Become a Votebeat sponsor

What a missing machine in Michigan can teach us about internal election admin threats

A QAnon sweatshirt during a Trump rally in October 2020 in New York City. (Stephanie Keith / Getty Images)

A version of this post was originally distributed in Votebeat’s weekly newsletter. Sign up here.

If you’re concerned about election security, I have some scary news: The call is coming from inside the house. At least in Adams Township, Michigan. That’s where Clerk Stephanie Scott apparently tried to abscond with election technology after spending months spreading misinformation about her township’s own voting system and flouting state election procedures, leading the state Bureau of Elections to relieve her of her duty. 

That’s right, folks, we have another Tina Peters (the Mesa County, Colorado, clerk who by the way spent this week’s elections meeting heckling the rest of the elections officials). Both Scott and Peters are far-right ideologues who believe the 2020 election was stolen from Donald Trump and that election machines are to blame. Scott, in particular, has a history of social media posts supportive of QAnon, Bridge Michigan reported.

Conspiracy-theorizing election officials stealing equipment or data and materially harming county security is not a threat vector that the election community has fully prepared for. The fact is that this internal subversion hasn’t, as far as I know, happened in modern times until now. We’ve now seen two cases of it this year alone. 

The only time I have ever seen election officials address, head on, the concept that one of their co-workers might internally set fire (figuratively, or, for that matter, literally) to the election system is when I have participated in or observed a tabletop exercise — those little war games, often hosted by federal agencies or educational institutions, that election administrators play to prepare for potential threats. While they spend a lot of time outside of these sessions talking about cybersecurity, election integrity, and chain of custody, insider threats are left to only these extreme practice rounds. And that’s a shame, because only a small percentage of this country’s election administrators have ever done a tabletop exercise. 

And it’s not because an insider threat is difficult to imagine. These types of threats are well established in the security community at large, and Hollywood’s favorite villain is the mole. But election administrators don’t like to talk about the possibility that one of their own might do something destructive. It’s uncomfortable. 

The many election administrators I’ve come to know are, generally, loyal community servants who take their roles as neutral referees seriously, even if they are a party member. While it has been relatively easy for this community to accept that technology limitations, funding issues, and external threats are serious and should be dealt with, it has been reluctant to assume malice on the part of co-workers. For example, when computer analysts began to point out the ways election workers might easily tamper with paperless DRE machines, election workers pushed back hard — it would never happen, they said. I have watched multiple screaming matches between computer scientists, eager to prove a vulnerability, and administrators who completely reject that other administrators may not be trustworthy. 

But here we are with two clear-cut examples, and it’s time to start having uncomfortable conversations. It is time to start assuming that every single person who touches an election system has ulterior motives, and to prepare accordingly. Authorities need to ensure that counties require more than one worker — preferably one of each party — to enter equipment rooms, log into vulnerable systems, and ensure that chain-of-custody procedures do not allow any person to make off with hardware or scoop code out of county systems. Sturdier security measures can’t prevent every single bad actor from getting access to systems, but officials can try their best and minimize the damage to the systems by appropriately preparing for this threat now. 

And the good news is that if any community can do this, it’s this one. The systems described above already exist for so much of the voting process — from setting up machines to certifying the count. In some states, elected officials cannot individually access equipment and underlying data, and in others more than one employee must be present when these systems are accessed at all. Election workers already work, by law, in a bipartisan fashion for most functions of their jobs — they can easily transition the security measures we have set up around ensuring the count is accurate and trustworthy to ensuring that the machinery that makes all of this go is equally trustworthy. If counties can train a Republican and a Democrat to sit next to each other, manually examining hundreds signatures, they can force two people to sign for every piece of equipment and watch each other log in to key systems.

2016 also presented a new threat model for the election community: Prior to that year, election administrators at the county level truly hadn’t given much thought to foreign interference in election systems. Now, they think about it every single day. That preparation has meant huge strides in election security over the last four years, and a far more clear-eyed group of election administrators running the show. That can happen here, too.

Back Then

Election-workers-as-threats is not a new concept in the longer arc of American history. Since voting was a thing, those who administer the vote have been known to mess with it. In Maryland, militiamen who were unhappy with the new state Constitution’s property requirements to vote in the 1700s protested and, in some parts of the state, installed their own election judges who would allow anyone they knew to vote. Residency requirements in Louisiana were enforced entirely by election judges, who had unilateral decision making powers over eligibility. In 1914 in Huerfano County, Colorado, a local election took place amid a massive worker strike at the local mining company. Local Republicans, working alongside the mining company, took advantage of the chaos by marching in foreign-born strike breakers who voted with the assistance of election judges who instructed them to mark the ballot for any candidate with an “R” next to their name. 

In Other Voting News

  • This week several election administrators testified before a U.S. Senate committee on the ongoing threats they face just for doing their jobs. “Tell the truth or your three kids will be fatally shot” was one threat received by Al Schmidt, a Republican city commissioner on the Philadelphia Board of Elections. Katie Hobbs, secretary of state in Arizona, told the senators that people had gathered outside of her office chanting, “Katie come out and play. We are watching you.” 
  • In a Politico piece this week, some in the Trump camp wonder if they might have gone too far on all this conspiracy theory stuff. And I think we can all agree that, yes, they have. “When people don’t trust elections they don’t participate, bottom line,” Ohio Secretary of State Frank LaRose told reporter Meridith McGraw. He’s right. 
  • Several Native leaders, voters, and activists testified before a U.S. Senate Committee on Indian Affairs’ oversight hearing this week. Many advocated the passage of the Native American Voting Rights Act, which you can read about here. ”Our democracy is at stake and we have a moral imperative to act to ensure that Native Americans have their voices heard in our electoral process, and combat the barriers that exist,” said Sen. Ben Ray Luján of New Mexico.
  • Kim Wyman, the Republican secretary of state in Washington since 2013, is departing the Northwest. The Biden administration has appointed her to lead DHS’s Cybersecurity and Infrastructure Security Agency’s efforts on election security. The federal government made huge strides in this space after CISA was established under the Trump administration, and hopefully having a Republican official at the helm will help bolster confidence within a party whose voters’ have shockingly little faith in the election system. Her last day as secretary of state will be Nov. 19.
  • Election conspiracies in Virginia are reaching a fever pitch ahead of next week’s election. A surrogate for GOP gubernatorial candidate Glenn Youngkin — state Sen. Amanda F. Chase — has repeatedly claimed, with no evidence, that Democrats are trying to “steal” the election and has claimed she’s uncovered evidence of illegal ballot harvesting schemes that she’s turned over to Youngkin. For his part, Youngkin says he thinks the election will be “fair” and that he hasn’t heard from Chase at all. The state’s AG has now asked Chase to put up or shut up. Poll watchers concerned about election integrity issues and who believe the election was stolen are also descending on voting locations across the state. The RNC says it has trained 3,500 people in the state. 
  • The US Postal Service has agreed to prioritize Virginia mail-in ballots ahead of other mail, following a lawsuit filed by the state Democratic Party, which claimed that election mail was significantly delayed in the state. Nearly 34 percent of Albemarle County ballots remained unscanned, though it’s not clear whether that backup would be cleared before the Nov. 2 election. 
  • New Jersey’s elections are not kicking off as robustly as the state had hoped. Unlike last year, mail-in ballots were not sent automatically to all voters, which has confused many and seems to be hampering turnout. Fewer than 1 million voters received a mail-in ballot, including only 46,000 who took the step of requesting one specifically for this election: “We’re getting a lot of calls from folks wondering where their mail-in ballots are,” said Jesse Burns, executive director of the League of Women Voters of New Jersey. “We have been telling them, if you did not apply for a ballot, you won’t get it. I thought that message had gotten out … Apparently there is some confusion about the methods of voting here.” But, at least voters have access to early in-person voting this year. However, as of Oct. 28, only 1 percent of registered voters (68,711 people statewide) have taken advantage of that option.
  • One of the two election reviews ordered by Wisconsin Republicans is now complete, identifying a small handful of minor problems — a few dozen accidentally double-counted ballots and a limited number of ballots Republicans claim were cast illegally. The report from the Legislative Audit Bureau was issued without allowing election officials to respond, which has been the historical practice. The report recommended shoring up some regulations, but statehouse Republicans acknowledged that it found no evidence of organized fraud.
  • Meanwhile, the sheriff in Racine County, Wisconsin, is accusing the Wisconsin Election Commission of violating state law in 2020 by barring poll workers from assisting those in nursing homes with ballots, a decision the WEC made given the continued coronavirus-transmission risks. The sheriff, a Republican, has asked the attorney general’s office to conduct a statewide investigation. His accusation comes after his own local investigation into a nursing home in which he says at least one resident appeared to have voted illegally, after the daughter of the woman raised concerns about her mother’s mental state. Voters who have diminished mental capacity may vote in Wisconsin unless a court order is in place, and the sheriff claims this was the case. Still, he has yet to file any charges. 

Good Idea of the Week

The Virginia Department of Elections has created a “Myth Busters” page on its website to dispel election-related rumors and misinformation. The Richmond Times Dispatch has an excellent writeup of the new page with some great quotes from state officials on what they are hoping to achieve. Chris Piper, commissioner of the Virginia Department of Elections, told the paper he was concerned about the sheer size of the misinformation circulating about the election and it is “incumbent upon us to fill in that information with the truth.”

The state also has far more time to count mail-in ballots this go-round, which Politico has explained here. Scott Konopasek, the new general registrar of Fairfax County, told Politico, “It’s going to look like a wildly different night” this Nov. 2 compared with November 2020. The ballots should be processed faster and accurate results announced earlier in the night.

The Latest

Cochise County Supervisor Peggy Judd was indicted for delaying certification in 2022. This time, a plea deal left her little choice.

A late start and a procedural mistake at ballot counting center delayed results into the early morning hours, when misinformation blooms.

After repeatedly declining to rule on the merits of challenges, the Supreme Court put its foot down with the three counties: “Comply with the prior rulings of this court.”

This time, it’s people on the left who are raising suspicions. What does that mean for the future?

How Maricopa County, Arizona — the nation’s largest swing county — prepared for the Election Day spotlight.

A few counties opted to accept ballots with missing or incorrect dates, prompting a challenge from Republicans.