Connecticut will have available somewhere around $5 million to spend on election security in the new “omnibus” appropriations bill. Woefully inadequate for states that should be replacing touch-screen voting with all paper ballots. Yet, for a state that already has paper ballots, a lot can be accomplished.
Explanatory Statement on Consolidated Appropriations Act, 2018
House Appropriations Committee; Rep. Rodney Frelinghuysen, R-N.J., 3/21/2018ELECTION REFORM PROGRAM
The bill provides $380,000,000 to the Election Assistance Commission to make payments to states for activities to improve the administration of elections for Federal office, including to enhance election technology and make election security improvements, as authorized under HAVA sections 101 [Payments to States for activities to improve administration of elections], 103 [Guaranteed minimum payment amount], and 104 [Authorization of appropriations] of the Help America Vote Act 2002 (P.L. 107-252). Consistent with the requirements of HAVA, states may use this funding to:
- replace voting equipment that only records a voter’s intent electronically with equipment that utilizes a voter-verified paper record;
- implement a post-election audit system that provides a high-level of confidence in the accuracy of the final vote tally;
- >upgrade election-related computer systems to address cyber vulnerabilities identified through DHS or similar scans or assessments of existing election systems;
- facilitate cybersecurity training for the state chief election official’s office and local election officials;
- implement established cybersecurity best practices for election systems;
- and fund other activities that will improve the security of elections for federal office.
Denise Merrill is already thinking about how to spend it: CTMIrror:Omnibus has millions to strengthen CT voting system against cyber attacks <read>
Connecticut Secretary of State Denise Merrill has asked the state to fund two IT positions at her agency to help strengthen protections of the state’s electoral system. Currently the state’s election system relies on an IT team that works for all state agencies.
Merrill says she wants an IT staff “with substantial knowledge of elections” to help fend off cyber threats.
The election chief’s request is pending.
The federal funds in the omnibus, which Merrill says will amount to between $3 million and $5 million for her agency, will be released within 45 days.
Merrill said she plans to use that money to buy equipment, and especially to train election personnel in the state’s 169 towns.
Secretary Merrill asked me for suggestions in a brief conversation a couple of weeks ago. At the time, off the top of my head, I suggested and we briefly discussed three things:
- Strengthening Connecticut’s woefully inadequate ballot security. At a minimum setting basic standards for ballot access and minimum sealing duration in law as I suggested in legislation: <S.B.540 2017> That was indeed a minimal proposal at an estimated cost of $30,000.
- Improving the Electronic Audit to satisfy reasonable integrity requirements as we have proposed in that same bill and in more detailed form to the Secreary’s Office and the UConn Voter Center. Once again this is very few thousands in enhancing some of the prototype code UConn has developed to meet those specifications along with a few thousands in developing documentation while piloting the enhanced system as the current system has been piloted over the last two November elections.
- Developing the training and support system necessary to use the UConn audit system for all post-election audits – with a trained staff to support the audits deployed across state in the nine regional governments, reducing the need for UConn computer scientist support. I.e. The state has already purchased nine complete systems, that is one for each region of the state. I have suggested training election day scanner experts for the job in a system similar to the way the State now pays part-time registrars additional part-time income providing Moderator Certification classes. I would deploy teams of two trained individuals with three complete audit systems (two to use, one a spare) to each visit three regions for three days each, allowing registrars from towns selected for audit to signup for times to present the ballots for audit. At most $50,000 to setup the system and train the individuals (they could easily be trained, hands-on in one day, and perhaps assisted by a UConn expert the 1st day of actual auditing.) The cost to pay for each year, renting a van for each team, refresher training, etc. Might be $30,000 – that’s about half what the hand-count audit costs today. Certainly for cutting costs in half, towns could be expected to pay for the service after a couple years of Omnibus funding!.
After consideration I would suggest some more things. Security is not just cyber security and training officials. It also requires physical protection of ballots, physical protection of voting machines, and understanding the situation before determining the training needed. I would suggest:
- An independent security audit of every one of the 169 municipalities, performed by a reputable third-party. I would assess the security of paper ballots – how sure can we be that they have not been tampered with for audits and recounts?; the security of voting machines and memory cards; the security of registrars’ office records and municipal clerk election records; the security practices surrounding receipt and processing of absentee ballots; the security practices and security of the elections network associated with the voter registration system and the municipal network in general. At a minimum assess a random sample of very small, small, medium, and large municipalities.
- Based on that assessment make recommendations for the training of officials and further enhancements of all areas assessed (I suspect needs will be identified that go well beyond the $5 million.
In the long run, beyond the $5 million, the optional solution for ballot storage may be some configuration regional storage with better monitoring and safeguards that can be accomplished by 169 individual municipalities. Such rationalization would facilitate the audits and would also provide a basis for, so called. risk limiting audits.
