Being a normally flawed human being, I cannot resist starting with as we have been saying for six years, Wisconsin's "failure to carry out post-election audits that test the accuracy of election outcomes leaves the state open to undetected hacking and other Election Day problems."
In speaking about Wisconsin, the report concludes: "To protect its elections against potential attack by sophisticated nation-states seeking to interfere in U.S. elections, Wisconsin should adopt robust post-election audits that have binding effect on election results."
Explanation in the Wisconsin appendix reveals that CAP researchers picked up on a feature of Wisconsin elections most other commentators--even many within Wisconsin--miss:
Problems with Wisconsin's election security, along with possible solutions, are not visible unless you look beyond the state level and into the counties and municipalities.
Our state-level agency, the Wisconsin Elections Commission does not control the voting machines. They control only the systems that manage voter registration (WisVote) and that compile election results (the Canvass Reporting System, or CRS) after the votes have already been locally tabulated.
By and large, the WEC-controlled systems are well-designed and professionally managed. Most importantly, the WEC has taken care to ensure their systems include robust measures for detecting and correcting any Election-Day problems before those problems can ruin an election beyond repair.
But the technology that counts Wisconsin's votes is owned and operated by counties and municipalities--not the State. It is the local clerks, not the WEC, who are responsible for pre-election protective security and for the managerial measures that would detect and correct any Election-Day miscounts.
It is within those local voting machine systems that Wisconsin elections' critical vulnerability lies. Our vote-tabulation technology lacks both trustworthy pre-election security and detection/recovery capability.
Wisconsin's local election officials--bless their hearts--are not IT sophisticates. Asked about the threat of hacking, most will say something like what Sheboygan County Clerk Jon Dobson recently wrote to me: "The equipment is never connected to the Internet, (so) unless someone has figured out a way to hack through the unit's power cord, our equipment is basically unhack-able."
I don't think county clerks like Mr. Dobson are being disingenuous. I take them at their word that they genuinely believe that if they cannot see a way to hack the vote-tabulating technology, no one else can, either.
For their education in IT security, Mr. Dobson and his colleagues rely almost entirely on the commercial reassurances of the voting-machine company reps. They don't seek the counsel of independent IT-security authorities who could explain the myriad number of ways an elections system can be compromised without Internet connection, particularly by insiders.
Wisconsin's county clerks seem not to realize elections software could be compromised by security lapses outside their vision or control--by the vendors, service companies, municipal clerks, and poll workers.
And as for Internet access, news apparently hasn't yet reached them from their counterparts in Pennsylvania, who last year found that a voting machine company had installed unauthorized remote access capability on their election computers without their knowledge--something that computer-security professionals had been warning of for years. Like the Wisconsin clerks, the Pennsylvania clerks had been blithely assuring reporters that voting machines were never connected to the Internet--without having checked. When I publicly asked him whether he ever checked Dane County's machines for such unauthorized alterations, Clerk Scott McDonell said that the vendors had told him that would void the machines' warranty so no, he doesn't check.
That's the level of IT naïvete that stands between motivated international hackers and Wisconsin voting rights.
But we're just as naïve if we expect local election officials ever to be able to maintain bulletproof IT security. As Prof. Dan Wallach of the Rice University Computer Science Department explained, "You would not expect your local police department to be able to repel a foreign military power."
What we can expect of our local election officials--particularly our county clerks--is that they use the authority and resources already provided by Wisconsin law to manually check accuracy of the computer-tabulated vote totals before they certify election results final.
That's the solution that 26 states already have in place, with varying degrees of rigor. It's the solution that we've been advocating for the past six years. It's the solution that the 2014 Presidential Commission on Elections Administration recommended. It's the solution that Rep. Mark Pocan wisely wrote into his proposed federal legislation. And it's the solution that the CAP report recommended for Wisconsin.
Wisconsin reporters and editors need to pick up on it now, too. They need to start asking county clerks the same hard questions about local election-technology security that they have been asking the WEC. How do you detect whether the technology worked as intended on Election Day? Do your security and recovery procedures meet national standards? What plans do you have in place for recovery if they fail?
Here's hoping that such questions will motivate the local officials to manage our vote-counting technology as professionally as the WEC manages our voter-registration technology.