Secure The Vote2020-08-07T13:43:14-06:00

Secure The Vote

Secure the Vote seeks to increase voter confidence in the accuracy and security of elections, and to generate greater awareness of possible solutions to critical gaps in the voting infrastructure. Secure the Vote supports jurisdictions’ efforts to offer a secure mobile voting option through leading-edge security and audit services. Additionally, we work to dismantle disinformation campaigns through civic engagement tools that enhance secure, citizen participation. Finally, Secure the Vote supports expanding cybersecurity resources to election officials. We are committed to the belief that if we secure the vote, we secure the world.

loading

Our Stance

The security of elections is fundamental to the integrity of our institutions. One key area of insecurity is the transmission of ballots for overseas voters via email or fax. In order to address that challenge, more vendors are developing technologies to improve the efficiency of voting remotely, as well as the security. Therefore, as interest in mobile voting is likely to continue to increase, Secure the Vote believes there must be best practices and audit standards in the digital voting space. It is critical to develop a standardized security assessment of the vendors developing the technologies, as well as assisting election officials in understanding and mitigating security risks.

FAQ’s On Mobile Voting

 

 

What is electronic voting?2020-09-07T13:21:20-06:00

Electronic voting is a lay term that attempts to broadly capture methods by which a ballot might be delivered, or returned, electronically. The context for electronic voting, however, may depend on where the voting takes place, and how the ballot is stored or processed.

In-person electronic voting
The majority of voting in the United States takes place in person, or through a mail-in ballot. While voting in person, a voter may have the option to use an electronic ballot marking device such as a direct recording electronic voting machine (DRE), or an electronic ballot marking device (BMD). The BMD enables a voter to make their choices via an electronic interface, but prints out a paper ballot for the voter to turn in; it does not record a voter’s vote. The DRE allows the voter to select their vote on an electronic interface, but does not print out a paper ballot for the voter to turn in; instead it records the voter’s vote as an individual, anonymized record on the device. For voters voting overseas, however, electronic voting may be characterized by the ability to receive and/or deliver electronically.

Electronic Ballot Delivery (EBD) is defined by the National Institute of Standards and Technology (NIST) as the delivery of ballot and voter information packets electronically. The packets may be sent to Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) voters via email, fax, or an Internet-supported application. All states are required to allow the delivery of ballots electronically from local jurisdictions to overseas voters.

Electronic Ballot Return (EBR) is the return of ballot and voter information packets electronically. Ballot and voter packets may be returned via email, fax, or an Internet-supported application. Up to 31 states allow for the return of ballots electronically, thought there are limitations as to what means may be used to return a ballot packet. The remaining 19 states do not allow for electronic ballot return. 1

 

1 https://www.ncsl.org/research/elections-and-campaigns/internet-voting.aspx

Is there a paper trail for ballots returned electronically?2020-09-07T13:24:03-06:00

Like ballot marking devices, the paper trail begins when the election office prints off the digitally marked ballot. The election office scans the paper ballot and tabulates the results.

While a paper trail is important, it is perhaps even more important to be able to prove that the ballot that the voter voted reflects the same choices as the ballot that is then printed, scanned, and counted by the election office.

Options for tracking the that the vote is the same at each step vary between industry partners. For example, one industry partner uses a distributed hyper ledger blockchain to help voters, and open source auditors, confirm that the ballot receipt that a voter receives when they vote is the same as the electronic ballot image that is downloaded and printed by the election office. That level of transparency must be coupled with sophisticated levels of internal and external security, but when it is, it is a level of transparency and confidence in the accuracy of a vote that rivals a paper trail.

Why is electronic ballot return voting an option?2020-09-07T13:25:49-06:00

Electronic voting can provide increased accessibility for voting populations that experience greater barriers to voting. Populations that are currently served by electronic voting pilots are overseas voters (UOCAVA) and voters experiencing a disability.

The Federal Voters Assistance Program (FVAP) released a report on voting rates and barriers to overseas voters, identifying that only 6.9 percent of overseas voters participated in the 2016 General Election. The voting participation rate compared to 72 percent of eligible domestic voters. The significant discrepancy can be attributed to a variety of challenges including the connectedness to the election and home community, and the ease of access to the international mail system.[1]

An additional challenge for overseas voters is the general insecurity of email and fax in returning a ballot. Security will only increase for those voters when technology advances to ensure that they are afforded the same level of secure access that domestic voters enjoy.

Disabled voters can also face privacy and security challenges when voting in person – or even at home, depending on the disability.[2] Empowering disabled voters to make their voice heard through private, secure means will also address one of the most significant accessibility challenges in elections.

[1] https://www.fvap.gov/uploads/FVAP/Reports/FVAP-OCPABrief_FINAL.pdf

[2] https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2018/02/01/how-voters-with-disabilities-are-blocked-from-the-ballot-box

What voters can use the electronic ballot return option?2020-09-07T13:26:46-06:00

Traditionally, the electronic ballot return option has been limited to overseas voters. However, in February 2020, King County Conservation District held the first domestic electronic ballot return voting election for the King County Conservation District Board. Voter turnout doubled in the election from the previous election, indicating that it may indeed be a viable option for more domestic voters.

How do jurisdictions conduct electronic ballot return pilots?2020-09-07T13:27:46-06:00

Small and large jurisdictions are increasingly interested in conducting electronic ballot return pilots for overseas voters, and possibly even small portions of domestic populations. In order for jurisdictions to participate in pilots, jurisdictions must first ensure that state voting laws allow for the transmission of electronic ballots. Some states still do not allow that option.[1]

Jurisdictions then work to identify an industry partner that meets their interest and needs. Organizations exist to assist jurisdictions in vetting industry partners. Some of these organizations include Tusk Philanthropies, the National Cybersecurity Center, and Trail of Bits and Shift State (both organizations run security reviews). Universities are becoming increasingly interested in supporting reviews and analyses of the technologies as well.

[1] https://www.ncsl.org/research/elections-and-campaigns/internet-voting.aspx

What audit process is in place for the pilots?2020-09-07T13:28:34-06:00

The National Cybersecurity Center works with industry partners to provide an overall security ecosystem that contributes to an overall ‘audit’ of the election pilot.

The NCC reviews the industry partner’s security procedures, security logs during the election pilot, employee security trainings, and any additional information that informs the level of security adopted within the organization. For industry partners with a more developed auditable process, the NCC assists in hosting citizen audits that allow the public to review ballot images of the anonymized ballots to confirm that the ballot image sent to the voter as a receipt matches the ballot image stored and ultimately printed and scanned by the election office. This citizen audit is helping to advance the pursuit of a pure end-to-end vote verification system for electronic ballot return voting.

How has the technology been vetted?2020-09-07T13:29:12-06:00

Private cybersecurity firms such as Trail of Bits and Shift State have conducted security analyses of the main industry vendors being used – including Democracy Live, Scytl, and Voatz. Universities are researching the methods as well; for example, MIT published a report regarding security issues and electronic ballot return voting. The Department of Homeland Security has also reviewed different applications, offering security feedback.

The National Cybersecurity Center is working to develop a set of guidelines and standards to inform the security standards for electronic ballot return. One key aspect of this is the requirement for ongoing code review to ensure that any updates only support the ongoing security of the industry partner’s product.

What are the risks involved?2020-09-07T13:30:15-06:00

No voting system is inherently perfect, and there are risks involved with every option. Paper ballots have been scarred by hanging chad debacles, ballots stored in trunks, and ballots not picked up in mail-in ballot drop off locations. Email and fax as ballot return methods are inherently insecure, and easily compromised. Voting in person may be a more secure method as well, but it can lead to disenfranchisement of voters which undermines the overall integrity of free and fair elections.

Electronic ballot return voting, too, has its risks: nefarious state actors or individuals could try to hack the voting system, and employees of the industry partners may seek to disrupt the election results. The existence of these risks is why the National Cybersecurity Center is working hard to develop standards across the electronic ballot return voting industry for internal and external security.

What is the federal guidance on electronic ballot return voting?2020-09-07T13:30:51-06:00

The federal Voluntary Voting System Guidelines do not offer specific guidance on electronic ballot return, as they solely pertain to voting systems that take place within a polling place or vote center. The National Cybersecurity Center is working with several organizations to develop standards to ensure that electronic ballot return voting is as secure as possible, and reflects the similar standards applied to BMDs and DREs.

If ballots are stored in the cloud, like some vendors use, how do you know they are secure?2020-09-07T13:31:37-06:00

Security audit logs offer insight into how organizations monitor access to the cloud, as well as how they might mitigate attacks. Cloud access logs should look similar to how election offices monitor the security and access levels to various rooms in the physical movement of ballots. For example, there should be a manifest of who is allowed access, a log of who has accessed the ‘room’ and when, a chain of custody for the ballots, etc. The election office and independent, third party auditors review the security logs for any discrepancies or security issues.

Post-Election Reviews

 

Latest Blogs

 

Correcting the Misinformation That’s Hurting U.S. Elections

October 1st, 2020|Categories: Events, Secure the Vote|Tags: , , , , , |

With about a month left before November's election, the

Understanding Mobile Voting’s Opportunities and Challenges

August 11th, 2020|Categories: News, Secure the Vote|Tags: , , , , , , |

The 2020 election is rapidly approaching, and the coronavirus pandemic

2020: The Year of Cybersecurity Resilience in U.S. Elections

July 30th, 2020|Categories: News, Secure the Vote|Tags: , , , , , , , |

Many challenges exist in the United States at the

Resources

 

 

DHS2020-08-07T11:31:07-06:00

https://www.dhs.gov/
Department of Homeland Security

https://www.dhs.gov/science-and-technology/cybersecurity-resources
Cybersecurity resources DHS Science and Technology

https://cyber.dhs.gov/directives/
Cybersecurity Directives

https://www.dhs.gov/publication/st-cybersecurity-portfolio-guide
Portfolio Guide

CISA2020-08-07T11:40:13-06:00

https://www.cisa.gov/, https://us-cert.cisa.gov/
Cybersecurity Infrastructure Security Agency

https://us-cert.cisa.gov/resources/sltt
CISA main resources page/directory.

https://www.cisa.gov/election-security-library
Election Security Library

https://www.cisa.gov/publications-library/Election%20Security
CISA Election Security Resources

https://us-cert.cisa.gov/resources/sltt
Resources for State, Local, Tribal and Territorial (SLTT) Governments.

https://us-cert.cisa.gov/resources/assessments
Cybersecurity Resources

https://www.cisa.gov/publications-library/cybersecurity
CISA publications.

https://www.cisa.gov/cyber-resource-hub#:~:text=In%20order%20to%20assist%20a,key%20elements%20of%20a%20robust
Details CISA’s available resource offerings.

https://www.cisa.gov/cyber-essentials
Cybersecurity Essentials

https://www.cisa.gov/cybersecurity-training-exercises
Cybersecurity Training and Exercises

EAC2020-08-07T11:43:15-06:00

https://www.eac.gov/
Election Assistance Commission

https://www.eac.gov/election-officials/election-security-preparedness#_jaqcereko2oi
Security Preparedness Main Page

https://www.eac.gov/election-officials/tech-time
Videos on Election Preparedness and Technology

CSRC – NIST2020-08-07T11:44:26-06:00

https://www.nist.gov/
National Institute of Standards and Technology

https://csrc.nist.gov/
Resource Page

https://csrc.nist.gov/publications
Publications

https://csrc.nist.gov/topics
Resource page topics page

NICCS2020-08-07T11:45:25-06:00

https://niccs.us-cert.gov/
National Initiative For Cybersecurity Careers and Studies

https://niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte
Federal Virtual Training Environment

https://niccs.us-cert.gov/workforce-development/cybersecurity-resources
Cybersecurity Workforce Resources

NSA2020-08-07T11:46:22-06:00

CONTACT US

Forrest Senti

Director of Business Government Initiatives
forrest.senti@cyber-center.org

Mattie Gullixson

Project Manager
Mattie.Gullixson@cyber-center.org

Go to Top