Now in the news are reports that may have been two Florida counties where hackers may have gained access to county election administration system in 2016 (see the NYT story, for example, “Russians Hacked Voter Systems in 2 Florida Counties. But Which Ones?”). This has set off a guessing game — which Florida county election administration systems might have been breached in 2016, and what where the consequences?
I’d like to return attention, though, to what I think is the most important issue here. It’s not whether one or two county systems were breached in 2016, the most important thing is to make sure that as we go into the 2020 election cycle, that security and auditing systems are in place to detect any malicious or accidental manipulations of voter registration databases. It’s now May 2019, and we have plenty of time to evaluate the current security protocols for these critical databases in every state, to improve those protocols where necessary, and to put in place database auditing and monitoring tools like those we have been working on in our Monitoring the Elections project.
Now’s the time to act — while we still can improve the security of voter registration systems, and establish auditing procedures to detect any efforts to manipulate the critical information in those systems.
One of the most shocking parts of the Mueller report details the widespread efforts by Russian hackers to attack American election infrastructure in 2016.
Specifically, the report presents evidence that the Russian intelligence (GRU) targeted state and local election administration systems, that they have infiltrated the computer network of the Illinois State Board of Elections and at least one Florida County during the 2016 presidential election, using means such as SQL injection and spear phishing. They also targeted private firms that provide election administration technologies, like software systems for voter registration.
This is stunning news, and a wake-up call for improving the integrity and security of election administration and technology in the United States.
The Mueller report does not provide evidence that these hacking attempts altered the reported results of elections in 2016 or 2018. Instead the report highlights hacking efforts aimed at gaining access to voter registration databases, which might seem surprising to many.
Prior to the 2000 presidential election, voter registration data was maintained in a hodgepodge of ways by county and state election officials. After the passage of the Help America Vote Act in 2002, states were required to centralize voter registration data in statewide electronic databases, to improve the accuracy and accessibility of voter registration data in every state.
But one consequence of building statewide voter registration datasets is that they became attractive targets for hackers. Rather than targeting hundreds or thousands of election administration systems at the county level, hackers can now target a single database system in every state.
Why would hackers want to target voter registration systems?
First, a hacker could alter registration records in a state or county, or delete records, with the goal being to wreak havoc on Election Day. By dropping voters, or by changing voter addresses, names, or partisan affiliations, a hacker could create chaos on Election Day—for instance, voters could go to the right polling place, only to find that their name is not on the roster, and thus be denied the chance to vote.
A hack of this type, if done in a number of counties in a battleground state like Florida, could lead to an election meltdown like we saw in the 2000 presidential election.
Second, a hacker could be more systematic in their efforts. They could add fake voters to the database, and if they had access to the electronic systems used to send absentee ballots, get access to ballots for these fake voters.
This type of hack could enable a large-scale effort to actually change the outcome of an election, if the hackers marked and returned the ballots for these fake voters.
These vulnerabilities are real, and an unintended consequence of the development of centralized electronic statewide voter registration databases in the United States. There is little doubt that the attempts by hackers to target voter registration systems in 2016 and 2018 could have produced widespread disruption of either election, had they been successful.
There is also little doubt that efforts to hack voter registration databases in the United States will continue. The GRU will have better knowledge as to what vulnerabilities exist in our election systems and how to target them. What can we do to secure these databases, to prevent these attacks and to make sure that we can detect them if hackers gain access to registration databases?
Obviously, state and county election officials must continue their efforts to solidify the security of voter registration databases. They must also continue their efforts to make sure that strong electronic security practices are in place, to make sure that hackers cannot gain access to passwords and other administrative systems they might exploit to gain access to registration data.
There are further steps that can be taken by election officials to secure registration data.
In a pilot project that we at Caltech have conducted with the Orange County (California) Registrar of Voters, we built a set of software applications that monitor the County’s database of registered voters for anomalies. This pilot project was financially supported by a research grant to Caltech from the John Randolph Haynes and Dora Haynes Foundation. Details are available on the project’s website.
Working with the Registrar, we began getting daily snapshots of the County’s dataset of about 1.5 million registered voters about a year ago. We run our algorithms to look for anomalous changes in the database. Our algorithms can detect situations when unexpectedly large numbers of records are removed or added, and when unexpectedly large numbers of records are being changed. Thus, our algorithms can detect attempts to manipulate voter registration data.
After running our algorithms, we produce detailed reports that we send to the Registrar, letting them know if we see anomalies that require further investigation. We have developed other data-driven tools to monitor the 2018 elections in Orange County, looking at voting-by-mail patterns, turnout, and social media mentions. The results of this comprehensive monitoring appear on our pilot project’s website, providing transparency that we believe helps voters and stakeholders remain confident that the County’s voter registration data is secure.
This type of database and election system monitoring is critical for detecting and mitigating attempts to hack an election. It also helps isolate other issues that might occur in the administration of an election. By finding problems quickly, election officials can resolve them. By making the results of our monitoring available to the public, voters and stakeholders can be assured in the integrity of the election.
We are now working to build similar collaborations with other state and county election officials, to provide independent third-party monitoring of registration databases, and other related election administration infrastructure. Not only is it critical for election officials to monitor their data systems to make sure they have a high degree of integrity, it is also important that the public know that registration data is being monitored and is secure.
We have an opening at Caltech for a Postdoctoral Scholar in Election Integrity and Data Science. The job description is now online, and we are currently taking applications. If you are interested, please submit your application materials asap. If you know of anyone who might be interested, please pass this opportunity along to them!
Outside of the U.S., there has been a great deal of interest in voter-advice applications (VAAs). These tools give voters an opportunity to get unbiased advice about which candidates or parties to support, usually in complex multicandidate or multiparty contexts.
However the academic research on VAAs has, to date, focused on observational studies and hasn’t shown a clear causal connection between VAA use and changes in voting intentions. However, Joelle Pianzola, Alexander H. Trechsel, Kristjan Vassil, Guido Schwerdt, and I just published a paper in the Journal of Politics, “The Impact of Personalized Information on Vote Intention: Evidence from a Randomized Field Experiment.” In the paper we present evidence from a randomized controlled field experiment in Switzerland that indicates that VAA use produced changes in voter intentions.
Here’s the paper’s abstract:
Voting advice applications (VAAs) are voter information tools that millions of individuals have used in recent elections throughout the world. However, little is known about how they affect political behavior. Until now, observational studies of VAA have produced inconclusive results. Here we present the results from a randomized field experiment in Switzerland that estimates the causal effects of VAA use on voters’ vote intentions. Our results suggest that usage of the Swiss VAA smartvote strengthened the vote intention for the most preferred party and also increased the number of parties considered as potential vote options. These results imply that VAAs can influence voting behavior and that they can play an important role in electoral politics.
We analyze the significant increase in the residual vote rate in the 2016 presidential election. The residual vote rate, which is the percentage of ballots cast in a presidential election that contain no vote for president, rose nationwide from 0.99% to 1.41% between 2012 and 2016. The primary explanation for this rise is an increase in abstentions, which we argue results primarily from disaffected Republicans more than from alienated Democrats. In addition, other factors related to election administration and electoral competition also explain variation in the residual vote rates across states, particularly the use of mail/absentee ballots and the lack of competition at the top of the ticket in non-battleground states. However, we note that the rise in the residual vote rate was not due changes in voting technologies. The analysis relies on a combination of public opinion and election return data to address these issues.
Readers may remember that in 2016 a consortium of researchers from across the U.S. (including Caltech) participated in a large study of polling places lines and dynamics in the November general election. The great news is that some of the results have been published in the journal Political Research Quarterly. The study is a wonderful example of how much progress has been made in developing a science of election study.
This paper is the result of a nationwide study of polling place dynamics in the 2016 presidential election. Research teams, recruited from local colleges and universities and located in twenty-eight election jurisdictions across the United States, observed and timed voters as they entered the queue at their respective polling places and then voted. We report results about four specific polling place operations and practices: the length of the check-in line, the number of voters leaving the check-in line once they have joined it, the time for a voter to check in to vote (i.e., verify voter’s identification and obtain a ballot), and the time to complete a ballot. Long lines, waiting times, and times to vote are closely related to time of day (mornings are busiest for polling places). We found the recent adoption of photographic voter identification (ID) requirements to have a disparate effect on the time to check in among white and nonwhite polling places. In majority-white polling places, scanning a voter’s driver’s license speeds up the check-in process. In majority nonwhite polling locations, the effect of strict voter ID requirements increases time to check in, albeit modestly.
In today’s world, the shelf life of a typical academic research article is pretty short. Most papers are published electronically, with a quick and immediate burst of attention (usually fueled by conversation about the paper on social media). After that initial burst of attention, for most academic papers, mentions online and citations quickly wane.
I’ve gone back and re-read this paper, and thought I’d write about it here as it covers the history of UOCAVA voting quite well. It serves as a good primer for the history of the issues surrounding UOCAVA voting, and it really sets the stage well for understanding the challenges that UOCAVA voters and election officials face when they try to make sure that UOCAVA voters can easily and securely exercise their voting rights. The basic technological challenges that we discuss in the paper are as true and real today as they were when we wrote the paper over a decade ago.
And the good news is that this paper is available online, so give it a read if you are interested in the history of UOCAVA voting.
As I wrote last week, CSPAN recently profiled research that I’ve been working on with Andy Sinclair. The interview aired over the past weekend, and it’s now online. Here’s the link to the CSPAN interview.
Andy and I are working on new work on the top-two primary, in collaboration with Christian Grose (USC) and Betsy Sinclair (WUSTL). We hope to have our next book with Christian and Betsy done soon, stay tuned!
Since the movement towards online voter registration began years ago, there’s been discussion among academics, advocates, and election officials about whether online voter registration will boost voter turnout.
The results of this study demonstrate that state online voter registration increases voter turnout. The difference‐in‐difference analysis shows that the states’ implementation of online voter registration increases the turnout of young voters by about 3 percentage points in presidential election years. The instrumental variable analysis shows that the usage of online registration by voters increases their turnout by about 18 to 20 percentage points.
According to the analysis reported in the paper, the availability of online voter registration seems to be especially important for younger citizens in presidential election years.
There’s a call for research papers on election administration, to be published in the journal American Politics Research. The special issue of APR will be edited by Martha Kropf — I’m looking forward to seeing it!
I encourage readers who are conducting research on voting technology and election administration to submit their work to APR for this special issue. There’s now a great deal of really fantastic research going on across a variety of academic disciplines, it’s wonderful to see the creation of these venues for publishing that work.
Thanks to Martha Kropf for editing the special issue, and to APR’s editor Costas Panagopoulos for his vision to make this special issue possible.