The National Academies Press

Currently Skimming:

5 Ensuring the Integrity of Elections
Pages 85-106

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 85... ... Election tallies and reporting may also be affected by malicious actors. Malicious actors can affect vote counts by: • introducing inaccuracies in the recording, maintenance, and tally ing of votes; and/or • altering or destroying evidence necessary to audit and verify the correct reporting of election results.1 There are many ways to prevent the casting of votes. Read the entire page →
From page 86... ... Denial-of-service Attacks Denial-of-service (DoS) attacks interrupt or slow access to computer systems.2 DoS can be used to disrupt vote casting, vote tallying, or election audits by preventing access to e-pollbooks, electronic voting systems, or electronic auditing systems. Read the entire page →
From page 87... ... It can prevent correct tallying by altering or destroying electronic records or by causing software to miscount electronic ballots or physical ballots (e.g., in instances where optical scanners are used in the vote tabulation process) Read the entire page →
From page 88... ... Congress appropriated $380 million "to the Election Assistance Commission for necessary expenses to make payments to States for activities to improve the administration of elections for Federal office, including to enhance election technology and make election security improvements."5 Election administrators face a daunting task in responding to cyber threats, as cybersecurity is a concern with all computer systems. This is 4 See The Center for Internet Security, "A Handbook for Elections Infrastructure Security," available at: https://www.cisecurity.org/elections-resources/, and Belfer Center for Science and International Affairs, Harvard Kennedy School, "The State and Local Election Cybersecurity Playbook," available at: https://www.belfercenter.org/publication/state-and-local-electioncybersecurity-playbook. Read the entire page →
From page 89... ... , many jurisdictions in the election sector are not following best security practices with regard to cybersecurity, one reason being that the banking industry is highly regulated, and part of these regulations is the supervision of their cybersecurity strategies.6 Several factors affect a bad actor's ability to compromise a system: (1) how well the system was designed; (2) Read the entire page →
From page 90... ... As a result, there is no technical mechanism that can ensure that every layer in the system is unaltered and thus no technical mechanism that can ensure that a computer application will produce accurate results. This has several important implications for election systems: • all digital information -- such as ballot definitions, voter choice records, vote tallies, or voter registration lists -- is subject to mali cious alteration; • there is no technical mechanism currently available that can ensure that a computer application -- such as one used to record or count votes -- will produce accurate results; • testing alone cannot ensure that systems have not been compro mised; and • any computer system used for elections -- such as a voting machine or e-pollbook -- can be rendered inoperable. Read the entire page →
From page 91... ... The first defense is primarily nontechnical and involves economic, organizational, and behavioral factors. The second defense requires research to develop new technologies and approaches.11 Cybersecurity and Vote Tabulation Because there is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats, one must adopt methods that can assure the accuracy of the election outcome without relying on the hardware and software used to conduct the election. Read the entire page →
From page 92... ... Even failed attempts at interference could, if detected, cast doubt on the validity of elec tion results absent robust mechanisms to detect and recover from such attacks. Findings There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats. Read the entire page →
From page 93... ... Election Assistance Commission should closely monitor any future federal funding designated to enhance election security. 5.4 Congress should provide funding for state and local governments to improve their cybersecurity capabilities on an ongoing basis. Read the entire page →
From page 94... ... This evidence may be examined in a "recount" or in a "post-election audit" to provide assurance that the reported outcome indeed is the result of a correct tabulation of cast ballots. Voter-verifiable paper ballots provide a simple form of such evidence provided that many voters have verified their ballots. Read the entire page →
From page 95... ... operate dynamically by examining individual randomly selected paper ballots until sufficient statistical assurance is obtained. This statistical assurance ensures that the chance that an incorrect reported outcome escapes detection and correction is less than a predetermined risk limit. Read the entire page →
From page 96... ... that electronically represent the contents of each paper ballot. A ballot-comparison audit operates by randomly selecting paper ballots from a list of all cast paper ballots on a ballot manifest and comparing the voter-verified human-readable contents of the selected paper ballots to the electronic records in the corresponding CVRs. Read the entire page →
From page 97... ... E2E-V voting systems adopt certain properties (see Box 5-1) , encrypt ballot data, and permit verification of data throughout the voting process. Read the entire page →
From page 98... ... After polls close, copies of all voter receipts would be posted to a pub lic electronic bulletin board in order to allow voters to confirm that their votes have been properly recorded. If the voter's unique receipt was not posted, the voter could file a protest and use the receipt as evidence for correcting the posting error. Read the entire page →
From page 99... ... With the S cantegrity system, for example, voters mark their paper ballots with special pens that reveal a secret code when a voter selects a candidate (the code changes with each ballot) Read the entire page →
From page 100... ... Risk-limiting audits can efficiently establish high confidence in the correctness of election outcomes -- even if the equipment used to cast, collect, and tabulate ballots to produce the initial reported outcome is faulty. States and jurisdictions purchasing election systems should consider in their purchases whether the system has the capacity to match CVRs to physical ballots, as this feature could result in future cost savings when audits are conducted. Read the entire page →
From page 101... ... Although Internet voting offers convenience, it introduces new risks with regard to the integrity and confidentiality of votes as well as the potential for cyberattacks that could make it difficult or impossible for voters to cast their ballots within 25 Risk-limiting audits examine individual randomly selected paper ballots until there is suf ficient statistical assurance to demonstrate that the chance that an incorrect reported outcome escaping detection and correction is less than a predetermined risk limit. 26 Katherine Stewart and Jirka Taylor, analysts for the RAND Corporation, recently con cluded that "the observed impact of online voting on voting behaviour to date has been varied. Read the entire page →
From page 102... ... Simple PINs and passwords are inadequate for secure voting, and standard email is an inappropriate medium for distributing strong credentials or transmitting marked ballots.29 27 Digital credentials may be vulnerable to hacking. In 2017, Estonia suspended the use of its identity smartcards in response to the discovery of a wide-ranging security flaw. Read the entire page →
From page 103... ... In an election context, the "transactions" would be the casting of ballots. A blockchain could therefore act as a virtual electronic ballot box. Read the entire page →
From page 104... ... Ballots stored on a blockchain are electronic. While paper ballots are directly verifiable by voters, electronic ballots (i.e., ballots on a blockchain) Read the entire page →
From page 105... ... Vote Foundation asserted that any possible future Internet voting system should utilize E2E-verification, but the report stated that this should not even be attempted before greater experience has been garnered with E2E-V systems deployed and used within in-person voting scenarios.34 E2E-V voting mitigates some of the vulnerabilities in Internet voting. However, advances in prevention of malware and DoS attacks need to be realized before any Internet voting should be undertaken in public elections -- even if E2E-V. Read the entire page →
From page 106... ... Election Assistance Commission standards and state laws U should be revised to support pilot programs to explore and vali date new election technologies and practices. Election officials are encouraged to seek expert and public comment on proposed new election technology before it is piloted. Read the entire page →

From page 85...

... Election tallies and reporting may also be affected by malicious actors. Malicious actors can affect vote counts by: • introducing inaccuracies in the recording, maintenance, and tally ing of votes; and/or • altering or destroying evidence necessary to audit and verify the correct reporting of election results.1 There are many ways to prevent the casting of votes.

5 Ensuring the Integrity of Elections Pages 85-106

5 Ensuring the Integrity of Elections
Pages 85-106