EFF: Election Security: When to Worry, When to Not, and the Takeaway from Antrim County, Michigan

Election Security: When to Worry, When to Not, and the Takeaway from Antrim County, Michigan

Everyone wants an election that is secure and reliable. With technology in the mix, making sure that the technology supports this is critical. EFF has long-warned against blindly adopting technologies that can be easily manipulated or fail without having systems in place to test, secure, and catch problems, including through risk limiting audits. At the same time, not every problem is worth pulling the fire alarm about—we have to look at the bigger story and context.  And we have to stand down when our worst fears turn out to be unfounded.

A story out of Michigan last week in Antrim County provides a good opportunity to apply this. What seems to have happened is that a needed software update was not applied to a system that helps collect and report digital vote information—the county has paper ballots that are scanned—from the county. As a result, it appeared that 6,000 votes shifted from Republicans to Democrats in the unofficial reports.

This Michigan story isn’t worrisome after all, but that doesn’t mean that our elections are as secure as they need to be.

That is very worrisome. However, when the update was applied, the votes shifted back because the actual tabulation figures were correct. Of course there were paper ballots too, that would have been cross-checked under Michigan’s processes had this not been caught so early.  Our longtime election security friend and partner Professor Alex Halderman of the University of Michigan has a more technical rundown on his Twitter feed.

This story should be one that takes what could have been a big worry and instead gives us cause for relief. Instead of just direct-recording electronic voting machines (DREs) and election systems that don’t have fail-safes for errors, Michigan had good error-checking, and the error was caught quickly. Even if it hadn’t been, it is very likely that it would have been caught later, as the results shifted from unofficial to official. And it wasn’t even a computer or software error; it was a human one. But, of course, systems should take steps to protect against errors by humans running them too.

Bottom line: No fire alarm needed. Whew! We should see this story a win for election security. It must not be promoted further as evidence of a fraud. It is, in fact, evidence of the safeguards against fraud working.

What Can We Learn From This Incident?

First, and most importantly, we can learn that it is critical to have systems in place to support election technology and the election officials who run it. Failing to apply a software update is a predictable kind of mistake. The election officials were able to see what had happened and correct it because the system didn’t assume that everything would go smoothly. This is unfinished work. We and our friends continue to push for more transparency in election systems, more independent testing and red-team style attacks, and most importantly, for Risk Limiting Audits of election results.

Second, that voting on paper ballots continues to be extremely important and the most secure strategy. The situation in Michigan was much less concerning because there were hand-marked paper ballots available. With that backstop, most serious problems could be resolved without having to re-run the election. We still have many states and localities that do not have sufficient paper ballots, and we need to keep pushing.

Third, it is important to have the entire voting technical system under the control of election officials so that they can investigate any potential problems, which is one of the reasons why Internet voting remains a bad, bad idea.

Fourth, that we should continue to be vigilant. Election officials have come a long way from when we started raising concerns about electronic voting machines and systems. But the public should keep watching and, when warranted, not be afraid to raise or flag things that seem strange.

There may be more claims of computer glitches and other forms of manipulation in the days and weeks ahead. Knowing when to worry and when NOT to worry will continue to be important. When there is no cause for worry, the story should stop, which is what should happen with this Michigan story now.

But most importantly, the work of securing our elections must continue. This Michigan story isn’t worrisome after all, but that doesn’t mean that our elections are as secure as they need to be. And that’s the biggest challenge—continuing to support and fund the work to secure our elections, even when the bright glare of a hotly contested election has faded.


Published November 11, 2020 at 05:04AM
Read more on eff.org
EFF: Election Security: When to Worry, When to Not, and the Takeaway from Antrim County, Michigan EFF: Election Security: When to Worry, When to Not, and the Takeaway from Antrim County, Michigan Reviewed by Unknown on November 10, 2020 Rating: 5

No comments:

Powered by Blogger.