Opinion: Good, bad and ambiguous in new voting system

(Heather Leiphart/News Herald via AP)

Combined ShapeCaption
(Heather Leiphart/News Herald via AP)

Although I’m pleased the Georgia General Assembly acted quickly this session to address flaws in our current voting equipment, I remain concerned that, overall, our state has chosen the less-secure, more-cumbersome, costly option and that too many details — essential for election security and voter confidence — are still undefined.

First, let’s review what’s right about HB 316 and what Georgia gained. It requires: pre-certification election audits to validate initial outcomes; “voting in absolute secrecy;” that voting equipment produce a paper record in a format readable by humans, and that equipment will “mark correctly and accurately.” I’m also pleased that voter education is part of this bill, in the albeit very modest stipulation that poll workers post signs reminding voters to read, review, and verify paper printouts before casting their final votes.

What’s bad about HB 316 is what it could have accomplished but did not: human-readable, hand-marked paper ballots — by far the most cost-effective and cybersecure method of voting. Instead, it establishes a system where electronic ballot markers (EBMs) are used to generate a paper receipt of voter selections — rather than a hand, holding a pen to paper. Overwhelmingly, citizens, computer scientists, cybersecurity experts, and nonpartisan groups recommended and requested hand-marked paper ballots in Georgia over any other method. I am baffled as to why state lawmakers repeatedly ignored such an overwhelming cry.

Further, the new law states that ballots “marked by and printed by EBM” will be the “official record” for recounts and audits. This is concerning because an EBM may have been tampered with and may produce an incorrect paper record. Studies and observations have shown that many voters are not willing, or not able, to verify the paper records printed by EBM. Consequently, incorrect paper records due to system errors or cyberattacks are not excluded from the official tally, audit or recount, and hence the integrity of the election is compromised. The law should establish a better, fail-safe method to preserve election integrity. Hand-marked paper ballots should be used as the “official record.” They provide an auditable paper trail of votes that cannot be tampered by any cyberattack.

Finally, what is all too important — but seemingly overlooked — are the ambiguities of HB 316. How will pre-certification audits be performed? It’s up to the State Election Board to determine that. What are the cybersecurity and maintenance requirements for equipment? What are the requirements for maintaining the cybersecurity of our voter registration database? This, too, is undefined.

Also concerning, there is no mention in the law or any indication that Georgia will lease, rather than buy, its voting equipment. Leasing was a popular recommendation that emerged from the SAFE Commission, but I fear the idea was forgotten.

I still see a lack of understanding about cybersecurity in this discourse. Frequent news about organizations falling victim to cyberattacks should make it abundantly clear that no system is ever secure. Even when not directly connected to the Internet, a system still can be attacked. For example, the Stuxnet virus infected an Iranian nuclear facility with malware that was introduced into the system via USB or memory card. Therefore, to claim, “our voting machines are not connected to the Internet, and therefore secure” is preposterous. To also say, “Our voting machines have not been attacked yet, and are therefore secure” is unreasonable. No one would believe their home is secure because it has not been burglarized yet.

As part of a cybersecurity research community that works regularly with the Defense Department and global organizations, I am able to study many forms of cyberattack. New attacks are continuously discovered while “hardened systems” are proven to be flawed. This is why I remain an advocate for a hand-marked, paper ballot-based voting system, which guarantees that cyberattacks cannot alter votes.

In summary, we still do not have a secure voting system. Georgia must not presume that a new bill means new voting equipment will be fail-safe. Lawmakers, poll workers, and citizens must become more educated about the methods of attack and more vigilant to protect the cyber-integrity of our election equipment – today, tomorrow, and every year hereafter.

Wenke Lee, Ph.D., is a professor of computer science and co-executive director of the Institute for Information Security and Privacy at the Georgia Institute of Technology. He has published nearly 150 cybersecurity research papers and is a Fellow of the Association of Computer Machinery (ACM).