Primary voting

Kevin Mineau inserts his ballot into the DS200 vote-counting matching during the partisan primary in Rib Mountain, Wis., on Aug. 11, 2020. Mineau is observed by election official Mike Otten. In 2018, some servers that tabulated votes from DS200 machines in Wisconsin were left online for months, experts found, opening them up to possible hacking.

Long-time Wisconsin resident and election reformer Jim Mueller said when he was a municipal clerk two decades ago, elections were not a stressful part of small town administration.

When Mueller became clerk of the town of Middleton near Madison, elections could be arduous — including tallying votes into the early morning hours — but it was hardly high drama.

That was 1999. Today, in addition to the influence campaigns now attempting to undermine our faith in the electoral process, hackers are targeting election infrastructure, including the systems used to register voters and count ballots.

In fact, Mueller became so alarmed by the threats to election security that he helped inspire the creation of Wisconsin Election Integrity, a grassroots watchdog group that routinely challenges the Wisconsin Elections Commission and municipal clerks to plug security gaps and improve systems to detect tampering.

Mueller said voters should understand how their votes are counted — but secrecy around voting machine technology and software limits accountability surrounding a fundamental democratic process. He calls that a “dangerous situation.”

“That should set off the red lights and strobes, alarm bells sounding, you know? People, wake up!”

The Elections Commission, a bipartisan committee tasked with administering the state’s elections, says the state’s election infrastructure is secure. The commission has issued a detailed report describing how the state has prepared for the Nov. 3 election, including a “candlelight” contingency plan on how to continue without some of the technical services it normally relies on.

Building on these and other sources, Wisconsin Watch sought out local and national election experts to answer the question: How secure is election infrastructure in one of the nation’s top swing states? The answers were mixed.

Wisconsin Watch found that:

— Experts believe Wisconsin’s voter registration system, WisVote, appears to be secure from tampering.

— Most counties are using or plan to use newly available federal funds to help them detect hacking and malware.

— Machines used to tabulate ballots from about 1 million voters in Wisconsin contain modems that, unless properly managed, could make them vulnerable to attack.

— Existing post-election audits may not be able to catch altered or incorrect vote totals.

Although Wisconsin’s election technology is generally seen as secure, the threats against it remain significant.

William Evanina, director of the National Counterintelligence and Security Center, warned in recent months that bad actors may try to compromise election technology as part of a broader effort to undermine faith in the results, including possible attacks on election infrastructure.

Voter rolls appear secure

Thanks to recently improved safety protocols and same-day voter registration, experts say Wisconsin’s statewide voter database is not a major vulnerability.

Karen McKim, coordinator of Wisconsin Election Integrity, said Wisconsin does an “excellent” job when it comes to the security of the state’s voter registration system, also known as WisVote.

According to the Elections Commission, WisVote is encrypted both on the state’s servers and between the servers and users, who are primarily election clerks and their employees. Additionally, all of the system’s 3,000 users must use multi-factor authentication.

To ensure that these and other protocols are effective, Elections Commission staff participate in weekly “knowledge transfers” with state and federal law enforcement and intelligence services, and receive regular cyber hygiene scans that look for common vulnerabilities that hackers could exploit.

“The good folks from Homeland Security have been all up inside our business, both looking for vulnerabilities and looking for evidence of past intrusions. And we got a good, clean bill of health,” Elections Commission spokesman Reid Magney said.

Magney said WisVote’s segmented design makes it technically impossible for an intruder to access the system through a poorly-protected municipal clerk’s office, for example.

But even if such an attack could somehow delete voters’ registrations, Wisconsin’s policy of same-day registration would mitigate the damage by allowing voters to re-register up to and including Election Day, according to University of Iowa election security expert Douglas Jones.

County offices adding security

Although Wisconsin’s 1,850 municipal clerks primarily shoulder the burden of election administration, the state’s 72 county clerks and their offices carry out some election-related tasks, making them another potential target. But some of these offices lack basic cyberdefenses.

Dane County Clerk Scott McDonell warned last December that county clerks’ offices, which program voting equipment, print ballots, and tabulate results, lacked sufficient funding to safeguard their systems.

According to McDonell, hackers could penetrate county servers and replace unofficial election results with false results, or prevent local governments from sending their results to county collection systems, eroding the public’s confidence in elections.

His warning in December came just one month before Russian hackers paralyzed the computer systems of Oshkosh and Racine, although not their election systems. McDonell said Dane County is one of the few counties in Wisconsin that has invested in advanced cyberdefenses — but most counties soon will join in.

Dane County’s computer system has an Albert sensor — a network monitor that looks for suspicious behavior. Ohio used this kind of sensor last year to stop a cyberattack against its election system.

In recent months, Wisconsin’s Elections Commission has taken steps to improve county-level security. On June 10, commissioners approved a new federally-funded program for counties to conduct security assessments or to purchase intrusion detection systems; at least 59 of the state’s 72 counties have applied for funding.

“I think this is a good start but much more needs to be done,” McDonell wrote in an email to Wisconsin Watch. “Overall we are in a much better place than four years ago.”

Voting machines short of national standards

The Elections Commission has found no evidence that Wisconsin’s election systems have ever been compromised — and the same is true nationally. “Extensive” attempts by Russia to tamper with the 2016 election failed to breach any machines or change any vote totals, intelligence agencies say.

But the voting machines used by roughly 30% of all Wisconsin voters fall short of voluntary federal guidelines designed to protect elections from interference. And these machines, said McKim, “are under the complete control of the vendors.”

Across the country, since computer experts first warned about security problems with voting machines, manufacturers and election officials have denied that the machines can be hacked. This is because the systems are not connected to the internet, they say.

In September 2019, WisPolitics reported that the back-end servers of some voting machines were connected to the internet for up to a year in seven Wisconsin counties: Outagamie, Dodge, Milwaukee, St. Croix, Columbia, Waukesha and Eau Claire. A Wisconsin Watch analysis found that the votes of more than 1 million Wisconsin voters are tabulated using these systems.

The systems in question were taken offline after officials were alerted to the risk. Magney said all of those systems had “industry-standard firewall protection,” and none of them was breached.

In light of the threat posed by internet connectivity, momentum has been building to require that voting machines be physically separated from any internet-capable devices.

A technical working group at the U.S. Election Assistance Commission is pushing to require all voting machines be physically separated from the internet to be federally certified.

In 2016, the Wisconsin Legislature lifted a state requirement that every voting machine in the state comply with federal guidelines. Now, the state Elections Commission can approve any voting machine that meets a list of 18 basic criteria — none of which deals explicitly with the voting machine’s networking capability.

Jones, the election security expert, said Wisconsin voters “should be concerned” by the use of modemed voting machines during elections. But he said such attacks can be thwarted by unplugging modems from the machines until after official results are printed and frequently wiping the computers used to process the official results.

Audits offer weak protections

Even though every ballot in Wisconsin is either cast on paper or has a paper backup, the use of paper ballots provides little security without meaningful audit procedures to check how those ballots were counted.

State law requires the Elections Commission to audit each voting system in the state to determine the error rate in each system’s counting. In 2018, for example, municipalities hand-counted more than 135,000 ballots from 186 randomly-selected jurisdictions and found no issues with the voting systems used in that election.

David Becker, executive director and founder of the Washington, D.C.-based Center for Election Innovation & Research, emphasized that these audit procedures are important to confirm that the machines work properly. That is especially important in close races, like Wisconsin’s 2016 presidential contest in which Donald Trump won the state by less than 1 percentage point.

But when the left-leaning Center for American Progress reviewed Wisconsin’s election security in 2018, it found the state’s audit procedures to be “unsatisfactory.”

That is because Wisconsin’s audit system checks the accuracy of voting machines — not the election results — which means that even if an audit discovered that the machine-tabulated tallies were incorrect, the election results would remain the same.

However, Magney said if an audit raised questions about a machine’s performance, the Elections Commision would not certify the final results until the issue was resolved.

Even if the audit found significant errors as a result of malfunction or hacking, if the election’s margin of victory was greater than 1%, then by state law — changed after the 2016 statewide recount triggered by Green Party presidential candidate Jill Stein — a recount would not be allowed.

Magney said if that were to happen, the Elections Commission would take steps to ensure the correct results are certified — but he acknowledged there is no process currently in place.

McKim calls this a major vulnerability.

“Audit practices like those — designed only to reveal but not to correct any hacked results — make Wisconsin catnip for adversaries who want only to disrupt,” she wrote in a recent blog post after making an appeal to the Elections Commission to close the loophole. “They want the system to freeze up, to be unable to regain its legitimacy, and collapse in recriminations and vicious legal battles.”

This story was produced as part of an investigative reporting class at the University of Wisconsin-Madison School of Journalism and Mass Communication under the direction of Wisconsin Watch Managing Editor Dee J. Hall. Wisconsin Watch's collaborations with journalism students are funded in part by the Ira and Ineva Reilly Baldwin Wisconsin Idea Endowment at UW-Madison. The nonprofit Wisconsin Watch (wisconsinwatch.org) collaborates with WPR, PBS Wisconsin, other news media and the UW-Madison School of Journalism and Mass Communication. All works created, published, posted or disseminated by Wisconsin Watch do not necessarily reflect the views or opinions of UW-Madison or any of its affiliates.

Load comments