PROCESS PRINCIPLES

From the Brennan Center

  • Federal, State and Local funders should provide consistent support to maintain, secure and regularly upgrade election system infrastructure as needed.

  • Election Jurisdictions should conduct regular audits, penetration tests and threat assessments of all websites, networks, firewalls and election systems.

  • When vulnerabilities are identified, make needed changes and apply basic cybersecurity best practices across systems.

  • Require state voter registration databases to meet the NIST cybersecurity framework.

  • All voting machines should be software independent and auditable. Currently, this means all systems should use voter marked paper ballots.

  • Require all voting machines to have an airgap requirement and no way to connect to the internet.

  • Pre and post-election auditing for all voting machines.

    • Conduct Logic and Accuracy testing on 100% of voting machines before an election.

    • Compare statistical sample of voting system totals to hand counts of paper ballots to minimize chance that outcome changing failure was missed.

    • Conduct and report audit results in public.

    • Ensure that if audit finds error, error can be fixed before certification of results.

  • Ban electronic return of voted ballots

  • Have a contingency plan and election day failsafe in place in every polling place in case of registration list or voting machine failure.

  • Work with the EAC to develop test reports and standards before buying or employing e-pollbooks.

  • Require election system vendors to report any cybersecurity breach to their facilities.