What if WEC talked straight about election security?

The job description for the Wisconsin Election Commission’s public information officer does not say “Secure Wisconsin’s elections.” So Reid Magney's annual performance review won't suffer if, next November, hackers compromise ES&S headquarters in Nebraska, manipulate Milwaukee County's voting system, and pick Wisconsin's US Senator.

Magney’s job description probably says something like “Build voter confidence.” So don't expect him to draw attention to this or that national report, or whichever new report has once again given Wisconsin poor marks for election security.

GeorgeWithCaption.jpgLast Wednesday, Carrie Kaufman of WPR’s Morning Show told Magney, “Assure me that our voting system is secure.”

Magney obliged, and recited all the great things about security for the voter-registration system (my emphasis, not his). He talked about firewalls, multifactor authentication, hiring new Internet security staff, and installing software that will monitor for suspicious activity.

Magney avoided saying much about Wisconsin's vote-tabulation system. That’s a different security story.

WEC has very little responsibility for the vote-tabulation system. It was developed by private out-of-state companies, and is owned, operated, updated, and maintained by those companies and Wisconsin's counties, cities, villages, and towns. Not by WEC.

Magney left the impression that the wonderful safeguards protecting WEC's voter-registration system also protect the vote-tabulation system.

I know enough election technology to notice Magney's feints and finesses. As I listened, I found myself imagining a different interview. I imagined that Kaufman had asked specifically about the tabulation system, and that she was speaking with a WEC representative whose job description said “Make sure voters understand the real risks and necessary safeguards.”

Here’s that interview: 

Interviewer: Welcome to our show. Every day seems to bring more alarming news about Russia’s intent to tamper with American elections.  Is Wisconsin's computerized vote-tabulation system secure?  I will discuss that today with my guest, Earnest Veracity of the Wisconsin Elections Commission. Welcome, Earnest.

Veracity: Thank you for having me.


Interviewer: I’m assuming you’re familiar with the five basic functions of a cybersecurity program, spelled out by the National Institute of Standards and Technology—identify the risks; protect the system; detect any problems; respond to any problems; and recover. Would that be a good framework for discussing Wisconsin's election security?

­­­Veracity: Yes, that framework is useful. But I must make one thing clear before we start. I’ll answer your questions as best I can, but tabulation-system security isn't something that WEC has much say about. That's the job of the voting-machine companies and the local election officials. Wisconsin has decentralized elections administration, and voting-machine security is no exception.

Interviewer: I understand that. Let’s start with simply describing the system. Are the computers that count our votes inside those machines at our polling place, or somewhere else? Whose system is it? Who manages it?

Veracity: The vote-tabulating system consists of three parts: whatever computers the voting-machine companies use to develop and update the software; an 'elections management' computer in each county clerk's office; and the voting machines in each polling place. Each new election has its own set of races and candidates, so the county computers and the voting machines have to be reprogrammed for every new election. Typically, the software is developed out of state at one of the voting-machine companies' offices, and then transferred to the county either over the Internet or with portable digital media. The county clerk then prepares the software for each voting machine, and the municipal clerks install it in the voting machines. That software really travels.

Ownership and management get a little tangled. The companies own the software and some of the equipment. Counties typically own and manage the county computers, while the voting machines are owned or leased by the cities, villages, and towns.

Interviewer: So where are our votes counted?

Veracity: The software that counts your votes is typically inside the machine in your polling place. But it got there through the county's computer and the vendor's computers.

Interviewer: Got it. Let's move to security, and start with the first function, risk identification. Have the voting machine companies and the local election officials identified the risks?

Veracity: We don’t know whether the voting-machine companies have identified the risks. It’s possible they haven’t, because to the best of our knowledge, none employ any IT security professionals.  Your network carries a great show, Science Friday, which aired a very good segment on this topic right before the 2016 elections. Aviel Rubin, director of the Johns Hopkins University Information Security Institute, described what he learned when he visited all the major voting-machine companies.

As for the local election officials, few understand the risks. Most, for example, will tell you the voting machine cannot be hacked if it isn’t connected to the Internet, overlooking the other computers involved in the process. They also believe that pre-election tests can detect hacked software.  No one should expect local election officials to be IT security professionals. They just are not.

Interviewer: I suppose that’s fair. How about the second function of a good cybersecurity program. Do the managers of the vote-tabulation system protect it from the risks?

Veracity: Again, we know almost nothing about the voting-machine companies’ security practices.  A few incidents indicate they might be lax. For example, in 2016, recount observers noticed manufacturers’ seals missing from voting machines in St. Croix County.  When we investigated those citizens’ reports, we discovered a vendor’s service technician had left machines unsealed through several elections. We checked only St. Croix County’s machines. There may have been others that the technician left unsealed.

The local election officials, well, they do the best they can. They keep the voting machines and county election computers in locked rooms, and only occasionally find someone got unauthorized access. They are very reliable about keeping track of the software as it passes back and forth between the county and the municipalities.  But keep in mind the nature of the workforce.  Elections are run mostly by people who work on those tasks only a few days each year. We cannot expect security protocols to be reliably followed.

Interviewer: Well, that’s sobering. Who oversees the local governments’ election-security efforts? Do you?

Veracity: No, they’re pretty much on their own. County clerks are independently elected. Making sure they do their job right is up to the voters. Municipal clerks generally answer to the city council, village board, or town board, not to any professional election overseers. WEC does not, cannot, monitor their security practices.

Interviewer: Yikes. So as far as we know, no one is making sure we have much risk-identification or strong protection going on. What about detection? Do the local officials at least have ways to detect Election-Day computer miscounts? I understand that hacking isn’t the only threat—that they also need to be on the lookout for human error and random malfunction.

Veracity: Yes, those are the three main categories of electronic threats to our election results. But again, I'm sorry I cannot answer that question with regard to the voting-machine companies’ security practices. We have no idea what they do, if anything, that would, for example, detect malicious code if one of their programmers goes rogue and starts working for Russia.

And local election officials have no way to notice any malicious code if it’s already there when they receive software or updates from the vendor and install them in the voting machines. They are good about doing pre-election voting-machine tests, which can catch human programming errors. But those tests wouldn’t detect hacking. Remember the Volkswagen scandal? That should have taught everyone that hacks are designed to operate only during actual use, not during testing. A hacker would make the malicious code operate only on Election Day.

After each election, local election officials check that the machines counted ballots correctly, but not whether the machines counted votes correctly.  That doesn’t protect our election results, because hackers would tamper only with vote totals and leave the ballot totals alone.

When miscounts are really obvious, local election officials sometimes notice, like they did in Stoughton in 2014. But sometimes they don't. In Racine and Marinette Counties in 2016, and in Medford in 2004, the local officials just blew past obvious computer miscounts and certified the wrong vote totals. Hackers could make thousands of votes just disappear, and it probably wouldn't be noticed or corrected in the canvass.

A citizens’ group, Wisconsin Election Integrity, has been pressuring us since 2012 to promote routine post-election audits during the canvass. National authorities recommend, and other states use, those audits because they deter hacking and protect certified election results from all types of miscounts. But we cannot make a decision in only six years. Maybe we’ll give it some thought for 2020. Maybe not.

Interviewer: Do the managers have procedures to respond to an event, so that they can prevent or minimize damage to the final election results?

Veracity: Finally, I can answer "Yes!" If local election officials detect incorrect preliminary vote totals during the canvass, Wisconsin statutes give them everything they need to protect the final, certified election results. They have the paper ballots, the freedom to decide to hand count, enough time for the canvass. The Stoughton voting-machine miscount of 2014 is an excellent illustration. Once they noticed the miscount, the municipal clerk quickly opened the ballot bags, hand-counted, and didn’t even miss the municipal canvass deadline.  So if they do routine audits during the canvass, they will always be able to secure the final election results.

If they wait to detect problems until after they certify, though, that would be royal mess—expensive lawsuits and scandal, massive damage to voter confidence. I don’t even want to think about it.

Interviewer: Do the managers have procedures to recover and restore the system to normal functioning after an event?

Veracity:  Well, neither we nor the local election officials have the skills or resources for serious forensic investigation. So it’s hard to say what we’d do to determine the causes and fix the flaw if we ever noticed a hack. When in 2017 we could no longer ignore the Optech Eagle’s inability to count votes from many absentee ballots, we decertified that system. But we probably wouldn’t do that if we found problems with a newer system. I cannot imagine, for example, expelling ES&S from the state if we found they’d installed remote-access software here like they admit they’ve done elsewhere. They count more than 70% of Wisconsin’s votes. Banishing them would be terribly disruptive and expensive.

*  *  *

Russians aren't the only ones who can buy social media. We can do it, too--if you donate. Help us publicize the easy solutions to Wisconsin's frightening election-security situation. Just $25 could help us reach hundreds of people and move Wisconsin that much closer to true election security.   Please donate now!

Add your reaction Share

Three things to do TODAY to protect Wisconsin's November elections

MunicipalClerkinCyberspace_copy.jpgDon’t let anyone fool you: Even with paper ballots, Wisconsin’s elections are subject to the security risks national experts warn about.

Our vote-counting software is manufactured and updated by secretive private corporations, from whom even Congress can’t get straight answers about internal security practices. Before and after every election, control of the software passes from vendor to county clerk to municipal clerk to polling place and back again—with no one in charge of overall security. None of our election officials have the expertise to oversee the updates and maintenance performed by the companies' technicians. Local election officials, bless their hearts, are so far from being IT sophisticates that most actually believe their voting machines cannot be hacked if they don't knowingly connect them to the Internet, and that their pre-election tests can detect hacking designed to operate only on Election Day.

None of that would be serious if Wisconsin's election officials used our paper ballots to detect and correct any miscounted vote totals. But they don’t. They certify the winners without ever checking the Election-Night voting-machine tapes against the Election-Day ballots.

This doesn’t need to be the case. Wisconsin’s November 2018 elections could be much more secure than our previous ones, even with the technology we now have. This additional security can cost little or nothing more than we've spent on previous elections.

In brief: County and municipal clerks need to conduct simple voting-machine audits during the county canvass. They don’t do that now.

In about half the other states, local clerks routinely conduct some sort of voting-machine audits during the canvass—the period right after an election, before they declare results final. Some are more thorough than others, but Wisconsin clerks don’t do any at all

That is the biggest security hole in Wisconsin elections. Our local election officials trust the computers so completely that they don't even attempt to detect any Election-Day vote miscounts. If they do not detect them, hackers or glitches win.

The good news is how easily and cheaply this hole can be patched. Statutes tell our county clerks and boards of canvass to review the election results before they certify them, but don’t prescribe specifics about how they are to do that. Wisconsin voters need to  demand that our county election officials choose rigorous canvass procedures, not sloppy or incomplete ones. 

What do good canvass procedures look like? That is, how does a county clerk check to see whether the voting machines counted correctly? Read on...

First, Make sure your county clerk understands: Voters want verified accuracy, and the clerk can open ballot bags during the canvass.

If election officials continue to refuse to look at the paper ballots, Wisconsin’s elections are barely more secure than those in states that use paperless machines. 

The first time you call your county clerk to say "This voter wants you to verify the results with an audit during the canvass," he or she will probably say, “I cannot do a hand-counted audit because I’m not allowed to open the ballot bags after they are sealed on Election Night.”

Some clerks probably do genuinely believe they are prohibited from looking at the ballots. Others likely just use it as an excuse to avoid work. Either way, that belief has no basis in statute, in practice, or in common sense. Local election clerks have opened ballot bags during the canvass many times in the past, and it’s an absurd idea that the legal custodian of a public record is forbidden to look at it. If that's the response you get, tell your county clerk to call the Wisconsin Elections Commission to get the facts. The WEC will tell them that if they carefully maintain the integrity of the ballots, they can use them to audit before they declare election results final.

Second, Contact the Wisconsin Elections Commission and encourage them to use the scheduled 2018 voting-machine audits to improve election security.


The WEC can be contacted at any time and welcomes public comments. You can reach them via email at elections@wi.gov; phone at (608) 266-8005, or by tweeting to @WI_Elections.  Your message can be simple: tell them you want them to promote audits during the county canvass as proposed by Wisconsin Election Integrity. They know what to do.

Since 2006, state law has required the state elections agency to order local clerks to check a few voting machines with hand-counted audits, following November elections. As done in past elections, these voting-machine audits have some good features and a few serious limitations. 

Just a few tweaks to the voting-machine audits planned for 2018 would give Wisconsin a start on the type of auditing that can protect our elections from interference:

  • The old instructions allowed the audits to be delayed until after election results were certified. For the 2018 voting-machine audits, the instructions should tell the clerks to audit during the county canvass, while errors can still be corrected.
  • In previous years, WEC randomly selected the voting machines in a way that left some counties with no audited machines. But because Wisconsin’s voting machines are programmed separately for each county, hackers might be deterred by auditing even one randomly-selection voting machine in each county. The WEC could select two machines in each of Wisconsin's 72 counties without ordering many more voting machine audits than they've done in the past (100, out of more than 3,500 machines.) Of course, increasing the sample size even more would improve security and voter confidence.
  • The old audit instructions told the hand counters to try to read the votes the same way the machines did. In 2018 WEC should tell them to count votes the same way they would in a recount, paying attention to voter intent rather than trying to match the machine’s totals.
  • The old instructions prescribe an inefficient hand-counting method that is very hard for observers to follow. The instructions for the 2018 audits should inform clerks about hand-counting methods that are more efficient and transparent.
  • Instructions for the 2018 voting-machine audits should stress that any clerks can use them anytime they want, even if they are not selected in WEC’s random sample.

These stopgap measures won't provide complete election security or solve any problems in the long run. Wisconsin voters would be justified in demanding a lot more. Voters in Colorado, New Mexico, Rhode Island, and Virginia now or will soon have their votes protected by valid audits that verify the correct winners. The measures described above—checking only two voting machines in each county—would be an embarrassing step backward in election security in many other states.

But they will provide more protection than Wisconsin votes get now. We need to demand at least that much for the November elections.

Third: Help us get the word out to other Wisconsin voters by making a one-time donation to the publicity project.

This blog post is going to reach only a tiny fraction of Wisconsin voters, most of whom already understand the problem. We've been trying to educate voters for six years now with no budget--and little success. We've learned that to educate the not-yet-informed voters, we’re going to have to use paid media—things like mailers and social media advertising. During Summer 2018, we’re conducting a fund-raising drive to get this done. Please contribute!

Add your reaction Share

WEC should order prompt audits in 2018

On Monday, June 4, Wisconsin Election Integrity submitted a proposal to WEC, suggesting a way they could mandate at least a few post-election audits without overstepping their current statutory authority.

If the Commission announces before the election that they will be ordering these audits during the county canvasses, they could deter hacking by putting would-be thieves on notice that the could be caught, a risk they do not now face.

In addition, the Commission could introduce local election officials to the practice of election auditing, which will need to be introduced into Wisconsin someday soon, if we are not to fall even farther behind recommended national practices.

We have asked the Commission to take this up at their June 11 meeting. I'll keep you posted here.

Here's the link to the letter.


Add your reaction Share

Election Security in 2 steps: 1) Paper ballots; 2) Audits


Ask any Wisconsin official whether our elections are secure and you'll get this answer: "Our voting machines are never connected to the Internet; elections administration is decentralized; and the machines' designs were approved by the federal and state governments."

Go ahead—call your county clerk and ask. That is the answer you'll get. He or she sincerely believes those three safeguards protect Wisconsin elections.

Today, a consortium of national election-integrity groups released a new report: Securing the Nation’s Voting Machines: A Toolkit for Advocates and Election Officials.

Here's how many of the Wisconsin election officials' three favorite safeguards made the list recommended by the national authorities: None.

Here's why not:

  • Voting machines are and always will be programmed by fallible, corruptible humans. Anyone who develops or loads the software can manipulate the vote totals without the Internet.
  • You could hack into only one or two big counties' voting machines and swing a statewide election. In fact, county control of the voting machines might make hacking easier by increasing the number of vulnerable entry points. Besides, it's not really the local clerks who manage the machines anyway. It's three companies: Command Central, Dominion, and the biggest one, ES&S, which supplies the software that counts about 2 of every 3 Wisconsin votes.
  • Federal and state approval of the voting machines' original design cannot secure the machine that counts your votes. The software was copied and updated dozens of times before it reached  the machine in your polling place. No one ever inspects or approves the software that actually counts your votes.

What does protect elections: Paper ballots and audits.

Wisconsin has paper ballots, but not a single county clerk—not one—looks at those ballots before declaring election results final.

CobwebBallotBoxes-cropped.jpgAs long as our ballots are packed up on Election Night and kept under seal until they are destroyed 22 months later, Wisconsin elections are no safer than if we were using paperless touchscreen machines.

That's where Wisconsin's decentralized elections can help to protect our elections. State law gives every county clerk two weeks after a general elections—and more if they request it—to review the Election-Night results to make sure they are correct. The county clerks and their boards of canvass are free to adopt any review method they choose—it's up to them.

Any county or municipal clerk could, at any time he or she chooses, open the ballot bags and conduct a legitimate audit. It would be harder for municipal clerks, because they have only a week for review, and they certify only local races anyway. But county clerks have plenty of time to audit, and they certify the state and federal races—the ones most likely to be hacked.

Call your county clerk today and educate them. Tell them that the three safeguards they rely on are not really safeguards at all. Tell them to start—NOW—planning how they will verify the voting machines' Election-Day accuracy after future elections. If your county clerk doesn't know how, refer them to  Securing the Nation’s Voting Machines: A Toolkit for Advocates and Election Officials, which has a good list of pointers and resources. Write to your local newspaper to make sure they cover this story.

Then, keep calling your county clerk until you get the answer Wisconsin voters deserve: "Yes, we will make sure your votes were counted correctly before we declare election results final."

Add your reaction Share

Wisconsin has an election security problem. It's not the Russians.

Forget about whether Russians hacked election computers in 2016. We've got a bigger problem, and not much time to fix it. The November elections are less than six months away.

When the US Department of Homeland Security (DHS) and the Wisconsin Elections Commission (WEC) talk about "election security", they talk only about the voter-registration system. WEC operates that system, and DHS can monitor it.

But the vote-counting system is separate. It resides on no computer that either of them can control, monitor, or inspect. It was outside their range of vision in 2016, and it’s outside their vision now. They don’t talk about voting-machine security because they don't know. 


Wisconsin’s vote-counting computers are controlled, protected, and monitored by our local election clerks and by three companies—ES&S, Dominion, and Command Central. 

That's all. No one else.

Local election clerks have exactly the level of IT sophistication you think they do. County clerks send our vote-counting software off to Nebraska or Colorado or Minnesota to be reprogrammed for each new election, with no way to notice if it comes back carrying malicious code. A few counties use an application supplied by those companies to reprogram the software themselves. They put a plastic seal on it when they’re done.

Wisconsin’s local election clerks will happily leave a service technician alone with a voting machine or the county’s election-management computer, with no way to notice if he installs malicious code or a wireless communications card. They put a plastic seal on the voting machines for Election Day.

Go ahead—ask them. They seal the software. They seal the machines. They seal the paper ballots that they could use—but don’t—to check the machines’ Election-Day accuracy.

And what about where the real danger lies—within the voting-machine companies? How well does their security guard against external hackers and corrupt insiders?

The companies themselves might not understand IT security.  Professor Aviel Rubin of the Johns Hopkins University Information Security Institute checked with the major American voting-machine companies before the 2016 elections and discovered none employed “even one full-time trained expert in computer security.

Congress, too, has been frustrated in its attempts to get straight answers about the companies’ security practices.  When Congressman Ron Wyden tried to get answers from ES&S, he didn't get a response from anyone with 'security' in their job title. Instead, a Senior Vice President for Governmental Relations replied, saying “At ES&S, security is the responsibility of not just one, but all who elect to work for our company.”

This governmental-relations expert reassured Rep. Wyden that ES&S had asked DHS "if they had knowledge of any such security issues involving ES&S to which they responded that they did not." Well, whew.

ES&S—this company where every employee handles IT security and yet the vice president has to ask DHS to find out whether they've had a security breach—is the largest supplier of voting machines to Wisconsin. Just one of their machines—the DS200—counts more than 60% of Wisconsin's votes, including votes from Milwaukee, Dane, Waukesha, and La Crosse Counties.

We cannot make the voting machine companies hire IT security staff before we elect a governor and a US senator in November.

And we cannot make our local election officials into IT sophisticates, ever.

But we can put an end to the honor system. That is, we can force our local election officials to use the paper ballots to detect and correct any miscounts before they declare election results final. 

Our local election officials are the legal custodians of the paper ballots. They can unseal them anytime to count votes and make sure the voting machines counted right.  At any time before the 2018 midterms, our local election officials could learn about results-audit practices already in use in other states and bring them to Wisconsin.

Do these three things today:

  1. Contact WEC. Tell them to exercise leadership in getting county clerks to audit election results during the canvass. Tell them to use some of the federal HAVA funds; they’ll know what that is.
  2. Contact your county clerk. Say you want the county canvass to make sure the voting machines identified the right winners before they certify the election results. If they don't know how, tell them to contact the Election Verification Network or the Verified Voting Foundation.
  3. Contact your local newspaper editor. Tell him or her that you want to see local journalism take a sober look at voting-machine security right here in Wisconsin—and that doesn't mean writing about plastic seals.
Add your reaction Share

National report looks at Wisconsin election security--and nails it.

Being a normally flawed human, I cannot resist starting with as we have been saying for six years, Wisconsin's "failure to carry out post-election audits that test the accuracy of election outcomes leaves the state open to undetected hacking and other Election Day problems."  


The Center for American Progress released what is probably to date the most complete, sensible and (judging by their Wisconsin appendix) accurate report on national election security.

In speaking about Wisconsin, the report concludes: "To protect its elections against potential attack by sophisticated nation-states seeking to interfere in U.S. elections, Wisconsin should adopt robust post-election audits that have binding effect on election results."

CAP researchers picked up on a feature of Wisconsin elections that in-state commentators have missed:

Problems with Wisconsin's election security, along with possible solutions, are not visible unless you look beyond the state level and into the counties and municipalities. 

Our state-level agency, the Wisconsin Elections Commission does not control the voting machines. They control only the systems that manage voter registration (WisVote) and that compile already-tabulated election results  (the Canvass Reporting System, or CRS). 

But the technology that counts Wisconsin's votes is owned and operated by counties and municipalities--not the State.

It is the local clerks, not the WEC, who are responsible for pre-election protective security and for the managerial measures that would detect and correct any Election-Day miscounts.

Not only is pre-election security managed by non-IT professionals, Wisconsin's entire vote-counting system lacks the ability even to detect miscounts, never mind correct them.

Wisconsin's local election officials--bless their hearts--are not IT sophisticates. Asked about the threat of hacking, most will say something like what Sheboygan County Clerk Jon Dobson recently wrote to me: "The equipment is never connected to the Internet, (so) unless someone has figured out a way to hack through the unit's power cord, our equipment is basically unhack-able."

Clerks like Mr. Dobson are not being disingenuous. They genuinely believe that if they cannot see a way to hack the vote-tabulating technology, no one else can, either. Their trust in the voting-machine companies is complete and sincere.

For their education in IT security, Mr. Dobson and his colleagues rely almost entirely on the commercial reassurances of the voting-machine companies. They don't seek the counsel of independent IT-security authorities who could explain the myriad number of ways an elections system can be compromised without Internet connection, particularly by insiders. 

Wisconsin's county clerks genuinely do not understand that elections software could be compromised by security lapses outside their vision or control--by the vendors, service companies, municipal clerks, and poll workers.

And as for Internet access, news hasn't yet reached them from their counterparts in Pennsylvania, who found that a voting machine company had installed unauthorized remote access capability on their election computers without their knowledge--something that computer-security professionals had been warning of for years. Like the Wisconsin clerks, the Pennsylvania clerks had been blithely assuring reporters that voting machines were never connected to the Internet--without having checked. When I publicly asked him whether he ever checked Dane County's machines for such unauthorized alterations, Clerk Scott McDonell said that the vendors had told him that would void the machines' warranty so no, he doesn't check. He is not fooling when he says he truly believes the machines to be so very secure that he can doesn't have to check their accuracy before he declares election results final.

And that, fellow voters, is the level of IT naïvete that stands between motivated international hackers and our voting rights.

But we have to be realistic about what we can expect from local election officials. As Prof. Dan Wallach of the Rice University Computer Science Department explained, "You would not expect your local police department to be able to repel a foreign military power."

What we can expect of our local election officials--particularly our county clerks--is that they use the authority and resources already provided by Wisconsin law to manually check accuracy of the computer-tabulated vote totals before they certify election results final.

The only protection can come from using our paper ballots to check the machines' Election-Day accuracy.

That's the solution that 26 states already have in place, with varying degrees of rigor.

It's the solution that we've been advocating for the past six years.

It's the solution that the 2014 Presidential Commission on Elections Administration recommended.

It's the solution that Rep. Mark Pocan wisely wrote into his proposed federal legislation.

And it's the solution that the CAP report recommended for Wisconsin.

Wisconsin reporters and editors need to pick up on it now, too. They need to start asking county clerks the same hard questions about their security practices that they have been asking the WEC about theirs: How do you detect whether the technology worked as intended on Election Day? Do your security and recovery procedures meet national standards? What plans do you have in place for recovery if they fail?

Voters can ask, too. Pick up the phone. Call your county clerk. Get the facts right from him or her. Ask: "At the moment when you sign that certificate declaring the election results to be correct and true, what specifically have you done to verify that the voting machines counted correctly on Election Day?"

Among the 72 county election authorities in this state, not a one will answer: "I follow federal recommendations and conduct a valid post-election audit."

Not one.

Add your reaction Share

Jump on this chance to improve Wisconsin election security!


Friday, March 30, 2018 - In defense of our right to self-government, please contact the Wisconsin Elections Commission in the next few days to tell them: Include routine election auditing in Wisconsin's application for federal election-security funding.

Chances like this don't come along very often. Congress sits on its hands for years, ignores problems, messes around, and then--when an issue is hot--throws some money at the states and says "Spend it quick!"

When that happens, states need to be able to grab the money and spend it on something worthwhile.

That is just what has happened with election security. Voters have been warning, shouting, complaining, and worrying for years about the dangers of poorly managed election technology, and then all of a sudden Congress awoke and leapt out of bed. (Thank you, Vladimir!) Last Friday, Congress passed a federal budget bill that includes $380 million for grants to the states for improving election security.*

Just short of $7 million of that is earmarked for Wisconsin--pending the Wisconsin Elections Commission's submission of a plan for spending it.

Thirteen states should definitely spend their money to replace unauditable voting machines--the kind that don't use or create a paper record of each ballot. But that's not Wisconsin's problem. Paperless vote-counting computers have always been illegal here.

Wisconsin's big election-security hole--where we lag most other states--is not that our elections are unauditable. Wisconsin elections are simply unaudited.

Wisconsin is in relatively good shape on most other aspects of election security. The WEC has done a good job with those systems they control, which are the voter-registration system and the 'canvass reporting system,' the automated system that counties use to report results they have already counted and certified. In addition to having respectable security, both these systems also have effective backup in case of manipulation or failure. With same-day registration at the polls, hackers have to ask themselves how much effort they are going to waste deleting Wisconsin voters' registrations when we will be able immediately to vote anyway, with only about five minutes' re-registration inconvenience. And the canvass reporting system kicks in only after our votes have already been counted in the polling places and municipal clerks' offices. Any hacking of that would be easily detectable and reversible, even without a serious audit effort.

But Wisconsin has no more security for our voting machines than any other state that uses paper ballots, and a paper trail is merely decorative if the ballots are sealed on Election Night and never seen again.

Our elections' biggest unprotected vulnerability is that our county boards of canvass make a habit of declaring election results final without lifting a finger to check to see whether the vote-counting computers counted our votes correctly. That practice is justifiably illegal in 25 states (26 if you count D.C.) and contrary to every national election authority's recommendation.

The practical solution: Wisconsin law provides county election officials with paper ballots and allows them to check accuracy before they certify, but they choose not to. The problem isn't time or money. Wisconsin's county clerks have as much time for the canvass as their counterparts in states that do audit, and modern election-audit methods are so efficient they could almost be funded from petty cash.

So we can only guess why our county officials continue to force us to trust our franchise to unaudited computer output--something they wouldn't tolerate for a millisecond from their banks and ATMs. My best guess is that they've been allowed to ignore that basic managerial responsibility for so long that they fear they will find a host of problems when they start to look. Look at the panic this county official exhibited as she refused an observer's request for verification during the 2016 recount. That level of distress looks to me like she knew the machines' unreliability would be revealed if she allowed verification, so she refused to hand count "even five ballots." And she was right: the machines were, in fact, miscounting and were later decertified by the Wisconsin Elections Commission.

What voters need to do:
Contact the WEC and tell them that you want them to include funding for routine audits during the county canvass in Wisconsin's federal grant application. WEC staff are up to date on national election-administration trends, and I believe they understand the need for, and practicality of, routine election audits. In addition, I sense that WEC Commissioners are favorably disposed to effective election audits and will do the right thing if enough citizens express interest and support.  

You can:

  • Tweet to @WI_Elections to say that you want to see county election audits in the application for federal funding;
  • Email Chair Mark Thomsen and Administrator Meagan Wolfe at elections@wi.gov.
  • Snail-mail them at Wisconsin Elections Commission,  P.O. Box 7984, Madison, Wisconsin 53707-7984, with copies to U.S. Election Assistance Commission, 1335 East West Highway, Suite 4300, Silver Spring, MD 20910, and to Jill Lau, Chair, Wisconsin County Clerks Association, 421 Nebraska St, Sturgeon Bay, Wisconsin  54235.

If you want to do more, you can use these web-contact forms to tell Senator Baldwin, Senator Johnson, and the US Election Assistance Commission that they, too, should encourage the WEC to seek funds for election auditing in Wisconsin.

Also, please, tell other voters about this so that they, too, can weigh in for election audits. The WEC hardly ever gets any citizen input on election security issues, and they will definitely sit up and take notice if they get a lot now. So go for it!


* It would be unfair to accuse every member of Congress of inaction. Wisconsin's very own Mark Pocan introduced an excellent elections-security bill, the Secure America's Future Elections (SAFE) Act a year ago. As other representatives wake up to the issue, it's still collecting new co-sponsors. If you live outside Wisconsin's Second Congressional District, contact your congressperson today and ask them to sign on. If  you live in Rep. Pocan's district, tell him "Thank you!"

Add your reaction Share

Wisconsin's county clerks need a better story

Main point: Wisconsin's elections officials have been telling themselves a simple story--"The only threat to election results is Internet hacking, so we can keep elections safe just by keeping the voting machines unconnected."

There's an equally simple--but more true--story they could be telling themselves: "We don't have the power to prevent every type of miscount, but we can keep elections safe anyway by using the paper ballots to detect and correct miscounts, regardless of cause."

In a recent newspaper article, I wrote that election officials should check the accuracy of our computer-tabulated election results as routinely as city treasurers check our computer-tabulated property tax bills.

That proposal is uncontroversial. Every national election expert promotes routine audits. So do other authorities, such as the US Department of Homeland Security. When presented with the idea that election clerks should verify the right winners before they declare election results final, every voter responds with either “Well, duh” or a wide-eyed “You mean they don’t do that now?!?!”

Wisconsin election officials, however, think that all of us are wrong about that. In response to my article, I received the following email from the county clerk in a mid-sized Wisconsin county:

OnlyHackers-Closeup.jpg"Good afternoon, Ms. McKim: Please tell me if a piece of Wisconsin certified equipment has ever been hacked, or how one could even attempt to hack said equipment.  The equipment used in my county is never connected to the Internet. It's not even connected to our county network. Unless someone has figured out a way to hack through the unit's power cord, our equipment is basically unhackable."

Except for that last word, my correspondent’s few facts are correct. It's the same argument that county clerks have used for years. Let’s review a few additional facts. You won’t need to be an IT security expert or a Russian hacker to see the possibilities...

Read more
1 reaction Share

Take Back the Vote! National Voting Rights Task Force conference this weekend

NVRTFLogo.jpgThis weekend, election integrity advocates from around the nation will gather in California to share information and ideas for moving America ahead toward fully protected voting rights--including the right to have our votes counted accurately.

The Second Annual National Election Integrity Conference, sponsored by a host of organizations, will convene in Berkeley on Saturday.

The entire conference will be livestreamed on Facebook, and videos of the presentations will go up later on the YouTube  channel for the California Election Integrity Coalition.

I (Karen McKim) will be doing two workshops, one with Jan BenDor of the Michigan Election Reform Association, on the lessons from the Wisconsin and Michigan recounts, and one on the auditing election results with digital ballot images. (The materials I'll be distributing are at those links.)







Add your reaction Share

Election officials give us only reassurance. We want security.

Main point: Public officials must keep the public both safe and calm.
The danger is when reassurance, not safety, becomes the goal.
Election officials are keeping our voter registration system safe.
They are reassuring us about our vote-counting system.

What voters need: “Smile, you son of a bitch.” – Martin Brody, to the shark.

jaws_brody.jpgYesterday’s Wisconsin Elections Commission (WEC) meeting was packed with more cameras than I’d ever seen there. A few days earlier, the federal Department of Homeland Security announced that Russian-government backed hackers had tested the security of Wisconsin’s online voter registration system. They hadn’t gotten in. The ‘attack’ was, the computer experts say, like jiggling a locked door knob.

“I don’t get it.” I told a reporter as the meeting got under way. “What's the news here? Hackers are continuously testing every computer system. The Russian government is known for cybercrime. It would be news if they were not testing the security of our elections systems.”

Read more
Add your reaction Share