For more information, contact us at WiscElectionIntegrity@gmail.com or call WEI Coordinator Karen McKim at 608-212-5079.
First of all, thank you for covering these issues.
The top two items on election-integrity advocates' wish list for excellent media coverage are 1) hold election managers to the same standards you hold other local government officials; and 2) understand that the information-technology story cannot be obtained by talking only to election officials.
About upholding standards: You know how you would respond if a city parking manager told you, "Well, sure, a few thousand parking ticket payments were lost, but it didn't affect the overall solvency of the transportation fund." Do that the next time a city elections manager tells you something like, "Well, sure, recounts always find many miscounted votes, but it didn't affect the outcome."
Ask the same sort of follow-up questions you'd ask any other responsible local-government manager. Make it a bad-management-versus-good-management story, even when there is no Democrat-versus-Republican angle.
About covering the IT issues: State and local election officials should not be your only source for the IT issues, because they are not able able to speak about voting-machine security with much depth and authority.
- IT expertise is not a requirement to be hired as a municipal or elected as county clerk. Even at the top, staff of the Wisconsin Elections Commission has not until recently included anyone with professional-level education or experience in IT.
- Wisconsin's election officials have control over only one of the two completely separate IT systems that run Wisconsin elections. They are reasonably good sources when you're looking for information on the voter-registration system, but they simply know and understand much less about the vote-tabulation system. Here's a cheat sheet:
|Voter-registration system||Vote-tabulation system|
Name of system
One system, the DS200, counts 60-70% of Wisconsin’s votes;
|What does it do?||Records voter registrations; keeps them up to date; prints the poll books you get your name checked off on when you vote, among other election-administration tasks||Reads our ballots, counts our votes, determines who wins our elections.|
source for reporters
|WEC is your primary source for this information. They know this system inside-out.||Vendors (ES&S, Dominion, Command Central, and Clear Ballot) are the only primary source regarding tabulation-system security. Local election officials
know only their own security practices, which don't address the most critical risks.
State of Wisconsin; a collaboration between WEC and Division of Enterprise Technology
|Any of several private companies; not always the current vendor|
|Owner||State of Wisconsin||
Software is owned by vendors;
|System updates managed by||State of Wisconsin||
|Security managed by||State of Wisconsin||
|General security program||Has all five standard components actively in place: 1) Risk identification;
2) Safeguards; 3) Monitoring to detect events; 4) Response plan;
5) Recovery plan
|We have only vendors’ assurances about their practices for risk
identification or safeguards.
Local officials rely on only minimal, informal detection practices, and have no clear plans for response or recovery
|Who would know if it was hacked?||
The State of Wisconsin, specifically the DET and WEC, continuously monitor all cyber activity, with the assistance of the federal DHS.
Voters will notice if their registration disappears, but they can re-register at the polls.
We don’t know whether the voting machine companies would know if the
|Has it ever been hacked,
State officials know that hackers are continuously trying, and that none have succeeded.US DHS has determined that some attempts came from Russia.
No one knows, because no one examines the software (a copy is in every machine), and no one routinely checks the machines’ Election-Day accuracy against the paper ballots.There have been electronic miscounts, but none that appear, on their face, to be deliberate.
The key security question to ask local election officials:
"When you sign that certification statement, how do you know the voting machines identified the right winners?"
As you assess their answers, remember that voting machines have no special magic that makes them more reliable than any other computer.
Compare the clerks' answers to what you would expect to hear from a banker talking about checking ATM transactions, or a convenience-store manager talking about nightly cash-register reconciliation. Don't settle for less.
Here are some things you will hear from Wisconsin's election officials, and what your follow-up questions should include:
"The voting systems are federally certified."
Election clerks will mention this, but will not be able to answer any follow-up questions about the federal certification criteria relating to security (as opposed to accessibility, reliability, etc.); controversies regarding the current value of outdated federal certification standards; and how exactly years-old federal certification of the design of each system protects the actual machines and software used in the next election. (It doesn't).
"The voting systems are certified by the state elections agency."
As with federal certification, local election officials are typically unaware that state certification is based on whether the systems meet standards in Wisconsin law, which focus on features other than security. Contact WEC staff for more information. If you are interested in a particular system (such as AVC Edge or M-100), ask about the security criteria used at the time the system was certified.
"Voting machines are never connected to the Internet."
Don't count on local election officials to mention that their voting machines are programmed with software that originates in the vendors' computers. Neither state nor local officials can speak authoritatively about the security of the software at any time before it comes into their possession before each election.
Also be aware that the polling-place voting machines communicate (either wirelessly or by use of portable digital media) with a central county elections-management computer. Ask how and when Wisconsin officials inspect these county computers for remote access software. If they don't, they cannot confirm that they are not connected to the Internet.
"Every machine is publicly tested before each election."
Municipal clerks reliably perform voting-machine tests required by s.5.84, Wis. Stats within 10 days before every election. Most do not understand that their tests fall far short of any standards for computer "logic and acceptance testing" (LAT) used outside elections and that they are useless in deterring or detecting hacks.
Two of the many limitations are: 1) No effort is made to fool the voting machines into thinking they are counting votes on Election Day, and some machines are even deliberately tested in a test mode. Because malicious code would be designed to operate only on Election Day and in Election-Day mode, a test done on any other day could not detected a hack. 2) Municipal clerks also typically cast only one vote for each candidate in the pre-election test, so that if the machine was programmed to 'flip' votes--that is, county one candidate's votes for another and vice-versa (a predictable programming error, if not a hack), the pre-election test could not detect it.
"We verify that the machines counted correctly on Election Night, and double-check during the canvass."
Your follow-up question should ask them to clarify whether they are talking about verifying ballot totals or vote totals. All Wisconsin jurisdictions routinely check and double-check that ballots were counted correctly; none routinely check that votes were counted correctly during their canvass.
Verifying that machines counted ballots correctly (but not votes) is equivalent to a bank verifying that an ATM counted the correct number of transactions, without verifying that the dollars were debited/credited to the correct accounts.
"The state orders voting-machine audits."
These voting machine audits, as they were performed before 2018, serve no election-security function. Among other limitations, they occurred only after November elections in even-numbered years; included only about 100 of the state's 3,500 voting machines, and were completed only after the election results were certified final--too late to correct any miscounts detected and therefore too late to deter hacking. For the November 2018 elections, WEC ordered more voting-machine audits and ordered them to be completed before results are certified, but these audits still do not verify the correct winners and so have limited value as a security measure.