INDIANAPOLIS – Legislators plan to tighten Indiana’s election security another notch ahead of next year’s elections. A government watchdog group says they should go farther:
Senate Elections Chairman Greg Walker (R-Columbus) says he expects a bill to require more training for election workers to keep them from inadvertently opening voting machines to hackers by clicking on the wrong email or Internet link. Secretary of State Connie Lawson has already been conducting cybersecurity training for state election workers. And an election security training academy at Ball State graduated its first class of county election workers this summer.
But Common Cause policy director Julia Vaughn says there needs to be more focus on making sure vote totals can be verified. 34 counties use optical-scan ballots, like the sheet you took your S-A-T on. Four more are debuting an add-on this year that prints a paper copy of your vote. The state is also piloting a “risk-limiting audit” where election officials review a sampling of ballots to confirm the totals make sense. But Vaughn says that still leaves 54 counties where vote tallies go straight to the hard drive. She says that’s not only a target for hackers, but makes an audit impossible.
About 60 people attended a Common Cause-hosted workshop on the state of election security in Indiana.
Walker notes the federal government approved grants to replace older voting machines after the controversy over punch cards in the 2000 election. He says the state shouldn’t spend millions on new machines only to see Washington pick up the tab for other states. Vaughn argues the 2020 election is too important to wait, with elections for president, governor, and both houses of the General Assembly.
Walker says the variation in voting systems from one county to the next is itself a protection against hackers, and notes Indiana’s voting machines aren’t connected to the Internet. Democratic election attorney William Groth says that prevents many attacks, but says tech researchers have argued some machines are vulnerable from the moment they leave the factory, because they carry pre-installed software allowing technicians remote access in case of a problem.