Brennan Center for Justice at NYU School of Law
March 8, 2018

Almost No Progress in Key Areas of Election System Security in Last Two Years

New Analysis Finds States are Still Using the Same Outdated and Unsecure Systems Despite Recent Warnings

New York, N.Y. –  By a number of key metrics, the country has failed to make significant progress securing voting machines, despite increasing warnings about system vulnerabilities from election officials and national security experts. An analysis released today by the Brennan Center for Justice at NYU School of Law comes amid concerns about the government’s response to attempts to interfere in U.S. democracy.
“The threats of both hacking and foreign interference are undeniable, yet we’re not doing all we can as a country to protect machines or ensure correct vote totals if a successful attack does occur,” said Lawrence Norden, deputy director of the Brennan Center’s Democracy Program. “While there has been important progress in securing our election infrastructure since 2016, when it comes to replacing outdated machines and mandating audits throughout the nation, we are failing. Casting a ballot and having it count as intended is the foundation of any democracy, and the time to fix these issues is now. States have been scrambling to do what they can, but Congress needs to support their efforts.”
The new analysis updates a 2015 Brennan Center report, America’s Voting Machines at Risk. While some federal agencies — and some states and counties around the country — have taken steps to secure infrastructure, Brennan Center researchers found two critical areas where the country has been remarkably slow to act:

  • We have not replaced voting machines most vulnerable to hacking: more than 40 states use ones that aren’t in production anymore.
  • States don’t mandate post-election audits that would allow us to detect and recover from successful cyberattacks against those machines. Only three require what is considered by experts to be the “gold standard” of auditing.
In the 2018 mid-term election, 43 states and Washington, D.C., will use voting machines that are no longer manufactured — the same number of states as in 2015. The age of the machines makes it difficult or impossible to find replacement parts, forcing some officials to turn to eBay.
This fall, 13 states will use paperless voting machines in some counties and towns. These older models are a security risk because they do not produce a paper record that can be used to verify vote totals in the event of a hack. Five states will be using these risky machines statewide. That’s just slightly down from 14 states that used paperless machines in 2016.
Paper records are of limited value against a cyberattack if they aren’t used to check the accuracy of the software-generated total, and to confirm that the results have not been manipulated. Only three states mandate post-election audits that provide a high-level of confidence in the accuracy of the final vote tally.
National security officials and election experts have called on Congress to act on legislation that would implement some of these security solutions. These bipartisan bills would help replace outdated machines and expand the number of machines with paper records. Debates that could decide if these measures get funded begin next week on Capitol Hill.
Read the full analysis here. For more on shoring up voting infrastructure, read the Brennan Center’s report: Securing Elections from Foreign Interference.
To schedule an interview or connect with a Brennan Center expert, contact Rebecca Autrey at or 646-292-8316.