The Internet and Elections: Clarifying the Conversation

CommentaryResearch & Development
Written By E. John Sebes

With the report of comments pouring into the U.S. EAC on the next generation of the Voluntary Voting System Guidelines, and all of the coverage of the issue about the role of the Internet, we feel compelled to try to simplify and straighten some things out. Even recent EAC Hearings have left the issue a bit unsettled and unclear. So, below I try to simply state where things stand as of now in hopes of clarifying the conversation about what is or isn’t.

Simply Stated

The current Voluntary Voting System Guidelines (VVSG 1.0) does permit voting system devices to connect to the Internet (as a telecommunication means) for certain data activities. Several current EAC certified voting system products are, in fact, capable of connecting to the Internet. Said simply:

  • YES, the Internet is the “telecommunications method” as describe in the current VVSG

  • YES, machinery of voting systems can be, and are connected using wireless modems.

  • YES, these machines are transmitting voting data.

  • NO, actual ballot casting is not occurring in these connections.

Some Detail

  1. The typical “use case” or scenario is transmissions by a wireless modem across the Internet from a voting system device to a central office, in order to transmit unofficial vote tallies for election night reporting.

  2. It is typical for a voting system's central office "Election Management System" (a large software application called an “EMS”) to run on a personal desktop computer (i.e., “PC”) with networking capability. That networking can be used to connect the EMS to the Internet. Although such connectivity is prohibited in some States, this practice is allowed in other States, specifically for the EMS to digitally receive unofficial vote tallies. 

  3. Aside from these current and typical uses of Internet connections, no current EAC certified voting system uses Internet connectivity to enable voters to digitally cast a ballot.

  4. Several States have deployed non-EAC certified systems that use the Internet to receive digitally transmitted ballots from a mobile App, or by eMail, or from a Fax machine, or a Web-page upload. In those States, such systems are not required to be EAC certified, and they have, so far, been limited to military and overseas voters, although some are in discussion about expanding use.

  5. The current vigorous and necessary debate is about codifying a ban on incorporating Internet connectivity capabilities in future voting systems. Practically speaking, given the time lag of the VVSG approval and implementation processes, such a ban incorporated into the next version of the VVSG (2.0) would not impact voting systems for at least another three to four years (e.g., 2024 would be the earliest we project new voting systems built under the next version of the Guidelines could appear, certified for deployment.)

One Last Thing

Another point of clarification we find ourselves repeatedly offering to government and media:

There are two “term-phrases” or “labels” often used interchangeably in reference to election and voting technology. They should not be interchangeably used because they lead to misstatements and misunderstandings. So, while I’m thinking about clarifying things, let me offer something about that.

Voting System

This refers to a machine and technology system comprised of devices and technology to enable the casting and counting of ballots; that is, ballot marking and casting devices, together with ballot counting, tally, and tabulation devices.

Election Administration System

A system of systems used to administer the processes of an election including, but not limited to, subsystems such as:

  • Ballot design, layout, and production tools.

  • Election management tools for tasks such as administering poll books or ballot distribution (including on-screen layout).

  • Election and poll worker administration and management tools.

  • Voter registration database management systems and related access services.

We all should strive to keep these two types of systems separate and not conflate or confuse the two.

Thus, a compromise to a voter registration database is not a “hack of the voting system,” but simply an attack on the election administration system, and has nothing to do with ballots—casting or counting.

OK, I hope this helps clarify things a bit.
Back to work for me.

-John Sebes

E. John Sebes
Previous

Straight Talk About Election Security Plain Talk
Next

Microsoft Wades into Election Integrity & Security with New Open Source Software Tools