On March 6, 2019 Santa Clara County Supervisor Joe Simitian hosted an all-day symposium on the security of our county election system. Here are my notes. Sue Graham

Law and Policy

Speakers: Kim Alexander, Ann Ravel, Stephanie Singer

The counties have the responsibility to run elections. This is a giant unfunded mandate. The agencies and the candidates should pay for the work that the county does on their behalf.

According to Ann Ravel, parts of the constitution do give the federal government the power to regulate state elections if the election is for a federal office. States need federal oversight. All states should operate under the same standards for federal elections.

We don’t know if 2018 election was tampered with as some states are using equipment that doesn’t allow evidence to be preserved. We need the ability to audit all elections. Smaller counties don’t have the resources to make voting secure.

Important steps: Audit each step:

  • Audit the voter registration list.
  • Seek Department of Home Security involvement.
  • Lease voting equipment rather than buying.
  • Insist on a paper trail.
  • Have a checklist of what you do.
  • Be sure that the voter has confidence that their votes count.
  • County IT technicians should be on staff all the time.
  • Support HR1.
  • For reliable information seek websites that end in .gov or use Voter’s Edge.

Technology

Speakers: Ben Adida, Barbara Simons, Philip Stark

Voting security is hard because:

  • There is no referee.
  • The ballot is secret.
  • We don’t fund ROV properly.
  • ROV uses a volunteer staff.
  • The technology is old.
  • Voting happens in a condensed period of time.
  • American ballots have 20 to 30 questions.
  • We have many languages.
  • We can’t count the ballots by hand.

The threat model in voting is very complex. Who wants to do something nefarious? How do you defend against all the possibilities?

What are the core best practices?

  • Paper ballots, hand marked.
  • We need audits – a paper trail.
  • The voter registration database needs good security measures.

Voting machines present new vulnerabilities to the voting process. The ES&S machines came under harsh criticism by the panel. Among other things, it is hard for the voter to be sure that his vote was tallied as he wanted. The paper in his hand doesn’t necessarily match the data in the machine. Also, voting machines take longer to vote on, causing lines to form in big precincts. A very interesting article about its short-comings can be found with this link.

https://medium.com/@jennycohn1/progress-states-are-replacing-unverifiable-touchscreen-voting-machines-with-unverifiable-3d77c0905cfd

Should we be worried about hacking? Yes.

We should ask for evidence that elections were not hacked.

Just because the computers are not connected to the internet doesn’t mean they can’t be hacked.

Hackers only need to tamper with a few key states to swing an election.

Many vendors are partisan.

A disinformation campaign on social media has as much power to change an election as cyber security.

County Perspectives Panel

Speakers: Mike Shapiro, Gail Pellerin, Warren Slocum

Implementing election security:

  • Ask Department of Homeland Security to come in and do a stress test – ‘risk limiting audits’.
  • How do we protect the front end?
  • Train employees correctly
  • Train election day volunteers well.
  • Communicate with the public.
  • Observers should be posted at all polling places to ensure adherence to good voting practice.
  • Lease voting equipment; don’t buy.
  • Need continued source of funding.
  • Maintain partnerships with federal, state and local entities.

Voting is a positive affirmation between the people and their government.