March 31, 2018 -- Being a normally flawed human, I cannot resist starting this blog post with "As we have been saying for six years...", Wisconsin's "failure to carry out post-election audits that test the accuracy of election outcomes leaves the state open to undetected hacking and other Election Day problems."
In speaking about Wisconsin, the report concludes: "To protect its elections against potential attack by sophisticated nation-states seeking to interfere in U.S. elections, Wisconsin should adopt robust post-election audits that have binding effect on election results."
CAP researchers picked up on a feature of Wisconsin elections that in-state commentators have missed:
Problems with Wisconsin's election security, along with possible solutions, are not visible unless you look beyond the state level and into the counties and municipalities.
Our state-level agency, the Wisconsin Elections Commission does not control the voting machines. They control only the systems that manage voter registration (WisVote) and that compile already-tabulated election results (the Canvass Reporting System, or CRS).
But the technology that counts Wisconsin's votes is owned and operated by counties and municipalities--not the State.
It is the local clerks, not the WEC, who are responsible for pre-election protective security and for the managerial measures that would detect and correct any Election-Day miscounts.
Not only is pre-election security managed by non-IT professionals, Wisconsin's entire vote-counting system lacks the ability even to detect miscounts, never mind correct them.
Wisconsin's local election officials--bless their hearts--are not IT sophisticates. Asked about the threat of hacking, most will say something like what Sheboygan County Clerk Jon Dobson recently wrote to me: "The equipment is never connected to the Internet, (so) unless someone has figured out a way to hack through the unit's power cord, our equipment is basically unhack-able."
Clerks like Mr. Dobson are not being disingenuous. They genuinely believe that if they cannot see a way to hack the vote-tabulating technology, no one else can, either. Their trust in the voting-machine companies is complete and sincere.
For their education in IT security, Mr. Dobson and his colleagues rely almost entirely on the commercial reassurances of the voting-machine companies. They don't seek the counsel of independent IT-security authorities who could explain the myriad number of ways an elections system can be compromised without Internet connection, particularly by insiders.
Wisconsin's county clerks genuinely do not understand that elections software could be compromised by security lapses outside their vision or control--by the vendors, service companies, municipal clerks, and poll workers.
And as for Internet access, news hasn't yet reached them from their counterparts in Pennsylvania, who found that a voting machine company had installed unauthorized remote access capability on their election computers without their knowledge--something that computer-security professionals had been warning of for years. Like the Wisconsin clerks, the Pennsylvania clerks had been blithely assuring reporters that voting machines were never connected to the Internet--without having checked. When I publicly asked him whether he ever checked Dane County's machines for such unauthorized alterations, Clerk Scott McDonell said that the vendors had told him that would void the machines' warranty so no, he doesn't check. He is not fooling when he says he truly believes the machines to be so very secure that he can doesn't have to check their accuracy before he declares election results final.
And that, fellow voters, is the level of IT naïvete that stands between motivated international hackers and our voting rights.
But we have to be realistic about what we can expect from local election officials. As Prof. Dan Wallach of the Rice University Computer Science Department explained, "You would not expect your local police department to be able to repel a foreign military power."
What we can expect of our local election officials--particularly our county clerks--is that they use the authority and resources already provided by Wisconsin law to manually check accuracy of the computer-tabulated vote totals before they certify election results final.
The only protection can come from using our paper ballots to check the machines' Election-Day accuracy.
That's the solution that 26 states already have in place, with varying degrees of rigor.
It's the solution that we've been advocating for the past six years.
It's the solution that the 2014 Presidential Commission on Elections Administration recommended.
It's the solution that Rep. Mark Pocan wisely wrote into his proposed federal legislation.
And it's the solution that the CAP report recommended for Wisconsin.
Wisconsin reporters and editors need to pick up on it now, too. They need to start asking county clerks the same hard questions about their security practices that they have been asking the WEC about theirs: How do you detect whether the technology worked as intended on Election Day? Do your security and recovery procedures meet national standards? What plans do you have in place for recovery if they fail?
Voters can ask, too. Pick up the phone. Call your county clerk. Get the facts right from him or her. Ask: "At the moment when you sign that certificate declaring the election results to be correct and true, what specifically have you done to verify that the voting machines counted correctly on Election Day?"
Among the 72 county election authorities in this state, not a one will answer: "I follow federal recommendations and conduct a valid post-election audit."