Paper Is Critical in Voting Tech Security, Panel Told

The Little Hoover Commission has been researching voting equipment security in California, breaking the topic into parts like how voters know their vote is counted, how equipment and security can be improved and county stakeholder perspectives.

Pedro Nava, chairman of the independent state oversight panel, led the conversation at a public hearing Thursday in Sacramento, focusing on the importance of voter confidence and protecting the right to vote by ensuring that all voters have access to systems that work for them.

Security is a major component of that, Nava said, and witnesses at the hearing offered recommendations to improve on security throughout the state.

"In my experience, the states that do the best on voting system security are the ones that keep looking for and embracing opportunities to improve," said Pamela Smith, senior adviser to the nonprofit, nonpartisan Verified Voting, which advocates for legislation and regulation that promotes accuracy, transparency and verifiability of elections.

"Security threats don't stand still," Smith said, "so neither can those whose work it is to safeguard our elections." 

While she credited California with getting some things right, like paper ballots to confirm votes and machines that are not networked, she discussed things that counties could do better.

"Election security is not an on/off switch. ... Rather, it involves incrementing layers of effort and analysis, of systems and procedures, all created or conducted by people, all while balancing cost and priorities," Smith said. "As hard as we try, there will always be another vulnerability discovered. Perfect security is not attainable."

Smith offered the following recommendations for secure elections:

• Physical ballot: Can be reviewed by voter and audited
• Recoverability: Having another way to store those votes in case of security breach
• Backup systems available: Available paper and ballot books that can be accessed if systems go down
• Security standards: Maintaining National Institute of Standards and Technology (NIST) standards, instead of allowing compliance for the year a machine is bought
• No connectivity: No Wi-Fi or network access for any reason
• Risk-limiting audits: Rechecking ballots and finding out why someone couldn't vote 
• Testing requirements: Need to be strengthened, including poll book testing
• Funding: The state funds counties' needs for secure equipment
• Non-proprietary software: Knowing what's in the software will make things more secure
• Hardware checks: Knowing how to turn off networking capabilities and checking hardware seals

Noel Runyan of Personal Data Systems highlighted accessibilty as a component of security in his testimony. He explained that while vote-by-mail could be a secure option, if a person with disabilities did not bring a ballot to a polling place, they could not use an accessible machine to cast a provisional ballot because the system is not set up for that. 

Philip Stark, associate dean of mathematical and physical sciences at UC Berkeley, echoed Runyan and Smith in the need for audits and paper records. Paper is harder to change, especially in large volumes, and can offer a chance to show evidence in an audit of drawing the correct conclusion.

The concept that California could act as a laboratory for voting security innovation was a main point for John Sebes, CTO of Open Source Election Technology Institute. The state could pressure the interoperability of voting systems at the federal level, according to Sebes.