Election lessons from Michigan
Election security expert J. Alex Halderman dissects Antrim County’s election debacle to help future contests go more smoothly.
Misreported election results in a rural northern Michigan county drew national attention on Election night 2020 and led to the release of a false report claiming that the county’s Dominion Voting Systems equipment had deliberately introduced errors.
Election security expert and University of Michigan computer science and engineering professor J. Alex Halderman examined the incident in a report commissioned by The Michigan Secretary of State and the Department of Attorney General. He believes that the incident holds lessons for election authorities in Michigan and beyond—including the 27 other states that use Dominion Voting Systems equipment.
What happened in Antrim County on election night
On Election Night 2020, Antrim County, Michigan published inaccurate unofficial results, misstating totals by as many as several thousand votes in a county with fewer than 22,000 registered voters. Over the next three weeks, the county restated its results four times to correct the errors.
Halderman’s report found that the misstated results were caused by a series of human errors, largely due to last-minute changes to the ballot. Antrim County’s presidential election results have since been confirmed by examining its paper ballots in a county-wide hand count and further affirmed by a statewide risk-limiting audit.
“Some of these human errors would have been harmless individually, but their combined effects undermined safeguards that should have ensured accuracy,” Halderman wrote in the report. “Their number speaks to the extreme pressures that election workers faced last year, in the midst of a global pandemic and a bitterly contested presidential contest.”
Key recommendations for future elections
Halderman’s report again verifies the election results, details the causes of the errors and debunks false claims of deliberate fraud. It also contains 20 recommendations that could help election authorities avoid a similar incident in the future. They include:
Expand the use of risk-limiting audits
A risk-limiting audit is a transparent and observable public process that confirms the reported outcome by having people inspect randomly selected paper ballots. It’s a highly accurate way to verify the results of an election that takes much less time and effort than a full recount. Michigan is one of a handful of states that have launched risk-limiting audit pilot programs. In the 2020 election, Michigan’s statewide risk-limiting audit showed that election results were consistently accurate across the state, and across multiple voting methods and voting machine vendors.
Require end-to-end tests of voting systems before an election
End-to-end testing is essentially a dry run of the voting process, from voting to final results. It is recommended but not required by the Michigan Bureau of Elections, and it was not conducted by most Antrim County precincts in the 2020 election. It could have detected some of the issues that led to incorrectly reported results.
Repeat logic and accuracy testing after changes to election definitions or ballot designs
Logic and accuracy testing ensures that the voting equipment accurately reflects the election being held, that all voting positions can be voted for the maximum number of eligible candidates and that results are accurately tabulated and reported. In Antrim County, this testing was performed initially, but it was not repeated after last-minute changes were made to ballots.
Require canvassers to compare results to poll tapes
Poll tapes are printed vote totals produced by voting equipment, which are certified by poll workers and displayed publicly. Michigan requires canvassers to compare reported results to poll tapes to make sure they match, but some other states do not. Implementing this requirement nationwide would provide another safeguard against error or fraud.
Have a plan in place for when absentee voters return outdated ballots
Because of last-minute ballot changes, the ballots returned by many Antrim County absentee voters were outdated, and there was no process in place for how to handle them. Advance planning could help prevent counting errors, in Antrim County and elsewhere.
Don’t transmit voting results over the internet or over wireless modems
Some voting machines, including the Dominion machines used in Antrim County, allow voting results to be transmitted over the internet or over other external networks, leaving them vulnerable to hacking. Halderman’s report advises that results should not be transmitted over the internet or wireless connections. The Michigan Election Security Advisory Commission already recommends against wireless transmission; some Michigan jurisdictions still use wireless transmission, though Antrim County does not.
Ensure the physical security of voting equipment
Many electronic voting systems, including the Dominion system used in Antrim County, have relatively weak authentication and access control mechanisms, leaving them vulnerable to attackers who have physical access to equipment. While Halderman’s report found no evidence that this type of attack took place in Antrim County, a formal process to secure the equipment would help mitigate this vulnerability.
Enable disk encryption on election management systems
Unencrypted hard drives can enable an attacker with physical access to the computer to bypass account passwords, install malicious software and read or change data arbitrarily. So even when physical access to voting equipment is tightly controlled, it’s important to provide an additional layer of defense by enabling disk encryption.
Tweaks to Dominion Voting Systems
Halderman also recommended a series of software and documentation tweaks to the Dominion election management system and recommended that other voting system vendors review their equipment to determine whether they’re vulnerable to similar errors.