SciLine interviewed: Dr. Duncan Buell, a professor of computer science and engineering at the University of South Carolina. He is also vice chair of the Board of Voter Registration and Elections for Richland County in South Carolina. He has studied voting systems throughout the state, and has extensively analyzed election data and researched voting systems. See the footage and transcript from the interview below, or select ‘Contents’ on the left to skip to specific questions.
Is voting security affected by increased use of mail-in ballots?
DUNCAN BUELL: I think the – there are some security issues that come up. I think a lot of the security issues that have been mentioned in the press are not really there. It is very difficult in this country to fraudulently create a bunch of mail-in ballots and get them counted. That, actually, just doesn’t happen. Almost all the election officials across the country have very, very sound procedures for keeping track of who’s getting a ballot, who’s returned a ballot, whether they voted or not. Are there security issues? I confess, I’m a little squeamish about ballot drop boxes that just look like mailboxes. In South Carolina, for good or for ill, we have ballot drop boxes at the satellite locations. But there’s a staff person attending them. And I think that is a little better.
Several states – Colorado and, I think, Maryland and some others – just have drop boxes that are surveyed with cameras and such. But in general, I am not concerned about the security of mail-in ballots except the physical security of chain of custody of these big boxes, I think. And, I think, most people are taking care of that.
Are there significant voting-security threats that could interfere with the upcoming election?
DUNCAN BUELL: I think there are several threats. The biggest threat, I think, is something happening to a statewide voter registration database that is needed to configure ballots or is needed on Election Day if the check-ins for voters require the check-in process to be phoning home to the mother ship to get the data. That presents an attack surface that is fairly obvious and it’s only one attack surface. So that is, probably, the biggest threat. There could be some corruption of the database. There could be a denial of service attack on the database or the computer connections. I think that’s the biggest threat.
Where in the voting and ballot counting process is fraud most likely to take place? What about unintentional errors?
DUNCAN BUELL: I suspect we see unintentional errors a lot if we look carefully. When I’ve looked at the South Carolina data, it was a complicated system. And we were making the same errors in 2018 that we were making in 2010 because it’s a – it was a complicated process. It’s farmed out in South Carolina to 2,300 precincts across the state, staffed by people who don’t do it every day. Fraud – the biggest threat, I think, for fraud with an electronic voting computer is corrupting the database and having that propagate down to the configuration of ballots in the voting computers. I think that’s the biggest threat for fraud. Other kinds of ballot counting errors – I am happy with the notion that in South Carolina and in many other states, we tabulate at the precinct level, which gives us vote counts at a very, very small level of granularity, which means it’s a lot harder to change the votes later without changing all of these tiny details.
If you only count at the county level, it would be easier to swap a ballot – a box of ballots on the truck on the way back. There had been allegations of that going back a long time.
How secure are the electronic voting systems in use today?
DUNCAN BUELL: I am not overly fond of the security of any of the systems that had been looked at or that are in use. Pretty much every time serious computer security people had been able to look at the voting computers, they had found major security errors. It is alleged that none of the tabulation systems are connected to the Internet. And yet, it is certainly the case, in many states, that they are connected to the Internet. I was just speaking yesterday with somebody talking about Maryland, which apparently is going to have tabulations sent back via wireless modem to central tabulation computers over the Internet. This is not a smart thing to do. So I think that is a cause for concern.
We should not be doing anything over the Internet. And when we think things are really not connected, we should make sure they are not connected.
Does voting security vary in different areas of the country, and why is that?
DUNCAN BUELL: Security varies a great deal. And it varies a great deal primarily because of the difference in voting technology or a lack of technology that is used. In a state that is entirely all mail or almost all mail ballots, security will be very different from a state like mine, which is entirely – well, in-person voting is entirely done on voting computers. And that requires a much different and much higher level of security, because with an all-mail system – like Oregon or Washington or most of Utah and Hawaii – you know what you’re going to have as a problem. You know it’s going to be the physical paper you produce, the ballot styles, et cetera, the post office, the transfer back.
With a voting computer, like what we use in South Carolina, we have no idea what the software inside is. We have to trust the vendor. And we have to trust that all of these local jurisdictions have been really good and vigilant at maintaining security. That opens up a lot of attack surfaces that you don’t have with the system that is primarily mail or primarily hand-marked paper.
What have we learned from previous elections about cybersecurity threats to the voting process?
DUNCAN BUELL: We certainly have learned from – we should have learned from 2016. And we have learned from 2016 on a lot of things. We have seen a number of different problems occur. We’ve seen – from 2016 forward, we’ve seen attacks on the database – the voter registration databases. We have seen things that might have looked like denial of service attacks. All of these, I think, have made us much more aware. And we are, actually, getting a lot more help from federal cybersecurity experts than we got four years ago. So that’s a good thing.
We are learning from our mistakes. I’m not sure we’re learning fast enough. But we are learning from our mistakes in the past. And it’s not necessarily mistakes. Some of it is complacency. Some of it is just not being aware of what the security vulnerabilities are. And we are becoming more aware now.
Should the public be concerned about voting integrity in the upcoming presidential election?
DUNCAN BUELL: Yes, they should be concerned. I don’t think they should be overly fearful. I believe that most jurisdictions really are aware of the integrity issues for this election. They’re aware of the possibilities of cybersecurity attacks. And I think most jurisdictions are, in fact, taking steps to mitigate the dangers. So a concern? Yes. A fear? No.