How states considered vulnerable to election hacking are preparing for 2018 and beyond
In July, Democrats on the House Administration Committee identified five states – Delaware, Georgia, Louisiana, New Jersey and South Carolina – as being the most at risk for potential security vulnerabilities heading into the 2018 general election.
Their argument: These states rely exclusively on electronic voting machines that don't have a paper trail. "It is nearly impossible to determine if paperless voting machines have been hacked and if vote tallies have been altered," the Democrats' report said. (No Republicans on the committee signed on to the report, but four of them released statements condemning Russia or election hacking.)
After the report, NBC News reached out to the five states to see what actions they've taken to ensure the security of their voting systems. Here's an update:
Delaware
The state has been in the process of acquiring new voting machines since spring 2016, but new machines won't be ready for this election season. Democratic State Sen. Bryan Townsend, a member of the Department of Elections Voting Equipment Selection Task Force, said he hopes for a "voter-verified paper ballot" system" that the state can test-run in 2019 and have "fully deployable by 2020." He gave praise to the "nonpartisan culture around department of elections" in Delaware. On Sept. 15, lawmakers approved the purchase of voting machines with a verified paper trail. According to Delaware State News, officials hope to do a trial run of the machines in May for local elections.
Georgia
Election-integrity activists filed a lawsuit in July 2017 against the state, and sought a preliminary injunction that would force the state to abandon its electronic voting machines before November. But a judge denied that request. The state's Secure, Accessible & Fair Elections Commission (SAFE), founded in April, said in a statement over the summer that it's discussing "the feasibility of using all hand-marked paper ballots to all electronic machines with a voter-verified paper trail." But that won't be for this election season.
Louisiana
Tyler Brey, press secretary for Louisiana Secretary of State Kyle Ardoin, said he is "very comfortable and confident" in the state's current procedures, because Louisiana was already taking steps to secure elections prior to 2016. However, Louisiana's process to get new voting machines – which started in March – has been temporarily stalled. This is because a potential vendor, Election Systems and Software, accused the Secretary of State's office of favoritism towards the chosen vendor, Dominion Systems. The Division of Administration is looking into the allegation and will direct the course of action once it resolves the dispute.
New Jersey
In August, the state said it finalized a spending plan to bolster its election infrastructure – covering cybersecurity, physical security, training, communication and voting equipment. That came after Democratic state Assemblyman Vincent Mazzeo introduced legislation in May to increase election security and replace voting machines. "New Jersey is one of only a handful of states that still use voting machines that do not produce any type of paper record. Our state has some pretty strong election audit laws on the books, but we are currently unable to follow through," Mazzeo said in an interview with NBC News. Regarding the 2016 election, Mazzeo stated, "With the current infrastructure it would be almost impossible to tell" if voting was compromised. He made a call to action to acknowledge the state is a target for hacking and make sure every vote counts in the midterms.
South CarolinaIn South Carolina, two citizens filed a lawsuit against the state government due to the lack of paper voting machines which, they claim, leaves South Carolina susceptible to hacking. Chris Whitmire, director of public information and training for South Carolina State Election Commission, directed NBC to a press release that outlined the steps and precautions the state is taking as the lawsuit is underway – including partnering with private cybersecurity firms and performing security reviews.