ballot and voter information packets electronically. The packets may be sent to Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) voters via email, fax, or an Internet-supported application. All states are required to allow the delivery of ballots electronically from local jurisdictions to overseas voters.

Electronic Ballot Return (EBR) is the return of ballot and voter information packets electronically. Ballot and voter packets may be returned via email, fax, or an Internet-supported application. Up to 31 states allow for the return of ballots electronically, thought there are limitations as to what means may be used to return a ballot packet. The remaining 19 states do not allow for electronic ballot return.[1] [1] https://www.ncsl.org/research/elections-and-campaigns/internet-voting.aspx

Is there a paper trail for ballots returned electronically?2021-01-28T08:37:58-07:00

Like ballot marking devices, the paper trail begins when the election office prints off the digitally marked ballot. The election office scans the paper ballot and tabulates the results.

While a paper trail is important, it is perhaps even more important to be able to prove that the ballot that the voter submitted reflects the same choices as the ballot that is then printed, scanned, and counted by the election office.

Options for tracking the that the vote is the same at each step vary between industry partners. For example, one industry partner uses a distributed hyper ledger blockchain to help voters and open-source auditors confirm that the ballot receipt that a voter receives when they vote is the same as the electronic ballot image that is downloaded and printed by the election office. That level of transparency must be coupled with sophisticated levels of internal and external security.

Why is electronic ballot return voting an option?2021-01-28T08:46:03-07:00

Electronic voting can provide increased accessibility for voting populations that experience greater barriers to voting. Populations that are currently served by electronic voting pilots are overseas voters (UOCAVA) and voters experiencing a disability.

The Federal Voters Assistance Program (FVAP) released a report on voting rates and barriers to overseas voters, identifying that only 6.9 percent of overseas voters participated in the 2016 General Election. The voting participation rate compared to 72 percent of eligible domestic voters. The significant discrepancy can be attributed to a variety of challenges including the connectedness to the election and home community, and the ease of access to the international mail system.[1]

An additional challenge for overseas voters is the general insecurity of email and fax in returning a ballot. Security will only increase for those voters when technology advances to ensure that they are afforded the same level of secure access that domestic voters enjoy.

Disabled voters can also face privacy and security challenges when voting in person – or even at home, depending on the disability.[2] Empowering disabled voters to make their voice heard through private, secure means will also address one of the most significant accessibility challenges in elections.

[1] https://www.fvap.gov/uploads/FVAP/Reports/FVAP-OCPABrief_FINAL.pdf

[2] https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2018/02/01/how-voters-with-disabilities-are-blocked-from-the-ballot-box

What voters can use the electronic ballot return option?2021-01-28T08:46:42-07:00

Traditionally, the electronic ballot return option has been limited to overseas voters. However, in February 2020, King County Conservation District held the first domestic electronic ballot return voting election for the King County Conservation District Board. Voter turnout doubled in the election from the previous election, indicating that it may indeed be a viable option for more domestic voters.

How do jurisdictions conduct electronic ballot return pilots?2021-01-28T08:47:25-07:00

Small and large jurisdictions are increasingly interested in conducting electronic ballot return pilots for overseas voters, and possibly even small portions of domestic populations. In order for jurisdictions to participate in pilots, jurisdictions must first ensure that state voting laws allow for the transmission of electronic ballots. Some states still do not allow that option.

Jurisdictions then work to identify an industry partner that meets their interest and needs. Organizations exist to assist jurisdictions in vetting industry partners. Some of these organizations include Tusk Philanthropies, the National Cybersecurity Center (NCC), and Trail of Bits and Shift State (both organizations run security reviews). Universities are becoming increasingly interested in supporting reviews and analyses of the technologies as well.

What review process is in place for the pilots?2021-01-28T08:48:25-07:00

The National Cybersecurity Center works with industry partners to collect security reviews conducted by established security companies prior to the pilot to provide a security ecosystem review.

The NCC reviews the industry partner’s security procedures, security logs during the election pilot, employee security trainings, and any additional information that informs the level of security adopted within the organization.

For industry partners with a more developed auditable process, the NCC assists in hosting citizen audits that allow the public to review ballot images of the anonymized ballots to confirm that the ballot image sent to the voter as a receipt matches the ballot image stored and ultimately printed and scanned by the election office. This citizen audit is helping to advance the pursuit of a pure end-to-end vote verification system for electronic ballot return voting.

How has the technology been vetted?2021-01-28T08:49:01-07:00

Private cybersecurity firms such as Trail of Bits and Shift State have conducted security reviews of some of the main electronic ballot return industry vendors. Some vendors elect for testing and reviews through the Idaho National Laboratory. Universities are researching electronic ballot return as well; for example, MIT published a report regarding security issues and electronic ballot return voting. The Department of Homeland Security has also reviewed different applications, offering security feedback.

Through the insights gained via the pilots, the National Cybersecurity Center is working to develop a set of guidelines and standards to inform the security standards for electronic ballot return. One key aspect of this is the requirement for ongoing code review to ensure that any updates only support the ongoing security of the industry partner’s product.

What are the risks involved?2021-01-28T08:49:39-07:00

No voting system is inherently perfect, and there are risks involved with every option. Paper ballots have been scarred by hanging chad debacles, ballots stored in trunks, and ballots not picked up in mail-in ballot drop off locations. Email and fax as ballot return methods are inherently insecure, and easily compromised. Voting in person may be a more secure method as well, but it can lead to disenfranchisement of voters which undermines the overall integrity of free and fair elections.

Electronic ballot return voting, too, has its risks: nefarious state actors or individuals could try to hack the voting system, and employees of the industry partners may seek to disrupt the election results. The existence of these risks is why the National Cybersecurity Center is working hard to develop standards across the electronic ballot return voting industry for internal and external security.

What is the federal guidance on electronic ballot return voting?2021-01-28T08:50:14-07:00

The federal Voluntary Voting System Guidelines do not offer specific guidance on electronic ballot return, as they solely pertain to voting systems that take place within a polling place or vote center. The National Cybersecurity Center is working with several organizations to develop standards to ensure that electronic ballot return voting is as secure as possible, and reflects the similar standards applied to BMDs and DREs.

If ballots are stored in the cloud, like some vendors use, how do you know they are secure?2021-01-28T08:51:07-07:00

Security audit logs offer insight into how organizations monitor access to the cloud, as well as how they might mitigate attacks. Cloud access logs should look similar to how election offices monitor the security and access levels to various rooms in the physical movement of ballots. For example, there should be a manifest of who is allowed access, a log of who has accessed the ‘room’ and when, a chain of custody for the ballots, etc. The election office and independent, third party auditors review the security logs for any discrepancies or security issues.

Contact Us
Grant Application

Post-Election Reviews

 

Latest Blogs

 

National Cybersecurity Center, in Partnership with Tusk Philanthropies, Announces Launch of Future of Voting: Election Resiliency – 2021 Pilot Project

January 21st, 2021|Categories: News, Secure the Vote|Tags: , , , , , , |

01/21/21 The National Cybersecurity Center, in partnership with Tusk

Correcting the Misinformation That’s Hurting U.S. Elections

October 1st, 2020|Categories: Events, Secure the Vote|Tags: , , , , , |

With about a month left before November's election, the

Understanding Mobile Voting’s Opportunities and Challenges

August 11th, 2020|Categories: News, Secure the Vote|Tags: , , , , , , |

The 2020 election is rapidly approaching, and the coronavirus pandemic

2020: The Year of Cybersecurity Resilience in U.S. Elections

July 30th, 2020|Categories: News, Secure the Vote|Tags: , , , , , , , |

Many challenges exist in the United States at the

Resources

 

 

DHS2020-08-07T11:31:07-06:00

https://www.dhs.gov/
Department of Homeland Security

https://www.dhs.gov/science-and-technology/cybersecurity-resources
Cybersecurity resources DHS Science and Technology

https://cyber.dhs.gov/directives/
Cybersecurity Directives

https://www.dhs.gov/publication/st-cybersecurity-portfolio-guide
Portfolio Guide

CISA2020-08-07T11:40:13-06:00

https://www.cisa.gov/, https://us-cert.cisa.gov/
Cybersecurity Infrastructure Security Agency

https://us-cert.cisa.gov/resources/sltt
CISA main resources page/directory.

https://www.cisa.gov/election-security-library
Election Security Library

https://www.cisa.gov/publications-library/Election%20Security
CISA Election Security Resources

https://us-cert.cisa.gov/resources/sltt
Resources for State, Local, Tribal and Territorial (SLTT) Governments.

https://us-cert.cisa.gov/resources/assessments
Cybersecurity Resources

https://www.cisa.gov/publications-library/cybersecurity
CISA publications.

https://www.cisa.gov/cyber-resource-hub#:~:text=In%20order%20to%20assist%20a,key%20elements%20of%20a%20robust
Details CISA’s available resource offerings.

https://www.cisa.gov/cyber-essentials
Cybersecurity Essentials

https://www.cisa.gov/cybersecurity-training-exercises
Cybersecurity Training and Exercises

EAC2020-08-07T11:43:15-06:00

https://www.eac.gov/
Election Assistance Commission

https://www.eac.gov/election-officials/election-security-preparedness#_jaqcereko2oi
Security Preparedness Main Page

https://www.eac.gov/election-officials/tech-time
Videos on Election Preparedness and Technology

CSRC – NIST2020-08-07T11:44:26-06:00

https://www.nist.gov/
National Institute of Standards and Technology

https://csrc.nist.gov/
Resource Page

https://csrc.nist.gov/publications
Publications

https://csrc.nist.gov/topics
Resource page topics page

NICCS2020-08-07T11:45:25-06:00

https://niccs.us-cert.gov/
National Initiative For Cybersecurity Careers and Studies

https://niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte
Federal Virtual Training Environment

https://niccs.us-cert.gov/workforce-development/cybersecurity-resources
Cybersecurity Workforce Resources

NSA2020-08-07T11:46:22-06:00

CONTACT US

Forrest Senti

VP of Programs and Operations
forrest.senti@cyber-center.org

Mattie Gullixson

Program Director, Secure the Vote
Mattie.Gullixson@cyber-center.org

Go to Top