* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense. 

 

Idaho Technology in Use
Verified Voting Foundation

* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device. 

Click for Verified Voting's interactive map

Screen Shot 2019-03-14 at 12.56.36 PM.png

Center for American Progress State by State Voting System Report

See State Grade Below
 

Report Excerpt:

"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:

1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing

This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.

It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."

Idaho: C

Idaho adheres to a number of minimum cybersecurity best practices related to voter registration systems and conducts its elections with paper ballots, but it fails to mandate post-election audits, leaving the state’s elections vulnerable to potentially erroneous election outcomes that could go undetected and uncorrected. Idaho also allows absentee voters to return voted ballots electronically, a practice that election security experts say is notoriously insecure. Its ballot accounting and reconciliation procedures also need improvement. Idaho did earn points for requiring all voting machines to be tested to EAC Voluntary Voting System Guidelines before being used in the state and for requiring election officials to carry out pre-election logic and accuracy testing on all machines that will be used in an upcoming election.

To improve its overall election security, Idaho should immediately adopt robust post-election audit requirements that test the accuracy of election results. In doing so, the state should look to risk-limiting audits like those in Colorado as a potential model. Given the threat posed by sophisticated nation-states seeking to disrupt U.S. elections, it is imperative that post-election audits test the accuracy of election outcomes and detect any possible manipulation. Idaho should require cybersecurity training for election officials and prohibit electronic absentee voting, which has been deemed insecure by election security experts and federal entities. Going forward, all voted ballots should be returned by mail or delivered in person. Idaho’s ballot accounting and reconciliation procedures can also be improved. For example, after comparing the number of ballots cast with the number of voters on the poll roster at polling places, poll workers should be required to reconcile any discrepancies if they occur.

Minimum cybersecurity standards for voter registration system: Fair

  • The state’s voter registration system is estimated to be at least 10 years old.

  • The state’s voter registration system provides access control to ensure that only authorized personnel have access to the database.

  • The state’s voter registration system has logging capabilities to track modifications to the database. Idaho receives a C 70 Center for American Progress | Election Security in All 50 States.

  • The state’s voter registration system includes an intrusion detection system that monitors incoming and outgoing traffic for irregularities.

  • The state performs regular vulnerability assessments on its voter registration system.

  • The state has enlisted DHS to help assess and identify potential threats to its voter registration system.

  • The state does not require election officials to receive cybersecurity training prior to elections.

  • The state permits the use of electronic poll books. The state conducts pre-election testing on electronic poll books prior to an election and paper voter registration lists are available at polling places that use electronic poll books on Election Day


Voter-verified paper audit trail: Good

  • Elections are carried out using paper ballots and optical scan machines.


Post-election audits: Unsatisfactory

  • State law does not require post-election audits.


Ballot accounting and reconciliation: Unsatisfactory

  • All ballots are accounted for at the precinct level.

  • While a comparison of the number of ballots cast and the number of voters on the poll roster is required at polling places, poll workers are not explicitly required to reconcile any discrepancies if they arise.

  • Counties are required to compare and reconcile precinct totals with countywide results to ensure that they add up to the correct amount.

  • The state does not use a tally server. As such, a memory card review process is unnecessary.

  • While state law requires that election results be made public, it is unclear whether the same is true of information regarding ballot reconciliation processes and results.
     

Paper absentee ballots: Fair

  • The state allows some absentee voters to return completed ballots electronically, via email.

Voting machine certification requirements: Fair

  • Before they may be purchased and used in the state, all voting machines must be certified by the Election Assistance Commission.

  • Some jurisdictions in the state likely still use voting machines that were purchased more than a decade ago.
     

Pre-election logic and accuracy testing: Fair

  • Election officials conduct mandatory logic and accuracy testing on all voting machines prior to an election.

  • State law does not specifically require that testing be open to public observance, though public notice is required.

  • Testing is carried out between five and 10 days before an election.






 

SIGN UP FOR ACTION ALERTS