The historical context for the current situation should be understood. In 2007, after years of citizen advocacy, the General Assembly passed legislation that would move the state to paper-ballot/optical-scan voting. During that process, cybersecurity and computer experts from major institutions, including Princeton University and the Brennan Center for Justice, testified about the urgent need to abandon paperless touch-screen voting and to secure computerized election tabulation systems with a paper ballot. A talented and prescient computer scientist at Johns Hopkins University had his career savaged in this process, as the full displeasure of a voting system vendor was directed at this research.
The state elections administrator, Linda H. Lamone, strongly opposed the move to paper ballots and continued to do so over the nine years that passed before they finally became available — just in time for the vulnerable 2016 election. As other states moved to secure their voting systems, senior legislative leadership consistently supported the administrator despite the findings in independent security studies and cost analyses that demonstrated that purchasing a paper ballot system would be less costly to the state and counties than maintaining the vulnerable Diebold AccuVote system.
And while the transition to paper ballots was on hold, the administrator decided to introduce another layer of insecurity to the voting system, offering online-delivered absentee ballots to all Maryland voters who requested them. Because Maryland’s voting system gives the state an especially prominent role nationally, computer scientists and cybersecurity experts warned about this new vulnerability. And, again, supported by legislative leadership, the administrator prevailed. Even when it became known that the online absentee ballot delivery system was one of two systems probed by the Russians in 2016, it was offered again in the June gubernatorial primary.
The Maryland State Board of Elections, under the leadership of its administrator, has rushed to embrace new voting technologies, relishing a national leadership role. Because the agency lacks the manpower and expertise to adequately manage and deploy these systems, layers of contractors are involved in delivering election management. Given its history of failing to anticipate where election system vulnerabilities lie or to uncover them when they exist, it would be foolish to suppose that the agency would have been capable of uncovering this latest security concern. This recent revelation, of Russian financial ties to a major election contractor, follows the discovery several weeks ago of a voter registration data transfer debacle involving the Maryland Motor Vehicle Administration.
This may only be the tip of the iceberg. Until independent cybersecurity experts are engaged to oversee the Maryland State Board of Elections’ systems, the state’s citizens will continue to finance an agency lacking in the technical expertise needed to anticipate vulnerabilities and manage the complex and critical systems that underpin our democracy. And voters will face continuing election controversies.