Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges

black hat 2020 keynote election security

Voting Village security celeb Matt Blaze delves into the logistics of scaling up mail-in voting ahead of November’s election.

Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair.

“This community is precisely the one whose help is going to be needed by your local election officials,” he said. “The logistical aspects of this are familiar to computing specialists,” he said, while urging virtual Black Hat attendees to “engage now.”

Scaling up mail-in voting, Blaze said, with less than 100 days left before the election, is an undertaking that, while not impossible, presents many challenges. With the “operational environment being under uncertainty and in a state of emergency…our expertise in this community is central to many of the problems that we have here.”

Blaze, who is McDevitt Chair in Computer Science and Law at Georgetown, chairman of the Tor Project and co-creator of the Voting Village at DEFCON, took the virtual “stage” at Black Hat 2020 on Wednesday for the first-day keynote. He discussed how the global coronavirus pandemic has created a national emergency on the voting front, driving a need for scaling up accessible, COVID-19-safe election mechanisms between now and November. Broader mail-in voting is an obvious choice for that – but making it or any other “fix” a reality in the short-term is easier said than done, he said.

“I’m a computer scientist who studies computer security, which is full of terribly hard problems,” Blaze said. “I don’t think I’ve ever encountered a problem that’s harder than the security and integrity of civil elections – it’s fundamentally orders-of-magnitude more difficult and more complex than almost anything else.”

One of the big reasons for this complexity is the fact that the federal government has remarkably little to do in practice with the process and the mechanisms of voting, he said, making for a patchwork of approaches that can’t be effectively changed in bulk.

Click to enlarge.

“In practice, each state sets its own rules, has its own laws, and has its own requirements for the elections that are conducted in that state,” Blaze explained. “And in most states, elections are actually run by local governments, most often counties. And to give you a sense of the scale, there, there are over 3,000 counties in the United States – and if you add the townships and other governments that that run elections, there are over 5,000 government entities responsible for doing everything with the elections for their residents. So there’s no single place where you can change everything nationwide.”

With the pandemic and various politicians driving controversy over the efficacy of vote-by-mail, Blaze noted that absentee voting has always been with us – but just not at scale.

“This is available everywhere, and it’s a fairly predictable, well-established concept in general, and election officials can usually predict how many people are going to need to vote by this absentee method,” he said. “There are states that that rely on mailing voting very heavily, in places like Oregon. But that said, in most places, we still by and large vote in person.”

The ratio of in-person-to-absentee will almost certainly change in November, thanks to COVID-19, Blaze added.

“We have an increase in the number of voters who are unable to vote in person, and maybe an increase in the number of local administrators who can’t operate all of their normal polling places,” he said. “So people may not be able to vote in their normal way, in much larger numbers than previously anticipated. We might have an increase in the number of people who are displaced, and have to vote from someplace else. Maybe they’re in a hospital, maybe they’re quarantined somewhere. Maybe they’re at a different location while they wait out the pandemic, or what have you.”

Click to enlarge.

The good news is that the user experience for absentee ballots is fairly straightforward: A voter requests a ballot, marks it anonymously and puts it in an envelope. That envelope is then placed in a second envelope, which has identifying information and which is signed for voter roll purposes, and mailed off.

Delivery capacity at the U.S. Postal Service aside, the mail-in voting workflow inside a given election office, while solidly established and secure, is where potential issues begin to creep in when trying to expand in volume, according to Blaze.

“When the voter requests the ballot, they have to be removed from the in-person poll book and sent a ballot package,” he said. “When it’s received back, the signature has to be checked against the signature on file, and if it’s a match, the inner envelope is sent off for batch scanning, without the voter’s identity…the machines that do this batch scanning are big and expensive. These are not off-the-shelf components, rather, these are basically industrial machines.”

All of this leads to problems in scaling up. It may be necessary to add additional scanners for instance, and those machines themselves have to be audited regularly. There’s also plenty of pressure on the chain of custody for the unmarked absentee ballots themselves. Additionally, if the signature on a marked ballot doesn’t match the signature on file, an exception-handling process kicks in that can be quite labor-intensive, because the election worker will need to follow up with the voter directly. And, to top it all off, basic materiel logistics can become a problem at volume.

“Sending the ballots out to the voters who need them, and processing the marked ballots, are both very human-intensive processes that often involve checks by multiple people, and it has to be done properly or the integrity of the election can get called into question,” Blaze noted. “So, if you’re going to do this on a larger scale, not only do you need to provide for all of this work that has to be done by human beings, over a pretty short time, but you also have to worry about things like how many ballots and envelopes do you have? You can’t just go to your local Kinkos or FedEx Office and print new ballots, because ballots have security features involving infrared reflective and infrared opaque inks.”

All of this, combined with the uncertainty about how many voters will need mail-in ballots and the fact that most jurisdictions do not currently have the funding, expertise or personnel to operate at scale, represents significant challenges.

Blaze added, “we’re likely not to know [exactly what’s needed] until it’s too late to change course. And that means we need to prepare for a very wide range of scenarios that may or may not come to fruition. So we may need to print lots of ballots that we don’t end up using, and also provide for lots of in-person voting that might not end up being used under pandemic conditions.”

Is there another path instead of scaling mail-in voting or accepting that millions may be disenfranchised if in-person is the only available method to cast a ballot?

Blaze’s answer to that is that deploying secure online voting systems is not a practical reality in the time we have until the election. So, the only alternative would be to postpone the contest until absentee voting at scale can be fully staffed and vetted. Blaze noted that there are scattered precedents for instituting a delay – after 9/11 in 2001 for instance, a primary election for mayor in New York City had to be postponed. However, postponing a national election, even for an emergency like COVID-19, is “kind of the worst-case option,” Blaze said, for many reasons. Not the least of which is because it’s unclear if that’s even constitutionally possible, and it could lead to court proceedings and social unrest (consider, Blaze noted, what happened in the wake of election-results delays and Bush v. Gore in 2000).

“It’s obviously very highly disruptive for certain elections, and we don’t really know what the rules are, because they haven’t been tested before,” he noted. “There are questions like, if we’re not able to hold the presidential election on time, does the current Speaker of the House become acting president? We hope to not find out the answers to questions like that.”

Please follow all of Threatpost’s Black Hat 2020 coverage by clicking here.

Suggested articles