Running head: SECURITY OF STATES’ VOTING SYSTEMS 1

Security of States’ Voting Systems

Vu Duong, Stefyni Garber, Kyle Marchel, Teagan Wyllie

Central Washington University

SECURITY OF STATES’ VOTING SYSTEMS 2

Security of States’ Voting Systems

Democracy in the United States defined by some as a system of government by the

people: rule of the majority. To ensure a country run by the rule of the majority, it is essential to

have a state voting system that has its integrity tested and secure. This system is an integral part

of a democratic society and will allow the voices of the people to be heard. The United States,

often on the cutting edge, is currently lacking in this area. The major problems and possible

solutions, discussed hereinafter, include outdated voting machines, foreign interference, and

block chain voting.

Outdated Machines

In 1869, Thomas Edison invented the United States’ first voting machine to count the

vote during the next congressional election, and over the last 150 years voting machines across

the world have become more efficient, digitized, and accessible (Arnold, 1999). The goal of

these machines remains the same, however; they are meant to provide a secure and accurate

mechanism for voters to cast their votes anonymously. In the U.S., voting machines currently

either use old-fashioned paper ballots, whether it’s a machine for marking ballots after casting a

vote on a screen, or a machine for speed-counting those ballots or store the vote in their

computer memory to be counted digitally. The U.S. currently faces a crisis in the form of

outdated machines that compromises the security and the accuracy of the votes cast or counted.

With voters in the U.S. turning out in record numbers during a time of increased polarization

across political lines, having voting machines and ballot scanners malfunction or be opened to

widely known vulnerabilities is simply unacceptable.

Types of Voting Machines in the U.S.

SECURITY OF STATES’ VOTING SYSTEMS 3

There are three major types of voting machines in circulation in the U.S. The first type of

voting machine is an optical or digital scanning device, which takes paper ballots and scans them

rapidly with either infrared (IR) scanning or through digital scanning; the second major type of

machine is called a direct-recording electronic (DRE) voting machine, which stores the vote

information in the machine’s memory after voters use the interface (typically a computer touch-

screen); the third is a ballot marking device (BMD), a machine similar to DREs which prints a

paper ballot that is either scanned or hand-counted (National Conference of State Legislature,

2018). There are a variety of voting machine models in use today. However, many states are

using machines that are over a decade old and have widely known vulnerabilities, a fact that

raise concerns about their reliability or accuracy. According to a report conducted by New York

University’s Brennan Center for Justice in March 2018, 31 states have admitted to requiring

upgrades to their voting machines and 45 states are using machines that are no longer

manufactured (Norden & Córdova, 2019).

Current Concerns

Some primary concerns for some of these machines, specifically DRE voting machines,

are that they have widely known vulnerabilities, do not produce a paper record of votes cast, and

that several states still currently use an AccuVote TS model, a model that was widely introduced

back in 2006 (Schulberg, 2017). While there are dozens of states that have counties that

currently use machines that don’t provide a paper trail, many use mail-in ballots and ballots that

are printed out from BMDs. To tally these votes quickly and efficiently, scanning machines are

implemented. However, in more than half of the states in the U.S., the ES&S 650 high-speed

ballot-counting machine is still in use despite security problems detailed in a report back from

2007 and that ES&S stopped manufacturing this model in 2008 (McMillan & Volz, 2018).
SECURITY OF STATES’ VOTING SYSTEMS 4

Solving the Issue

Despite reports of voters waiting in lines for hours on end due to broken machines, voting

machines switching candidate selections, and even children proving they can hack into the

machines, upgrading or replacing voting machines across the entire country has been a glacial

process. Thankfully for U.S. voters, there are several ways to directly address this issue.

Upgrading Machines. Many states have begun the process of accepting funds from the

Help America Vote Act (HAVA) grants and several have already planned to utilize those funds,

which range from $3 million to $34 million to replace their outdated voting equipment (Funding

Elections Technology, 2019). With millions of dollars being spent on new voting machines, it

will be imperative that adequate security is put in place to ensure that these new machines are up

to the task of securing those states’ elections. Unfortunately, many politicians that help oversee

election security have provided very little support for the idea that U.S. elections are at risk from

various security concerns.

Mail-in Ballots. Washington, Oregon, and Colorado all utilize mail-in ballots for all

their elections. These states use a process which provides easy and early voting for all voters in

those states and provides special, secure envelopes to use, resulting in neither any proven cases

nor serious allegations of voter fraud using this system (Roberts, 2017). This process allows for

a reduction in the surface area for cyber-attacks by limiting machines to the sole purpose of

counting paper ballots. Due to political differences, there are opposers to this method of voting

that cite concerns around voters being forced to submit a specific vote under duress as well as

public skepticism about the security of mail-in votes.

Investing in Audits and Security Processes. The most comprehensive way to handle

this issue would be to overhaul the entire process that the U.S. goes through for all elections.
SECURITY OF STATES’ VOTING SYSTEMS 5

The first step would be to invest heavily into the testing of all voting machines to ensure they

meet a specific standard before they can be used. The next would be to ensure that every vote

has a paper trail that can be securely audited and accounted for. The final step would be a multi-

phase auditing procedure that checks paper ballot results against machine results, a mandatory

post-election audit, as well as an audit of the procedures that covers the ballot accounting and

reconciliation process (Election Security | Cybersecurity: What Legislators (and Others) Need to

Know, 2019). The downside to this method is the length of time and resources that would be

required to implement these procedures in all counties in all states in the U.S.

Foreign Interference

This might not be a surprising fact but there is a long history of Russians directing its

intelligence to interfere with the U.S. Presidential elections. There are two methods that they

used over the years, disinformation and identity falsification.

Disinformation

A popular method that the Russians used to interfere with the U.S. 2016 election is called

“disinformation.” This information manipulation is the fabrication of news content with the

purpose of deceiving other people. They took advantage of major social media platforms to

target U.S. citizens, especially African Americans (Lucas, 2018). 30 Facebook pages, fake

accounts, and knockoff accounts like “Black Matters”, were created to depress the black vote for

a presidential candidate (Cobb, 2018). Another of their reasons for doing so was to ignite racial

violence in the U.S. The most recent case is that they tried repeating messages of police officers’

violence to discourage the targeted group of people from voting. Some of the messages were
SECURITY OF STATES’ VOTING SYSTEMS 6

aimed at African Americans, people whose are related to a crime groups, as well as people that

were previously incarcerated (Ward, 2019).

Identity Falsification

According to an article on euvsdisinfo.eu, the definition of identity falsification is, “The

establishment of a fake online identity, either by an individual or a group, which is used for

false-front interaction with target audiences.” This interference method has a variety of forms

like political ads or individual/group impersonation (Methods of Foreign Electoral Interference,

2019). They often made fraudulent accounts and posted pictures with the message like, “Police

start clearing the streets of rioting Anti-Trump protesters! It’s high time!” Their intention was to

act as a U.S. organization and their post seemed to criticize Hillary Clinton (Parlapiano & Lee,

2018). It’s understandable to suspect that the other candidates are behind all of this; especially

Donald J. Trump, who won the election against Hillary Clinton, since these fake accounts

seemed to only aim at her. However, that there is insufficient evidence to prove the Trump

campaign was involved with the Russia intelligence attack according to the Muller report.

Blockchain Based Voting

A recent suggestion for securing states’ voting systems is the use of Blockchain based

voting. Blockchain is a type of database that is shared across several computers in a network

called nodes. Records that are being sent from a node are checked for validity through digital

signatures. If the record is valid it will be added to a block. Each block has a unique hash, and

the hash from the previous block to make a chain. The hashes connect blocks in a specific order,

so that if any changes occur it can be tracked. New changes will generate a new hash that has to

be verified and the next block must record the changes with a newly generated hash. Once a
SECURITY OF STATES’ VOTING SYSTEMS 7

record is added to a block in a chain, it is extremely difficult to alter (Murray, 2018). If a hacker

were to break into a Blockchain, that hacker would have to recalculate the hash in the next block

in order to restore the chain since their computer is not a verified node that can generate a valid

hash. This recalculation of hashes takes an enormous amount of computer power currently, so

hacking a Blockchain is unlikely once the record is added to the block in a chain (Murray, 2018).

However, it is possible to either alter a record in transit to the block, since the record is not

encrypted while transit, or to alter the record before it is sent to the block through malware on a

verified node (Martel, 2018).

Blockchain Voting. Using Blockchain for election voting is being looked at due to some

of the advantages is has over our current voting system. Some of the advantages of Blockchain

voting are voters can verify that their vote was cast as they intended it, tampering with a block

can be detected, and election officials and the public can confirm voting results stored on the

Blockchain which helps with transparency. A decentralized database makes altering or

removing voting extremely difficult to hack versus a centralized database that is easier to hack

and change voting results (Gazdecki, 2018). Blockchain voting makes recounting votes

unnecessary and voter fraud is also minimized which would help build trust in election systems

(Shankland, 2018). Blockchain voting would make it easier for soldiers stationed overseas,

reducing or eliminating the need to wait for absentee ballots from them. Elections would wrap

up much faster and candidates would know if they won or lost an election by the end of the

voting time frame. West Virginia used Blockchain voting for the 2018 midterms and reported

that it was successful. Estonia and Sierra Leone also ran Blockchain voting in 2018 successfully

(Shankland, 2018). Other countries such as Japan and Thailand are looking to move to

Blockchain voting to eliminate fraud and corruption in their voting systems.

SECURITY OF STATES’ VOTING SYSTEMS 8

Risks Using Blockchain Voting. Blockchain voting is not without risks. It is still subject

to human error that can lead to vulnerabilities, insider threats, or even backend technical flaws

that can be exploited by hackers. The Blockchain itself is not at risk, but the backend of the

Blockchain application vendor. For example, if a voter uses their cellphone to vote through an

app, then there could be a flaw that is exploited through poor coding, testing and maintenance.

Malware could infect that voter’s cellphone without them knowing it and would allow for

an attacker to alter the vote right before it is sent, all without the voter knowing it. An altered

report for the unsuspecting voter can be shown so that they remain ignorant of the change to their

vote. With so many apps infected with Malware in Google Play recently, this is not a scenario

that is farfetched. Since a record in transit is not encrypted, there is no way for the record to be

protected and no way to ensure that the voters’ selections will be untampered with when it

arrives to the Blockchain. There is also voter coercion to think about since it makes it easier to

pressure voters to vote a certain way as there is a lack of anonymity (Martel, 2018).

Securing Election Voting. Blockchain technology is still new and is continually being

improved as time goes by. Using a new technology that has glaring flaws is a risk that we need

to consider carefully. While Blockchain is promising, moving to Blockchain voting to secure a

voting system is not fixing the bottom-line issue; it is just kicking the can down the road. There

is no way to ensure the voters’ computer or cellphone is not infected with malware or up to date

on its security patches. Without using encryption to protect the record in transit, there is no way

to ensure that record has not been tampered with (Shankland, 2018).

Election security is important, and instead of looking toward Blockchain voting we

should look to improve voting systems that are currently in use. Funding election security

properly by hiring more cyber security professionals to maintain servers and firewalls and to
SECURITY OF STATES’ VOTING SYSTEMS 9

patch vulnerabilities would be a good start in protecting our elections. Purchasing updated

election equipment with current operating systems and properly retiring old election systems

would be another step in securing our elections.

Using a chain of custody like law enforcement use when working on election equipment

and destroying hard drives through approved DoD methods before election equipment surpluses

would also be a needed step to secure elections. Making sure there is a paper receipt for each

vote as it is cast to verify votes, random vote audit sampling, and not using the same server to

post election results that voter registrations are on is another step to secure elections. Limiting

access to physical network and server equipment to vendors that have passed a background

check and continually training election staff on security best practices would also be helpful in

securing our elections. None of these steps include using Blockchain voting, that technology

needs improvement before we here in the US move towards Blockchain voting.

Most people do not understand how Blockchain even works, it can cause confusion for

some people and a seed of doubt on the validity of elections an emerge from this confusion.

Election results can be challenged as invalid by a candidate if our elections have no trust in it by

the voters. Blockchain voting has promise in the future but as it stands currently it is not secure

enough to replace our voting system (Lee, 2018).

SECURITY OF STATES’ VOTING SYSTEMS 10

Conclusion

Due to the areas just discussed and recent elections, it is evident that the U.S. needs a

secure voting system. If we don’t take responsibility for our voting systems, we risk losing our

rights, and most importantly our voice. The U.S. voting system is current vulnerable in many

ways. A large swath of states use outdated machines that are susceptible to malfunction and

tampering, the electorate is being bombarded with foreign interference meant to influence their

vote and to sow discord, and secure technologies that are being explored to replace our voting

mechanisms are in their infancy. Without a secure and trustworthy democracy, we risk putting

our lives in the hands of “one” not “the many–the people”. Society, officials, and HAVA all

working together to address these issues, through either revamping and replacing voting

machines or overhauling the entire process which voters cast their votes, will be needed to begin

immediately to ensure a secure voting system for all future elections.

SECURITY OF STATES’ VOTING SYSTEMS 11

References

Arnold, E. (1999). History of Voting Systems in California. Bill Jones, California Secretary of

State.

Cobb, J. (2018, December 21). The Enduring Russian Propaganda Interests in Targeting

African-Americans. Retrieved from https://www.newyorker.com/news/daily-

comment/the-enduring-russian-propaganda-interests-in-targeting-african-americans

Gazdecki, A. (2018, October 12). How Secure Is Blockchain Technology? Retrieved from

Forbes: https://www.forbes.com/sites/forbestechcouncil/2018/10/12/how-secure-is-

blockchain-technology/#e50a05072f03

Jackson, W. (2013, December 2). Why salted hash is as good for passwords as for breakfast.

Retrieved from GCN: https://gcn.com/articles/2013/12/02/hashing-vs-encryption.aspx

Lee, T. B. (2018, November 6). Blockchain-based elections would be a disaster for democracy.

Retrieved from ars Technica: https://arstechnica.com/tech-policy/2018/11/blockchain-

based-elections-would-be-a-disaster-for-democracy/

Lucas, R. (2018, December 17). New Reports Detail Expansive Russia Disinformation Scheme

Targeting U.S. Retrieved from https://www.npr.org/2018/12/17/677390345/new-reports-

detail-expansive-russia-disinformation-scheme-targeting-u-s?t=1552850840530

Martel, K. (2018). Blockchain: The Good, The Bad and The Ugly. Retrieved from United States

Cybersecurity Magazine: https://www.uscybersecurity.net/csmag/blockchain-good-bad-

ugly/

McMillan, R., & Volz, D. (2018, September 27). Voting Machine Used in Half of U.S. Is

Vulnerable to Attack, Report Finds. Retrieved from The Wall Street Journal:
SECURITY OF STATES’ VOTING SYSTEMS 12

https://www.wsj.com/articles/widely-used-election-systems-are-vulnerable-to-attack-

report-finds-1538020802?mod=hp_lead_pos9

Methods of Foreign Electoral Interference. (2019, April 2). Retrieved from

https://euvsdisinfo.eu/methods-of-foreign-electoral-interference/

Murray, M. (2018, June 18). Blockchain explained. Retrieved from Ruters:

http://graphics.reuters.com/TECHNOLOGY-BLOCKCHAIN/010070P11GN/index.html

National Conference of State Legislature. (2018, August 20). Voting Equipment. Retrieved from

NCSL: http://www.ncsl.org/research/elections-and-campaigns/voting-equipment.aspx

National Conference of State Legislature. (2019, February 4). Election Security | Cybersecurity:

What Legislators (and Others) Need to Know. Retrieved from NSCL:

http://www.ncsl.org/research/elections-and-campaigns/election-security.aspx

National Conference of State Legislature. (2019, February 15). Funding Elections Technology.

Retrieved from NSCL: http://www.ncsl.org/research/elections-and-campaigns/funding-

election-technology.aspx

Norden, L., & Córdova, A. (2019, March 5). Voting Machines at Risk: Where We Stand Today.

Retrieved from Brennan Center for Justice:

https://www.brennancenter.org/analysis/voting-machines-risk-where-we-stand-today

Parlapiano, A. Lee, J. C. (2018, February 16,). The Propaganda Tools Used by Russians to

Influence the 2016 Election. Retrieved from

https://www.nytimes.com/interactive/2018/02/16/us/politics/russia-propaganda-election-

2016.html
SECURITY OF STATES’ VOTING SYSTEMS 13

Roberts, D. (2017, May 27). Voting by mail is fair, safe, and easy. Why don’t more states use it?

Retrieved from Vox: https://www.vox.com/policy-and-

politics/2017/5/27/15701708/voting-by-mail

Schulberg, J. (2017, July 17). Good News For Russia: 15 States Use Easily Hackable Voting

Machines. Retrieved from HuffPost: https://www.huffpost.com/entry/electronic-voting-

machines-hack-russia_n_5967e1c2e4b03389bb162c96

Shankland, S. (2018, November 5). No, blockchain isn't the answer to our voting system woes.

Retrieved from CNET: https://www.cnet.com/news/blockchain-isnt-answer-to-voting-

system-woes/

Ward, A. (2019, May 21). Secret documents show Russian plot to stoke racial violence in

America. Retrieved from https://www.vox.com/2019/5/21/18633783/russia-2020-

election-racial-violence-nbc