CHHS Shares Expertise as Maryland General Assembly Takes Another Look at Election Cybersecurity

This week, cybersecurity experts from the University of Maryland Center for Health and Homeland Security (CHHS) provided their opinions about legislation up for debate in the Maryland General Assembly. The bill, cross-filed as HB 706 and SB 919 – “Absentee Ballot Requests, Delivery, and Marking”, would address widespread security concerns by enacting a practical limit on the population of voters who can request absentee ballots receive them electronically. Currently, Maryland allows all registered voters to request an absentee ballot online and then have their ballot emailed to them. While convenient for many voters, this method is an easy target for fraud committed using a man-in-the-middle attack. The bills under consideration would dramatically limit this vulnerability by requiring voters apply to qualify for an e-mailed ballot by either showing that they qualify under the federal laws such as the Americans with Disabilities Act or Uniformed and Overseas Citizens Absentee Voting Act, or showing that they would otherwise be unable to vote.

CHHS Founder & Director Michael Greenberger and Senior Law & Policy Analyst Netta Squires were invited to provide written and oral testimony, respectively, for members of the House of Delegates who are considering a vote on the bill. In a packed hearing room, the Committee on Ways and Means listened to comments on the proposals intended to improve election integrity by addressing issues with absentee ballot rules. Absentee ballots are regarded as a particularly vulnerable part of any election system, as was highlighted by the revelations in the latest North Carolina election.

After reports of irregularities in absentee ballots raised enough questions in a close vote tally, the State Board of Elections decided to not certify a winner in the Congressional Representative race in the 9^th District. Following months of investigations, the State Board of Elections announced that there will be a new election later this year. Leslie McCrae Dowless, hired by candidate Mark Harris’s campaign to manage get-out-the-vote operations, allegedly took advantage of absentee ballot rules to cast hundreds of votes illegally in favor of his candidate. In February, Dowless was indicted by the local district attorney’s office for violating state laws by illegally possessing and submitting absentee ballots in the spring of 2018.

Election security has been a major issue around the world since at least 2016, when the public became aware of Russian interference attacks on multiple fronts. Maryland itself has had its State Board of Elections system probed by Russian government agents in recent years. While the Department of Homeland Security (DHS) and US intelligence community have fortified defenses against foreign interference, the fact is that most control of election security and laws rests in the hands of states and localities. As Netta Squires explained in her testimony, “The responsibility of making the election system more secure falls not only on DHS but also on officials in all levels of government.”

Legislation similar to HB 706/SB 919 has come to the General Assembly before, but did not move out of committee. One concern was that the proposed restrictions were too limiting and that some voters who are honestly dependent on absentee ballots would be disenfranchised. Netta Squires commented that the 2019 version of the bill adds language that broadens the population of voters who can benefit from online voting, without becoming unnecessarily broad. This is an improvement over the previous versions, as it balances concerns of exposing online voting to low-tech hacking threats with possibly leaving out voters who need absentee and online voting to have their voice heard.