Securing US Election Systems: Why A Paper Ballot Isn’t Enough

At first glance, a citizen or “expert” might be persuaded that the way to provide adequate security surrounding the current U.S. election systems is to make sure the systems utilize paper ballots.

This is certainly a good idea, but only one piece of the necessary security conversation.

The fact is these systems run on software and the “bugging” of the software is a major vulnerability, regardless of the paper ballot component. If we are to properly defend against outside (and possibly inside) interference, or “hacking,” the software can not remain private and secret. For national security, the election system software must be what is used by NASA, the Air Force, and the Department of Defense. It must be open source.

Top election system solution technologists language in the Secure Elections Act, a bill introduced by Sen. James Lankford, R-OK, and co-sponsored by Sen. Kamala Harris, D-Calif., is deficient in its failure to address the software code issues. Merely calling for a paper ballot will not provide adequate security.

Hopefully, legislators will get the message that we now have a historic decision to make regarding our national security. If we are to have secure elections that inspire voter confidence, we should put language in the bill calling for optimal public software.

Our new election systems must have open-source software as well as a paper ballot. If the bill does not call for public, open-source software, the systems purchased via the bill will suffer grave threat security vulnerability, allowing outside forces to manipulate our U.S. elections. NASA and the DOD, as well as the grand majority of the world’s super computers, utilize public software.

Regardless of “cybersecurity,” the foundation of a proper system is the recognition that “security by obscurity” is generally regarded as a failed concept. It is a far better security environment to have many eyes on the code proofreading for bugs.

Hopefully, legislators will get the message that we now have a historic decision to make regarding our national security. If we are to have secure elections that inspire voter confidence, we should put language in the bill calling for optimal “public” software.

Though some software business interests (and those who “bob in their wake”) may not appreciate it, we must do what is best for the national security.

Paper ballots and audits should be included in the bill. But without addressing the software, the bill fails the initial security hurdle. The time is now to get this right. The County of San Francisco is currently taking steps toward an open-source election system that should be the security model for the state and country.

This article was co-authored by Brent Turner and FMR CIA Dir. R. James Woolsey, and republished from the San Francisco Examiner with permission from the author.