Rep. Zoe Lofgren (D-Calif.), the Chairperson of the Committee on House Administration who initiated the SAFE Act, hopes that the congressional hearing would help the Senate to pass the bill.
The states that use grants to replace their voting machines should also ensure that the new system provides ranked voting choice functionality. That means that each voter can vote for multiple candidates for a particular office by assigning a different rank to each candidate.
The act also mandates States to perform risk-limiting audits using manual counting of a certain number of ballots combined with statistical methods to determine any breach to election integrity due to either a cyber attack or a programming error. It also requires that States use only voting machines manufactured in the United States and prohibits connecting any voting system or device to the internet or other communication networks.
Davis said during the hearing, his focus is on: “effective oversight of our nation’s elections, which are maintained by the states, not the federal government. But that does not mean that this committee, and the house itself, does not have an important oversight role to play in securing elections.”
Voting Machine Vendors Testify
The CEO’s of the top three U.S. vendors of voting systems, Election Systems & Software (ES&S), Dominion Voting Systems, and Hart InterCivic, testified before the Committee and agreed to support five security requirements for the voting machine vendors posed by Lofgren related to:- cybersecurity practices and procedures,
- reporting any cyber-attacks, they experienced,
- personnel policies and especially background checks and cyber attack prevention,
- details of corporate ownership and foreign investment,
- supply chains, for example, where parts or software come from, how they are kept secure.
Rep. G. K. Butterfield (D- N.C.) asked Tom Burt, the President and CEO of ES&S about the voting machines his company sells. The machines can operate in an auto-cast mode that allows the voter to skip the verification of the paper record. Burt answered that he believes that no customers use the machines in auto-cast mode, and they all “present the ballot back to the voter for verification ... either through a screen or by kicking out the piece of paper.”
Both Lofgren and Davis raised concerns about the supply chain used by voting system manufacturers that may pose a security risk to the final product. It turned out that all three vendors use specific components that come from China. Final products manufactured by ES&S has “one of the nine programmable logic devices” that are sourced from a U.S.–based company and produced in its factory in China. Dominion and Hart use components from China in different parts of their products like glass screens or chip components like capacitors and resistors.
President and CEO of Dominion Voting Systems John Poulos said that it would not even be feasible to manufacture these components in the U.S.
Another factor that potentially compromises the security of voting machines is internet access. All three vendors said that their voting machines do not have any remote capability installed. However, two vendors provide tabulators with the capability to plug-in an external modem to transmit “unofficial results after polls close” as required by certain states. However, to mitigate the risk, the modems only work on a private network and are blocked from accessing the public internet.
Experts Provide Opinions and Recommendations
Experts who testified before the Committee advocated using hand paper ballots that would be scanned by an optical ballot reader. Expert witness, Dr. Matt Blaze, who is the McDevitt chair of computer science and a professor of law at Georgetown University. He also co-founded the DEFCON Voting Village international computer security “hacker” conference.Blaze recommends paper ballot forms that are filled in manually by voters and subsequently read by optical scanning devices (with the help of an assistive ballot marking device for voters with disabilities or language impaired) while retaining paper ballots for future audits. The scanning device will produce electronic tally records that can be read after the polls close to calculate the result.
Besides, Blaze stresses the importance of conducting risk-limiting audits by manually counting a random sample of paper ballots selected with the aid of a statistically rigorous method.
“Currently, there’s no known way to secure a digital ballot. At this time, any election that is paperless is not secure,” said Gilbert in a statement.
Therefore, “Elections should be conducted with human-readable paper ballots,” that can be marked either by hand or by a ballot-marking device and counted either by hand or by an optical scanner, Gilbert said.
He also provided an example showing that using a ballot marking device for voters with disabilities can make a potential cyberattack effective. In 2016 there were 16 million voters with disabilities, but “the margin of victory [was] less than 3 million votes”, said Gilbert. By targeting only ballot marking devices, an adversary can potentially alter the election results, Gilbert concluded. He recommended a universal design of voting machines that can be used by all voters, including those with disabilities.