For more information, contact WiscElectionIntegrity@gmail.com or call WEI Coordinator Karen McKim at 608-212-5079.
First of all, thank you for covering these issues.
Election-integrity advocates hope that you will:
1) hold election managers to the same standards of prudent IT management you expect of other local government officials; and
2) understand that the information-technology story cannot be obtained by talking only to election officials.
About upholding standards: You know how you would respond if a city parking manager told you, "Audits always find some parking ticket payments were lost, but it has never affected the overall solvency of the transportation fund." Respond that same way the next time an election officials tells you something like, "Recounts always find miscounted votes, but it has never affected the outcome."
If you discovered a parking manager with an unreliable, unaudited system for tracking parking-ticket receipts, you wouldn't need a Democrat-versus-Republican angle. Approach the story as if every ballot was as important as every parking ticket, and deserved the same level of carefully verified accounting.
About covering IT issues:
First, remember that state and local election officials are not IT professionals and are therefore not able to speak about voting-machine security with much depth and authority. Don't rely exclusively on them. Include genuine IT professionals among your sources.
Second, be aware that Wisconsin elections rely on two entirely separate systems. One handles voter registration and is a good model of how elections technology should be managed. The other counts our votes, and is not. Please keep these two systems separate: their stories are very different. The admirable security of the WisVote system does not protect our vote-tabulation system.
|Voter-registration system||Vote-tabulation system|
Name of system
One system, the DS200, counts 60-70% of Wisconsin’s votes;
|What does it do?||Records voter registrations; keeps them up to date; prints the poll books you get your name checked off on when you vote, among other election-administration tasks||Reads our ballots, counts our votes, determines who wins our elections.|
source for reporters
|WEC is your primary source for this information. They know this system inside-out.||Vendors (ES&S, Dominion, Command Central, and Clear Ballot) are the only primary source regarding tabulation-system security. Local election officials
know only their own security practices, which don't address the most critical risks.
State of Wisconsin; a collaboration between WEC and Division of Enterprise Technology
|Any of several private companies; not always the current vendor|
|Owner||State of Wisconsin||
Software is owned by vendors;
|System updates managed by||State of Wisconsin||
|Security managed by||State of Wisconsin||
|General security program||Has all five standard components actively in place: 1) Risk identification;
2) Safeguards; 3) Monitoring to detect events; 4) Response plan;
5) Recovery plan
|We have only vendors’ assurances about their practices for risk
identification or safeguards.
Local officials rely on only minimal, informal detection practices, and have no clear plans for response or recovery
|Who would know if it was hacked?||
The State of Wisconsin, specifically the DET and WEC, continuously monitor all cyber activity, with the assistance of the federal DHS.
Voters will notice if their registration disappears, but they can re-register at the polls.
We don’t know whether the voting machine companies would know if the
|Has it ever been hacked,
State officials know that hackers are continuously trying, and that none have succeeded.US DHS has determined that some attempts came from Russia.
No one knows, because no one examines the software (a copy is in every machine), and no one routinely checks the machines’ Election-Day accuracy against the paper ballots.There have been electronic miscounts, but none that appear, on their face, to be deliberate.
The key security question to ask local election officials:
"When you sign that certification statement, how do you know the voting machines identified the right winners?"
As you assess their answers, remember that voting machines have no special magic that makes them more reliable than any other computer.
Compare the clerks' answers to what you would expect to hear from a banker talking about checking ATM transactions, or a convenience-store manager talking about nightly cash-register reconciliation. Don't settle for less.
Here are some things you will hear from Wisconsin's election officials, and what your follow-up questions should include:
"The voting systems are federally certified."
Election clerks will mention this, but will not be able to answer any follow-up questions about the federal certification criteria relating to security (as opposed to accessibility, reliability, etc.); controversies regarding the current value of outdated federal certification standards; and how exactly years-old federal certification of the design of each system protects the actual machines and software used in the next election. (It doesn't).
"The voting systems are certified by the state elections agency."
As with federal certification, local election officials are typically unaware that state certification is based on whether the systems meet standards in Wisconsin law, which focus on features other than security. Contact WEC staff for more information. If you are interested in a particular system (such as AVC Edge or M-100), ask about the security criteria used at the time the system was certified.
"Voting machines are never connected to the Internet."
Don't count on local election officials to mention that their voting machines are programmed with software that originates in the vendors' computers. Neither state nor local officials can speak authoritatively about the security of the software at any time before it comes into their possession before each election.
Also be aware that the polling-place voting machines communicate (either wirelessly or by use of portable digital media) with a central county elections-management computer. Ask how and when Wisconsin officials inspect these county computers for remote access software. If they don't, they cannot confirm that they are not connected to the Internet.
"Every machine is publicly tested before each election."
Municipal clerks reliably perform voting-machine tests required by s.5.84, Wis. Stats within 10 days before every election. Most do not understand that their tests fall far short of any standards for computer "logic and acceptance testing" (LAT) used outside elections and that they are useless in deterring or detecting hacks.
Two of the many limitations are: 1) No effort is made to fool the voting machines into thinking they are counting votes on Election Day, and some machines are even deliberately tested in a test mode. Because malicious code would be designed to operate only on Election Day and in Election-Day mode, a test done on any other day could not detected a hack. 2) Municipal clerks also typically cast only one vote for each candidate in the pre-election test, so that if the machine was programmed to 'flip' votes--that is, county one candidate's votes for another and vice-versa (a predictable programming error, if not a hack), the pre-election test could not detect it.
"We verify that the machines counted correctly on Election Night, and double-check during the canvass."
Your follow-up question should ask them to clarify whether they are talking about verifying ballot totals or vote totals. All Wisconsin jurisdictions routinely check and double-check that ballots were counted correctly; none routinely check that votes were counted correctly during their canvass.
Verifying that machines counted ballots correctly (but not votes) is equivalent to a bank verifying that an ATM counted the correct number of transactions, without verifying that the dollars were debited/credited to the correct accounts.
"The state orders voting-machine audits."
These voting machine audits, as they were performed before 2018, serve no election-security function. Among other limitations, they occurred only after November elections in even-numbered years; included only about 100 of the state's 3,500 voting machines, and were completed only after the election results were certified final--too late to correct any miscounts detected and therefore too late to deter hacking. For the November 2018 elections, WEC ordered more voting-machine audits and ordered them to be completed before results are certified, but these audits still do not verify the correct winners and so have limited value as a security measure.