Mail-based Voting Has a Long History
Voting by mail took hold during the Civil War, as states searched for ways to allow the millions of soldiers in the field to vote in the 1864 presidential election. States provided absentee ballots for civilians who could not make it to the polls, but not until 1979, when California permitted absentee voting for any reason, did the method become common.
In 2016, 38 states offered some kind of absentee or vote-by-mail option, according to the Pew Research Center, and 28 of those required no reason. Nearly half of the 180 million Americans eligible to vote are able to cast a ballot by mail.
As the novel coronavirus pandemic began in March, at the start of the presidential primary season, more states opted to provide no-excuse mail-in voting for anyone who did not want to visit the polls in person, and now only eight states require a reason beyond fear of COVID-19.
Protecting a written ballot seems simple: the voter seals the envelope, the U.S. Postal Service delivers it and the local election office staff opens and counts it.
“It’s extremely difficult for someone to take my vote and change it,” says Betsy Cooper, director of the Aspen Institute’s Aspen Tech Policy Hub. “It’s difficult to change votes at scale.”
Today, however, the process has become surrounded by so much disinformation and so many conspiracy theories that proving that the ballots have not been altered is even more critical.
“Many election experts and officials are concerned that some voters could dismiss November’s results as invalid or rigged because of mis- and/or disinformation,” David Levine, an elections integrity fellow at the Alliance for Securing Democracy within the German Marshall Fund of the United States, testified before a House Homeland Security Committee cybersecurity subcommittee this month.
CISA Increased Efforts to Protect Elections after 2016
While states are primarily responsible for running elections, the federal government has been actively providing advice and funding to assist them. Elections have been considered part of the nation’s critical infrastructure since 2017.
“It’s night and day compared to what existed in 2016,” CISA Director Christopher Krebs said at the Black Hat USA 2020 cybersecurity conference this month. “2020 will be the most protected and most secure election in modern history.”
For instance, CISA has published a “Guide to Vulnerability Reporting for America’s Election Administrators,” which provides details on issues election staffers should consider.
“It’s the basics. It’s securing your voter registration database as best you can, it’s multifactor authentication, it’s having stuff with an audit trail,” says Michael Daniel, president of the Cyberthreat Alliance. “None of this is particularly, from a technical point, rocket science. From the federal perspective, it’s about offering support.”
Other areas states can focus on, according to the guide: security practices by third-party technology vendors, methods for reporting suspected vulnerabilities and methods for sharing information on problems with other enterprises.
“The government is doing a great job, really fantastic work,” says Mick Baccio, former CISO for Pete Buttigieg’s presidential campaign and a Splunk security expert, speaking alongside Cooper and Daniel in an election security webinar by Highwire. “Security is apolitical, and it’s hard to secure elections without introducing politics into it. All of us, no matter what bucket we live in, have found that roadblock.”
Outside Influences May Create a Negative Impact on the Vote Count
There’s a major challenge this election year, experts say: not necessarily the threat that malicious actors will hack into physical systems and change the vote, but that those same actors will sow disruption and bad information through social media and other means to cast doubt upon correctly counted and securely protected results.
Mail-in voting is considered extremely secure by experts, who say that there is little to no fraud connected to the practice.
In addition, administrative changes at the highest levels of the U.S. Postal Service, along with new practices that USPS workers say have slowed mail delivery, must also be considered as states work to keep elections secure.
“Your vote will be counted,” says Baccio, “provided it gets there in time.”
And it might take longer to count your vote in a mostly low-tech context; most of the equipment involved is basic mail-sorting equipment that works at a steady pace, says Maggie MacAlpine, an election security specialist with Nordic Innovation Labs.
So, the count could take days, especially in states where ballots must only be postmarked by Election Day; they don’t have to have arrived by Nov. 3. Legal challenges to the count may also delay results.
The final stages of the ballot count will still “be edge-of-your-seat, but I think it’s going to be different,” Baccio says. “Those next couple days, when the last vote comes in but we’re not done counting, that’s going to be the edge-of-your-seat time.”