POV cyber hacker attacks (copy)

Hands typing on desktop pc computer keyboard

A House panel on Thursday advanced a bill that seeks to allow blind or otherwise print-impaired voters to privately and independently vote by returning marked ballots online.

But a host of federal agencies, including the Department of Homeland Security and the Federal Bureau of Investigation, warned in a report to states ahead of last fall’s election the bill’s provisions would amount to a “high-risk” endeavor that could compromise election integrity by allowing hackers to manipulate ballots and election results “at scale.”

Senate Bill 21-188 was carried through the Senate by Sen. Jessie Danielson, D-Wheat Ridge, where it passed on a near-party line vote. In the House, the legislation is sponsored Democratic Reps. Monica Duran, D-Wheat Ridge, and David Ortiz, a Littleton Democrat who now uses a wheelchair after a helicopter crash while serving in Afghanistan left him with little muscle control below his waist.

The proposal seeks to build on legislation that allows voters with disabilities to access a ballot online, which Danielson championed in 2019. Under Danielson's Senate Bill 19-202, a ballot can then be marked, printed and returned, which allows voters with disabilities to cast a ballot privately and independently.

After being signed into law in May 2019, Danielson said Secretary of State Jena Griswold quickly implemented the legislation and it has largely been successful, save for one hiccup: few voters with disabilities have a printer.

Scott LaBarre, president of the National Federation of the Blind of Colorado, told the House State, Civic, Military and Veterans Affairs Committee that 7% of Denver voters who attempted to the utilize the provisions in Danielson’s previous bill were successful in doing so during last fall’s election. That mirrored testimony he provided to the Senate State, Veterans and Military Affairs Committee earlier this month.

“To protect and secure our right to vote is sacred and allows us to be truly free, and this is worth much more than the very, very low risk of potential election fraud,” he said on Thursday.

LaBarre was one of three witnesses from the NFB of Colorado to testify. He was also joined by Curtis Chong, who serves as the organization’s voting rights coordinator.

“We understand there are security risks, we do, but we also recognize that during the last big election, where there was a lot of talk about fraud and a lot of talk about things that might happen in Colorado that did not happen,” he told the panel. “And there is nothing from the point of view of an individual voter who's blind that is more empowering than in Colorado using our system.”

The bill was also backed by The Arc of Colorado, Disability Law Colorado and Denver Clerk and Recorder Paul López.

But as with the Senate hearing earlier this month, the proposal drew strong pushback from election security advocates.

“Any system or process by which voted ballots are transmitted over the internet cannot be trusted, full stop,” said Susan Greenhalgh, senior adviser on election security for Free Speech For People.

The bill also drew pushback or calls for substantive changes from Verified Voting and Common Cause of Colorado, among others.

A representative from Griswold’s office indicated she is taking a neutral position on the bill, balancing concerns on security and accessibility. Caleb Thornton, a legal, policy and rulemaking manager in the Department of State’s Elections Division, added “we have seen no evidence that any ballot has ever been manipulated, intercepted or cast fraudulently via this method of voting.”

Quizzed on the bill earlier this month, Griswold told Colorado Politics the system was considered “the securest in the nation.”

“It's not like I'm doing a doodle poll and telling you what people I want,” Griswold said. “It's the same system our overseas and military voters can use.”

Colorado is one of a handful of states to allow military and overseas voters to both receive and return ballots online, a system Griswold said was set up by her predecessor, Republican Wayne Williams. Colorado voters can also submit ballots online in cases of emergency.

“You are sent through basically a drop box that is end-to-end encrypted – we’re the only state in the nation that does end-to-end encryption – then you get your ballot and overseas and military voters can return it through that,” Griswold said, explaining the bill would expand that process to voters with disabilities.

Those comments didn’t sit well with election security experts. Doug Jones, a computer science professor at the University of Iowa and one of the United States’ foremost experts on election security, said the reference to end-to-end encryption was “a smokescreen.”

End-to-end encryption, Jones said, only protects the ballot while it’s in transit. It’s an effective security feature when coupled with voting machines, which are closely monitored with a “very small, very select group of people in a position to install the wrong software or to misrepresent what software is installed on the machine.”

“In contrast, when it comes to your cell phone, when it comes to your iPad, when it comes to your personal computer, it's on the internet a lot. It has, or is suspected to have, significant security vulnerabilities,” Jones said, highlighting estimates that peg some 30% of computers as being infected with malware.

Those vulnerabilities, Jones said, “end up making end-to-end encryption pretty much irrelevant, and indeed that includes in Colorado.”

Kim Zetter, a journalist who covers cybersecurity and national security, agreed.

“If the user’s device is already compromised, the ballot can be altered on their system before it’s encrypted and sent (without the user knowing this),” she said in a message after reviewing the bill.

Zetter also noted that issue magnified another problem with the bill: the lack of paper backup for the voter to verify before being sent out.

“Without a paper backup of the ballot that the voter has reviewed and verified, the electronic ballot can potentially be altered on the receiving server once it’s decrypted there,” Zetter said. “(The Department of Homeland Security) was clear in guidance it sent states that electronic ballot return should not be done at all.”

That’s a reference to a report compiled last summer by a cohort of prominent federal agencies – the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency, the Elections Assistance Commission, the Department of Commerce’s National Institutes of Standards and Technology and the Justice Department’s FBI. The report, released privately to states last year, acknowledged that some states already allow military and overseas voters to return ballots online but still said the process was high-risk.

The agencies took particular issue with so-called “bring your own device” internet voting – exactly what the bill would allow those with disabilities to do.

“A voter’s personal device may not have the necessary safeguards in place,” the report said, reiterating Jones’ concerns. “As a result, votes cast through ‘bring your own device’ voting systems may appear intact upon submission despite tampering as a result of an attack on the personal device rather than on the ballot submission application itself.

“Voters using personal devices increase the potential for an electronic ballot delivery and return system to be exposed to security threats.”

That report drew praise from U.S. Sen. Ron Wyden, an Oregon Democrat who is a leader in election security legislation in Congress.

“This confirms what cybersecurity experts have long warned: The return of marked ballots over the internet poses a high risk to national security and to the integrity of Americans elections,” Wyden said in a statement to the Wall Street Journal after the release of the report. “States should not be rolling the dice with our democracy by using insecure technology, including email, to receive electronic marked ballots over the internet.”

After an amendment narrowing the scope of the bill down to only allow blind or otherwise print-impaired voters to return ballots online, the proposal cleared the panel on a 8-3 with Watkins Republican Rod Bockenfeld joining Democrats in support.

Ahead of that vote, Ortiz leveled criticism at some of the bill’s opponents, alleging that “No one has said anything about (military voters casting ballots online) being an issue.”

“I just find it interesting that when it pertains to just our service members, that the roadblocks weren't thrown up. It was only when one of the most marginalized communities, the disabled community, is asking for the same access and rights, that all of a sudden the questions come out,” he said.

C. Jay Coles of Verified Voting earlier in the hearing indicated his organization believed allowing those voters to submit ballots online was “dangerous practice that should be reversed in its current form and not expanded.”

Ortiz's comment's also drew a back-and-forth with Greenhalgh on Twitter.

The bill now heads to the full House for consideration.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.