* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense. 

 

Missouri Technology in Use
Verified Voting Foundation

* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device. 

Click for Verified Voting's interactive map

Screen Shot 2019-03-14 at 5.14.35 PM.png

Center for American Progress State by State Voting System Report

See State Grade Below
 

Report Excerpt:

"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:

1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing

This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.

It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."

Missouri: D*

Missouri uses paper ballots and voting machines that provide a paper record, but the state’s post-election audits lack important criteria. For example, the number of ballots included in an audit is based on a fixed percentage rather than a statistically significant number, and there is no explicit requirement that all ballot types—regular, absentee, provisional, and UOCAVA—be included in the audit. The law is also silent on whether an audit must automatically escalate to include more ballots if necessary. Also, Missouri allows voters stationed or living overseas to return voted ballots electronically, a practice that election security experts say is notoriously insecure. The state’s ballot accounting and reconciliation procedures also need improvement. Despite numerous attempts to speak to someone in state government about cybersecurity standards for the state’s voter registration system, state officials did not follow through on requests for information and comment on our research, and we were unable to locate all of the information independently. Even if Missouri is adhering to all of the minimum cybersecurity best practices for voter registration systems, its overall grade would not increase given the point distribution in the other categories. Missouri did earn points for requiring that all voting machines be tested to EAC Voluntary Voting System Guidelines before being purchased or used in the state, and for requiring election officials to carry out pre-election logic and accuracy testing on all machines that will be used in an upcoming election.

To improve its overall election security, Missouri should adopt more comprehensive procedures for carrying out post-election audits that test the accuracy of election outcomes. Specifically, the number of ballots included in an audit should be tied to the margin of victory in one or more ballot contests, and the audit should automatically escalate if necessary. In revising its audit requirements, the state should look to risk-limiting audits like those in Colorado as a potential model. Given the threat posed by sophisticated nation-states seeking to disrupt U.S. elections, it is imperative that post-election audits test the accuracy of election outcomes and detect any possible manipulation. Missouri should also strengthen its ballot accounting and reconciliation procedures by requiring counties to compare Missouri receives a D* 111 Center for American Progress | Election Security in All 50 States and reconcile precinct totals with countywide composite results to ensure that they add up to the correct number. Additionally, Missouri should prohibit voters stationed or living overseas from returning voted ballots electronically. All voted ballots should be returned by mail or delivered in person. The state should require all election officials to receive cybersecurity training prior to an election, and it should also require electronic poll books to undergo pre-election testing to ensure that they are in good working order before Election Day. At the same time, backup paper voter registration lists must be made available at polling places that use electronic poll books in case of emergency.

Minimum cybersecurity standards for voter registration system: Incomplete

*State officials did not follow through on our requests for information and comment on cybersecurity requirements for the state’s voter registration system. Information gathered for this section derives from independent research and correspondence with a county official

  • The state’s voter registration system is estimated to be at least 10 years old.

  • The state’s voter registration system provides access control to ensure that only authorized personnel have access to the database.

  • State officials were unable to provide us with information on whether the state’s voter registration system has logging capability to track modifications to the database.

  • The state’s voter registration system includes an intrusion detection system that monitors incoming and outgoing traffic for irregularities.

  • The state performs regular vulnerability assessments on its voter registration system.

  • State officials were unable to provide us with information on whether the state has enlisted the National Guard or DHS to help assess and identify potential threats to its voter registration system.

  • The state does not provide cybersecurity training to election officials. However, at least one county—St. Louis County—has started providing cybersecurity training to election personnel in partnership with its IT department.

  • Missouri permits the use of electronic poll books. The state does not require that backup paper voter registration lists be made available, nor does it require that all electronic poll books be tested prior to an election. However, at least one county—St. Louis County—tests all of its electronic poll books prior to an election.


Voter-verified paper audit trail: Fair

  • Depending on the jurisdiction, some voters in Missouri cast paper ballots, while others vote using DRE machines with VVPR.


Post-election audits: Mixed

  • The state conducts mandatory post-election audits.

  • The state’s post-election audits are conducted through manual hand count.

  • The state requires post-election audits on no fewer than 5 percent of precincts. The ballot contests considered in the audit are randomly selected, along with one randomly selected contested from each of the following categories: “(1) Presidential and Vice-Presidential electors, United States senate candidates and state-wide candidates; (2) state-wide ballot issues; (3) United States representative candidates and state general assembly candidates; [and] (4) Partisan circuit and associate circuit judge candidates and all nonpartisan judicial retention candidates.” In addition, the audit must include at least one “contested race or ballot issue from all political subdivisions and special districts, including the county, in the selected precinct(s)” as well as “all races in which the margin of victory between the two (2) top candidates is equal to or less than half of 1 percent (0.5 percent) of the number of votes cast for the office or issue.”876 • The precincts included in the audit are selected randomly.

  • While there are no statutory requirements on whether all categories of ballots— regular, absentee, provisional, and UOCAVA—are eligible for auditing, at least one county includes all ballot categories in its post-election audits.

  • There are no statutory requirements on whether an audit escalates to include more voting components in the event that preliminary outcomes are found to be incorrect. Instead, if the results of the audit reveal a discrepancy of more than 0.5 percent from the preliminary results, “[T]he manual recount team shall immediately notify the election authority, who shall investigate the causes of any discrepancy and resolve any discrepancies prior to the date of certification.”

  • Audits are open to the public and the results are made publicly available.

  • Audits are carried out before certification of official election results.

  • An audit can reverse the preliminary outcome of an audited contest if an error is detected.


Ballot accounting and reconciliation: Unsatisfactory

  • All ballots are accounted for at the precinct level.

  • Precincts are required to compare and reconcile the number of ballots with the number of voters who signed in at the polling place.

  • Counties are not explicitly required to compare and reconcile precinct totals with countywide results to ensure that they add up to the correct amount. 113 Center for American Progress | Election Security in All 50 States

  • Counties review and account for all voting machine memory cards or flash drives to ensure they have been properly loaded onto the tally server.

  • The state requires election results to be made public, but does not require the same for ballot reconciliation information.

Paper absentee ballots: Unsatisfactory

  • The state permits some UOCAVA voters to return completed ballots electronically via email, fax, or web portal.

Voting machine certification requirements: Fair

  • • State law requires that before being purchased and used for any election in the state, all voting machines must undergo testing by a federally accredited laboratory. In practice, all machines are EAC-certified.

  • Some jurisdictions in the state likely still use voting machines that were purchased more than a decade ago.
     

Pre-election logic and accuracy testing: Fair

  • Election officials conduct mandatory logic and accuracy testing on all voting machines prior to an election.

  • Testing is open to the public.

  • Testing occurs at least 14 days before an election.






 

SIGN UP FOR ACTION ALERTS