When there’s a close election in Chattanooga, Tennessee, the losing candidate can go to court and ask for a recount of the ballots. If the judge thinks it’s warranted, the ballots will be counted by hand. But in Memphis, Tennessee, that can’t happen because there are no paper ballots to review. That’s because Shelby County, where Memphis is located, still uses paperless “direct-recording electronic” voting machines, also known as paperless DREs.
These machines only keep a digital record of votes, making them vulnerable to cyberattacks. Fortunately, they’re being phased out — but not everywhere, and that’s why they’re the subject of a federal lawsuit aiming to require their retirement as soon as possible. Tennessee is one of eight states expected to still be using paperless DREs as the primary way for voters to cast their ballots in some jurisdictions in 2020. They are used everywhere in Louisiana and in most of Indiana, New Jersey, and Mississippi as well.
In 2018, a group of Shelby County voters and the nonprofit Shelby County Advocates for Valid Elections (SAVE) sued the state of Tennessee, Shelby County, and various election officials, arguing that the county’s use of paperless DRE machines interferes with their right to vote. The district court dismissed the lawsuit because, according to the court, the risk of future harm to voters is too speculative and not traceable to the election administrators.
On Thursday, the Brennan Center and Troutman Sanders LLP filed a friend-of-the-court brief on behalf of 13 current and former election officials in 10 states asking the Sixth Circuit Court of Appeals to reverse that ruling. The brief explains that there is in fact a substantial risk for the plaintiffs’ votes to not be properly counted given the evidence of the continuing threat of attacks on voting systems in Tennessee and nationwide, as well as the problems inherent in paperless voting machines.
There are numerous examples of attacks on the nation’s election infrastructure in recent years. For instance, hackers successfully attacked Knox County’s election website on election night in May 2018 and prevented officials from posting election results as expected. They also obtained unauthorized access to the county’s servers and data.
Cyberattacks are not simply one-time incidents. In 2018, nearly half of local governments reported experiencing cyberattacks at least daily, with many local governments reporting an increased or consistent number of attacks, incidents, or breaches when compared to the previous year. The Senate Intelligence Committee confirmed that throughout 2016, “cyber actors affiliated with the Russian Government conducted an unprecedented, coordinated cyber campaign against state election infrastructure.” And national security officials believe that the 2020 election is “the big game” for adversaries looking to attack American democracy.
The best practice to provide a minimum baseline of security for voting machines is a paper record that allows for meaningful post-election audits. With no paper records, Shelby County voters cannot be assured that their votes are being properly counted.
Our brief also explains that election officials are responsible for the maintenance of election systems and providing a reasonably secure voting system to voters. Voting systems without paper trails simply fall below a minimum standard of professional responsibility.
States have made substantial progress in replacing paperless voting equipment in the past few years. In 2016, 14 states used paperless voting machines as the main polling place equipment in at least some counties and towns. Today, that number is down to 11 states, and the Brennan Center expects it will drop to no more than 8 by 2020.
Even so, that means a significant number of voters may not have a paper record of their vote in 2020. We estimate that as many as 12 percent of voters — some 16 million people — will use paperless equipment in November 2020. This compares to 20 percent of voters — 27.5 million people — in 2016.
Paper records will not prevent programming errors, software bugs, or the insertion of corrupt software into voting systems. Indeed, they will only have real security value if they are used to check and confirm electronic tallies during post-election audits. However, of the 42 states that should have paper records of every vote by 2020, 17 are not currently required to conduct post-election audits before the certification of election results.
Paperless voting machines represent an unacceptable threat to the integrity of elections. They make it impossible to perform hand recounts or robust post-election audits to ensure that vote tallies were counted accurately. Fortunately, there is an easy fix: replace them.