* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense.
Texas Technology in Use
Verified Voting Foundation
* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device.
Texas Election Security Grade: D
Center for American Progress Report
"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:
1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing
This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.
It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."
Texas allows voting using machines that do not provide a paper record and fails to mandate statewide post-election audits that test the accuracy of election outcomes, which does not provide confirmation that ballots are cast as the voter intends and counted as cast. Currently, state law only requires post-election audits for jurisdic- tions that use paper ballots. It is within the Texas secretary of state’s discretion to audit “any portion of any number of ballots from any precinct in which the elec- tronic voting system was used.” In addition, the number of ballots included in an audit is based on a fixed amount, rather than a statistically significant number tied to the margin of victory in one or more ballot contests. Also troublesome is the
fact that audits are not binding on election results and cannot reverse the prelimi- nary outcome of an audited contest even if an error is detected. Additionally, Texas allows some voters stationed or living overseas to return voted ballots electronically, a practice that election security experts say is notoriously insecure. The state did earn points for its ballot accounting and reconciliation procedures and for requir- ing that all voting machines be tested to EAC Voluntary Voting System Guidelines. Additionally, Texas requires election officials to carry out pre-election logic and accuracy testing on all machines that will be used in an upcoming election.
Texas’s use of paperless DRE machines and its failure to conduct robust post- election audits that test the accuracy of election outcomes leaves Texas vulnerable to hacking and malfunction. Texas should immediately switch to a statewide paper ballot voting system and update its post-election audit procedures. In doing so, state officials should look to risk-limiting audits like those in Colorado as a poten- tial model. Texas should also require pre-election testing for electronic poll books to ensure that they are in good working order before Election Day. In addition, Texas should prohibit all absentee voters from returning voted ballots electroni- cally. Going forward, all voted ballots should be returned by mail or delivered in person. Although the state does not currently provide cybersecurity training to election officials, we were told that it is considering adding some cybersecurity training in the future. And while state officials did not specifically disclose whether the state has worked with DHS to identify and assess potential threats to its voter registration system, we were told that state officials maintain “a good relationship” with the federal agency.
Minimum cybersecurity standards for voter registration system: Mixed
The state’s voter registration system has been updated within the past 10 years.
The state’s voter registration system provides access control to ensure that only authorized personnel have access to the database.
The state’s voter registration system has logging capabilities to track modifications to the database.
The state’s voter registration system includes an intrusion detection system that monitors incoming and outgoing traffic for irregularities.
The state performs regular vulnerability assessments on its voter registration system.
The state has attended meetings and has “a good relationship” with DHS on election security matters, but it is unclear whether the state has accepted DHS’s help in identifying or assessing vulnerabilities in its voter registration system. At least one county in the state has partnered with DHS to assess and identify potential vulnerabilities.
While the state does not currently require its election officials to receive cybersecurity training prior to an election, it is considering adding some cybersecurity training in the future. At least one county has conducted out- reach to educate election officials on phishing attempts and the importance of “clean computing.”
Electronic poll books are used by some, but not all, jurisdictions in the state. Pre-election testing of electronic poll books is left up to the counties that use them. While there is no requirement that jurisdictions using electronic poll books provide back-up paper voter registration lists in case problems arise, “[t] ypically, those counties using epollbooks will provide the epollbook and a backup copy of the list in either in hardcopy or in a different electronic format that can be accessed outside of the epollbook software with different equipment.”
Voter-verified paper audit trail: Unsatisfactory
- Depending on the jurisdiction, some voters in Texas cast paper ballots, while others vote using paperless DRE machines.
Post-election audits: Unsatisfactory
Texas’s use of paperless DRE machines prevents it from carrying out audits that can confirm the accuracy of election outcomes. Moreover, state law only requires post-election audits for jurisdictions that use paper ballots. It is within the Texas secretary of state’s discretion to audit “any portion of any number of ballots from any precinct in which the electronic voting system was used.”
The state’s post-election audits are conducted through manual hand count.
For counties using paper ballots, county officials are required to audit ballots in at least 1 percent of election precincts or 3 percent of machines, whichever is greater. In most cases, all ballot items are subject to auditing. However, for certain elections—general elections for state and county officers, primary elections, or any election with proposed state constitutional amendments or statewide ballot measures—an audit includes up to three contested races and three ballot propositions. Beyond this, the secretary of state may choose to audit additional ballots and precincts.”
The precincts included in the audit are selected randomly.
All categories of ballots—regular, early voting, absentee, provisional, and UOCAVA—are eligible for auditing.
An audit can escalate in the event that preliminary outcomes are found to be incorrect.
Audits are not open to the public and the results are not made publicly available but written notice of an audit is posted and candidates and their representatives are entitled to be present. However, at least one county allows members of the public to be present for audits.
A manual audit must be completed within 21 days after an election, before certification.
An audit cannot reverse the preliminary outcome of an audited contest if an error is detected.
Ballot accounting and reconciliation: Fair
In practice, all ballots are accounted for at the precinct level.
Poll workers are required to compare and reconcile vote tallies and the number of voters who entered the polling place.
Precinct totals are generated at the county level by central counting station personnel who generate precinct returns and develop the unofficial totals from those returns. The central counting station personnel compare the precinct returns to the corresponding tally list.
There is no statutorily mandated review process to ensure that all voting machine memory cards have been properly loaded onto the tally server at the county level.
The state requires that vote tallies and ballot reconciliation information be made public.
Paper absentee ballots: Unsatisfactory
- One Texas county has been approved by the Texas secretary of state to receive ballots via email from UOCAVA voters who are eligible for hostile fire or immi- nent danger pay or who are stationed in a designated combat zone.
Voting machine certification requirements: Fair
Before they may be purchased and used in the state, all voting machines must be certified by the Election Assistance Commission.
Some jurisdictions in the state likely still use voting machines that were pur- chased more than a decade ago.
Pre-election logic and accuracy testing: Fair
The entity conducting an election conducts logic and accuracy testing of the tabulation equipment for all vote-tabulating machines prior to an election. This includes precinct scanners, central scanners, central accumulator, and DRE machines.
Testing is open to the public.
Testing occurs at least 48 hours before the machines are to be used in an election.