* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense.
Minnesota Technology in Use
Verified Voting Foundation
* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device.
Center for American Progress State by State Voting System Report
See State Grade Below
"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:
1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing
This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.
It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."
Minnesota adheres to a number of minimum cybersecurity best practices related to voter registration systems and conducts its elections with paper ballots, but its post-election audits lack important criteria. For example, the number of ballots included in the state’s post-election audits is currently a fixed number depending on the size of county, rather than a statistically significant number tied to the margin of victory in one or more ballot contests. The state did receive points for prohibiting voters stationed or living overseas from returning voted ballots electronically, a practice that election security experts say is notoriously insecure. In Minnesota, all voted ballots must be returned by mail or delivered in person. The state also exercises best practices by requiring that all voting machines be tested to EAC Voluntary Voting System Guidelines before being purchased or used in the state, and by requiring election officials to carry out pre-election logic and accuracy testing on all voting machines that will be used in an upcoming election.
To improve its overall election security, Minnesota should strengthen its post election audit requirements by basing the number of ballots included in an audit on a statistically significant number tied to the margin of victory in one or more ballot contests, rather than a fixed number based on the size of a given county. Given the threat posed by sophisticated nation-states seeking to disrupt U.S. elections, it is imperative that post-election audits test the accuracy of election outcomes and detect any possible manipulation. Minnesota should also require election officials to undergo cybersecurity training prior to elections so that they are prepared to identify and respond to threats or phishing attempts. Finally, the state should do away with allowing poll workers to remove excess ballots at random if discrepancies arise between the number of voters who sign into the polling place and voted ballots.
Minimum cybersecurity standards for voter registration system: Fair
The state’s voter registration system is estimated to be at least 10 years old.
The state’s voter registration system provides access control to ensure that only authorized personnel can access the database. Minnesota receives a B 105 Center for American Progress | Election Security in All 50 States
The state’s voter registration system has logging capabilities to track modifications to the database.
The state’s voter registration system includes an intrusion detection system that monitors incoming and outgoing traffic for irregularities.
The state performs regular vulnerability assessments and penetration testing on its voter registration system.
In 2016, the secretary of state’s office communicated with and made use of information provided by DHS. However, until a law changed in 2017, the secretary of state’s office was prohibited from utilizing DHS assessment services and from sharing certain information regarding the secretary of state’s office system with DHS. Since the new legislation became effective in 2017, the secretary of state’s office has begun working with DHS to utilize the assessment tools available to states.
The state does not require election officials to undergo cybersecurity training prior to an election.
Approximately six counties make use of electronic poll books, although many of those are simply testing out the equipment to determine whether they will be used in future elections. The state requires each jurisdiction using electronic poll books to certify at least 30 days before the election that the electronic poll books meet basic security and functionality requirements. Paper voter registration lists are available at polling places that use electronic poll books on Election Day. Because Minnesota’s electronic poll books are still in the piloting phase, the state was not graded on e-poll book best practices.
Voter-verified paper audit trail: Good
Elections are carried out using paper ballots and optical scan machines.
Post-election audits: Fair
The state conducts mandatory post-election audits.
The state’s post-election audits are conducted through manual hand count.
The number of precincts selected for an audit are based on the county’s registered voter population. For example, the county canvassing board of a county with fewer than 50,000 registered voters must conduct an audit on at least two precincts. Counties with between 50,000 and 100,000 registered voters must audit at least three precincts. Counties with more than 100,000 registered voters must audit at least four precincts or 3 percent of the total number of precincts in the county, whichever is greater. State law requires that audits consider votes cast for president or governor, U.S. senator, and U.S. representative, and may include consideration of other ballot contests.
The precincts included in the audit are selected randomly. Minnesota contracted with a third-party vendor to help assess and identify potential threats to its voter registration system during 2016 after a law prohibiting the state from sharing security information with federal officials prevented it from enlisting help from DHS.810 “…I continue to believe the most serious challenge to the integrity of our election system is the threat of outside forces, including foreign governments, who seek to disrupt and undermine our elections.” —Minnesota Secretary of State Steve Simon811 106 Center for American Progress | Election Security in All 50 States
All ballot categories—regular, early voting, absentee, provisional, and UOCAVA—are eligible for auditing.
If a discrepancy of more than 0.5 percent is found, the audit escalates to include additional precincts.820 If necessary, the audit can escalate to include all precincts statewide.
Audits are open to the public and the results are made publicly available.
Audits are carried out prior to certification of official election results.
An audit can reverse the preliminary outcome of an audited contest if an error is detected.
Ballot accounting and reconciliation: Unsatisfactory
All ballots are accounted for at the precinct level.
Precincts are required to compare and reconcile the number of ballots with the number of voters who signed in at the polling place. However, as part of the reconciliation process, poll workers can remove excess ballots at random.
Counties are required to compare and reconcile precinct totals with countywide results to ensure that they add up to the correct amount.
There is no statutorily mandated review process to ensure that all voting machine memory cards have been properly loaded onto the tally server at the county level. However, tabulator tapes are compared against tally server totals as a matter of best practice.
The state requires that election results and ballot reconciliation information be made public.
Paper absentee ballots: Fair
The state does not permit voters—including UOCAVA voters—to submit completed ballots electronically. All ballots must be returned by mail or delivered in person.
Voting machine certification requirements: Fair
Before they may be purchased and used in the state, all voting machines must be certified by the Election Assistance Commission.
Some jurisdictions in the state likely still use voting machines that were pur- chased more than a decade ago.
Pre-election logic and accuracy testing: Fair
Election officials conduct mandatory logic and accuracy testing on all voting machines prior to an election.
Testing is open to the public.
Testing occurs at least 14 days before an election.