Despite substantial investments in beefed-up security, voting systems across America remain dangerously vulnerable to cyberattacks, the Center for American Progress (CAP) reports in a study released today.
The study, “Election Security In All 50 States,” credits election officials in every state with making progress toward safeguarding registration and voting records but said none have done enough to earn an “A” grade. “Even states that received a B or a C have significant vulnerabilities that leave them susceptible to hacking and infiltration by sophisticated nation-states,” the authors write.
“Already, we are running out of time to prepare for the 2018 elections, while the 2020 presidential election is looming,” the report asserts. “Another attack on our elections by nation-states such as Russia is fast approaching. Leaders at every level must take immediate steps to secure elections by investing in election infrastructure and protocols that help prevent hacking and machine malfunction.”
The report builds on earlier studies by CAP and groups including Common Cause, the Brennan Center for Justice, Verified Voting, the Pew Charitable Trusts and the National Conference of State Legislatures. It “is not an indictment of state and local election officials,” the authors emphasize, noting that states are often constrained by a lack of money and inadequate technology as they try to make systems more secure.
Among the most glaring deficiencies identified in the report:
- Fourteen states use paperless DRE machines in at least some jurisdictions. Five states rely exclusively on paperless DRE machines for voting. Common Cause and other watchdog groups are pushing state officials to move to paper ballots, which can be audited after the election to ensure that the reported count accurately reflects voters' choices.
- Thirty-three states have post-election audit procedures that are unsatisfactory from an election security standpoint, due either to the state’s use of paperless DRE machines, which cannot be adequately audited, or other factors. At least 18 states do not legally require post-election audits or require jurisdictions to meet certain criteria before audits may be carried out.
- Thirty-two states allow regular absentee voters and/or U.S. citizens and service members living or stationed abroad to return voted ballots electronically, a practice deemed insecure by election and cybersecurity experts.
- At least 10 states do not provide cybersecurity training to election officials.
“We hope that by identifying potential threats to existing state law and practice, this report helps lead to the allocation of much needed funding and resources to election officials and systems in the states and at the local level,” the authors add.
Office: Common Cause National
Issues: Voting and Elections