Recent News

Our 2019 Year in Review

So, it took a month longer than we’d like but well, you know, chaos. However, this past weekend we posted our 2019 Annual Review.  We hope you agree that this summary of key accomplishments and developments for last year (2019) demonstrates the impactful importance of our work to defend democracy.  Most of all we thank you, our readers, for your continued support of this work.

2020 is underway with the first (Iowa) caucus already behind us and with a ton of controversy we’ve weighed-in on. And now we’re looking down the barrel of another in Nevada with a similarly brewing situation. This will be a truly historical election cycle, and election technology security, advancing the integrity of elections and participation, and defending democracy have never ever been more important.

Stay tuned for new initiatives to prepare for the 2020 national election, including efforts to improve the integrity of voter rolls; services to ensure voter’s know the status of their registration; innovations in election results reporting; and continued efforts in developing new public technology for casting and counting ballots.

Finally, if you haven’t already, we hope you will make at least a modest donation to the cause of the OSET Institute as we ride the storm of this election cycle.  The TrustTheVote Project remains the only non-profit non-partisan effort specifically focused on making higher integrity, lower cost, and easier to use public election technology.

Onward to the 2020 election.

Elections Legislation Everyone Can Agree On: The KISS Act

A week ago the Wall Street Journal ran an editorial that’s worth a comment in reply.  I can’t argue with the WSJ taking the view that the House SAFE Act (H.R.2722) is a “partisan maneuver” (possibly they’re referring to the very recently introduced Senate version: S.2238 SAFE Act, but I doubt it from the editorial). Given that even the Senate is now hyper-partisan, publications (like the Wall Street Journal) that want to find partisanship, will find it wherever they look.

However, let’s whittle this issue down to the essentials. Imagine stripping down the Bill— dropping the tree-hugging recycled paper thing; dropping the ranked choice voting; removing whatever other nit-picks the WSJ editors found. And imagine adding the 25% state “skin-in-the-game,” adding a ballot harvesting ban, and whatever else the WSJ editors would wish to be added.

Then, imagine just considering on its merits only two (2) basic essentials:

  1. When a state conducts a Federal election it should be with paper ballots (using a ballot marking device or hand marking, or a mix of casting methods as the state chooses, and with Federal funding to do so); and
  2. Those ballots must be audited to ensure that we never have a computer problem that results in naming a winner who did not actually receive the most votes.

And while considering those two requirements, also consider whether it is right, fair, and practical for the Federal government to treat this as a funded mandate for every Federal election, with the Federal government providing the substantial majority (75%) of the funds that the state will need in order to comply with those two essential requirements, but using methods that each state decides on its own are the best for their local elections offices.

Imagine that.

I would hope that the Wall Street Journal editors would find that to be a credible and well-guided opinion about the main point — the primary goals for any Federal legislation to strengthen the confidence in the integrity of our elections, when we know nation states will be working to undermine our confidence in meaningful elections.

If so, then I humbly offer a name for such a stripped down bipartisan version of SAFE that I invited readers to imagine: the KISS Act: Keep Integrity in Elections Simple and Secure. In other words, follow the engineer’s dictum to Keep It Simple, in order to get the job done with the simplest approach possible.

Plain Talk Series on Understanding Voting System Updates Part 6: What Needs to Change?

Voting Systems Plain Talk Series logo

A six-part series about Voting Systems Updates

This is the 6th and final part of a 6-part series of slightly longer vignettes on the challenge of updating voting systems. It’s a slice-and-dice of a recent briefing on the topic.

It’s intended to acquaint relatively newcomers to understanding how voting system are purchased and maintained, and that includes anyone and everyone from concerned citizens, to journalists, to policy makers.

What’s the Way Forward?

Given the current limitations of vendor contracts, complex certification, and a unique operating environment, changes are necessary in order to provide voting system manufacturers with stronger incentives to upgrade their products and go through re-certification, and to provide local election officials with greater value in voting system updates (i.e. to make them less prematurely out-of-date).

Below are our recommendations for how federal certification could be improved, and how local election officials can better arm themselves with critical information needed to enhance vendor accountability.

For Policy Makers: Re-Thinking Federal Certification

Coming up with new ways to support more flexible voting system updates requires policy makers and the EAC to re-visit some fundamental concepts and practices that make it almost impossible to rapidly update one or more components of a voting system.

One of these has already been mentioned: namely, re-thinking the definition of “voting system.” Past federal certification campaigns have allowed only “total” system configurations, with essentially say that the EAC will only certify complete voting systems that include a comprehensive minimum set of end-to-end functions; vendors cannot simply make incremental changes in selected components and quickly deploy those updates.

Current Practices Are Unwieldy, But There Are Alternatives

Recall, for example, that under current practices, if a voting system manufacturer wanted to update only the operating system for only the back-office tabulation computers (which are especially important, since they count and report results), and nothing else, that change in OS for that one component would still result in an new “version number” for the overall voting system, and the modified voting system as a whole would still need to go through the long and costly federal certification process.

In contrast, there are alternative ways of thinking of a “voting system” that could drive more flexibility in the federal certification program.

For example, the ability for manufacturers to develop, test and seek certification for individual portions of a voting system (also known as component-level certification), rather than being required to submit only entire systems for certification, could introduce greater agility for vendors and local election officials alike.

Not Just Carrots — Add Sticks

In addition to those “carrots,” the EAC could also consider additional “sticks,” for example, in the form of new prohibitions on continued certification of voting systems whose operating systems are no longer supported by their manufacturer.

In those instances, the vendors might be required to use updated/currently-supported operating systems as a prerequisite to (re)entering the certification process.

A New Role for Federal Agencies

Finally, a heightened security environment might necessitate a new and larger role for institutions other than the federal Election Assistance Commission, with procedures that have been consciously crafted to be more flexible.

For example, allowing the Department of Homeland Security (DHS) to oversee cybersecurity testing for voting systems, with a particular eye toward increased agility, could be a good first step in the right direction.

A Combined Approach

In sum, an evolving understanding of “voting systems,” component-level certification, and re-thinking cybersecurity testing are essential because our national security depends on the agility that these programmatic changes can help to deliver.

We hope that federal and state legislators and policy makers will pay close attention to these evolutionary changes, because the cyber-threat landscape is rapidly changing, and in the future, the federal certification program must support rapid changes to voting technology.

In addition to those changes in the regulatory environment, other changes could provide states, counties, and local election officials with other tools to hold vendors more accountable, so that the playing field is less unequal. As a final consideration, let’s take a look at those.

For Election Officials: Education and Empowerment

Returning full-circle to the challenges that inspired this blog series in the first place, it should now be clear just how complex the many factors are that impose limitations on how quickly voting system updates can be implemented.

In order for the overall security profile of our nation’s voting infrastructure to be substantially improved, new incentives and sanctions will need to emerge in order to fill gaps in outdated software.

As we have seen, however, common vendor practices and certification requirements play an outsized role in disrupting both the clarity and the pace with which potential software updates might be delivered.

Moving the Needle

Since certification practices are unlikely to change quickly, and because vendors are unlikely to willingly place additional obligations on themselves , the fact of the matter is that “moving the needle” to arrive at more predictable updates may rest in the hands of state and local election officials, who are uniquely positioned to increase vendor accountability during the contracting process.

Vendors want to sell voting systems; they expend significant dollars for development, certification, operations, and marketing, and by the time an election jurisdiction announces an intent to award a particular vendor with a new sale, vendors are motivated to close the transaction with a mutually binding contract.

The Initial Punch List

As this blog series illustrates, the complex network of variables that impact voting system updates can be boiled down to just four major elements that all procurement departments and election officials should become very familiar with; this is the initial “punch list” to guide their assessment of the playing field:

  1. Initial purchase. Review the purchase order, quote, or “bill of sale” closely. What hardware is included? What software is installed on the hardware? And what software licenses are already included for the first year?
  2. Baseline annual fees: Review the “license and support” fee schedule carefully, to understand the costs that the customer will incur to continue using the hardware and software, year after year, over the term of the contract. License and support fees are typically listed separately from the initial hardware and software schedule.
  3. Software update policies. In addition to reviewing the “license and support” fee schedule, carefully review any separate “License and Support Agreements,” which are typically distinct from “Master Agreements” or “General Terms.”
    1. Do a word search on “updates” in all of these documents, and review the vendor’s default boilerplate update policies. Accountability, transparency and predictability of potential software updates is likely to be enhanced by providing substitute language to replace the vendor’s default software update policy.
  4. Certification. State and local election officials should familiarize themselves with their state’s policies around certification of voting system updates. The Secretary of State’s office can provide information about timelines and policies for certification of voting systems.

Ask Questions Before You Sign

With all of the above information as an initial baseline for negotiation, state and local election officials are now in a position to collaboratively discuss more detailed questions with their preferred voting system vendor, before any contract is signed.

We recommend discussing the following questions, among others:

  • What types of updates are included through annual license and support payments, with no additional charges necessary?
    • Are security-only updates included as part of “software updates”? Who decides?
    • What types of updates might require additional, separate costs? Who bears those costs?
  • If annual license and support payments provide the customer with “updates,” does that include installation of updates, or is that a separate fee?
    • Are there any other additional fees associated with installation? Shipping? Consumables? Anything else?
  • If any new software licenses are associated with the update, who will pay for them?
  • Who is responsible for paying any third-party licenses that might be required to operate the updated system?
  • How are updates installed?
    • By the vendor? The state? Counties?
    • What’s included in “installation”? Does it include on-site service? Or is installation by the customer possible?
    • What is the customer “acceptance” process after the update is complete?
  • Is there any way to predict and/or limit what software and security upgrades might cost (especially to facilitate budgeting)?
  • Are there any circumstances in which the customer wishes the vendor to be obligated to provide an update?
    • For example, if a COTS operating system or other major third-party component reaches “end of support” from the manufacturer, is the vendor obligated to do anything to update the system with a newer version? If so, how quickly must the vendor respond? For example:
      • “Not later than 3 months after a commercial operating system manufacturer announces end of support for their product, voting system Vendor shall initiate a project planning process to collaborate with the county on a future anticipated update plan, subject to mutual agreement.

It’s Time to Fix the Voting System Update Process

Given the fact that voting systems are part of our nation’s critical democracy infrastructure, the outdated nature of much voting system software should concern all Americans.

As this series illustrates, election technology updates are a complex affair, and the limitations that exist today need to be improved.

Currently, vendor behavior, vague contract terms, and disincentives generated by a cumbersome regulatory process are preventing many of our nation’s election officials from having voting technology that keeps pace with more mainstream advancements in a timely fashion.

In the current threat environment, outdated voting technology is an unacceptable security risk.

This can and must change.

As policymakers consider testing and certification programs for the future, they should not simply assume that past practices provide guideposts to the road that lies ahead.

It will take careful thought and a concerted effort to create a more flexible path to regular, ongoing cybersecurity improvements in the future.

And in the meantime, we say to state and local election officials: now that you have more information, remember…knowledge is power.

To read more, here are all of the articles in this Voting Systems Update Series published to date.