Keeping our elections secure and our ballots private already represented one of the trickiest challenges in a modern democracy—and then the coronavirus pandemic landed.
In a keynote that opened the Black Hat conference Wednesday, security researcher and Georgetown Law professor of secure systems and cryptology Matt Blaze offered advice for our current situation. But his solution doesn’t center around software or protocols. Instead, it’s all about people.
As in, election officials need more of them working elections—not just because pandemic fears have many older poll workers opting out, but because governments must dramatically scale up mail-in voting. More of us, especially those who work in information security, need to volunteer our time and expertise.
“I don’t think I’ve ever encountered a problem that’s harder than the security integrity of civil elections,” Blaze said. Protecting the secrecy of your ballot makes it harder to verify that your ballot was counted, and vice versa. And ever since our elections got too big to have people complete a paper ballot and drop it in a box for hand-counting, those goals have been difficult to square.
We magnified that problem, Blaze said, by overreacting to Florida’s hanging-chad debacle by mandating the replacement of punch-card and lever voting machines. That law also mandated hardware accessible to voters with disabilities, and many jurisdictions met that laudable objective by buying “direct recording” touchscreen voting machines. But these machines kept no independent record of votes, and as subsequent research established, many of these computers were horrifically insecure.
Consensus has since swung to having voters complete paper ballots and feed them into optical scanners—with ballots retained for safekeeping—while providing touchscreen ballot-marking machines for voters with vision or hearing disabilities.
I can testify for that approach. After seeing Blaze tell enough hacker conferences that the best way to learn this subject is to become a poll worker, I signed up to serve as one in Arlington, Virginia.
Since March, I’ve helped more than a thousand people vote and witnessed over three elections just how hard it is to screw up a well-designed ballot-scan system. The machines we use in my district accept ballots inserted forwards, backwards, upside down, or right side up—and will spit out a ballot if they detect no vote, allowing the voter to mark more clearly.
(Disclosures: My wife works for Arlington’s government but has no role in elections, while the county has paid me $625 combined for these 15-hour-plus workdays.)
Combining this system’s paper trail with a risk-limiting audit—a check of a sample of those ballots with scanners’ digital records—yields what Blaze called “very high confidence” in an election’s integrity.
Unlike app-based schemes that require immense trust in both voting software and in every voter’s smartphone—and which 73% of Black Hat attendees called impossible to secure in a survey taken by conference organizers—we’ve seen this combination of paper and math survive contact with reality.
These two ideas have kind of become the gold standard for election security.”
“These two ideas have kind of become the gold standard for election security,” Blaze said. “Election security at the beginning of the year was a matter of getting it implemented.”
Instead, the pandemic has made waiting indoors with crowds of people to vote much riskier—for voters as well as poll workers. The simplest way to address that is to spread out voting, with early in-person as well as mail-in balloting.
That second option zeroes out human contact, so states have rapidly adopted it. The Washington Post‘s tally now estimates that 76% of Americans will be able to vote by mail this fall.
But, Blaze explained, mail balloting adds extra steps that may be hard to scale: A voter requests a ballot; election officials remove them from the in-person pollbook for the voter’s precinct; the voter sends back the ballot with their signature on its envelope; officials check the voter’s signature against the one on file; if it matches, they remove the ballot from the envelope and scan it.
“This is a pretty labor-intensive process,” Blaze said—especially when a signature mismatch requires contacting the voter to give them a chance to fix it.
The risk of delayed mail-ballot delivery is also increasing as the U.S. Postal Service struggles with cost-cutting moves recently ordered by President Trump’s new postmaster general, Louis DeJoy.
Blaze’s advice to the audience watching online: Make yourself part of the solution and ask your local election office if they need help. “We can do this, but we need to engage now.”
In a conversation Thursday, Amber McReynolds, CEO of the Denver-based nonprofit National Vote At Home Institute, offered other recommendations to help scale up the mail-in voting process. She advocates for printing “intelligent mail bar codes” on ballot envelopes to speed their delivery and allow quicker tracking. In addition, ballots should be clearly designed, such as the templates published by the nonprofit Center for Civic Design.
When it comes to returning a ballot, McReynolds says that voters should be able to leave ballots in 24-hour dropboxes at secured locations such as libraries and government offices. And on election day, people should be allowed to hand-deliver mail-in ballots to polling places. She notes that more than 70% of Colorado mail voters delivered their ballots this way.
But this may require changing existing rules: In each election I worked, somebody showed up with an absentee ballot that we could not accept. Per the lengthy election-officer manual, we had to handle it differently regardless of whether it was blank or completed.
All this, however, leaves one obstacle that Blaze didn’t address and which McReynolds’s process-oriented advice can’t tackle: Trump’s repeated, false attacks on the integrity of mail-in voting, some of which Twitter has flagged with fact-checking labels. They already have local Republican leaders worrying that GOP voters will refuse mail ballots and wait to vote in person.
I asked Blaze about this in the chat system on Black Hat’s site. His response was not terribly encouraging.
“By and large, democracy only works if we collectively trust it,” Blaze wrote. “This is a hard problem.”