Summary: All the voting machines that counties and states bought before 2025 complied with standards (e.g., VVSG 1.0 or 1.1) that were extremely weak on cybersecurity, and indeed most of those voting systems were easy to hack (make them cheat in elections) and their back-end databases were easy to alter (to change vote totals). Now there are strong Federal standards for voting machines (VVSG 2.0), and there are some new voting machines that comply with those standards. There’s real evidence that it makes a difference: that VVSG 2.0 compliant voting systems really are more secure and trustworthy. Therefore, States (and other jurisdictions) should not buy new voting machines unless they are VVSG 2.0 compliant.
When a County (or State, or Town, etc.) buys voting machines, most states’ laws generally require that the machine has been examined by (a committee of experts designated by) the Secretary of State. Based on that exam, the Secretary approves the voting system for use in the State. In almost all states, a prerequisite to that examination and approval is that the voting machine complies with the Voluntary Voting System Guidelines (VVSG), a set of Federal standards. They’re called “voluntary” not because the voting-machine vendors don’t have to comply with them, but because it is voluntary for a State to require compliance. But almost all states do require VVSG certification, either by law or by practice. In many states, the State examination is very cursory, mostly just checking that (1) the U.S. Election Assistance Commission (EAC) has certified that some approved private company (an “Independent Testing Authority (ITA)”) has examined the machine’s software, hardware, and operation and found that it meets the VVSG standards, and (2) the machine can accommodate the particular ballot styles called for by that State’s laws.
The VVSG 1.0 had useful things to say about the ability of a voting machine, in normal operation, to count the votes and accommodate the ballot style of many different jurisdictions. But the VVSG’s requirements for security were quite weak. That was true of the VVSG’s predecessors, the 1990 and 2002 FEC standards; it was true of the EAC’s VVSG 1.0 adopted in 2005 and the VVSG 1.1 adopted in 2015. By “security” I mean such things as, resistance to hacks that would install fraudulent software to deliberately cheat in elections; resistance of the vote-count databases to the alteration of data; and so on. It is understandable that the 1990 and 2002 standards were weak in this regard, as the computer science of cybersecurity was in its infancy. But by 2015 it had become clear that the VVSG 1.0 and 1.1 were sorely lacking–they did not require voting-machine developers to use any kind of 21st-century cybersecurity engineering.
Therefore, starting in 2016 the EAC developed the VVSG 2.0, a complete revamp of the standards (through its Technical Guidelines Development Committee, with experts from state election administration, academic cybersecurity, and so on). The VVSG 2.0 was released in 2021. It specifies strong and general principles for voting-machine design–not just security, but accuracy, user interface, quality of implementation, interoperability, accessibility, and so on.
Did this help? Originally I was a bit skeptical. I studied a lot of voting machines between 2004 and 2024, either personally or by reading detailed reports written by other experts. It was clear that the engineers who designed those machines either didn’t know much about security or that security just wasn’t a priority. And you might think that it’s hard to legislate quality: you can pass a law saying a system has to be secure, but just passing a law doesn’t make things secure. If an ITA doesn’t know how to assess cybersecurity, then (you might think) it’s still too easy for the EAC to certify an insecure voting machine.
But I am encouraged by a recent specific example. In 2025 the State of Texas (which does a more thorough examination than most states) appointed me to their committee of Voting Machine Examiners to recommend whether the Secretary of State should approve the Hart Verity Vanguard voting system for use in that State. Hart is one of the three big voting-machine makers in the U.S., and this system was the first one to be certified by an EAC-approved ITA to VVSG 2.0 standards.
What I found is described in my report, published on the Texas SoS’s web site. Overall, the Verity Vanguard voting system (and its component machines such as polling-place optical scanners and county-central workstations) are well designed. Its cybersecurity is nearly “state-of-the-art for consumer grade devices”. That doesn’t mean it’s perfectly secure, and (in my report) I found a few flaws in the cybersecurity design. But its cybersecurity is much better designed than the older, VVSG 1.0-compliant and VVSG 1.1-compliant machines. Not only cybersecurity–it has better protection against inadvertent errors by election administrators than some of older voting systems.
This example strongly suggests that the VVSG 2.0 will make a real difference. Counties and States that want real improvements in the trustworthiness of their voting machines should insist that any new voting systems they buy must be VVSG 2.0 certified.
That’s not the whole story, of course. If an ITA lab doesn’t have the expertise to assess cybersecurity design and implementation, the EAC might certify a voting machine that fails to fully meet the standards. If you buy a good voting machine, you still need capable and dedicated election administrators to run a well organized, transparent, accessible election, with good ballot chain-of-custody and a strong audit program. VVSG 2.0 is not a panacea; but it should be a minimum.
Leave a Reply