Eight months ahead of the 2018 midterms, and over a year since Russia tried to interfere in the 2016 elections, many state and and local election officials are still concerned about guarding their voting systems against breaches. One of the most basic safeguards is a paper record of each vote -- a paper trail.
But not every state incorporates paper in its polling place practices. In fact, five states only use electronic voting machines, known as direct-recording electronic (DRE) machines, that don't have a paper trail, according to the Verified Voting Foundation:
- New Jersey
- South Carolina
Here are the states that have some counties that use only electronic DRE machines, with no paper trail:
The lack of a paper trail makes auditing an election basically impossible.
"What happens is they ask their machines to print out a receipt that says exactly what it said the first time," said Larry Norden, deputy director of the Brennan Center for Justice's Democracy Program. "You don't have the ability to conduct transparent, public recounts or audits with a paperless system that you do with paper."
Meanwhile, other states, including many in the Northeast, rely on paper ballots, which provide a critical backup if a recount or audit must be conducted. Yet, even in jurisdictions that use paper, many don't use it to check voting tallies.
"Unfortunately, a lot of places have paper and they don't require a check of the system with that paper," Norden explained. "In effect, it can often be nothing more than window dressing for the public and not an actual security measure."
Earlier this month, Special Counsel Robert Mueller laid out an indictment of 13 Russians and three Russian entities for meddling in the 2016 presidential election. It was the most detailed document released to the public so far that laid out Russia's effort. A few days earlier, leaders of the U.S. intelligence community warned Congress that the U.S. is "under attack" as it heads into the midterm elections.
"Frankly the United States is under attack - under attack by entities that are using cyber to penetrate virtually every major action that takes place in the United States. From U.S. businesses to the federal government to state and local governments, the United States is threatened by cyberattacks every day," said Director of National Intelligence Dan Coats. "There should be no doubt that Russia perceived that its past efforts [were] successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations."
In addition to cyberattacks against the Democratic National Committee (DNC) during the 2016 election, a total of 10 states had their voting systems probed or breached by hackers during that race. Arizona and Illinois, for instance, had experienced attempted hacks of their voter databases.
All voting machines used in the U.S. are susceptible to hacking, warned Norden, who said there are "plenty of examples" of attacks against tally servers, election night reporting and registration systems -- "things that can be used to cast doubt on the vote totals."
The Department of Homeland Security has stepped in since the last election to help state and local officials beef up their security systems. In January 2017, DHS designated election infrastructure as a "critical infrastructure," which allowed the department to prioritize cybersecurity assistance to officials who request it.
"The security of our nation's election infrastructure is a high priority for DHS," said David Wulf, Acting Deputy Assistant Secretary for the DHS Office of Infrastructure Protection, in December. "Working closely with the companies that own and manage that infrastructure will be critical to our collective efforts to foster security and ensure the continuing integrity of our elections."
And while plenty of lawmakers, especially Democrats, have expressed outrage over Russia's hacking efforts in 2016, Congress has not yet passed any legislation related to improving election security or improving voting technology. Three bipartisan bills targeting election security have been introduced on Capitol Hill, including one in the Senate that would authorize $386 in grants from DHS to improve election security and replace paperless touchscreen machines. Another measure in the House would help states replace older voting equipment and require that voting machines purchased with federal funds to pair electronic votes with a paper record. The other one in the Senate would permanently designate election systems as critical infrastructure. None of them has yet been considered by congressional committees.
The last major piece of legislation signed into law that helped states was the Help America Vote Act (HAVA), passed over 15 years ago, in 2002. HAVA allocated funding to states to replace old voting systems -- much of that funding has been used up already. In response, some states are stepping in to handle the situation on their own.
Last year, for example, Virginia decertified the last set of paperless touchscreen machines that the state had been using, according to the Brennan Center, which also noted that Michigan, Minnesota and Nevada allocated funding to replace old voting machines. Iowa and Rhode Island also passed laws that require officials to check paper ballots against vote counts on machines.
States and counties, in some areas, are splitting the cost of new voting equipment, for example. In California, Gov. Jerry Brown, a Democrat, proposed in his 2018 budget request $134 million to pay for voting upgrades, according to the National Conference of State Legislatures. Maryland is dividing the cost of a new statewide system with counties, the organization said, and Michigan approved $40 million to cover new election equipment last year.
In a recent survey conducted by the Brennan Center, 500 election officials in 41 states said that they will use voting machines in the midterm elections that are more than 10 years old. And more than 200 officials in 33 states said they have to replace their voting machines by 2020.
State officials are complaining that the federal government is not sharing specific information it has about threats to voter databases, voting machines and communication networks, according to the New York Times. And according to the Times only a handful -- just 21 -- have been cleared to review classified information on election threats, so they remain worried about the integrity of the midterms.
Norden believes at some point, Congress is likely to take action.
"I think they have to," Norden said. "They've kind of had their heads buried in the sand for a while, but I think there's going to be increasing pressure for them to do something...whether or not they are going to do that in time [for the midterms] is another question."