[Image courtesy of Twitter user kiniry]
In recent weeks, we have seen increasing concerns nationwide about cybersecurity – especially as we move closer to a national general election in November. Last week, U.S. Election Assistance Commission (EAC) Vice-Chair Matt Masterson published a blog post entitled “EAC & Election Officials Working Together to Increase Confidence” that not only lays out what the EAC is doing to assist election offices across the nation but also suggests what those offices can do to help themselves:
Recently we see an increased interest in voting system security. Election officials are also concerned about this issue. They spend a significant amount of time identifying risks to their voting systems, mitigating those risks and answering questions about their voting systems since the purchase of HAVA systems a decade ago. I wanted to provide you with a few reminders of info EAC has available that can help facilitate this conversation and reassure voters about the process:
+ EAC tests and certifies voting systems. All test plans, test reports and certification documents are publicly posted at EAC.gov. These certification criteria include a review of all source code used in the voting system.
+ EAC posts voting system advisory notices for all EAC certified systems. These are notices provided by the manufacturer of the system about EAC certified systems.
+ EAC created a managing election technology series this year. Included in this series are tips on managing aging equipment & a checklist for securing your voter registration data. Additionally, we have pre-election testing scripts from around the country available for you to review and use to improve your current testing.
+ EAC has a variety of quick tip guides and best practices available regarding voting technology, including one on conducting effective post-election audits . These are best practices taken from state and local election officials and shared with you.
In addition to these resources, I want to share four best practices that I know election officials use to help voters and improve confidence in the process:
* Educate the public on the various systems in use in your office. Election offices are composed of a variety of election systems (voter reg, election night reporting, voting system, ballot-on-demand, etc.) Educating your voters on the various systems and the role of each system in the process to better understand the systems and its use mitigations in the process.
For instance, voting systems, including the tabulation software, are not connected to the internet because of the election official’s need to secure election data. Election night reporting (ENR) systems must be networked in order to distribute the results, but do not pose the same security risks because the results transmitted are unofficial. While there is security surrounding the ENR system, it is different than the voting system.
* Take advantage of social media. Counties like King County, WA, and Denver, CO, live stream various aspects of their process (from pre-election testing, to election day counting, to post-election audits). Other counties, like Hillsborough Co., FL take a video of the process and share it on Twitter and Facebook. It provides a level of transparency and gives voters a glimpse in to a process that previously could only be attained by being at the election office.
* Share your pre-election testing scripts before conducting your public tests. Almost every election official I talk to laments the fact that they conduct public tests of the voting systems and no one attends the event. By sharing the testing process publicly prior to public testing, you enable voters to understand the scope and breadth of the testing and increase confidence in the system and testing conducted. It also serves as a reminder for voters that every system is tested to ensure readiness and accuracy on Election Day.
* Give your office workstations and servers a security check up. Update your password and access control plans. For instance, be sure to have strong and updated passwords not just for typical election systems but also for your social media accounts and web content management system. These are the fundamentals that set the stage for a secure process.
If you need help, ask your county IT department or IT service provider to give your office PCs a security review. Ask them to ensure that all malware detection software is up to date and that all recent OS updates (especially those that deal with security) are installed.
Election offices are [now less than 40] days away from sending their first ballots to military and overseas citizens. The election is here and voters are beginning to ask questions and working to understand the process. Hopefully these resources can help encourage a healthy discussion about the voting system, clarify the layers of security involved in protecting the voting system, and improve confidence in the election administration process.
Moving forward the EAC is working hard to encourage voters to engage with the process by talking to their state and local election officials, becoming poll workers and taking advantage of other opportunities election officials offer to gain access to the process (like attending public testing).
This is a very important and extremely helpful post because it offers concrete advice to election officials who are already knee-deep in work for elections this fall. Thanks to Matt for sharing these ideas and to everyone at the EAC who works so hard to protect and improve the election process nationwide. The next twelve weeks before Election Day are going to be extremely eventful in many different ways; here’s hoping that states and localities are able to do what they can to ensure that their voting systems are as secure as possible.
Stay tuned …