The Brennan Center has found that despite manifold warnings about election hacking for the past two years, the country has made remarkably little progress since the 2016 election in replacing antiquated, vulnerable voting machines — and has done even less to ensure that our country can recover from a successful cyberattack against those machines.

In September 2015, the Brennan Center published America’s Voting Machines at Risk, a comprehensive report about America’s outdated voting machines. That analysis detailed how these systems were often unauditable, susceptible to malware, frequently difficult to repair, and more prone to failure.[1]

Since then, the Director of National Intelligence published a report detailing the ways in which Russia interfered in the 2016 election.[2] In recent weeks, top intelligence officials have cautioned that foreign actors — including not just Russia, but also North Korea and Iran — may look to launch cyberattacks on this fall’s midterm elections. The Department of Homeland Security, the Election Assistance Commission, and states and counties around the country have taken important steps in the last two years to secure our election infrastructure.[3]

But in two critical areas, the Brennan Center finds, the country has been remarkably slow to act: replacing voting machines most vulnerable to hacking, and mandating post-election audits that would allow the country to detect and recover from successful cyberattacks against those machines.

This year, most states will use computerized voting machines that are at least 10 years old, and which election officials say must be replaced before 2020.

While the lifespan of any electronic voting machine varies, systems over a decade old are far more likely to need to be replaced, for both security and reliability reasons. As machines age, essential parts like memory cards and touch screens fail. Also, older machines are more likely to use outdated software like Windows 2000. Using obsolete software poses serious security risks: vendors may no longer write security patches for it; jurisdictions cannot replace critical hardware that is failing because it is incompatible with their new, more secure hardware; and the software itself is vulnerable to cyberattacks.[4]

Despite the urgent need to replace antiquated equipment, and the growing calls to do so over the last two years, most outdated systems have not been replaced. In 2016, jurisdictions in 44 states used voting machines that were at least a decade old. Election officials in 31 of those states said they needed to replace that equipment by 2020.[5]

Two years later, little has changed. This year, 41 states will be using systems that are at least a decade old, and officials in 33 say they must replace their machines by 2020. In most cases, elections officials do not yet have adequate funds to do so.[6]

It is critical that these jurisdictions get funding soon, so that they can begin to use them in 2019, rather than deploying them during a presidential election year. “You want to implement new systems in a year when poll workers won’t be so busy. Macy’s wouldn’t roll out new cash registers on Black Friday,” Sherry Poland, Director of Elections of Hamilton County, Ohio, told the Brennan Center.[7]

Since 2016, only one state has replaced its paperless electronic voting machines statewide.

Security experts have long warned about the dangers of continuing to use paperless electronic voting machines.[8] These machines do not produce a paper record that can be reviewed by the voter, and they do not allow election officials and the public to confirm electronic vote totals. Therefore, votes cast on them could be lost or changed without notice. Moreover, if officials discover that voting machine software has been corrupted or data has been lost, it may be impossible to recover the lost votes without a paper record.

While many paperless systems were replaced in the years before the 2016 election, since then, the country has made remarkably little progress — even despite repeated warnings from intelligence officials and security experts that voter verified paper records are a critical backstop against cyberattacks.[9] In 2016, 14 states (Arkansas, Delaware, Georgia, Indiana, Kansas, Kentucky, Louisiana, Mississippi, New Jersey, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia) used paperless electronic machines as the primary polling place equipment in at least some counties and towns. Five of these states used paperless machines statewide.[10]

By 2018 these numbers have barely changed: 13 states will still use paperless voting machines, and 5 will continue to use such systems statewide. Only Virginia decertified and replaced all of its paperless systems.[11] In Pennsylvania, Acting Secretary of State Robert Torres directed that all voting machines purchased in the state must employ “a voter-verifiable paper ballot or paper record of votes cast,” but this applies only to new systems.[12] The state has not provided any money to replace its current paperless machines.

Only three states mandate post-election audits to provide a high-level of confidence in the accuracy of the final vote tally.

Paper records of votes have limited value against a cyberattack if they are not used to check the accuracy of the software-generated total to confirm that the veracity of election results. In the last few years, statisticians, cybersecurity professionals, and election experts have made substantial advances in developing techniques to use post-election audits of voter verified paper records to identify a computer error or fraud that could change the outcome of a contest. The Brennan Center and many other election integrity groups have recommended adoption of such techniques.[13]

Specifically, “risk limiting audits” — a process that employs statistical models to consistently provide a high level of confidence in the accuracy of the final vote tally – are now considered the “gold standard” of post-election audits by experts.[14] Despite this fact, risk limiting audits are required in only three states: Colorado, New Mexico, and Rhode Island.[15]

While 13 state legislatures are currently considering new post-election audit bills, since the 2016 election, only one — Rhode Island — has enacted a new risk limiting audit requirement.[16]

43 states are using machines that are no longer manufactured.

The problem of maintaining secure and reliable voting machines is particularly challenging in the many jurisdictions that use machines models that are no longer produced. In 2015, using data provided by Verified Voting and information gathered from interviews with voting machine vendors, the Brennan Center estimated that 43 states and the District of Columbia were using machines that are no longer manufactured. In 2018, that number has not changed.[17]

A primary challenge of using machines no longer manufactured is finding replacement parts and the technicians who can repair them. These difficulties make systems less reliable and secure. Several election officials have told the Brennan Center they scavenge for spare parts on eBay,[18] and even there, many of the parts are no longer available.

In a recent interview with the Brennan Center, Neal Kelley, registrar of voters for Orange County, California, explained that after years of cannibalizing old machines and hoarding spare parts, he is now forced to take systems out of service when they fail.[19] Ohio’s Sherry Poland told the Brennan Center she has been forced to replace her voting systems next year because she fears she can “no longer get replacement parts to get us through the next two years.”[20]

The Solution: Congress Should Provide Grants to Replace Antiquated, Paperless Equipment and Conduct Post Election Audits to Detect Hacking or Error.

National security, legal and election experts agree: Congress must act to protect our elections by providing grants to states to replace equipment and conduct post-election audits. There are currently three bipartisan pieces of legislation being considered on Capitol Hill that would provide funding and support for state election officials. Such measures would not just improve security – they would reaffirm public faith in our elections and our democracy at large.

“We believe there is a framework to secure our elections … authorize cost-sharing with states for the replacement of insecure electronic systems with those that produce a voter-verified physical record… [and lay] the groundwork for states to regularly implement risk-limiting audits — procedures that check a small random sample of paper records to quickly and affordably provide high assurance that an election outcome was correct.”

Michael Chertoff and Grover Norquist, Washington Post, February 14, 2018.

“More pernicious would be attempts to hack into voter machines and change the results that they report. In some states, there is no paper backup or audit trail, just electronic digits that record how people voted ... If a cyberattack is done well, there may be no evidence of the attack … Every voting machine must create a paper copy of each vote recorded, and those paper copies must be kept secured for at least a year.”

Richard Clarke, ABC News, Aug. 31, 2016.

“Congress should … require in federal elections the use of paper ballots or electronic voting machines that produce voter-verified paper ballots… Before certification of final election results, a random sample of electronic voting system totals should be compared with hand counts of the votes on the corresponding paper ballots to detect hacking or error.”

Bruce Fein, The Washington Times, July 4, 2017.

“Get back to the elegant simplicity that once defined American elections: plain old paper ballots, hardened cybersecurity protection … and inexpensive automatic post-election vote audits in randomly selected areas to scan for irregularities.”

Lt. Colonel Tony Shaffer (Ret.), The Hill, March 17, 2017

[1] Lawrence Norden and Christopher Famighetti, Brennan Ctr. for Justice, America’s Voting Machines at Risk (2015), available at https://www.brennancenter.org/publication/americas-voting-machines-risk . [2] Director of National Intelligence, Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution (Jan. 6, 2017), available at https://www.dni.gov/files/documents/ICA_2017_01.pdf. [3] For instance, organizations like the Election Assistance Commission and the Belfer Center at Harvard University have offered cybersecurity trainings to hundreds of state and local election officials, while the Department of Homeland Security, the EAC, and state and local officials have established a coordinating council to allow them to share threat information and pool security resources. [4] See Alex Hern, WannaCry attacks prompt Microsoft to release Windows updates for older versions, The Guardian, June 14, 2017, https://www.theguardian.com/technology/2017/jun/14/wannacry-attacks-prompt-microsoft-to-release-updates-for-older-windows-versions. [5] See Wilfred Codrington III & Iris Zhang, Secure the Vote, Secure Our Democracy, U.S. News & World Report, Feb. 23, 2018, available at https://www.usnews.com/opinion/thomas-jefferson-street/articles/2018-02-23/congress-must-act-to-upgrade-and-secure-our-voting-machines-before-midterms. In 2015, the Brennan Center estimated that 44 states were using voting machines at least a decade old. Since 2015, Michigan, Minnesota, Nevada, and Rhode Island have allocated money to replace old voting machines. Hawaii’s voting machines have since aged to a decade old. Survey of election officials on file with author. [6] States such as Delaware and Louisiana are considering replacing their paperless voting systems with updated technology that provides voter-verified paper ballots. Florida Gov. Rick Scott has requested funding to bolster election systems security, and Pennsylvania Gov. Tom Wolf’s administration has ordered that any new machines purchased have paper records. See Danielle Root et al., Center for American Progress, Election Security in All 50 States (2018), available at https://cdn.americanprogress.org/content/uploads/2018/02/11130702/020118_ElectionSecurity-report1.pdf. [7] See Telephone interview with Sherry Poland, Dir. of Elections, Hamilton Cnty., Ohio (Feb. 7, 2018). [8] See Lawrence Norden and Christopher Famighetti, Brennan Ctr. for Justice, America’s Voting Machines at Risk 13 (2015), available at https://www.brennancenter.org/publication/americas-voting-machines-risk . [9] See Zaid Jilani, Amid Election Security Worries, Suddenly Paper Ballots Are Making a Comeback, The Intercept, Feb. 18, 2018, https://theintercept.com/2018/02/18/paper-ballots-amidst-election-security-worries-suddenly-paper-ballots-are-making-a-comeback/. [10] See Danielle Root et al., Center for American Progress, Election Security in All 50 States (2018), available at https://cdn.americanprogress.org/content/uploads/2018/02/11130702/020118_ElectionSecurity-report1.pdf; The Verifier –Polling Place Equipment – November 2018, Verified Voting, https://www.verifiedvoting.org/verifier/ (last visited Mar. 6, 2018). Delaware, Georgia, Louisiana, New Jersey, and South Carolina use paperless DRE machines statewide. [11] On Feb. 9th, Pennsylvania’s Acting Secretary of State Robert Torres directed that all voting machines purchased in the state must employ “a voter-verifiable paper ballot or paper record of votes cast,” but this applies only to new systems. The state has not provided any money to replace its current paperless machines. See Pa. Dep’t of State, DOS Directive Concerning the Purchase of Electronic Voting Systems (Feb. 9, 2018), available at http://www.dos.pa.gov/VotingElections/OtherServicesEvents/Documents/DOS%20Directive%20Concerning%20Purchase%20of%20Voting%20Systems_02.09.2018.pdf. [12] See Pa. Dep’t of State, DOS Directive Concerning the Purchase of Electronic Voting Systems (Feb. 9, 2018), available at http://www.dos.pa.gov/VotingElections/OtherServicesEvents/Documents/DOS%20Directive%20Concerning%20Purchase%20of%20Voting%20Systems_02.09.2018.pdf. [13] See Lawrence Norden and Christopher Famighetti, Brennan Ctr. for Justice, America’s Voting Machines at Risk 32 (2015), available at https://www.brennancenter.org/publication/americas-voting-machines-risk; Mark Lindeman & Philip B. Stark, A Gentle Introduction to Risk-Limiting Audits (2012), available at https://www.stat.berkeley.edu/~stark/Preprints/gentle12.pdf; Principles and Best Practices for Post-Election Audits, ElectionAudits.org (Sep. 2008), http://electionaudits.org/files/bestpracticesfinal_0.pdf. [14] See Post Election Audits, Verified Voting, available at https://www.eac.gov/assets/1/28/VerifiedVoting-Post-Election-Audits.pdf; Am. statistical ass’n, statement on risk limiting post-election audits (2010), available at https://www.amstat.org/asa/files/pdfs/POL-Risk-Limiting_Endorsement.pdf. [15] See Danielle Root et al., Center for American Progress, Election Security in All 50 States (2018), available at https://cdn.americanprogress.org/content/uploads/2018/02/11130702/020118_ElectionSecurity-report1.pdf. [16] National Conference of State Legislatures, 2011-2018 Elections Legislation Database, available at http://www.ncsl.org/research/elections-and-campaigns/elections-legislation-database.aspx. [17] The Brennan Center confirmed with two major vendors - ES&S and Dominion - that the following models are no longer manufactured: iVotronic, M100, M650, AutoMark (ES&S); AccuVote OS, AccuVote OSX, AccuVote TS, AccuVote TSX, AVC Edge, AVC Advantage, Optech IIIP-Eagle and Optech Insight (Dominion). We used this information to confirm that 9 states are using exclusively discontinued voting machines, 34 states use discontinued voting machines in one or more jurisdictions, and 7 states and the District of Columbia use machines that are all currently manufactured. Since the Brennan Center’s 2015 analysis, Michigan and Nevada have upgraded in all jurisdictions to machines that are currently manufactured; the AutoMark machine, used in some jurisdictions in New York, has been discontinued; the Model 650 machine, used in some jurisdictions in Oregon, has been discontinued; and Utah and Rhode Island have upgraded voting equipment in some jurisdictions. See Telephone Interview with Kay Stimson, Vice President of Gov’t Affairs, Dominion Voting Systems (Feb. 28, 2016); E-mail from Kathy Rogers, Senior Vice President of Gov’t Relations, ES&S (Feb. 27, 2018, 11:22 EST) (on file with author); The Verifier –Polling Place Equipment – November 2018, Verified Voting, https://www.verifiedvoting.org/verifier/ (last visited Mar. 6, 2018); Lawrence Norden and Christopher Famighetti, Brennan Ctr. for Justice, America’s Voting Machines at Risk 50 (2015), available at https://www.brennancenter.org/publication/americas-voting-machines-risk . [18] See Lawrence Norden and Christopher Famighetti, Brennan Ctr. for Justice, America’s Voting Machines at Risk (2015), available at https://www.brennancenter.org/publication/americas-voting-machines-risk . [19] See Telephone interview with Neal Kelley, Registrar of Voting, Orange Cnty., Cal. (Feb. 5, 2018). [20] Telephone interview with Sherry Poland, Dir. of Elections, Hamilton Cnty., Ohio (Feb. 7, 2018).

The views expressed are the author's own and not necessarily those of the Brennan Center for Justice.