* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense. 

 

Massachusetts Technology in Use
Verified Voting Foundation

* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device. 

Click for Verified Voting's interactive map

Screen Shot 2018-04-30 at 7.18.56 PM.png

Center for American Progress State by State Voting System Report

See State Grade Below
 

Report Excerpt:

"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:

1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing

This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.

It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."

Massachusetts: C

Massachusetts conducts its elections with paper ballots, but its failure to carry out mandatory post-election audits after every election leaves the state open to undetected hacking and other Election Day problems. State law only requires post-election audits to be carried out after presidential elections. Also, the number of ballots included in the audit is based on a fixed percentage—3 percent—rather than a statistically significant number tied to the margin of victory in one or more ballot contests. Escalation is left within the discretion of the Massachusetts secretary of state rather than being automatically triggered under particular circumstances. Adding to this is the fact that Massachusetts allows voters stationed or living overseas to return voted ballots electronically, a practice that election security experts say is notoriously insecure. The state did earn points for its ballot accounting and reconciliation procedures and for requiring that all voting machines be tested to EAC Voluntary Voting System Guidelines before being purchased or used in the state. Massachusetts also requires election officials to carry out pre-election logic and accuracy testing on all machines that will be used in an upcoming election.

To improve its overall election security, Massachusetts must require more rigorous post-election audits after every election, not just after presidential elections. The number of ballots included in an audit should be based upon a statistically significant number tied to the margin of victory in one or more ballot contests, while escalation should be required—not discretionary. In making these changes, state officials should look to risk-limiting audits like those in Colorado as a potential model. Massachusetts should work toward partnering with DHS to identify and assess potential threats to its voter registration system, to the extent possible. While recognizing the importance of state autonomy when it comes to elections as well as the fact that Massachusetts is working with a third-party vendor to assess potential vulnerabilities with its system, federal agencies with expertise in cybersecurity and access to classified information on contemporaneous cyberthreats have the personnel and resources necessary to thoroughly probe and analyze complex Massachusetts receives a C 98 Center for American Progress | Election Security in All 50 States election databases, machines, and cybervulnerabilities. Finally, the state should prohibit electronic absentee voting, even by UOCAVA voters, and require that all voted ballots be returned by mail or delivered in person.

Minimum cybersecurity standards for voter registration system: Fair

  • The state’s voter registration system is estimated to be at least 10 years old.

  • The state’s voter registration system provides access control to ensure that only authorized personnel have access to the database.

  • The state’s voter registration system has logging capabilities to track modifications to the database.

  • The state’s voter registration system includes an intrusion detection system that monitors incoming and outgoing traffic for irregularities.

  • The state performs regular vulnerability assessments and penetration testing on its voter registration system.

  • The state has not enlisted the National Guard or DHS to help assess and identify potential threats to its voter registration system and election infrastructure, but has worked with third-party contractors for similar purposes.

  • The state provides basic cybersecurity information to local election officials, including information on how to keep their passwords secure as well as other basic computing best practices.

  • State law permits the use of electronic poll books, but they are not yet used in general elections.


Voter-verified paper audit trail: Good

  • Elections are carried out using paper ballots and optical scan machines.


Post-election audits: Unsatisfactory

  • The state conducts mandatory post-election audits, but only after presidential elections.

  • The state’s post-election audits are conducted through manual hand count.

  • Audits include 3 percent of all precincts. Audits include contested races for president and vice president, representative in Congress, senator in Congress, representative in the General Court and senator in the General Court, and a statewide ballot question if one exists.

  • The precincts included in the audit are selected randomly.

  • All ballot types—regular, early voting, absentee, provisional, and UOCAVA— are eligible for auditing.

  • If preliminary outcomes are found to be incorrect, the secretary of the commonwealth may require escalation to include additional precincts or contested races. 99 Center for American Progress | Election Security in All 50 States

  • Audits are open to the public and the results are made public.

  • Audits are carried out prior to certification of official election results.

  • An audit can reverse or correct the preliminary outcome of an audited contest if an error is detected.


Ballot accounting and reconciliation: Fair

  • All ballots are accounted for at the precinct level.

  • Precincts are required to compare and reconcile the number of ballots with the number of voters who signed in at the polling place.

  • Municipalities are required to compare and reconcile precinct totals with countywide results to ensure that they add up to the correct amount.

  • The state does not use a tally server. As such, a memory card review process is unnecessary.

  • The state requires that all election results and reconciliation procedures be made public.

Paper absentee ballots: Unsatisfactory

  • The state permits UOCAVA voters to submit completed ballots electronically, via email or fax.

Voting machine certification requirements: Fair

  • Before they may be purchased and used in the state, all voting machines must be certified by the Election Assistance Commission.

  • Some jurisdictions in the state likely still use voting machines that were purchased more than a decade ago.
     

Pre-election logic and accuracy testing: Fair

  • Election officials conduct mandatory logic and accuracy testing on all voting machines prior to an election.

  • Testing is open to the public.

  • Testing occurs at least four days before an election.






 

SIGN UP FOR ACTION ALERTS