The heads of three top voting-machine vendors testified before the Committee on House Administration Thursday, with each characterizing their companies’ practices — and equipment — as beyond reproach, while three election-security experts who appeared before the panel said nearly the complete opposite.
With each report of foreign interference, voter suppression, and malfunctioning and hackable voting machines, the issue of election security is slowly getting the recognition it deserves — not only in the public eye but also in the House of Representatives.
This time around, the vendors, Election Systems & Software (ES&S), Hart InterCivic, and Dominion, came under scrutiny by lawmakers for their lobbying practices, over whether there are serious issues in the companies’ supply chains, and on their efforts to push paperless (and therefore less verifiable) voting machines.
Lawmakers also demanded answers about ballot-marking device (BMD) voting machines because of the risks that come with implementing them. Voters that use these machines select their choice on a touch screen, about the size of a computer screen, and a ballot is printed for the voter to review and then place in another machine that tallies the votes. If there were a programming issue with a BMD, a post-election audit would likely be unsuccessful in determining whether it matched voters’ intent.
Perhaps most important is that voters themselves are treated as the last line of defense because BMDs ask voters to verify their choice before submitting their printed ballot, but a recent study suggests that a lack of voter education makes it impossible for voters to take on that responsibility.
Rep. G.K. Butterfield (D-NC) pressed Tom Burt, president and CEO of ES&S, about allegations of a “bait-and-switch” in North Carolina meaning that one type of system was certified and another delivered. Election security experts had made this accusation earlier in the week. The State Board of Election was forced to approve a more expensive type of touch-screen voting machine because ES&S could not supply North Carolina with enough of the machines approved a month prior. Burt brushed off the comment and stressed that ES&S is continuing to work toward providing the state with what it needs to carry out the 2020 election.
“If a bait-and-switch means that we decided to send the most recent and the most secure system to the citizens of North Carolina, then that’s what we did,” Burt contended.
Asked about direct-recording electronic (DRE) voting machines, president and CEO of Hart InterCivic Julie Mathis contended that his company’s machines are secure. These are touch-screen voting machines that produce a barcode that is not readable by voters, although it is the barcode that actually contains the vote.
“We have had those products federally certified through the [Election Assistance Commission], have gone through extensive accredited test lab testing, certain states have certified those … they comply with all our extensive security protocols,” Mathis said.
Committee chair Rep. Zoe Lofgren (D-CA) asked the vendors whether they would support disclosure requirements about supply chains, cybersecurity practices, cyber incidents, personnel screening, and corporate ownership. All three CEOs said yes without hesitation.
“That’s very helpful,” Lofgren said with a look of relief. “As you know, we have passed a pretty robust bill in the House. It’s pending in the Senate and perhaps your testimony will encourage them to move forward.”
When it was time for the experts to speak, they contradicted much of what the vendors said.
Matt Blaze, a computer scientist from Georgetown University and co-founder of the largest international hackers conference, DEFCON Voting Village, raised concerns about the risks BMDs pose to election outcomes.
But until BMDs are phased out and replaced with hand-marked paper ballots, “the best thing we can do is voter education,” Blaze suggested.
Dr. Juan Gilbert, a computer-science professor from the University of Florida, agreed and added that poll workers must also be a part of that process.
“At this time, any election that does not employ paper ballots cannot be secured,” Gilbert said.
Liz Howard, counsel with New York University’s Brennan Center for Justice and a former Virginia state election official, argued that significant progress has been made in improving election security since the 2016 election, but that there is still more to do.
“Election vendors play a critical role in our democracy but have received little or no congressional oversight,” Howard said.
Electronic poll books are one of the many pieces of election equipment that lawmakers and experts on the panel raised concerns about. These machines are used to check voters in and verify their eligibility, but are not regulated under the Help America Vote Act. The growing use of these e-poll books, EAC Commissioner Donald Palmer said, raises concerns because these machines were shown to be hackable at last year’s Voting Village. Burt admitted that ES&S has yet to bring its machines to be vetted at the Village.
While the voting-machine vendors each argued for some form of paper-based system that includes ballot scanning, Howard emphasized the need to invest in “voter education about how to use the machines and … post-election audits which rely on the human-readable portion of the ballots, even if the ballots do include barcodes.”