New election equipment standards could pose serious cybersecurity threats

The Election Assistance Commission is poised to approve new voting security standards this week, but election security experts are ringing alarm bells over a last-minute change they call "profoundly ill-advised and unacceptably insecure."

Ahead of Wednesday's vote, the federal agency tweaked a section of the proposal to allow for disabled wireless technology to be included in voting equipment — a move election security experts say would pose a serious cybersecurity threat to the United States.

Experts fear this change could also undermine efforts to build back trust in the nation's election systems after a divisive 2020 contest that millions of Americans still erroneously believe was stolen from former President Donald Trump.

The so-called Voluntary Voting System Guidelines 2.0 is the first set of new voting security standards put forth by the EAC in 15 years. The draft clarifies that wireless hardware within a voting system is permitted, as long as the wireless connection is disabled. The agency said an outright ban on wireless technology would make obtaining voting equipment more difficult and costly for states.

But nearly two dozen computer science, security and election integrity experts wrote to the EAC last week warning that wireless devices, even if disabled, would "profoundly weaken" voting system security and significantly increase the chances of remote cyberattacks.

Sign up for The Fulcrum newsletter

"If wireless networking capability is there, it is inevitable that it will get turned on and used," the letter says. "It would be a recklessly naïve mistake to expect that procedures and processes could ensure that the wireless capability could or would not be activated, intentionally or unintentionally."

Wireless voting technology is already banned in California, Colorado, New York and Texas. The guidelines being considered by the EAC will serve as a benchmark for 38 states when determining what voting equipment to use. The other 12 states will more strictly follow the standards.

Election security experts are not only concerned with the changes in the proposal, but also how the alterations were made. The good-government group Free Speech For People alleges the EAC violated the Help America Vote Act because commissioners met with voting system vendors in non-public meetings before releasing the amended draft. Passed in 2002 to reform the country's voting systems, HAVA established the EAC and requires the agency's work to be public-facing.

"The EAC's attempted end-run around the Help America Vote Act and avoidance of public scrutiny endanger the security of America's elections and violate federal law," Ron Fein and Susan Greenhalgh of Free Speech For People wrote in a separate letter sent to the EAC last week.

But the EAC maintains it followed the appropriate procedures required by HAVA and the clarification was made in accordance with feedback received during the public comment period. Five days before the scheduled vote on the proposed guidelines, the agency published a six-page document to "dispel misinformation" about it.

The document notes that the EAC worked closely and held frequent meetings with experts at the National Institute of Standards and Technology to clean up the voting guidelines' language to remove redundancies and improve clarity.