Another Look at the CAP Briefing on Solving Election Security

CommentaryCritical Infrastructureelection securityResearch & Development
Written By Sergio Valente

Courtesy: AP Photo/Matt Rourke File

A couple of days ago, we published a post from our COO reviewing Danielle Root and Liz Kennedy’s Briefing on solutions to secure U.S. elections for the Center for American Progress (CAP).  Greg made several strategic points in response to the Briefing including, importantly, the need for investment in the requisite innovation to resolve the fundamental vulnerabilities of current election infrastructure.

But we also want to give credit to the other great points they made about election integrity. While we have some strategic differences, we generally endorse CAP’s tactical steps for improving election integrity in the near term.  Again, the CAP Briefing was well researched and brought together many points that are widely agreed upon by the election integrity community including the OSET Institute.

Given Greg’s desire to limit the length of his response and focus on the structural issue we’re so concerned about, we decided I would post a list here of the points we agree with and those we differ on.

Points of Agreement

Here are the over-arching elements that we completely agree with and know the election integrity community shares that agreement:

  • Elections are a national security issue.
  • Current U.S. election systems are under-equipped for the current threat environment.
    • Voting machines are vulnerable to manipulation even if they are not connected to the Internet (and they are not connected to the 'Net).
  • There is a serious need to invest in and update U.S. election infrastructure nationwide.
  • The current "critical infrastructure" designation allows for information sharing to improve election security, which is key to security triage for 2018 and 2020.

A Fundamental Difference

We do have one fundamental disagreement that we want to call out here clearly:

  • We do not agree that all existing voting systems should be updated via another HAVA-style round of federal equipment funding, and not because of political willingness to create another round of funding.  Its because we see a different, but still mandatory, approach to allocating and spending any more federal money:
  1. Recognize that all voting machinery absolutely requires updating, and in some cases the type of system needs replacing altogether, but funding for such replacement should be a funding first of the necessary research and development of foundational technology to enable fault-tolerant election systems as national security assets; the resulting innovations being made publicly available for integration into finished systems.
  2. Recognize that all currently certified and available voting systems products suffer the same fundamental architectural vulnerabilities, and spending money to replace existingmachinery with more machinery of the same architectural design and capability is a bad spend, and will only (once again) kick the proverbial can down the road.
  3. That said, if any funding is to be available, it should be used to immediately replace any remaining paperless DRE systems with a current Op-Scan based system in order to support verifiable elections, while recognizing that inherent vulnerabilities persist even in Op-Scan systems using current PC technology-based architecture.
  4. Other currently functioning voting machines should not be replaced until there is investment in foundational technology innovations to increase verifiability, accuracy, security, and trustworthiness and such investment is yielding new technology as described in #1 above.

Agreed Tactical Recommendations

Finally, there are several tactical recommendations the CAP Briefing makes that we largely agree with, with a proviso or two:

  • Continue the replacement of unreliable voting machines and paperless DREs (as noted above, Op-Scan based systems with either hand-marked or machine-marked ballots remain a reliable system of choice, albeit with some architectural vulnerabilities that require security triage in the near term).
  • Continue the adoption of statistically significant post-election audits using voter-verified paper ballots or records.
  • Continue security assessments and improvements of voter records management systems.
  • Continue pre-election testing on all voting machines within the current architectural limitations (e.g., the inability to ensure there have been no modifications).
  • Continue (and expand) activities for forming Election Infrastructure support organizations and practices modeled on other sectors (e.g., threat and incident information sharing, coordination between states and federal agencies, etc.) with two provisos:
  1. Recognize the current formation activities already underway with localities, states, and key organizations including NASS, NASED, U.S. EAC, U.S. DHS, and others; and
  2. Emphasize the critical role of localities, their state-level associations, and their national associations (e.g., IAOGO, etc.)

In short, I want to reinforce what Greg’s post observed a couple of days ago: kudos to CAP for producing this Briefing, we largely agree with the principles and intent. More specifically, we want to call out the elements we think CAP got right and a couple we think they should refine.  Shortly, our CTO will weigh-in on our TrustTheVote Project blog with more observations on some elements that need more engagement and thought.

As always, your comments are welcomed!
Sergio
Election Infrastructure Analyst
Office of the CTO
 

Sergio Valente
Previous

Recapping Our 4 CAP Briefing Posts
Next

Another Proposed Solution Set to Protect U.S. Elections