* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense.
Pennsylvania Technology in Use
Verified Voting Foundation
* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device.
Pennsylvania Election Security Grade: D
Center for American Progress Report
"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:
1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing
This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.
It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."
Pennsylvania adheres to a number of minimum cybersecurity best practices related to voter registration systems, but the state allows voting using machines that do not provide a paper record. In addition to being vulnerable to hacking, this prevents the state from carrying out post-election audits that test the accuracy of election outcomes, which does not provide confirmation that ballots are cast as the voter intends and counted as cast. Even in places that do use paper ballots, the state’s audit requirements lack important criteria. For example, audits may be conducted electronically through automated retabulation, which is vulnerable to hacking. Also, the number of ballots included in an audit is based on a fixed percentage, rather than one that is statistically significant and tied to the margin of victory in one or more ballot contests. Moreover, the audit law does not specify whether all categories of ballots—regular, absentee, provisional, and UOCAVA—are included in the audit, or if escalation occurs automatically if necessary. Pennsylvania’s ballot accounting and reconciliation procedures also need improvement. The state did earn points for prohibiting voters stationed or living overseas from returning voted ballots electronically, a practice that election security experts say is notoriously insecure. In Pennsylvania, all voted ballots are returned by mail or delivered in person. The state exercises good practices by requiring that all voting machines be tested to EAC Voluntary Voting System Guidelines before they are pur- chased or used in the state, and by requiring election officials to carry out pre-election logic and accuracy testing on all machines that will be used in an upcoming election.
The state’s use of paperless DRE machines and insufficient post-election audits leave Pennsylvania open to undetected hacking and other Election Day problems. Pennsylvania should immediately switch to a statewide paper ballot voting system and require robust post-election audits that test the accuracy of election outcomes. Encouragingly, in December 2017, the General Assembly’s Advisory Committee on Voting Technology recommended legislative funding to assist counties in obtaining voting machines that produce voter-verifiable paper records. And on February 9, Pennsylvania Gov. Wolf ’s administration ordered counties looking to replace voting systems to purchase machines with paper records, though counties already using paperless DRE voting systems would still be allowed to repurchase that equipment, at least until they are decertified. In updating its post-election audit requirements, state officials should look to risk-limiting audits like those in Colorado as a potential model.
To further improve its overall election security, Pennsylvania should require pre-election testing for electronic poll books in jurisdictions where they are used to ensure that they are in good working order before Election Day. Finally, Pennsylvania can strengthen its ballot accounting and reconciliation procedures by requiring counties to compare and reconcile precinct totals with composite results to confirm they add up to the correct number.
Minimum cybersecurity standards for voter registration system: Fair
The state’s voter registration system is estimated to be at least 10 years old.
The state’s voter registration system provides access control to ensure that only authorized personnel have access to the database.
The state’s voter registration system has logging capabilities to track modifications to the database.
The state’s voter registration system includes an intrusion detection system that monitors incoming and outgoing traffic for irregularities.
The state performs regular vulnerability assessments on its voter registration system.
The state has enlisted DHS to help assess and identify potential threats to its voter registration system.
Commonwealth employees are required to participate in cybersecurity training.
Electronic poll books are used by some, but not all, jurisdictions in the state.
Paper voter registration lists are available at polling places that use electronic poll books on Election Day.
Pre-election testing of electronic poll books is left up to the counties that use them.
Voter-verified paper audit trail: Unsatisfactory
Depending on the jurisdiction, some voters in Pennsylvania cast paper ballots, while others vote using paperless DRE machines. On February 9, Pennsylvania Gov. Wolf ’s administration ordered counties looking to replace voting systems to purchase machines with paper backups, though counties already using paperless DRE voting systems would still be allowed to repurchase that equipment, at least until they are decertified.
Post-election audits: Unsatisfactory
The state conducts mandatory post-election audits. However, Pennsylvania’s use of paperless DRE machines prevents it from carrying out audits that can confirm the accuracy of election outcomes.
The state’s post-election audits may be conducted by manual hand count or electronically through automated retabulation. In any case, votes must be audited by a different method from how they were initially tabulated. For example, if an audited ballot was initially counted by an optical scan machine, in the audit that ballot would have to be counted manually or by some other means.
Audits are carried out on at least 2 percent of votes cast or 2,000 votes total, whichever is fewer.
The ballots included in the audit are selected randomly.
There is no statutory requirement on whether all categories of ballots—regular, absentee, provisional, and UOCAVA—are eligible for auditing.
There is no statutory requirement on whether an audit escalates to include more ballots in the event that preliminary outcomes are found to be incorrect.
Audits are open to public observance.
Audits are carried out approximately 20 days before certification.
- We were told that although not explicitly required by law, counties are required during an audit to resolve any discrepancies identified. The resolution of the discrepancies could change election results.
Ballot accounting and reconciliation: Unsatisfactory
All ballots are accounted for at the precinct level.
Precincts are required to compare and reconcile the number of ballots with the number of voters who signed in at the polling place.
Counties are not explicitly required to compare and reconcile precinct totals with countywide results to ensure that they add up to the correct amount.
- There is no statutorily mandated review process to ensure that all voting machine memory cards have been properly loaded onto the tally server. While state law requires that election results be made public, it is unclear whether the same is true of information regarding ballot reconciliation processes and results.
Paper absentee ballots: Fair
- The state does not permit voters—including UOCAVA voters—to submit completed ballots electronically. All ballots must be returned by mail or delivered in person.
Voting machine certification requirements: Fair
Before they may be purchased and used in the state, all voting machines must be certified by the Election Assistance Commission.
Some jurisdictions in the state likely still use voting machines that were pur- chased more than a decade ago.
Pre-election logic and accuracy testing: Fair
Election officials conduct mandatory logic and accuracy testing on all voting machines prior to an election.
Testing is open to the public.
Testing is carried out at least four days before an election.