Give Now

We must close the loophole that allows law enforcement to buy our personal data without a warrant.

Press Release

At Least 15 States Do Not Have Adequate Election Security Laws

With Election Day just over a week behind us, The Constitution Project at POGO has released a landmark report on election security, featured at an all-day summit of government oversight practitioners in Washington.

With Election Day just over a week behind us, The Constitution Project at the Project On Government Oversight (POGO) has released a landmark report on election security, featured at an all-day summit of government oversight practitioners in Washington.

The report considers a dire scenario: If a malicious hack compromised voter registration databases on the eve of an election, how could states respond?

The report closely examines the provisional ballot laws in 29 states, finding that at least 15 states’ provisional ballot laws would be inoperative in such a scenario—meaning, voters would not be able to successfully cast provisional ballots if their registration data is deleted or otherwise compromised by a malicious hack.

Tampering with registration databases can pose as great a danger of swinging an election’s outcome as targeting voting machines themselves. Select removal of several thousand individuals who reliably vote for one party from registration rolls in a single state could alter the outcome of Congressional races, or even a presidential election. Mass deletion of registration data could paralyze an election entirely.

For most states, only the weak safety net of provisional ballots would serve as a backup if the worst should occur. But due to significant legal and logistical limits, many states would be unable to turn to provisional ballots as a contingency plan if a malicious hack compromised registration databases.

The report recommends that states develop effective database backups with features such as access limits and auditing systems recommended by security experts. Moreover, states should clarify in their provisional ballot laws that inability to confirm registered status does not invalidate provisional votes.

Finally, the report recommends that Congress should update the Help America Vote Act of 2002, which required states to create provisional ballot systems, to ensure that a cyberattack on registration databases would not prevent provisional ballots from being counted.

Jake Laperruque, senior counsel for The Constitution Project at POGO and the author of the report, stated:

Securing our elections is paramount to ensuring the integrity of our democracy. If Americans cannot trust that our democratic system is functional, the validity of election results and the policies that stem from them will be dramatically degraded. All states should not only secure their registration databases, but also maintain contingency plans—including the capability to use provisional ballots on a large scale—to respond to the threat of a database compromise.