Pollbooks, unlike voting machines, do not undergo federal testing and certification and have no uniform standards governing their design or security. There is also no oversight of the handful of vendors who dominate the industry to ensure they keep their own networks secure. Kremlin-linked hackers attempted to breach the network of at least one U.S. e-pollbook provider in 2016, according to a leaked NSA document.
Federal lawmakers such as Sen. Ron Wyden (D-Ore.) have questioned electronic pollbook makers about the security of their products and networks. E-pollbooks and the companies that make them have gone too long without oversight, Wyden told POLITICO in an email.
“Electronic pollbooks have failed, repeatedly, in elections across the country and are clearly one of the weakest links in our election infrastructure,” he wrote.
Introduced more than a decade ago to replace printed pollbooks, the devices were used by election offices in 36 states in the 2018 elections, according to the National Conference of State Legislatures, which said the number of jurisdictions using them had risen 48 percent since 2016. Jurisdictions using the devices accounted for about half of all registered voters four years ago, according to the National Academy of Sciences. They are especially common in densely populated urban areas.
The Brennan Center for Justice, which has been involved in improving election administration for more than a decade, calls electronic pollbooks an “overlooked vulnerability.”
“Anecdotally, when you dig into problems that happen at polling places, more often than not it’s the electronic pollbooks rather than the voting machines” that cause issues, said Larry Norden, director of the center’s Election Reform Program. “I’ve spoken with a lot of election officials who are frustrated that there are no [national] standards for pollbooks and no testing.”
Election Systems & Software, one of the top providers of e-pollbooks, told POLITICO it would support a change to this state of affairs.
“[W]e believe Congress should establish standards for mandatory testing for both voter registration and pollbooks for all U.S. election providers,” ES&S spokesperson Katina Granger said in an email.
E-pollbooks serve multiple purposes: Voters use them to sign in at the polls, and poll workers use them to verify the voters’ eligibility to cast ballots. In some jurisdictions, they also tell electronic voting machines which digital ballot to display to the voter.
The devices often communicate wirelessly with each other and with backend voter registration databases, offering a potential pathway for hackers who get onto that wireless network to delete or alter voter records — to indicate falsely, for example, that someone has already voted. Hackers could further use the wireless connection to breach the backend databases and other systems connected to them.
Hackers could also manipulate voting machines via pollbooks in jurisdictions where those devices tell electronic voting machines which ballot to display. A hacker could potentially cause an e-pollbook to embed malicious commands in the voter access card, barcode or QR code that some of those devices use to convey instructions to the voting machines, according to Harri Hursti, a security expert and an organizer of the Voting Machine Hacking Village at the annual Def Con security conference.
Some pollbooks can be remotely locked or disabled by election staff, raising the possibility that a malicious actor could do the same.
‘That’s a system design problem’
Security risks aside, the devices have experienced trouble in multiple elections.
During South Dakota’s June 2018 primary, all 44 of Pennington County’s new electronic pollbooks crashed and had to be rebooted repeatedly, causing delays in voting. Precincts with paper backups of the voter roll switched to those, but voting halted for up to 90 minutes in more than a dozen precincts that had to wait for backups, prompting some voters to leave without voting.
In 2018’s midterm elections in Johnson County, Ind., voters waited two to three hours when software used to sync pollbooks slowed or froze. Other states using the same model of pollbooks made by ES&S also experienced problems. An investigation found that all ES&S pollbooks around the country were using the same cloud server to sync, providing a single point of failure when demand exceeded capacity.
In August 2019, Philadelphia’s new pollbooks made by KnowInk — the nation’s leading provider of the devices — failed to properly connect to printers during a test election, causing concern about using them in a November election. And in Georgia, which also rolled out KnowInk e-pollbooks statewide that year, the devices experienced issues during their first election that November.
During this year’s Georgia presidential primary, issues with the KnowInk pollbooks were again among a cascade of troubles that forced some voters to wait up to eight hours. Democratic Senate candidate Jon Ossoff denounced the plethora of election problems as a “disgrace” and “an affront to the principles of our Constitution.”
Georgia officials blamed the pollbook problems specifically on poll workers’ errors and poor training. But county officials and election integrity groups disagreed.
“Look, if one poll worker makes a mistake, that’s user error,” Eddie Perez of the Open Source Election Technology Institute told The Atlanta Journal-Constitution. “If you have many poll workers unable to operate the system, that’s a system design problem.”
This year presents new challenges for electronic pollbooks. Although more voters than ever are expected to vote from home because of the pandemic, longstanding problems with timely delivery of mail-in ballots will cause many to cast ballots in-person. With sports stadiums being recruited to stand in for some traditional polling places, the potential for meltdowns is high if election officials and pollbook vendors don’t plan for failures.
Wyden said election officials should ensure that every polling place has a paper backup of the voter roll, so poll workers can check in registered voters even if e-pollbooks fail. “Not fixing this issue is the definition of voter suppression,” he said.
Years of glitches
Electronic pollbooks came into vogue after Congress passed the Help American Vote Act in 2002, two years after Florida’s hanging-chad debacle. The law allocated nearly $4 billion for states to purchase new election equipment and make other upgrades.
Voting machine vendors like Diebold Election Systems and ES&S won lucrative contracts for their voting machines — most of them paperless touchscreen machines — and then persuaded election officials to go paperless with pollbooks, too.
Georgia and Maryland were the first to adopt their use statewide in 2006. Both states were already using Diebold voting machines statewide and purchased the company’s ExpressPoll pollbooks as well. But problems arose during their first use in the September 2006 primary in Maryland. A Johns Hopkins University computer science professor working as an election judge called them a “disaster,” and described machines failing to sync at his precinct and crashing and rebooting.
They were problematic in Georgia as well. During the presidential primary in 2008, voters waited up to 90 minutes because the pollbooks kept crashing. Diebold quit the election business in 2009, but Georgia didn’t replace its Diebold voting machines and pollbooks until this year. It now uses KnowInk pollbooks statewide.