Paper ballots, risk-limiting audits can help defend elections and democracy, study finds
A multifaceted approach is the best way to address election infrastructure security, say researchers
Credit: Photo courtesy of the IU Kelley School of Business
BLOOMINGTON, Ind. — With just over two months before the 2020 election, three professors at the Indiana University Kelley School of Business offer a comprehensive review of how other nations are seeking to protect their democratic institutions and presents how a multifaceted, targeted approach is needed to achieve that goal in the U.S., where intelligence officials have warned that Russia and other rivals are again attempting to undermine our democracy.
But these concerns over election security are not isolated to the United States and extend far beyond safeguarding insecure voting machines and questions about voting by mail.
Based on an analysis of election reforms by Australia and European Union nations, they outline steps to address election infrastructure security — such as requiring paper ballots and risk-limiting audits — as well as deeper structural interventions to limit the spread of misinformation and combat digital repression.
“In the United States, despite post-2016 funding, still more than two-thirds of U.S. counties report insufficient funding to replace outdated, vulnerable paperless voting machines; further help is needed,” said Scott Shackelford, associate professor of business law and ethics in the Kelley School, executive director of the Ostrom Workshop and chair of IU’s Cybersecurity Program. “No nation, however powerful, or tech firm, regardless of its ambitions, is able to safeguard democracies against the full range of threats they face in 2020 and beyond. Only a multifaceted, polycentric approach that makes necessary changes up and down the stack will be up to the task.”
For example, Australia — which has faced threats from China — has taken a distinct approach to protect its democratic institutions, including reclassifying its political parties as “critical infrastructure.” This is a step that the U.S. government has yet to take despite repeated breaches at both the Democratic and Republican national committees.
The article, “Defending Democracy: Taking Stock of the Global Fight Against Digital Repression, Disinformation and Election Insecurity,” has been accepted by Washington and Lee Law Review. Other authors are Anjanette “Angie” Raymond, associate professor of business law and ethics, and Abbey Stemler, assistant professor of business law and ethics, both at Kelley; and Cyanne Loyle, associate professor of political science at Pennsylvania State University and a global fellow at the Peace Research Institute Oslo.
Aside from appropriating sufficient funds to replace outdated voting machines and tabulation systems, the researchers said that Congress should encourage states to refuse to fund voting machines with paperless ballots. The researchers also suggest requiring risk-limiting audits, which use statistical samples of paper ballots to verify official election results.
Other suggested steps include:
- — Congress requiring the National Institute of Standards and Technology to update their voting machine standards, which state and county election officials rely on when deciding which machines to purchase. Australia undertook such a measure.
— Creating a National Cybersecurity Safety Board to investigate cyberattacks on U.S. election infrastructure and issue post-elections reports to ensure that vulnerabilities are addressed.
— Working with universities to develop training for election officials nationwide to prepare them for an array of possible scenarios, and creating a cybersecurity guidebook for use by newly elected and appointed election officials.
“With regards to disinformation in particular, the U.S. government could work with the EU to globalize the self-regulatory Code of Practice on Disinformation for social media firms and thus avoiding thorny First Amendment concerns,” Raymond said. “It could also work to create new forums for international information sharing and more effective rapid alert and joint sanctions regimes.
“The international community has the tools to act and hold accountable those actors that would threaten democratic institutions,” added Stemler, who also is a faculty associate at Harvard University’s Berkman Klein Center for Internet and Society. “Failing the political will to act, pressure from consumer groups and civil society will continue to mount on tech firms, in particular Facebook, which may be sufficient for them to voluntarily expand their efforts in the EU globally, the same way that more firms are beginning to comply with its General Data Protection Regulation globally, as opposed to designing new information systems for each jurisdiction.”