Secure The Vote2020-05-26T10:44:48-06:00

Secure The Vote

Secure the Vote seeks to increase voter confidence in the accuracy and security of elections, and to generate greater awareness of possible solutions to critical gaps in the voting infrastructure. Secure the Vote supports jurisdictions’ efforts to offer a secure mobile voting option through leading-edge security and audit services. Additionally, we work to dismantle disinformation campaigns through civic engagement tools that enhance secure, citizen participation. Finally, Secure the Vote supports expanding cybersecurity resources to election officials. We are committed to the belief that if we secure the vote, we secure the world.

Our Stance

The security of elections is fundamental to the integrity of our institutions. One key area of insecurity is the transmission of ballots for overseas voters via email or fax. In order to address that challenge, more vendors are developing technologies to improve the efficiency of voting remotely, as well as the security. Therefore, as interest in mobile voting is likely to continue to increase, Secure the Vote believes there must be best practices and audit standards in the digital voting space. It is critical to develop a standardized security assessment of the vendors developing the technologies, as well as assisting election officials in understanding and mitigating security risks.

Latest Blog

 

National Cybersecurity Center’s Secure the Vote Launches 2020 Webinar Series: Give Us the Options

May 6th, 2020|Categories: Events, Press Release, Secure the Vote|

    Colorado Springs, CO May 6th, 2020 – 

Audit Reports

 

 

FAQ’s On Mobile Voting

 

 

What is mobile voting?2020-05-18T13:40:48-06:00

Mobile voting is the ability to vote in an election using a personal computer, tablet or smartphone. Mobile voting is not to be confused with ‘internet’ voting. Mobile voting is more akin to the process of remote ballot marking, defined by the Election Assistance Commission’s Voluntary Voting System Guidelines as a system for voters to mark their ballots outside of a voting center or polling place. Voters mark an electronic ballot; the choices of the ballot are stored; the respective election office then prints the electronic ballot, scans and tabulates the choices on that ballot.

Why is it an option?2020-05-18T13:43:06-06:00

Mobile voting can provide increased accessibility for voting populations that may experience greater barriers to voting. Populations that are currently served by mobile voting pilots are overseas voters and voters experiencing a disability.

The Federal Voters Assistance Program (FVAP) released a report on voting rates and barriers to overseas voters, identifying that only 6.9 percent of overseas voters participated in the 2016 General Election. The voting participation rate compared to 72 percent of eligible domestic voters. The significant discrepancy can be attributed to a variety of challenges including the connectedness to the election and home community, and the ease of access to the international mail system. 1

An additional challenge for overseas voters is the general insecurity of email and fax in returning a ballot. Security will only increase for those voters when technology advances to ensure that they are afforded the same level of secure access that domestic voters enjoy.

Disabled voters can also face privacy and security challenges when voting in person – or even at home, depending on the disability. 2 Empowering disabled voters to make their voice heard through private, secure means will also address one of the most significant, ongoing accessibility challenges in elections.

How do jurisdictions conduct mobile voting pilots?2020-05-18T13:45:09-06:00

Small and large jurisdictions are increasingly interested in conducting pilots for overseas voters, and possibly even small portions of domestic populations. In order for jurisdictions to participate in mobile voting pilots, jurisdictions must first ensure that state voting laws allow for the transmission of electronic ballots. Some states still do not allow that option. 3

Jurisdictions then work to identify a vendor that meets their interest and needs. Organizations exist to assist jurisdictions in vetting vendors. Some of these organizations include Tusk Philanthropies, the National Cybersecurity Center, and Trail of Bits and Shift State (both organizations run security reviews). Universities are becoming increasingly interested in supporting reviews and analyses of the technologies as well.

Who can use the mobile voting option?2020-05-18T13:46:00-06:00

Traditionally, the mobile voting option has been limited to overseas voters, and to a limited degree some voters experiencing a disability. However, in February 2020, King County Conservation District held the first domestic mobile voting election for the King County Conservation District Board. Voter turnout doubled in the election from the previous election, demonstrating that it may indeed be a viable option for more domestic voters.

How has the technology been vetted?2020-05-18T13:47:07-06:00

Private cybersecurity firms such as Trail of Bits and Shift State have conducted security analyses of the main vendors being used – including Democracy Live, Scytl, and Voatz. Universities are researching the methods as well; for example, MIT published a report regarding security issues and mobile voting. The Department of Homeland Security has also reviewed different applications, offering security feedback.

The National Cybersecurity Center is working to develop a set of guidelines and standards to inform the security standards for mobile voting.

What are the risks involved?2020-05-18T13:49:37-06:00

No voting system is inherently perfect, and there are risks involved with every option. Paper ballots have seen hanging chad debacles, ballots stored in trunks, and ballots not picked up in mail in ballot drop off locations. Email and fax as ballot return methods are inherently insecure, and easily compromised. Voting in person may be a more secure method as well, but it can lead to disenfranchisement of voters which undermines the overall integrity of free and fair elections.

Mobile voting, too, has its risks – there are concerns that nefarious state actors or individuals could try to hack the voting system; employees of the vendors may seek to disrupt the election results. The existence of these risks is why the National Cybersecurity Center is working hard to develop standards across the mobile voting industry for internal and external security.

Like ballot marking devices, the paper trail begins when the election office prints off the digitally marked ballot. Like ballots submitted via paper, the election office scans the now paper ballot and tabulates the results.

While a paper trail is important, it is perhaps as important or more so to be able to prove that the ballot that the voter voted reflects the same choices as the ballot that is then printed, scanned, and counted by the election office. One vendor uses a distributed hyper ledger blockchain to help voters, and open source auditors, confirm that the ballot receipt that a voter receives when they vote is the same as the electronic ballot image that is downloaded and printed by the election office. That level of transparency must be coupled with sophisticated levels of internal and external security, but when it is, it is a level of transparency and confidence in the accuracy of a vote that rivals a paper trail.

What is the federal guidance on mobile voting?2020-05-18T13:50:31-06:00

The federal Voluntary Voting System Guidelines do not offer specific guidance on mobile voting, as they solely pertain to voting systems that take place within a polling place or vote center. The National Cybersecurity Center is working with several organizations to develop standards in order to ensure that mobile voting is as secure as possible.

If ballots are stored in the cloud, like some vendors use, how do you know they are secure?2020-05-18T13:51:25-06:00

Security audit logs offer insight into how organizations monitor access to the cloud, as well as how they might mitigate attacks. Cloud access logs should look similar to how election offices monitor the security and access levels to various rooms in the physical movement of ballots. For example, there should be a manifest of who is allowed access, a log of who has accessed the ‘room’ and when, a chain of custody for the ballots, etc. The election office and independent, third party auditors review the security logs for any discrepancies or security issues.

CONTACT US

Forrest Senti

Director of Business Government Initiatives
forrest.senti@cyber-center.org

Mattie Gullixson

Project Manager
Mattie.Gullixson@cyber-center.org