Florida is a failure when it comes to election security, according to a new report announced Monday.
But it’s being challenged as misleading by local and state election officials.
In giving Florida an “F” grade, the report from the liberal Center for American Progress (CAP) cited several factors, including voting machines that don’t provide a paper trail and the lack of a robust system to audit election outcomes.
CAP examined security in voting systems for all 50 U.S. states, finding most election systems remain vulnerable to hacking and other interference by foreign governments bent on disrupting the election process.
Florida is one of only five states to get an F grade. No state received an A.
Florida was among 21 states targeted by Russia-based hackers during the presidential election, according to the Department of Homeland Security. The attempt was unsuccessful, according to the Florida Department of State.
“This report should spur demand across the country for urgent steps needed to defend America’s election security against another attempt by a foreign nation to disrupt our elections,” said Danielle Root, the report’s lead author. “While vulnerabilities in the election infrastructure still exist, it’s encouraging to see some states taking steps to better protect their elections.”
The CAP report says it’s problematic that audits are conducted in Florida after an election has been certified. Audits are not bound to election outcomes, “even if they are found to be erroneous.”
The report also maintains that the state’s ballot accounting and reconciliation procedures need improvement. The report credits supervisors of elections who carry out logic and accuracy tests on all voting machines leading up to elections.
CAP recommends that Florida lawmakers should require all voting machines be tested to the EAC Voluntary Voting System Guidelines before being purchased and used in the state. It also recommends that county officials should be required to compare and reconcile precinct totals with composite results to confirm that they add up to the correct number.
A spokesperson for the Hillsborough County Supervisor of Elections said the report is riddled with inaccuracies.
“While state law doesn’t require voting machines to be tested to EAC standards, we can only use equipment certified by the state, and the state’s certification is much stricter than EAC’s,” Gerri Kramer told Florida Politics in an email.
Kramer also said that the Hillsborough office does ballot accounting and reconciliation in a totally transparent manner, “posting election results on the doors of all polling places on Election Day, making voter registration records including voting history public, and including precinct-level results in our election reporting.”
On how the state is working to prevent cyber hacking, the report’s authors note that state election officials refused to provide any information about whether they share that with local supervisors of elections offices. This means that they were unable to learn if the state’s voter registration system has logging capabilities to track modifications to the database.
Nor are they aware whether the state’s voter registration system includes an intrusion detection system to monitor incoming and outgoing traffic for irregularities.
Even if Florida adheres to all of the minimum cybersecurity best practices for voter registration systems, the authors suggest the state’s overall grade would not change, given the point distribution in the other categories.
“The Department of State was notified by the Department of Homeland Security today that Florida was unsuccessfully targeted by hackers last year. This attempt was not in any way successful and Florida’s online elections databases and voting systems remained secure,” the Department of State told the Miami Herald last September. “Ensuring the security and integrity of Florida’s elections remains our top priority.”
Citing security concerns, Gov. Rick Scott asked the Legislature to approve nearly $2.4 million this year for cybersecurity efforts designed to protect election-related software and systems from outside hackers.
Kramer insists Hillsborough conducts ongoing cybersecurity training with all employees.
“For security purposes, we don’t talk about many of our processes to ensure cybersecurity,” Kramer writes. “But I will say again that this report is very misleading and doesn’t reflect Hillsborough County, or Florida’s, focus on providing safe and secure elections.”
A spokesman for the Florida Secretary of State’s office, Mark Ard, responded to the report late on Monday.
“This report is misleading,” Ard wrote in an email. “Florida was unable to participate in their study because it is against Florida Law (Section 282.318, F.S.) for the Department to provide much of the information requested by the Center for American Progress. It’s ironic that because we kept protected information secure, we earned a failing grade.
“Our elections and voting systems are secure. DOS will continue to work with all stakeholders to keep this important process safe and protected.”