Cybersecurity Is a Major Challenge for Voting

Cybersecurity Is a Major Challenge for Voting

First in a series of report from Common Cause's 2017 summer interns.

First in a series

Editor’s note: Each summer, Common Cause New York is fortunate to be infused with the talents and energy of a group of interns. They help us with research on our issues, organizing our activists, and pretty much everything else that needs doing. As they headed back to their campuses, we asked them to reflect on their time with Common Cause and the challenges facing our democracy.


By Ben Winters, Law Intern, Cybersecurity and Elections

As a legal intern this summer, I’ve been able to work on cybersecurity in elections. From day to day, it may rule the news cycle or your social media feed, but every day as computing technology rapidly develops, the integrity of our elections is both strengthened and threatened. Needless to say, we are in a time of constant change and our governments should be changing to fit the times. The main areas of concern are the manipulation of actual votes and voting machines as well as potential tampering with voter rolls, where personal information for every registered voter is stored and where the name of each voter must be listed for him or her to vote on Election Day. 

There are two main choices for voting machines: Direct-Recording Electronic (DRE’s) and Optical Scan voting systems. A handful of states now use the DRE system. DRE machines display information entered on a memory card by a contractor and installed in each machine. The main concern researchers have found is that the computers the contractors use to program the ballots are connected to the internet and so are vulnerable to malware circulating online that could be used to manipulate votes to make a certain outcome. Some of these machines create a paper record of each vote, but audits of the votes, which compare the electronic count to the paper count, become meaningless because if the votes are tampered with when they’re entered, the paper copy simply reflects the tampering.

New York, as well as a large number of other states, uses an Optical Scan voting system. The voter fills out a paper ballot and feeds it into a scanner which electronically compiles the results. As a result, you have both a paper and electronic record. But New York as well as many other states, does not mandate post-election audits. What researchers and some lawmakers find absolutely critical is a shift to mandatory “risk-based” audits – which compare the ballots marked by voters to the electronic reports from the machines to verify that the apparent results are accurate.  

Such voter-verified paper trails (VVPat) have been a priority of some federal lawmakers but have not gained traction in Congress. Fourteen states have some sort of VVPat in place and some counties in other states do as well, but this is a vital step to ensure the sanctity of our elections, the cornerstone of our democracy.