June 26, 2019
As jurisdictions around the nation explore how to shore up their voting systems against vulnerabilities revealed by the 2016 election, Congress held a hearing yesterday to learn more about cyberthreats and options for thwarting them. Among those offering testimony were two members of the committee that wrote the National Academies’ 2018 report Securing the Vote: Protecting American Democracy.
“Our report recommends that a detailed set of cybersecurity best practices for state and local election officials be developed, maintained, and incorporated into election operations,” committee member Neal Kelley told members of the House Committee on Science, Space, and Technology. Kelley, who is registrar of voters for Orange County, California, also stressed the importance of conducting elections with human-readable paper ballots.
Josh Beneloh, senior cryptographer at Microsoft Research, explained that because most U.S. election jurisdictions are small and have very limited resources, they face an asymmetric battle in trying to fend off threats from foreign nations. “While we cannot guarantee that attacks can be prevented, we can guarantee that they’re detectable.” One way to do this is by using risk-limiting audits, which are recommended in the Academies report, and which have already been piloted in about a dozen U.S. jurisdictions in recent years, Beneloh noted. By examining a sample of paper ballots to determine whether the votes in an election have been tabulated correctly, these audits can help ensure the accuracy of the vote and increase confidence in the outcome of elections.