COMPONENTS OF ELECTIONS
In 2018, the National Academies of Sciences, Engineering, and Medicine published a report called Securing the Vote: Protecting American Democracy. The report "examined the challenges arising out of the 2016 federal election, assessed current technology and standards for voting, and recommended steps that the federal government, state and local governments, election administrators, and vendors of voting technology should take to improve the security of election infrastructure. In doing so, the report provides a vision of voting that is more secure, accessible, reliable, and verifiable." Read the entire report here.
The National Academies of Sciences, Engineering, and Medicine are private, nonprofit institutions that provide independent, objective analysis and advice to the nation to solve complex problems and inform public policy decisions related to science, technology, and medicine. The National Academies operate under an 1863 congressional charter to the National Academy of Sciences, signed by President Lincoln.
* The text below is taken directly from the report.
Source:
National Academies of Sciences, Engineering, and Medicine. "Securing the Vote: Protecting American Democracy." Washington, DC: The National
Academies Press. 2018
Voter Registration and Voter Registration Databases
Election administrators should routinely assess the integrity of voter registration databases and the integrity of voter registration databases connected to other applications. They should develop plans that detail security procedures for assessing voter registration database integrity and put in place systems that detect efforts to probe, tamper with, or interfere with voter registration systems. States should require election administrators to report any detected compromises or vulnerabilities in voter registration systems to the U.S. Department of Homeland Security, the U.S. Election Assistance Commission, and state officials.
Vendors should be required to report to their customers, the U.S. Department of Homeland Security, the U.S. Election Assistance Commission, and state officials any detected efforts to probe, tamper with, or interfere with voter registration systems.
All states should participate in a system of cross-state matching of voter registrations, such as the Electronic Registration Information Center (ERIC). States must ensure that, in the utilization of cross-matching voter databases, eligible voters are not removed from voter rolls.
Organizations engaged in managing and cross-matching voter information should continue to improve security and privacy practices. These organizations should be subject to external audits to ensure compliance with best security practices.
Voting by Mail, Including Absentee Voting
All voting jurisdictions should provide means for a voter to easily check whether a ballot sent by mail has been dispatched to him or her and, subsequently, whether his or her marked ballot has been received and accepted by the appropriate elections officials.
Pollbooks
Jurisdictions that use electronic pollbooks should have backup plans in place to provide access to current voter registration lists in the event of any disruption.
Congress should authorize and fund the National Institute of Standards and Technology, in consultation with the U.S. Election Assistance Commission, to develop security standards and verification and validation protocols for electronic pollbooks in addition to the standards and verification and validation protocols they have developed for voting systems.
Election administrators should routinely assess the security of electronic pollbooks against a range of threats such as threats to the integrity, confidentiality, or availability of pollbooks. They should develop plans that detail security procedures for assessing electronic pollbook integrity.
Ballot Design
State requirements for ballot design (inclusive of print, screen, audio, etc.) and testing should use best practices developed by the U.S. Election Assistance Commission and other organizations with expertise in voter usability design (such as the Center for Civic Design).
Voting Technology
States and local jurisdictions should have policies in place for routine replacement of election systems.
Elections should be conducted with human-readable paper ballots. These may be marked by hand or by machine (using a ballot-marking device); they may be counted by hand or by machine (using an optical scanner). Recounts and audits should be conducted by human inspection of the human-readable portion of the paper ballots. Voting machines that do not provide the capacity for independent auditing (e.g., machines that do not produce a voter-verifiable paper audit trail) should be removed from service as soon as possible.
All local, state, and federal elections should be conducted using human-readable paper ballots as quickly as possible.
Computers and software used to prepare ballots (i.e., ballot-marking devices) should be separate from computers and software used to count and tabulate ballots (scanners). Voters should have an opportunity to review and confirm their selections before depositing the ballot for tabulation.
Voting System Certification
If the principles and guidelines of the final Voluntary Voting System Guidelines are consistent with those proposed in September 2017, they should be adopted by the U.S. Election Assistance Commission.
Congress should: a) authorize and fund the U.S. Election Assistance Commission to develop voluntary certification standards for voter registration databases, electronic pollbooks, chain-of-custody procedures, and auditing; and b) provide the funding necessary to sustain the U.S. Election Assistance Commission’s Voluntary Voting System Guidelines standard-setting process and certification program.
The U.S. Election Assistance Commission and the National Institute of Standards and Technology should continue the process of refining and improving the Voluntary Voting System Guidelines to reflect changes in how elections are administered, to respond to new challenges to election systems (e.g., cyberattacks), and to take advantage of opportunities as new technologies become available.
Strong cybersecurity standards should be incorporated into the standards-setting and certification processes at the federal and state levels.