H.429 is a miscellaneous elections bill that includes new policies such as online voting for disabled or overseas voters, as well as ranked-choice voting in the next presidential primary.
The Vermont Senate approved changes to the bill by a 16-14 vote on the final day of the legislative session, May 12. During discussion of the bill, Sen. Ruth Hardy, D-Addison, noted that cybersecurity experts who testified were “mixed” about their support, as well as other groups.
Susan Greenhalgh, senior advisor of election security for the nonprofit Free Speech for People, told True North that U.S. military researched online voting for members and already concluded that security challenges could not be overcome. She said asking officials to find a way to make online voting secure is like “asking a child to go out and play safely in traffic.”
“There’s this mistaken assumption that the government has never looked into online voting — that’s not accurate,” Greenhalgh said. “The National Institute of Standards of Technology [NIST] was tasked by Congress from 2006 to 2012 to write multiple reports on the challenges of online voting. … They came to the conclusion that it wasn’t secure.”
She explained that in 2015 the U.S. Congress had online voting removed from that year’s iteration of the National Defense Authorization Act because it had been investigated and found to be insecure. In addition, Greenhalgh said when her organization presented NIST reports to Vermont lawmakers about cybersecurity risks of online voting, the documents were largely ignored.
“In 2008, NIST released NISTIR 7551, ‘A Threat Analysis on UOCAVA Voting Systems,’ which analyzed the use of several electronic technologies for different aspects of the absentee voting process,” Greenhalgh said. “This research concluded that widely-deployed security technologies and procedures could mitigate many of the risks associated with electronic ballot delivery, but that the risks associated with casting ballots over the Internet were more serious and challenging to overcome.”
In Free Speech for People’s written testimony to Vermont lawmakers, other warnings were cited.
“Four federal government agencies have concluded in a recent risk assessment that ‘electronic ballot return’ is ‘High’ risk, even with security safeguards and cyber precautions in place,” the letter states. It added:
The agencies warn that electronic ballot return ‘faces significant security risks to the confidentiality, integrity, and availability of voted ballots,’ and that these risks can ‘ultimately affect the tabulation and results and can occur at scale,’ and explicitly recommends paper ballots.
The risk assessment was issued by the Federal Bureau of Investigation (FBI), the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), the U.S. Elections Assistance Commission (EAC), and the National Institute for Standards and Technology (NIST).
However, Vermont’s elections director and other state officials encouraged lawmakers to support the online election provisions. Greenhalgh said those officials seemed determined to back the policy despite the information her organization had presented.
She added that vendors advertising “secure online portals” give a false sense of security in online voting, and that federal agencies are not allowed to advise the states — so state lawmakers are only hearing one side of the issue.
The company that may eventually manage Vermont’s online voting is Democracy Live.
Greenhalgh maintains that her organization is tracking online voting legislation all over the nation.
“This is happening all over the country,” she said. “… There’s a lot of deception that is going on that is coming from the vendors.”