Cybersecurity

States, experts ask EAC for more flexibility in voting machine standards

voting scrutiny (Bakhtiar Zein/Shutterstock.com) 

State officials and security experts say security updates contained in the Election Assistance Commission's new Voluntary Voting System Guidelines 2.0 are badly needed, but there is concern that the bureaucratic process the agency has set up to approve and update those standards can't keep up with the pace of technological change.

Later this year, the commission is expected to vote to approve a five-page document outlining principles that will guide the development of VVSG 2.0, including a new emphasis on security. That process will be followed up with far more detailed technical guidance and standards that companies will rely on to design their new voting machines.

At a May 21 hearing, the commission heard from a number of stakeholders who advised that the agency refrain from requiring a full vote to approve the technical portions of the guidelines, saying it would run counter to the goal of ensuring that voting machine standards account for the latest developments in technology.

"We cannot wait weeks or months for a decision on a federal level when there's a need to act immediately," Iowa Secretary of State Paul Pate said. "I'm asking all of you to have a dialogue about what happens if we run into that situation again when there is not a full quorum on the EAC. How will decisions be made, and will that make it more difficult for state election officials to protect the security and integrity of the vote?"

Specifically, Pate and others worry that if the EAC finds itself without a quorum again -- as it has multiple times in the past 10 years -- it would leave the commission paralyzed and unable to approve technical updates to the VVSG. The potential delays caused by the commission voting on every technical change is also considered problematic by some election security advocates.

"The most critical aspect of developing and adopting the VVSG 2.0 is the need to design it to be flexible and agile, even when a quorum doesn't exist," Joseph Hall, chief technologist at the Center for Democracy and Technology, said in his testimony. "If past voting system standard efforts are any indication, the number of requirements are going to be large … any flexibility and adaptability of this new system will be lost if commissioners have to vote on more than just a handful of requirements."

Allowing smaller technical updates to the standards by EAC staff could help make them more adaptable to technological innovation and prevent a situation where gridlock at the federal level prevents efforts to keep the standards current with the latest technological developments.

The National Association of State Election Directors (NASED) has recommended that the EAC allow technical updates without a vote, saying that the agency has been without a quorum for more than a third of its existence and that it structured the VVSG process to make the principles and technical requirements separate for this very reason before changing course in May 2018.

The current structure of the EAC, the group argues, makes it susceptible to future shortages as well as political disputes, and NASED believes the technical requirements process should have built-in resilience against that kind of uncertainty in the future.

"It is critical that there be a mechanism for updating the technical requirements and test assertions for voting systems that does not require EAC commissioner approval," the leadership wrote in a May 2019 letter. "The integrity of American voting systems cannot be held hostage by lack of a quorum or philosophical differences among the commissioners."

Those same concerns were echoed in a Senate Rules Committee hearing with EAC commissioners last week, when presidential hopeful Sen. Amy Klobuchar (D-Minn.) asked where the commissioners stood on allowing some technical updates to the VVSG 2.0 to take effect without a vote, saying she was "worried about a scenario where the guidelines don't keep up with advancements with technologies and cybersecurity best practices."

EAC Chairwoman Christy McCormick was noncommittal, saying she viewed the commission voting to approve technical standards as part of its oversight role.

"I would have to take a look at that, I don't know at this point," McCormick said.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Congress
    people and data (Lightspring/Shutterstock.com)

    Lawmaker pushes online verification to combat disinformation

    Mandatory ID checks for social media platforms could help fight propaganda, but experts worry about privacy tradeoffs.

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.