By Drew Apperson


As of the president-elect’s November 7, 2020 victory speech, an estimated 159 million ballots had been counted, and the percentage of voter turnout among those eligible was predicted to be the highest in over a century.[1] But how does this align with the significant percentage of American voters who lack confidence in the security of our most advanced voting systems to date?[2] After all, “the probability of voter confidence is significantly affected by the voting-system’s technology.”[3] Was there a vast security overhaul since the last presidential election – the one where U.S. intelligence agencies found that Russian hackers gained access to voting systems throughout the country?[4] Implementing the latest technology is not necessarily the best solution when it is not even clear if the technology is safe.


Following the 2000 presidential election’s “hanging chad” controversy,[5] Congress enacted the Help America Vote Act of 2002 (“HAVA”) to replace punch-out ballots with computerized voting systems.[6] HAVA also created the Election Assistance Commission (“EAC”) to administer the federal incentives to participating states and hold them to a federal standard.[7] “HAVA does not require any particular voting system, but it sets requirements that influence what systems election officials choose.”[8]Most voting systems use optical-scan machines (“OSMs”) that scan and record paper ballots that are either filled out by hand or created via ballot-marking devices (“BMDs”).[9] On a basic BMD, voters make selections on an electronic interface, e.g. a touch screen, then the BMD prints out a paper ballot with the corresponding selections.[10]  The physical ballots create a paper trail for auditing and allow voters to verify their ballot’s accuracy prior to submitting it, even though it has been found that most voters never notice errors, if they verify the ballot at all.[11] The other option is direct-recording electronic machines (“DREs”), which are essentially BMDs, but instead of printing a ballot, they digitally record selections via their software.[12] Some DREs offer a voter-verified paper audit trail (“VVPAT”) option – a running paper scroll that is used for auditing the electronic record.[13]


Leading up to HAVA’s enactment, experts warned of potential problems of an exclusively electronic voting software (like that found in DREs) in the hands of private companies and insisted on corresponding physical, non-computer-generated copies of ballots as a paper trail for auditing.[14] DREs were known to be hackable to correctly display the voter’s selection on the screen and printed on the VVPAT, yet record a different selection in the system’s software where the ballot is officially recorded.[15]Furthermore, BMDs and OSMs, besides the occasional improper (if not malicious) calibration to record inaccurate selections, could also be hacked to record extra votes or none at all.[16] However, legislatures chose not to incorporate the paper trail requirement or higher software standards to prevent hacking.[17] Because the few manufacturers keep their software closely guarded and HAVA requires only minimally intrusive machine testing, it was not until four years after HAVA’s enactment that a DRE was made accessible to an outside research group for a security analysis – the machine was donated by an anonymous source.[18]


Upon its creation, the EAC subsequently reported “an unprecedented surge in the acquisition of voting systems across this country” from 2002 to 2005.[19] Georgia was one of the first major participants in HAVA and contracted some $54-million to implement an entirely paperless network of DRE’s without VVPAT.[20] The state then “scrambled to get machines into place” for its governor race that resulted in the first political party change in 130 years.[21] A former contractor for Georgia’s sole supplier later shared accounts of continuous software issues and implementation of software patches that were never examined by the state officials or testing lab.[22] Furthermore, an election-integrity activist found unsecured online access to the company’s server through which it distributed software patches throughout the state.[23] The server held around 40,000 files including its voting machines’ source code and the company-wide password to voting records and audit logs – “the most critical data on a voting system.”[24]


One might think that the technology was implemented too fast and the kinks have been worked out over time. Yet, there was the 2016 presidential election for which the Senate Select Committee on Intelligence released a report that reverberated the same concerns originally voiced before HAVA and advertised what widespread vulnerability still existed in our voting technology’s security.[25] Midterm elections in Georgia just two years ago still suffered. The same machines they bought in 2002 were not only still in use, but were still causing issues including reports of voter’s selections being altered. [26]


In response, Georgia, again, dropped a heavy investment – over $100 million – on a state-wide replacement using the latest-technology voting machines; again, rushed them in before an election; and again, experienced software issues across the state.[27]However, Georgia’s audit of the recent 2020 election seems to affirm the state’s trust in their investment, despite thousands of ballots initially missed.[28] If the same percentage of missed Georgian votes occurred across all 50 states, there would be over 200,000 voters who would not be heard.[29]


Nineteen years ago, experts were “concerned about the secretive and proprietary treatment of tabulation software of all[-]electronic voting. The fraud that occurs one ballot at a time . . . accumulates slowly like grains of sand on a scale.”[30] Today, states updating their voting technology must understand that those concerns still exist.


[1] Camila Domonoske & Barbar Sprunt, ‘A Victory for We The People’: Biden Addresses Nation as President-Elect, NPR (Nov. 7, 2020, 9:25 PM),; Olivia Waxman, The 2020 Election Set a Record for Voter Turnout. But Why is it Normal for so Many Americans to Sit Out Elections?, Time (Nov. 5, 2020, 9:24 AM),

[2] R. Michael Alvarez et al., Are Americans Confident Their Ballots are Counted?, 70 J. Politics 754, 754 (2008).

[3] Id. at 764.

[4] Staff of S. Select Comm. on Intelligence, 116th Cong., Rep. on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, Volume 1: Russian Efforts Against Election Infrastructure with Additional Views (2018) [hereinafter Intelligence Report].

[5] Lesley Kenney, How the 2000 Election Came Down to a Supreme Court Decision, History (Nov. 4, 2020),

[6] Help America Vote Act of 2002 (HAVA), Pub. L. No. 107-252, 116 Stat. 1666 (codified as amended at 52 U.S.C. § 20901–21145).

[7] Help America Vote Act, U.S. Election Assistance Commission,,identified%20following%20the%202000%20election (last visited Nov. 20, 2020) [hereinafter EAC Website].

[8] Arthur L. Burris & Eric A. Fischer, Cong. Rsch. Serv., RS20898, The Help America Vote Act and Election Administration: Overview and Selected Issues for the 2016 Election 5 (2016).

[9] Id.

[10] J. Alex Halderman & Mathew Bernhard, Not Enough Voters Detecting Ballot Errors and Potential Hacks, Study Finds, The Michigan Engineer (Jan. 8, 2020).

[11] Id.

[12] Kim Zetter, The Crisis of Election Security, N.Y. Times (Sep. 26, 2018),; Burris, supra note 8.

[13] Zetter, supra note 12.

[14] Improving Voting Technologies: The Role of Standards: Hearing Before H. Comm. Science, 107th Cong. 29–34 (2001) [hereinafter Hearing] (statements of: Dr. Steve Ansolabehere, Professor, MIT and Director, Caltech-MIT Voting Project; & Dr. Rebecca Mercuri, Assistant Professor of Computer Sciences, Bryn Mawr College and President, Notable Software, Inc.); Voting Tech. Project, Voting – What is, What Could Be, The Caltech/MIT Voting Tech. Project 45–47 (July 1, 2001),

[15] Hearing, supra note 14, at 31.

[16] Zetter, supra note 12.

[17] Help America Vote Act of 2002 (HAVA), Pub. L. No. 107-252, 116 Stat. 1666 (codified as amended at 52 U.S.C. § 20901–21145).

[18] Jen Schwartz, The Vulnerabilities of Our Voting Machines, Sci. Am.: Electronics (Nov. 1, 2018),

[19] EAC Website, supra note 7.

[20] Zetter, supra note 12.

[21] Id.

[22] Id.

[23] Id.

[24] Id.

[25] Intelligence Report, supra note 4.

[26] Christina A Cassidy & Michael Liedtke, Midterm Voting Exposes Growing Problem of Aging Machines, Associated Press (Nov. 7, 2018),

[27] Id.

[28] Historic First Statewide Audit of Paper Ballots Upholds Result of Presidential Race, Georgia Secretary of State, (last visited Nov. 20, 2020) (statement of Georgia Secretary of State Brad Raffensperger) (“Georgia’s historic first statewide audit reaffirmed that the state’s new secure paper ballot voting system accurately counted and reported results.”); County Summary Data, Georgia Secretary of State, (last visited Nov. 20, 2020).

[29] 6,320/5,000,585 = 0.1264% error. 158,895,790 *0.1264% = 200,821. County Summary Data, supra note 28 (providing audit tabulation that voting machines recorded 1,058 extra votes and missed 6,320 votes out of the audited total of 5,000,585 votes); Michael P. McDonald, 2020 November General Election Turnout Rates, U.S. Elections Projects (Nov. 16, 2020), (providing estimate of 158,895,790 total ballots counted, not including Washington, D.C.);

[30] Voting Tech. Project, Voting – What is, What Could Be, The Caltech/MIT Voting Tech. Project 10 (July 1, 2001),

Image Source: