Election Security Group Praises Cybersecurity Efforts While Chiding 11th Hour Voting Changes

click to enlarge

Scene Archives

Election security group chides eleventh hour voting changes.

The Center for Election Innovation & Research has some good news and a few pointed critiques ahead of this November’s election. In a survey of states’ efforts to protect their voter registration databases from cyber-attacks, the group found election administrators have made great strides in protecting the voter rolls from outside threats.

CEIR executive director David Becker explained that in 2016, Russian actors briefly gained access to Illinois’s voter registration database. His organization has been surveying states about security protocols every federal election cycle since.

“Our nation and the 50 states are doing a very good job with voter registration database security,” he explained. “I think it’s one of the reasons that we’ve seen, to my knowledge, no real successful efforts to breach voter registration databases over the last several election cycles after the 2016 wakeup call.”

But at the same time election officials are thwarting threats from without, they’re also undermining voter confidence from within through last-minute, legally dubious audits and policy changes.

“These audits are actually demonstrating that noncitizen voting is not a problem,” Becker said, “it does not threaten our election integrity, that states already have the tools to detect it and contact those voters to confirm.”

“So, the question becomes,” he added, “why are some pushing this issue two months before a presidential election?”

Cyber hygiene

The CEIR survey seeks responses from states about who has access to their voter registration database, how they keep the database secure and how they back up their data. To this point, 23 states have responded, but the organization maintains their anonymity to ensure they don’t publicize potential vulnerabilities.

CEIR research director Chris Mann explained in every state, the people in charge of the database are IT professionals.

“These are folks who are skilled professionals who think about the security and maintenance of (voter registration databases) as their full-time job every day, all year, and many of them have been doing it for years, and bring a great deal of expertise to that,” he said.

CEIR also found states actively train those professionals on emerging cyberthreats and restrict access to the database itself with features like two-factor authentication.

“The one state that said no, they don’t use multi-factor authentication, it’s because they don’t allow any remote access,” Mann said. “They require a physical connection, which is a very strong layer of security so that people can’t get unauthorized access to these databases.”

Each states has employed some sort of intrusion detection system, with most using a network monitoring program known as Albert which was developed for state and local governments. Every state also regularly backs up their database and most encrypt those backups and store copies offline.

Pushback

Although CEIR gave high marks for states’ election security systems they chastised efforts to alter voting policies or audit the voting rolls with a major election right around the corner.

“Election officials are very skeptical, generally, of making any changes — even if they’re really good changes — in close proximity to an election,” Becker argued, “because there’s always a price to be paid for a change, and that’s price is usually paid in voter confusion.”

And it’s a familiar refrain. One, in fact, that Ohio Secretary of State Frank LaRose himself cited in 2020, while defending his decision to limit the number of ballot drop boxes ahead of that election. He’d previously stated he would allow local officials to set up multiple drop boxes if he had the statutory authority to do so. Several courts said he did, but Republican officials and the Trump campaign opposed the idea.

Among the last-minute changes Becker cited in the current election was a recent directive requiring anyone who is dropping off a ballot for someone else to fill out a form stating they are doing so in compliance with state law. The change comes in response to a federal court decision that found Ohio’s attempt to restrict who can assist a voter went too far. The decision allows disabled voters who need assistance with their ballot to select a person of their choice — as longstanding federal law guarantees — so long as they aren’t their employer or a union representative.

In a letter to state leaders, LaRose argued this allowance, which only extends to disabled voters, could open the door to ballot harvesting.

“This effectively creates an unintended loophole in Ohio’s ballot harvesting law that we must address,” LaRose wrote. “I suspect this is exactly the outcome the (League of Women Voters) intended. Under the guise of assisting the disabled, their legal strategy seeks to make Ohio’s elections less secure and more vulnerable to cheating, especially as it relates to the use of drop boxes.”

LaRose’s resulting directive means that anyone returning another’s ballot — even those close relatives explicitly allowed to do so under state law — will have to sign a form affirming they’re following the law.

“That seems remarkably burdensome for someone who wants to just take their husband’s or wife’s ballot, to be convenient, out to the drop box,” Becker said.

“I don’t know if that’s going to have a suppressive impact,” he added. “It’s just not a really strong idea, and it has no relation to election integrity.”

Becker also criticized moves by a handful of Republican-led states, Ohio among them, to carry out so-called noncitizen audits.

He said the audits themselves undermine the arguments for conducting them in two ways.

First, if they’re finding people to flag, election officials clearly have the tolls they need to identify bad actors, so why wait until two months before an election? Notably, the 1993 Motor Voter law prohibits the systematic removal of voters from the rolls within 90 days of an election.

And second, the number of alleged noncitizens is “infinitesimal compared to their voter lists overall.” And Becker placed particular emphasis on the fact that even those figures likely exaggerate the issue because election officials haven’t actually proven anything.

“So, when you look at a state like Ohio, you look at a state like Texas, you find them overstating what they’re finding,” he said. “It’s not noncitizens — it’s potential noncitizens.”