Despite assurances from the U.S. intelligence community that Russian hacking only influenced the 2016 U.S. election—and didn’t change vote tallies—there was never actually a formal federal audit of those systems, the Department of Homeland Security said.
And while DHS offered free security scans to any state that wanted them, many states—even ones that took up the DHS offer, like Michigan and Maine—either use audit procedures that are considered inadequate or don’t audit their election results at all.
“I think there’s a presumption amongst both the general public and lawmakers that DHS did some sort of investigation,” said Susan Greenhalgh, who serves as Elections Specialist at Verified Voting, a nonprofit devoted to U.S. election integrity.
“It didn’t happen. That doesn’t mean that something happened, but it also means it wasn’t investigated.”
The January report from the Director of National Intelligence, an unprecedented public document of declassified intelligence that serves as the authoritative public U.S. stance on Russia’s role in the election, indicates an assurance neither Russia nor anyone else tampered with vote tallying systems.
“DHS assesses that the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying,” it said.
But DHS’s role in state, county, and local voting systems, a spokesperson admitted to the Daily Beast, was limited.
“No. In the months leading up to the election, DHS made its cybersecurity services available to state, county and local officials,” a spokesperson said when asked if the agency conducted a federal audit—DHS didn’t verify vote counts or vote tabulation systems.
DHS' assessment in the Russia report “is a very carefully parsed sentence,” Greenhalgh said. “It doesn’t say ‘we observed everything’ or even ‘we observed vote tallying systems ourselves.’”
Only about half of states, according Verified Voting, actually use what’s called a voter-verified paper audit trail, a system in which voters get a paper receipt confirming their choice. That’s essential for a state to conduct a statistically significant audit that’s guaranteed to be independent from the many possible errors that can come from electronic voting machines, Greenhalgh said.
Some states with election results that surprised pollsters, like Ohio, take significant security precautions, like keeping all tabulation systems offline and using the DHS’s offer to scan, and then audit a sample of paper results by hand.
But others aren’t as cautious. Georgia, for instance, where the special election between Democrat Jon Ossoff and Republican Karen Handel has become the most expensive House race in history, conducts no vote audit and relies on electronic voting machine manufactured by a company that no longer exists.
The state also chose—along with 16 others, according to former DHS Secretary Jeh Johnson’s prepared remarks—to refuse the department’s offer to probe for vulnerabilities. Secretary of State Brian Kemp claims Johnson’s DHS had, before the election, illegally scanned Georgia systems, a step it considers gross overreach. DHS, for its part, denies this, and says the activity appears to be that of a federal employee who was scraping unrelated data from the Georgia Secretary of State site.
While there is no known evidence of foreign attempts to change a U.S. vote count, intelligence officials have repeatedly warned the public that Russia’s success in 2016 will encourage it to go even further in the future. Hackers believed to be tied to the Russian government have previously attempted to change presidential election results in Ukraine.
The question remains, however, whether the U.S. will take serious steps to create a more comprehensive federal effort to prevent vote hacking.
“I do think we should be doing a post-election audit nationwide,” said Larry Norden, Deputy Director of the Democracy Program at New York University Law School’s Brennan Center, which analyzes voting security. “Congress has a role to play in making sure that federal elections have integrity and can be trusted and are secure. They should be doing way more than they’re doing now.”
Both the House and Senate Intelligence Committees are hearing from vote security experts on Wednesday. A congressional effort to make vote security a federal responsibility will likely receive “real pushback from the states, and that’s a very powerful force,” Norden warned.