Cybersecurity & Tech Democracy & Elections

The House of Representatives Needs an Audit System for Not-In-Person Voting

Herb Lin
Friday, April 17, 2020, 4:30 PM

As the House considers establishing alternatives to in-person voting during the pandemic, it must also provide confidence that a representative’s vote has not been hacked or compromised.

Nancy Pelosi speaks to the 2019 California Democratic Party State Convention. (By: Gage Skidmore, https://flic.kr/p/2g8vANE; CC BY SA 2.0, https://creativecommons.org/licenses/by-sa/2.0/)

Published by The Lawfare Institute
in Cooperation With
Brookings

Speaker Nancy Pelosi said on Thursday that the House could soon approve a change to its rules to allow for an alternative to in-person voting, as the COVID-19 pandemic has kept or will keep many representatives away from Washington DC as they observe shelter-in-place procedures. She noted that many proposals were under consideration, including proxy voting (in which one representative, away from the Capitol, would give a colleague his or her proxy to vote in person on the representative’s behalf) or remote voting (in which a representative would cast a vote by electronic means).

House leaders are well aware of concerns about the security of not-in-person (NIP) election procedures. But the coronavirus outbreak has made in-person voting for the entire House of Representatives impossible for the coming months. Thus, the usual (and correct) stance that “internet voting is too insecure to be used for real elections” cannot apply under the current circumstances because it could entirely thwart the House’s ability to legislate.

NIP voting in Congress has one major security advantage over NIP voting in an ordinary election—the voting record of a senator or representative is public. The House should take advantage of this characteristic to augment the security of whatever processes are put in place by agreeing to a possible audit of votes. This would ensure that the votes recorded actually correspond to the intent of the individual representatives who cast them.

To be specific, those representatives taking advantage of NIP voting should simultaneously notify multiple news media and constituents of their votes through a variety of channels—on their web sites, through electronic mailings and, most importantly, through the U.S. Postal Service, as facilitated by their franking privileges. A physical letter indicating the representative’s vote would be the equivalent of a voter-verified paper audit trail, and would provide an auditable record for NIP voting in the House.

When would audits be appropriate? Vote-count audits are necessary only when voting outcomes are close, and somebody would have to decide what counted as “close”. But if all representatives followed the notification procedure, I would expect that an audit could be completed in a matter of hours—rather than days or weeks—as audit personnel made the appropriate inquiries to the media or other vote recording repositories.

Whether this or another proposal, some such process will be needed to ensure there is public confidence that a House vote has not been hacked or compromised.


Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.

Subscribe to Lawfare