
About STV | Our Stance | FAQs | Post Election Reviews | Blog | Press Releases | Partners | Resources
Secure The Vote
Secure the Vote seeks to increase voter confidence in the accuracy and security of elections, and to generate greater awareness of possible solutions to critical gaps in the voting infrastructure. Secure the Vote supports jurisdictions’ efforts to offer a secure mobile voting option through leading-edge security and audit services. Additionally, we work to dismantle disinformation campaigns through civic engagement tools that enhance secure, citizen participation. Finally, Secure the Vote supports expanding cybersecurity resources to election officials. We are committed to the belief that if we secure the vote, we secure the world.

- May 2019
Mobile voting app Denver, CO Municipal Election Voatz
Mobile voting app Denver, CO Municipal Election Voatz
May 1, 2019Mobile voting app
Denver, CO Municipal Election
Voatz - August 2019
Mobile Voting App UT County, UT Municipal Election Voatz
Mobile Voting App UT County, UT Municipal Election Voatz
August 1, 2019Mobile Voting App
UT County, UT Municipal Election
Voatz - November 2019
Mobile voting app Umatilla County, OR General Election Voatz
Mobile voting app Umatilla County, OR General Election Voatz
November 1, 2019Mobile voting app
Umatilla County, OR
General Election
Voatz - November 2019
Mobile voting app Jackson County, OR General Election Voatz
Mobile voting app Jackson County, OR General Election Voatz
November 1, 2019Mobile voting app
Jackson County, OR
General Election
Voatz - November 2019
Mobile voting app Utah County, UT General Election Voatz
Mobile voting app Utah County, UT General Election Voatz
November 1, 2019Mobile voting app
Utah County, UT
General Election
Voatz - February 2020
Mobile Voting King County, WA Special District Democracy Live
Mobile Voting King County, WA Special District Democracy Live
February 1, 2020Mobile Voting
King County, WA
Special District
Democracy Live - March 2020
Mobile voting app Utah County, UT Pres Primary Voatz
Mobile voting app Utah County, UT Pres Primary Voatz
March 1, 2020Mobile voting app
Utah County, UT
Pres Primary
Voatz - March 2020
Mobile voting Umatilla County, OR Primary election Democracy Live
Mobile voting Umatilla County, OR Primary election Democracy Live
March 1, 2020Mobile voting
Umatilla County,
OR
Primary election
Democracy Live - May 2020
Mobile voting Jackson County, OR Primary election Democracy Live
Mobile voting Jackson County, OR Primary election Democracy Live
May 1, 2020Mobile voting
Jackson County, OR
Primary election
Democracy Live - June 2020
Mobile voting West Virginia Primary election Democracy Live
Mobile voting West Virginia Primary election Democracy Live
June 1, 2020Mobile voting
West Virginia
Primary election
Democracy Live
Our Stance
The security of elections is fundamental to the integrity of our institutions. One key area of insecurity is the transmission of ballots for overseas voters via email or fax. In order to address that challenge, more vendors are developing technologies to improve the efficiency of voting remotely, as well as the security. Therefore, as interest in mobile voting is likely to continue to increase, Secure the Vote believes there must be best practices and audit standards in the digital voting space. It is critical to develop a standardized security assessment of the vendors developing the technologies, as well as assisting election officials in understanding and mitigating security risks.
FAQ’s On Mobile Voting
Electronic voting is a lay term that attempts to broadly capture methods by which a ballot might be delivered, or returned, electronically. The context for electronic voting, however, may depend on where the voting takes place, and how the ballot is stored or processed.
In-person electronic voting
The majority of voting in the United States takes place in person, or through a mail-in ballot. While voting in person, a voter may have the option to use an electronic ballot marking device such as a direct recording electronic voting machine (DRE), or an electronic ballot marking device (BMD). The BMD enables a voter to make their choices via an electronic interface, but prints out a paper ballot for the voter to turn in; it does not record a voter’s vote. The DRE allows the voter to select their vote on an electronic interface, but does not print out a paper ballot for the voter to turn in; instead it records the voter’s vote as an individual, anonymized record on the device. For voters voting overseas, however, electronic voting may be characterized by the ability to receive and/or deliver electronically.
Electronic Ballot Delivery (EBD) is defined by the National Institute of Standards and Technology (NIST) as the delivery of ballot and voter information packets electronically. The packets may be sent to Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) voters via email, fax, or an Internet-supported application. All states are required to allow the delivery of ballots electronically from local jurisdictions to overseas voters.
Electronic Ballot Return (EBR) is the return of ballot and voter information packets electronically. Ballot and voter packets may be returned via email, fax, or an Internet-supported application. Up to 31 states allow for the return of ballots electronically, thought there are limitations as to what means may be used to return a ballot packet. The remaining 19 states do not allow for electronic ballot return. 1
1 https://www.ncsl.org/research/elections-and-campaigns/internet-voting.aspx
Like ballot marking devices, the paper trail begins when the election office prints off the digitally marked ballot. The election office scans the paper ballot and tabulates the results.
While a paper trail is important, it is perhaps even more important to be able to prove that the ballot that the voter voted reflects the same choices as the ballot that is then printed, scanned, and counted by the election office.
Options for tracking the that the vote is the same at each step vary between industry partners. For example, one industry partner uses a distributed hyper ledger blockchain to help voters, and open source auditors, confirm that the ballot receipt that a voter receives when they vote is the same as the electronic ballot image that is downloaded and printed by the election office. That level of transparency must be coupled with sophisticated levels of internal and external security, but when it is, it is a level of transparency and confidence in the accuracy of a vote that rivals a paper trail.
Electronic voting can provide increased accessibility for voting populations that experience greater barriers to voting. Populations that are currently served by electronic voting pilots are overseas voters (UOCAVA) and voters experiencing a disability.
The Federal Voters Assistance Program (FVAP) released a report on voting rates and barriers to overseas voters, identifying that only 6.9 percent of overseas voters participated in the 2016 General Election. The voting participation rate compared to 72 percent of eligible domestic voters. The significant discrepancy can be attributed to a variety of challenges including the connectedness to the election and home community, and the ease of access to the international mail system.[1]
An additional challenge for overseas voters is the general insecurity of email and fax in returning a ballot. Security will only increase for those voters when technology advances to ensure that they are afforded the same level of secure access that domestic voters enjoy.
Disabled voters can also face privacy and security challenges when voting in person – or even at home, depending on the disability.[2] Empowering disabled voters to make their voice heard through private, secure means will also address one of the most significant accessibility challenges in elections.
[1] https://www.fvap.gov/uploads/FVAP/Reports/FVAP-OCPABrief_FINAL.pdf
[2] https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2018/02/01/how-voters-with-disabilities-are-blocked-from-the-ballot-box
Traditionally, the electronic ballot return option has been limited to overseas voters. However, in February 2020, King County Conservation District held the first domestic electronic ballot return voting election for the King County Conservation District Board. Voter turnout doubled in the election from the previous election, indicating that it may indeed be a viable option for more domestic voters.
Small and large jurisdictions are increasingly interested in conducting electronic ballot return pilots for overseas voters, and possibly even small portions of domestic populations. In order for jurisdictions to participate in pilots, jurisdictions must first ensure that state voting laws allow for the transmission of electronic ballots. Some states still do not allow that option.[1]
Jurisdictions then work to identify an industry partner that meets their interest and needs. Organizations exist to assist jurisdictions in vetting industry partners. Some of these organizations include Tusk Philanthropies, the National Cybersecurity Center, and Trail of Bits and Shift State (both organizations run security reviews). Universities are becoming increasingly interested in supporting reviews and analyses of the technologies as well.
[1] https://www.ncsl.org/research/elections-and-campaigns/internet-voting.aspx
The National Cybersecurity Center works with industry partners to provide an overall security ecosystem that contributes to an overall ‘audit’ of the election pilot.
The NCC reviews the industry partner’s security procedures, security logs during the election pilot, employee security trainings, and any additional information that informs the level of security adopted within the organization. For industry partners with a more developed auditable process, the NCC assists in hosting citizen audits that allow the public to review ballot images of the anonymized ballots to confirm that the ballot image sent to the voter as a receipt matches the ballot image stored and ultimately printed and scanned by the election office. This citizen audit is helping to advance the pursuit of a pure end-to-end vote verification system for electronic ballot return voting.
Private cybersecurity firms such as Trail of Bits and Shift State have conducted security analyses of the main industry vendors being used – including Democracy Live, Scytl, and Voatz. Universities are researching the methods as well; for example, MIT published a report regarding security issues and electronic ballot return voting. The Department of Homeland Security has also reviewed different applications, offering security feedback.
The National Cybersecurity Center is working to develop a set of guidelines and standards to inform the security standards for electronic ballot return. One key aspect of this is the requirement for ongoing code review to ensure that any updates only support the ongoing security of the industry partner’s product.
No voting system is inherently perfect, and there are risks involved with every option. Paper ballots have been scarred by hanging chad debacles, ballots stored in trunks, and ballots not picked up in mail-in ballot drop off locations. Email and fax as ballot return methods are inherently insecure, and easily compromised. Voting in person may be a more secure method as well, but it can lead to disenfranchisement of voters which undermines the overall integrity of free and fair elections.
Electronic ballot return voting, too, has its risks: nefarious state actors or individuals could try to hack the voting system, and employees of the industry partners may seek to disrupt the election results. The existence of these risks is why the National Cybersecurity Center is working hard to develop standards across the electronic ballot return voting industry for internal and external security.
The federal Voluntary Voting System Guidelines do not offer specific guidance on electronic ballot return, as they solely pertain to voting systems that take place within a polling place or vote center. The National Cybersecurity Center is working with several organizations to develop standards to ensure that electronic ballot return voting is as secure as possible, and reflects the similar standards applied to BMDs and DREs.
Security audit logs offer insight into how organizations monitor access to the cloud, as well as how they might mitigate attacks. Cloud access logs should look similar to how election offices monitor the security and access levels to various rooms in the physical movement of ballots. For example, there should be a manifest of who is allowed access, a log of who has accessed the ‘room’ and when, a chain of custody for the ballots, etc. The election office and independent, third party auditors review the security logs for any discrepancies or security issues.
Post-Election Reviews
West Virginia Primary 2020 Post-Election Overview
Executive Summary Download the Full Report Here Democracy Live,
Umatilla County Primary 2020 Post-Election Overview
Executive Summary Download the Full Report Here Democracy Live,
Jackson County Primary 2020 Post-Election Overview
Executive Summary Download the Full Report Here Democracy Live,
NCC King County Post Election Review 2020
King County Audit Summary March 3, 2020 Election Overview:
Latest Blogs
National Cybersecurity Center, in Partnership with Tusk Philanthropies, Announces Launch of Future of Voting: Election Resiliency – 2021 Pilot Project
01/21/21 The National Cybersecurity Center, in partnership with Tusk
Correcting the Misinformation That’s Hurting U.S. Elections
With about a month left before November's election, the
Understanding Mobile Voting’s Opportunities and Challenges
The 2020 election is rapidly approaching, and the coronavirus pandemic
2020: The Year of Cybersecurity Resilience in U.S. Elections
Many challenges exist in the United States at the
Press Releases
Resources
https://www.dhs.gov/
Department of Homeland Security
https://www.dhs.gov/science-and-technology/cybersecurity-resources
Cybersecurity resources DHS Science and Technology
https://cyber.dhs.gov/directives/
Cybersecurity Directives
https://www.dhs.gov/publication/st-cybersecurity-portfolio-guide
Portfolio Guide
https://www.cisa.gov/, https://us-cert.cisa.gov/
Cybersecurity Infrastructure Security Agency
https://us-cert.cisa.gov/resources/sltt
CISA main resources page/directory.
https://www.cisa.gov/election-security-library
Election Security Library
https://www.cisa.gov/publications-library/Election%20Security
CISA Election Security Resources
https://us-cert.cisa.gov/resources/sltt
Resources for State, Local, Tribal and Territorial (SLTT) Governments.
https://us-cert.cisa.gov/resources/assessments
Cybersecurity Resources
https://www.cisa.gov/publications-library/cybersecurity
CISA publications.
https://www.cisa.gov/cyber-resource-hub#:~:text=In%20order%20to%20assist%20a,key%20elements%20of%20a%20robust
Details CISA’s available resource offerings.
https://www.cisa.gov/cyber-essentials
Cybersecurity Essentials
https://www.cisa.gov/cybersecurity-training-exercises
Cybersecurity Training and Exercises
https://www.eac.gov/
Election Assistance Commission
https://www.eac.gov/election-officials/election-security-preparedness#_jaqcereko2oi
Security Preparedness Main Page
https://www.eac.gov/election-officials/tech-time
Videos on Election Preparedness and Technology
https://www.nist.gov/
National Institute of Standards and Technology
https://csrc.nist.gov/
Resource Page
https://csrc.nist.gov/publications
Publications
https://csrc.nist.gov/topics
Resource page topics page
https://niccs.us-cert.gov/
National Initiative For Cybersecurity Careers and Studies
https://niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte
Federal Virtual Training Environment
https://niccs.us-cert.gov/workforce-development/cybersecurity-resources
Cybersecurity Workforce Resources
https://www.nsa.gov/
The National Security Agency
https://www.nsa.gov/What-We-Do/Cybersecurity/Advisories-Technical-Guidance/
Cybersecurity Advisors and Technical Guidance
https://www.nsa.gov/What-We-Do/Cybersecurity/Telework-and-Mobile-Security-Guidance/
Telework and Mobile Security Guidance
CONTACT US
Forrest Senti
Director of Business Government Initiatives
forrest.senti@cyber-center.org
Mattie Gullixson
Project Manager
Mattie.Gullixson@cyber-center.org