The Election Assistance Commission (EAC) was established by the Help America Vote Act in response to problems with the administration of the 2000 elections. Among other responsibilities, such as administering grant programs and sharing best practices, it was charged with developing voluntary federal guidelines for voting systems and overseeing a program to test and certify systems to the guidelines.
Use of voting systems that conform to the EAC's Voluntary Voting System Guidelines (VVSG) is voluntary under federal law, but the VVSG work somewhat differently in practice than typical voluntary recommendations or best practices. Many states require use of some or all of the EAC's testing and certification program under their own state laws—and EAC certification offers the general reassurance of a federal "stamp of approval" for others—so voting system vendors tend to tailor their systems to the guidelines.
That means that the VVSG and the EAC's testing and certification program offer an opportunity for the federal government to inform how voting systems work. The EAC has acted on that opportunity, as well as its broader authority to issue election administration guidance, to implement versions of some policy proposals that have also appeared in recent federal legislation.
Software Independence
Most voting systems in the United States use computers for marking votes, counting them, or both. For example, even votes marked by hand on paper ballots are typically counted with electronic scanners. A challenge with using computers is that it is hard to tell just by looking at the software running on a voting system whether there is something wrong with it, either because of errors in the code or because of intentional interference.
One way to address that challenge is to ensure that voting systems are software independent, or that "an (undetected) change or error in [their] software cannot cause an undetectable change or error in an election outcome." Software independence has long been a topic of discussion for the EAC advisory bodies that draft and review the VVSG, and the most recent version of the guidelines (VVSG 2.0) added it as a new requirement for federal certification.
VVSG 2.0, which was adopted in 2021, allows for two types of approaches to software independence—(1) paper-based and (2) cryptographic end-to-end verifiable—although only the first is currently available on the voting system market. Systems that take that approach generate paper records of voters' selections that voters can verify before casting their ballots and election officials can check against the outcomes reported by the voting system through post-election audits.
Some bills introduced in the 118th Congress would mandate certain aspects of that type of system. For example, the Securing America's Elections Act of 2023 (H.R. 466) and the Freedom to Vote Act (H.R. 11, S. 1, S. 2344) would require voting systems used in federal elections to produce paper ballots that voters could verify, and the latter legislation would require states to audit federal elections.
Guidelines, Testing, and Certification for Nonvoting Election Systems
The VVSG and the accompanying testing and certification program focus on systems used for voting—for casting and counting ballots and related activities. However, there are also many other, nonvoting systems that are used in elections, such as voter registration databases and electronic poll books (e-poll books).
Problems with those nonvoting systems might not change votes directly, but they could still have significant consequences. For example, as one witness explained in a 2019 hearing, alterations to voter registration databases could cause eligible voters to be turned away from the polls or ineligible voters to be allowed to vote.
Some states have responded to the potential for such problems by establishing their own guidelines, testing, or certification for nonvoting systems. Variations in states' capacities to address the problems themselves and possible cost or efficiency advantages of a national baseline have also prompted calls for consideration of federal guidelines, testing, and certification.
Those calls are reflected in some recent legislative proposals. For example, the American Confidence in Elections (ACE) Act (H.R. 8528, H.R. 4563) would direct the EAC to establish voluntary guidelines for nonvoting election systems, and the Freedom to Vote Act (S. 2747, H.R. 11, S. 1, S. 2344) would direct it to provide for voluntary guidelines, testing, and certification for e-poll books and remote ballot marking systems.
The EAC has responded to such proposals by establishing an Election Supporting Technology Evaluation Program (ESTEP). ESTEP's first major project was a pilot program for testing e-poll books. As of this writing, it has started developing that pilot into a formal testing and certification program and launched a second pilot for the systems used to deliver ballots to some voters with disabilities and military and overseas voters.
Penetration Testing and Coordinated Vulnerability Disclosure
The EAC's testing and certification program is primarily designed to check whether voting systems satisfy a certain set of criteria, the VVSG. Some election security experts have also recommended a different kind of check on voting systems, known as penetration testing, that aims to identify vulnerabilities in a system by simulating attempts to attack it.
The most recent update to the EAC's testing and certification procedures added penetration testing as part of a pretesting review that voting system testing labs use to assess whether a system is ready for testing to the VVSG. Vendors seeking federal certification of a voting system are required to attest that they have addressed any critical vulnerabilities identified by that penetration testing before the system will be certified by the EAC.
EAC Commissioner Donald Palmer also testified in 2023 that the agency is working with the National Institute of Standards and Technology and the Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency to develop a voluntary coordinated vulnerability disclosure (CVD) program for election systems. CVD programs offer a way for good-faith researchers to help election officials and election system vendors identify and address vulnerabilities in their systems.
Legislation has been introduced in the 118th Congress that would codify versions of both of the above developments. The Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act—which has been offered both as stand-alone legislation (H.R. 7447, S. 1500) and as part of intelligence and defense authorization bills (e.g., S. 2103, S. 2226)—would direct the EAC to provide for penetration testing as part of its voting system testing and certification program and to work with DHS on a CVD program for election systems.