Election Security

Good Washington Post op-ed on the need to use voter-verifiable paper ballots to secure elections, as well as risk-limiting audits.

Posted on February 15, 2018 at 9:14 AM • 46 Comments


PFebruary 15, 2018 9:51 AM

Ireland purchased e-voting machines because of its use of the proportional representation system with transferrable votes* and the need to count ballots several times. They were discarded as impossible to secure.

It also outlaws gerrymandering, limits the money in politics (provides some state funding), and has now outlawed micro-targeted political advertising.


markFebruary 15, 2018 11:31 AM

On the one had, well yes.

On the other, are you sure that the Russians *didn't* affect the 2016 totals? I'm not suggesting that they hacked the voting machines, or even the boxes that collect the totals. Rather, we *know* they got into the voter registration databases. Are there audit trails on who was removed from them?

And on the third hand, fascinating... since Grover Norquist is, literally, per the Constitution, a seditious traitor, who's been waging war on the US government for decades. I refer you to his famous quote, "I want to shrink the government until I can drag it into the bathroom and drown it in the tub."

ChrisFebruary 15, 2018 11:47 AM

As we move into the 2018 election cycle, I urge my fellow information security professionals in the United States to reach out to their local election boards and volunteer your services. By most reports our fundamental rights and democratic processes are under attack. We are experts in protecting information and we must use that expertise to defend our way of life as only we can. No matter what your political inclinations, no matter your feelings about any particular candidate, this is our best chance to ensure a fair and just election. We will reassure the people that they can rely on us to protect the choices they make, to defend the institutions they rely on, and to act as a shield against those who would do them harm.

Who?February 15, 2018 12:01 PM

Why risk on breaking voting machines' security when you can change voters' mind through social networks? Much easier and safer, and results are undeniable.

Philip RobbFebruary 15, 2018 12:26 PM

Why does this even matter? Voter identification laws get struck down all the time. If you can't authenticate users in any system, how do you ever expect to control malicious exploitation?

Security SamFebruary 15, 2018 1:04 PM

Since only a selective minority
Picks candidates via majority
Election security of the ballots
Akin to inserting pins with mallets.

Tyler BezioFebruary 15, 2018 2:04 PM


There's not a single person in American politics who operates in worse faith than Grover Norquist. Epitome of a bad-faith actor.

I couldn't care less if his message was accurate or on point in any instance, he's a serial liar and nothing he says can be trusted.

hmmFebruary 15, 2018 2:10 PM

What use is end-poll security if the big doors are wide open for ENDLESS MONEY?
Anything can be bought and will be if we continue to allow it.


Now even Chinese gov dark money is totally legitimate to persuade/delude Americans on who to elect.
The Citizens United decision is the single greatest treason committed in modern American history.

It'd be bad enough if the corporate masters had to be incorporated in the US entirely!
Zero restrictions, zero oversight, and the GOP is laughing all the way to oligarchy.

WANHUA CHEMICAL, a $10 billion chemical company controlled by the Chinese government, now has an avenue to influence American elections.

On Monday, Wanhua joined the American Chemistry Council, a lobby organization for chemical manufacturers that is unusually aggressive in intervening in U.S. politics.

The ACC is a prominent recipient of so-called “dark money” — that is, unlimited amounts of cash from corporations or individuals whose origin is only disclosed to the Internal Revenue Service, not the public. During the 2012, 2014 and 2016 election cycles the ACC took this dark money and spent over $40 million of it on contributions to Super PACs, lobbying, and direct expenditures. (Additional money flowed directly to candidates via the ACC’s political action committee.)

For example, in 2012 the ACC was the largest single donor funding last-minute ads attempting to save former Rep. Eric Cantor, R-Va., then House Majority Leader, during his losing primary campaign. The ACC donated $50,000 to a Super PAC supporting the 2014 campaign of GOP Sen. David Vitter of Louisiana for the state’s governorship. And while lobbying to revamp federal chemical safety standards in 2015, the ACC simultaneously aired advertisements in support of key legislators who were then crafting an industry-friendly version of the legislation.

Wanhua Chemical was founded as Yantai Wanhua Polyurethane Co in 1998. Though the firm underwent a public offering about two years later, the ultimate controlling shareholder of the firm is a division of the Assets Supervision and Administration Commission of China, the government entity that oversees state-owned enterprises.

Despite the nationalistic name of the organization, the ACC announced that Wanhua would join the group as a regular dues-paying member. Other dues-paying members of the ACC include BASF, Dow Chemical, Huntsman Corp., and Shell Chemical.

jonesFebruary 15, 2018 3:27 PM

There’s no evidence that vote totals were hacked in 2016. But it’s obvious that hackers have been testing the waters. Our attention has focused on Russia, but future threats could also come from North Korea, China, hacking groups such as Anonymous or any other adversary — foreign or domestic.

Uh, more worried about black box voting machines and republicans...





Sancho_PFebruary 15, 2018 6:15 PM

The US problem isn’t voting or the "hacking" of it.
The problem is the missing reasonable candidate.

hmmFebruary 15, 2018 8:26 PM

"The problem is the missing reasonable candidate."

Why base 2? Why not base 10?

People say they're against the third party, what if we mandated 10 equally funded ones?
Communism? I mean they'll say that, but it's just a level playing field.

tyrFebruary 15, 2018 8:32 PM

@Tyler Bezio

I couldn't care less if his message was accurate or on point in any instance, he's a serial liar and nothing he says can be trusted

Isn't that the generic definition of an american politician ??

On the other hand I imagine other nations
political types are models of probity
other than a few recent episodes of
joining in an aggressive war over the
loud objections of their citizens.


What I find totally hilarious is the
contention that some dreadful outsiders
somehow ruined the last election by
their nefarious actions. Nevada was
a classic example of how you ruin your
own and there wasn't a foreigner in

Until the political parties take the
time to get in touch with majority
citizens you can expect the narcissistic
who rule to spin everything because
they can't believe they have lost touch
with the populace.

I expect a Kardashian to win the next
time around since they have been more
in the public eye than any reasonable
human being.

AnuraFebruary 15, 2018 9:04 PM

Voting, registration, IDs, third parties... All a distraction. The biggest threat to democracy is that we do not have quality discourse. Mass marketed discourse is like any other product in capitalism - it is packaged to stimulate our senses, but inside is nothing but junk. Then we have social media sphere where winning a debate means having the most upvotes. It's no wonder we are so open to exploitation by propagandists.

If you want democracy, you first need to make sure the people have good information and discourse. That means that you need writers who write on subjects they are actually experienced in, auditing each other to make sure they are getting the facts straight and presenting them clearly. Unfortunately, there's no money in quality these days; established brands can make more money by hiring generic writers who can write crap articles about a broad range of subjects they know a little about.

hmmFebruary 15, 2018 9:37 PM

Is it a distraction to have more choices actually or isn't it?

The REASON we have Donald Prison-Jumpsuit Drumpf Inc. in office now IS because we had 2 candidates.

Good information is necessary, discourse is great, but if you have but 2 candidates and insane money pouring in without so much as knowing who gave it, that's simply too easy for the owner class to buy BOTH CANDIDATES and play eachother like a bidding war on TV. And that's all it's become, Tastes great vs less filling, but Tastes great lies and less filling cheated on her taxes.

Without that manufactured false dichotomy, "You're either with us or you're against us" - which isn't true! - people have more granularity in their representation and moreover it's much more difficult influencers to game as we've seen increasingly in every election since.. well, a while back.

Parliamentary systems don't have this problem but I think we could amend our Presidential system to have a level playing field for some number of candidates greater than two, and that would provably affect the representation levels both felt and empirical.

The problem isn't discourse, the problem is people are stupid and this is being taken advantage of by reducing their options, which is a classic sales technique. If you mandate that people have options, it's just mathematics that more people would be better served and everyone would feel more represented with their sacred vote. It's really a win in every direction.

I've been saying this since way before McCain picked Palin. Smart money would give up by now and find ways to chisel out huge contributions out of these campaigns which would ultimately disappear into phantom consulting operations. Hey look around. We're being run by those goddam consulting operations now.

You want discourse, you need someone who isn't going to ban it on a combed-over whim.
But I agree with you, we need discourse.

Snarki, child of LokiFebruary 15, 2018 9:45 PM

"Aren't they the same people who oppose the voter IDs?"

Yeah, I'm sure that there are tons of Russians that show up at the polls, make small talk with the blue-haired ladies that run everything, and sign the voter registry book with an exact match with the signature previously recorded, and never collide with existing voters.

Interested in buying a great bridge in NYC?

AnuraFebruary 15, 2018 10:30 PM


Two candidates, five candidates, ten candidates... Doesn't matter if you don't have the information necessary to make the choice. The environment that allowed Trump to even become a contender was caused by a combination of the mainstream media, purely for the sake of ratings, treating both sides as if they are both acting in good faith, even when one side clearly isn't, along with a massive Republican propaganda machine doing everything they can to fear monger, smear opponents, sew distrust, and create hostility, all for the sake of promoting neoliberalism (which has failed in every way imaginable, except to make the rich richer).

The two party system sucks, but if the media does its job then at the very least you get nominees that are acting in good faith. It's not just Trump, it's the entire Republican party that is acting in bad faith, and it's the media that enables them.

HmmFebruary 15, 2018 10:47 PM

"Doesn't matter if you don't have the information necessary to make the choice"

You're right, but if you have 2 you will have 2 choices. Not 10.

No amount of information will make either of the 2 choices better if pre-gamed by huge multinational money.

Think about it. You need information, discourse, but also a valid unbought option.

With two choices they can afford both. Try betting on a 10 horse race vs 2, see what I mean.

hmmFebruary 15, 2018 10:49 PM

"US vs THEM" single-point voter ads don't work when people have multiple choices.

That's 99% of what superpac untraceable BS corporate campaign money is spent on. Boolean.

AnuraFebruary 15, 2018 11:01 PM

It was still a choice between one candidate acting in bad faith and another acting in good faith. While neither candidate was ideal, what Trump and the Republicans are up to makes me fear for the future of democracy and my country. At least Clinton would have been concerned about upholding political norms and protecting the environment.

Sure, I'd like a non-authoritarian candidate. I'd like cake, too, but even if I had ten refrigerators it's still unlikely one would have cake in it.

Thessa ArndtwelfFebruary 15, 2018 11:11 PM

Dept of Nothing New under the Sun -

See Belloc and Chesterton, 1911, The Party System

hmmFebruary 15, 2018 11:45 PM

"It was still a choice between one candidate acting in bad faith and another acting in good faith. "

... extremely debatable. I mean just saying that proves my point in a sense.

With more than 2 possible opinions on the matter you could lose the ultimatum logic.

meFebruary 16, 2018 2:07 AM

i'm missing something...
if you have to check the paper because the electronic vote is insecure what's the point of having it in first place?

also: is the paper visible to the voter right after the vote so that he could check that the printed vote is what he voted?

Clive RobinsonFebruary 16, 2018 3:45 AM

@ Sancho_P,

The US problem isn’t voting or the "hacking" of it. The problem is the missing reasonable candidate.

There's some bloke in Manchuria ;-)

He's got a chemical factory that used to make chemicals that got put in milk, rather profitably that he now want's to splash around in the "Year of the Dog".

Name a "successful" politicion who cares as long as the corporate cash is green... Untill of course the US "Existential Threat Nation" windvane swings that way... Which in the next nine minutes it may very well do so.

Has anyone else noticed that the US "Exitential Threat Nation" list[1] has more parties (4) than the Official US Parties (2). The question both of them currently appear paused on is what to do about the "Third Way" / "cuckoo in the nest" in the Midterms...

[1] Which has consisted of China, Iran, North Korea and Russia for a while now. George Orwell should be proud...

echoFebruary 16, 2018 4:08 AM


I noticed a year or so ago the US had a policy of picking on one big baddie at a time then rotating through the short list of usual punchbags. When this was first articulated on this blog I was pretty pleased someone else noticed this too. There's other techniques like the well worn presentational methods and stern faced people in suits flanking the US president who mutters in a gravely voice ina well lit controlled environment while the accused get the interviewed on the hop in a windy gale treatment like Arthur Scargill.

Another one is how UK banks had played things so mortage interest was at silly levels and account interest was below inflation, and how UK retail had messed prices of everday items about so much they had broken the psychological link with value. This was raised on Newsnight and caused a stir for a brief time but the forces of business as usual drowned this out.

The UK is now making a scene over Russian interference. It's funny how the same stink isn't raised over US influences like the Koch brothers and Cambridge Analytica meddling in the Brexit referendum.


AndersFebruary 16, 2018 5:53 AM

So far the Estonia had desperately holding up with it's e-voting,
even with the ID card RSA problem.

So, is this the world's only secure e-voting system? Or is it just
useful for the politicians? Like Jossif Stalin once said - "The people who cast the votes decide nothing. The people who count the votes decide everything."

Jack BootheFebruary 16, 2018 6:52 AM

Just went through the 28 comments posted not one mentioned the simple fact, that in many states, anyone can vote and vote multiple times. In my state, you can literally register on election day, vote, go to another town, re-register and vote again. While illegal, there is no system in place to catch you or invalidate your second vote. In a small town, you could easily swing the election by brining in a group of people, have them stay overnight in a hotel, then present their hotel receipt as proof of residence (this has been done in the past, when students were temporarily relocated to city in my state when their Caribbean college was shut down for a few weeks by weather). There is not even a requirement to prove citizenship. Heck, if you really wanted to manipulate the election you could have this group drive around the state, register, and vote in multiple locations. This is a bigger threat to electoral integrity than movie plot intrusions by the Russians. Most voter rolls are local, and there appears to be no system to coordinate those rolls, statewide or nationally. If you wanted to, it would be very easy--considering the ease it with which to register to vote--to vote in multiple locations on election days. I would like to see a news organization record and show how easy it is for one individual to vote in multiple locations and states on the same election day. They could start on the East Coast and see how many places one person could vote in next November's election before they vote in California before the polls close there.

JG4February 16, 2018 7:03 AM

@Sancho_P - You could turn that around and say that the only choices are compromised candidates.

@Anura - I have no objection to pillory of the Republican wing of the War Party, but I'd like to see even-handed treatment, or as I call it, equal-opportunity hate. I don't think that either Clinton or the campaign staff acted in good faith. One term of art is disingenuous, as exemplified by the quote to the effect, "You have to have two positions, a public one and a private one." You also could call it duplicitous, but it is the opposite of good faith.

Can't recall if I've quoted Mencken here, but since I'm already on the list for early detention and enhanced interrogation, it can't hurt any more. I just want to live out my days in peace. I don't think that the situation can be changed, although I have spread a little bit of discontent:

The most dangerous man to any government is the man who is able to think things out for himself, without regard to the prevailing superstitions and taboos. Almost inevitably he comes to the conclusion that the government he lives under is dishonest, insane and intolerable, and so, if he is romantic, he tries to change it. And even if he is not romantic personally he is very apt to spread discontent among those who are.

VFebruary 16, 2018 7:05 AM

Human-readable paper ballots are not all that's needed. Human-readable paper -master- registration lists are needed as well.

If a state decides not to allow same day registration and voting it must keep the list of registered voters on index cards in a shoebox - locked in a safe - guarded 24x7 by representatives of at least 2 different political parties. In the last election I discovered my name had mysteriously fallen off the list despite my voting faithfully in primary and general elections in this district for - oh - 35 years. Suppose my state didn't have instant registration at the polling place or had "provisional ballot" baloney - I would have been out of luck.

hmmFebruary 16, 2018 7:29 AM

"While illegal, there is no system in place to catch you or invalidate your second vote."

Wrong. They do have to notice though.

" In a small town, you could easily swing the election by brining in a group of people "

Which is the idea behind Republican gerrymandering efforts ongoing, but they are losing.
It's not like you have a group of 10,000 people nor would that go unnoticed in the end.

"This is a bigger threat to electoral integrity than movie plot intrusions by the Russians"

That's horseshit, historically speaking. And counting apples.

"Most voter rolls are local, and there appears to be no system to coordinate those rolls"

Audits. "statewide or nationally" Both.

" If you wanted to, it would be very easy"

- Which explains why almost nobody does it and large % get caught? And it has never flipped anything.
Ever. Unless you have new insights.

" I would like to see a news organization record and show how easy it is for one individual to vote in multiple locations and states on the same election day."

You're going down a slippery slope with that idea but it's not unwarranted. Some fraud is unpreventable. The main idea though is that unless you have a really massive groundswell effort to defraud a specific area, which would be noticed in an audit after the fact should it come to that, you're not going to do diddly to the law of averages.

It's math. Your vote isn't anything unless you convince 100,000 to go with you and even then, what are you actually "throwing"? Nothing - you just lobbied. It's an easier effort than faking an identity and risking prison, right? Think it over lol.

Putin did.

AnuraFebruary 16, 2018 7:40 AM


One term of art is disingenuous, as exemplified by the quote to the effect, "You have to have two positions, a public one and a private one." You also could call it duplicitous, but it is the opposite of good faith.

I consider that politics, rather than bad faith. For example, Clinton has privately stated she supports open borders, but she doesn't propose open border policies because it's not practical today and the media would go crazy with that.

If your public position is just a more pragmatic version of what you really believe, you are not acting in bad faith. Political campaigns are about a candidate telling what they will do more than what they would like if they had the power to get everything they want.

On the other hand, Republicans tell people their tax cuts will pay for themselves when they know it's not true, it never happened, and everywhere they've tried their policies they have failed in every way, which they seemingly never learn from. At some point, you have to realize that they know that their tax cuts won't pay for themselves. But if they keep lying about the Reagan boom (0.2% GDP growth higher than Carter, who they say had the worst economy ever!) while ignoring all the times he raised taxed then they will keep getting reelected, because they created a media environment where they can lie about everything unchecked. They did this because they know the truth is not on their side.

Hell, the entire four years of non-stop investigation into Clinton there was never even reason to believe wrongdoing, but every time an investigation cleared her they ran another one. This is banana republic level corruption.

Pretty much any agency they see as getting in the way of their profits, they smear without any actual analysis into them; they don't want serious public debate into the effects of their policies, but will blame all the problems on them - entire regions collapsing? Oh, yeah, that's all due to environmental regulations and taxes - it has nothing to do with the fact that all their local businesses have been gobbled up by large corporations who structure their companies to minimize waged and suck every penny out of their town... The solution: tax cuts and deregulation, which has never worked before and never will, and they know it.

Clinton is a politician, she's an authoritarian, but she is not acting in bad faith. Both sides do it too is propaganda; one side is nothing like the other in this country.

DaisyFebruary 16, 2018 9:35 AM

This pisses me off so much.

We had paper OCR ballots and we had IBM punch-card ballots.

But after the 2000 Florida election fiasco, instead of figuring out how to fix the existing flaws of those paper systems, the idiots in Congress basically said let's throw all that proven technology right in the trash.

Let's replace it instead with electronic and computerized equipment that is accessible from the internet, hackable and practically unauditable.

Now the same clowns involved in pushing us off the unhackable systems on to hackable systems suddenly think the new systems weren't such a great idea.


Intelligent DonkeyFebruary 16, 2018 10:16 AM

I've got a great idea for electoral security.

Rather than leaving the outcome of an election to a popular vote, there could be a group of educated people who can take a clearer, more human perspective on the state of their constituents true desires and wishes, and then cast their own votes based on this perspective, which ultimately decide who will be the nation's leader, with the popular vote serving as more or less a democratic formality that doesn't necessarily have to be in line with the wishes of these aforementioned electors.

I call it the Electoral College.

Oh, wait, you already have that? Damn, never mind.

Security SamFebruary 16, 2018 12:12 PM

Since the Electoral College
Possess no mental knowledge
It becomes Fraud In Fraud Out
And the people lose the bout.

Mike BarnoFebruary 16, 2018 1:21 PM

@ Jack Boothe :

In my state, you can literally register on election day, vote, go to another town, re-register and vote again.

Which state is that? Here in New York State, we are assigned voting locations at a much more granular level than just, for example, 23rd Congressional District. If I register with my home address, I am assigned a polling place at a school, fire station, etc. in my own neighborhood. If I move and let the Department of Motor Vehicles register me in my new location, or if I mail in a card myself, then I can vote at that location's polling place, because my name and a past signature are in their book. Not in the next town, and not in the next county, unless I have submitted fraudulent registrations that were not detected. Does your state really allow same-day registration and voting with neither step needing to show a driver's license, no utility bills showing address, nothing but an assertion that you live where you say? Can you post a link to your state laws showing this?

If not, then I am more willing to believe the results of Kris Kobach's failed attempt (when he was a Kansas official with a strong ideological push) to identify any "busloads of outside voters" than to believe some claim that may have been propagated by Breitbart or Stormfront.

Mike BarnoFebruary 16, 2018 6:35 PM

@ Jack Boothe :

...some claim that may have been propagated by Breitbart or Stormfront.

Or a voter-fraud claim that was propagated by thirteen Russian individuals and three Russian entities, according to indictments for violations of US criminal law issued today by a federal grand jury:


Sancho_PFebruary 16, 2018 6:44 PM


Nah, it has nothing to do with parties, how many there are or options you have.
Quantity doesn’t make quality, but certainly will increase costs.
Actually look at Germany, more parties, more sh**. What do they do now?
Yea, they form a “big corruption” - This is where your votes are watered down in a multiparty system.

Of course election security is important.
We know that our IT-systems are not secure.
Now, why should we use them for elections?
Let’s increase security first.

hmmFebruary 17, 2018 11:24 AM

@ Sancho

It's a fair point. At least they have more than a monochrome of choice though.
A Parliamentary system is always going to have that issue.

In our system more parties would not necessarily result in the exact same result because we don't have Parliament, as the Presidency is effectively a Prime Minister with their support already established - there is no vote of no confidence or direct need to build governing coalitions. That choice and responsibility has been given to voters directly, up front.

I tend to favor the Parliamentary system in this use case because of that recurring check. As Brexit proves any single vote can be swayed beyond the actual interests of those deciding, no matter how ridiculous or obviously misinformed by intention. Being stuck with something few actually support and which turns out to be an empirically horrible idea is not great governance in my opinion.

hmmFebruary 17, 2018 11:26 AM

Rats I left off the last point I meant to make :

Ballot security is an independent concern of 2-party poker.

You don't need to do one or the other. Both can be improved at the same time.

KhavrenFebruary 20, 2018 3:32 PM

Beware of reasonable distractions. "X is a problem we should solve!" "Sure X is a problem, but Y is worse!" "Forget about X and Y, Z is the worst of the worst!" and then instead of fixing X, there is just argument about which is worse, x y or z. If someone seeks to distract or postpone fixing a problem to argue about what problem is worst, they are "muddying the waters" and making it harder to move forward.

the greater of two goods?February 20, 2018 6:32 PM

Corporate lobbyists buying legislation is a problem we should solve. Sure that's a problem, but foreign corporations doing the same is worse! Forget about mega-corps buying votes (they have freedom of speech after all), influencing votes without spending billions through SuperPACs is the worst of the worst!

Anonymous2cFebruary 26, 2018 12:42 PM

From the United States of Amnesia ("'USA'") and Princeton University

"The ES&S model DS200 optical-scan voting machine has a cell-phone modem that it uses to upload election-night results from the voting machine to the “county central” canvassing computer. We know it’s a bad idea to connect voting machines (and canvassing computers) to the Internet, because this allows their vulnerabilities to be exploited by hackers anywhere in the world. (In fact, a judge in New Jersey ruled in 2009 that the state must not connect its voting machines and canvassing computers to the internet, for that very reason.) So the question is, does DS200’s cell-phone modem, in effect, connect the voting machine to the Internet?

The vendor (ES&S) and the counties that bought the machine say, “no, it’s an analog modem.” That’s not true; it appears to be a Multitech MTSMC-C2-N3-R.1 (Verizon C2 series modem), a fairly complex digital device. But maybe what they mean is “it’s just a phone call, not really the Internet.” So let’s review how phone calls work: ..."


ShavedMyWhiskersFebruary 26, 2018 4:59 PM

Hacked IOT devices and home computers allow remote actors to appear local to a community. Fake accounts retweeting or sharing or cut and paste do not share... actions increase the signal to noise ratio.
In the last election Thump was noise that I was inclined to discard and not pay attention to.
Madison Avenue tools are not new in politics. Such services are and may still be less expensive outsourced to international or other needy places like Baltimore.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.