Free Speech For People was joined by the American Association for the Advancement of Sciences (AAAS) and over a dozen noted computer security and election integrity experts in issuing a letter to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) requesting that CISA revise and enhance guidance to state election officials regarding the deployment of remote blank ballot delivery and marking systems.
As more and more states are adopting and expanding vote-by-mail in response to the novel coronavirus pandemic, it may be necessary for states to deliver blank ballots to voters online. Furthermore, for voters that may not be able to mark a ballot privately and independently, it will be essential for states to provide an accessible remote ballot marking option. The letter outlines many of the cybersecurity risks that exist with online blank ballot delivery and remote accessible ballot marking and provides suggested recommendations to mitigate these risks. The experts ask CISA to urge states to limit online blank ballot delivery and remote ballot marking to voters that may not be able to vote otherwise.
Remote accessible ballot marking can be provided through systems that are designed to operate and mark ballots either over the Internet (online), or locally on the voter’s computer (offline). It is a common misconception that remote accessible ballot marking must be conducted online, through an active connection to the Internet. The National Institute of Standards and Technology (NIST) has previously researched this topic and advised that remote online ballot marking systems are vulnerable to online cyber attacks and privacy violations. NIST has further recommended that all remote ballot marking should run solely on the voter’s computer and should not transmit voter choices over the Internet. The Center for Civic Design (CCD) made a similar recommendation because transmission of the vote selections over the Internet during the remote marking process, even if the voter prints the ballot and mails it in, will expose the ballot to significant privacy and security threats. In recognition of this, California, a mostly vote by mail state, has a state law prohibiting online remote accessible ballot marking. The experts urge CISA to advise states to follow NIST and CCD’s recommendations to adopt remote accessible ballot marking systems that operate offline in order to protect voter’s privacy.