States still need more money for election security, report says
A paper published Thursday by New York University’s Brennan Center for Justice sounds a familiar refrain on states’ efforts to improve the security of their election systems ahead of the 2020 presidential race: They need more money to throw back the threats posed by foreign adversaries looking to undermine the integrity of the U.S. voting process.
“State and local election officials are on the front lines of a cyberwar with sophisticated nation-state rivals and other malevolent actors,” the report begins.
The paper’s authors, who include experts from the Brennan Center, the University of Pittsburgh, the R Street Institute think tank, and the nonprofit Alliance for Securing Democracy, write that while the $380 million round of grants given to states last year by the federal Elections Assistance Commission was a welcome start, states will need much more to cover the full costs of their voting security needs.
“Unfortunately, given the myriad security challenges faced by these states, the $380 million is not enough to address the needs of state and local offices; many have substantial election security needs that likely will not be met absent additional federal support,” they write.
Unfunded needs
The report analyzes six states — Alabama, Arizona, Illinois, Louisiana, Oklahoma and Pennsylvania — each with varying plans for their grants, as well as unfunded security needs. It suggests that as states decided how to use their EAC funds, other election-security priorities were left unaddressed.
In Alabama, for instance, Secretary of State John Merrill’s office is spending nearly half its $6.4 million grant to upgrade the statewide voter registration database with new security features like firewalls and multi-factor authentication, with the rest going toward new computers for county-level election officials, a revised auditing process and “various cybersecurity enhancements, improvements and fixes.”
But Alabama’s EAC grant does not address its counties’ aging inventories of voting equipment — including ballot-tallying optical scanners — that are more than a decade old in every part of the state except the capital, Montgomery. The state has also not figured out how to fund a “cyber navigator” program in which the state would dispatch cybersecurity professionals to local governments that do not have dedicated information security staffs. Without that assistance, the state’s smallest or poorest counties could find themselves at greater risk for a successful cyberattack and cut off from improved resources.
“Without a cyber navigator–type of program, local election officials may not have sufficient resources to appropriately respond to identified cyber threats to local systems or equipment, such as those risks shared by the Elections Infrastructure Information Sharing and Analysis Center,” the Brennan Center report says.
Arizona and Oklahoma face similar situation: The EAC grants helped pay for new voter registration systems and a handful of cybersecurity needs, but assistance to local officials and replacing legacy equipment still isn’t funded.
Illinois, meanwhile, is spending nearly half its $13.9 million award on building out a cyber navigator program, a partnership between the State Board of Elections and Department of Information Technology, to deliver cybersecurity expertise to officials across many of the state’s 102 counties. The remainder is going toward state-level cybersecurity upgrades. But that leaves nothing left over for even a starter payment on replacing voting machines, which are more than 15 years old throughout much of the country’s sixth-largest state.
‘Clear and present danger’
None of the EAC’s grants to states were large enough to cover a full statewide replacement of antiquated voting equipment — the Illinois State Board of Elections told the researchers it would cost $175 million to buy new machines covering the entire state. And state officials have been clamoring for more federal assistance in the year since grants were awarded, though they’ve come away unsatisfied. But new election-security bills, including one that would’ve sent another $775 million to state and local governments over the next two years, have stalled in the U.S. Senate.
In the absence of more federal aid, some states are figuring out their own paths forward, such as Pennsylvania, where Gov. Tom Wolf authorized $90 million in new debt to help counties replace their paperless voting machines by next year. The state had already committed the entirety of its $14.1 million EAC grant to buying new equipment, but a full statewide replacement is expected to cost as much as $150 million.
Chris Deluzio, a University of Pittsburgh legal scholar who co-authored the Brennan Center report, praised Wolf’s move last week, but on Thursday said much more is still needed in Pennsylvania and beyond.
“Paperless voting systems present a clear and present danger to the security of the vote and must be urgently replaced where they remain in use,” Deluzio said. “Such efforts to replace these vulnerable machines are underway in Pennsylvania, for example, but Congress should provide further funding to help shore up our democracy’s defenses.”
Even with Pennsylvania’s new funding mechanism for voting machines, the state has other election-security needs seen in other states, the report says. Its voter registration database is more than a decade old and expensive to maintain. There is also insufficient funding for routine cybersecurity trainings and assessment for county officials, furthering the need for more federal support.
“[States] are, in many cases, ill equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments,” the report concludes. “States should not be expected to defend against such attacks alone.”