The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Mail voting could delay election results. But that doesn't mean it's suspect as Trump claims

Placeholder while article actions load

with Tonya Riley

President Trump and election security experts agree about one thing: A surge in mail voting means it will take longer to produce a final tally on Nov. 3.

But the president’s claims those delays mean mail voting can’t be trusted or is prone to widespread fraud are dead wrong, experts say

Rather, delays are often the result of officials taking the time to count results properly amid a slew of challenges posed by a global pandemic. 

They’re also the result of huge gaps in the personnel, machines and other infrastructure that would be necessary to count mail votes quickly — and which the federal government has done little to help fill. Congress allocated $400 million to help election officials in the early days of the pandemic but a Democratic push to deliver another $3.6 billion has been stymied by Republicans. 

The criticism also comes as states continue to struggle with a large volume of mail ballots they never imagined before the pandemic. Michigan voters reported not having received mail ballots they requested just days before today’s primary there and election officials urged voters to return mail ballots to drop boxes rather than risk relying on the Postal Service, Elise Viebeck and Kayla B. Ruble report.

We need to know with confidence who the winners are and who the losers are, and in the middle of a global pandemic that’s going to take a little longer,” Marian Schneider, president of Verified Voting and a former Pennsylvania state election official, told me. “Accuracy is more important than speed…And we can alleviate this with the proper resources.” 

Election officials and experts have found themselves caught in an asymmetric battle with Trump as November nears. 

Their careful explanations about how Postal Service delays, a dearth of high-speed scanners and the rigors of verifying absentee voters’ identities can prolong vote counting are often no match for the presidential megaphone. 

During just five minutes at a news conference yesterday, Trump declared mail voting will be “a great embarrassment to our country” and speculated about limiting such voting with an executive order. Te president has extremely limited authority over state elections.

Trump also promised a lawsuit against a Nevada plan to mail ballots directly to voters. It’s not clear whether that suit would come from the White House or the Republican National Committee, which is suing over a similar plan in California. 

Trump also urged rerunning a New York congressional primary where the result has been delayed for six weeks because of a surge in mail ballots officials weren’t remotely prepared for. And he suggested without evidence the vote was affected by fraud. A Washington Post analysis found possible voter fraud cases in states that vote primarily by mail accounted for just about one out of every 39,000 ballots cast in 2016.

Trump has repeatedly insisted that any delays in counting mail votes are unacceptable. 

Those on the other side, meanwhile, are left struggling to assure voters that just because it takes longer to count mail ballots doesn’t mean anything nefarious is going on.

“We’re not going to know the full election results on election night and there’s no reason we should,” Lawrence Norden, director of the Election Reform Program at New York University's Brennan Center for Justice, told me. “As long as the process is secure and transparent, almost everybody would agree it’s more important to have accurate results than fast results. The fact results will take longer is only ensuring they’re accurate.” 

In fact, there are four big reasons mail ballots will take longer to count.

None of them provide extra opportunities for fraud as long as the ballots themselves are kept secure along their journey. But all of them could be alleviated with more funding from Congress for personnel or machines or by legislative changes aimed at easing the process. 

Late-arriving ballots: Some states require mail votes to arrive by Election Day to be counted, but many will accept them for days or even weeks after Nov. 3 provided they’re postmarked by Election Day. A surge in mail ballots coupled with a major backlog and funding shortfalls at the U.S. Postal Service could mean large numbers of votes are still arriving long after the election. 

Identity verification: States have an array of methods to verify voters are who they say they are, including matching signatures on privacy envelopes holding the ballot with other signatures on record and using smart bar codes voters can also use to track ballots. Those verification processes take time and money, both of which are in short supply. Many states also allow candidates to challenge ballots’ validity, which can be difficult and time consuming, especially during the pandemic. Some states are also barred from beginning this process until Election Day or several days before, which can delay things further. 

Sorting ballots: This step involves ensuring ballots are organized so they're scanned by machines programmed to capture votes for all the right contests, including local races for city council and school board. It can be an onerous process if voting districts don’t have high-powered sorting machines or enough staff. In some smaller jurisdictions, that sorting will have to be done manually. Some states are also legally barred from doing this before Election Day. 

Scanning ballots: This is the final step in the process. It can take a long time — especially if election offices only have access to polling place scanners accustomed to handling a few ballots a minute versus high-speed scanners capable of reading tens or hundreds of thousands of mail ballots. In some small jurisdictions, officials don’t have any scanners and must count mail ballots by hand. And states are often barred from scanning any votes before Election Day. A study released yesterday by Verified Voting found most jurisdictions could handle this process — if they have sufficient time and resources. 

These processes are roughly similar across the nation — though some states and localities have a lot more experience and better tools than others.  

The president has repeatedly drawn a distinction between “absentee voting," which he considers good, and “universal mail voting,” which he considers bad. But that distinction is misleading if not outright false. 

“Absentee ballots are great," he said during yesterday's news conference. “They have to request them. They go through a process. But the universal mail-in ballots have turned out to be a disaster.” Trump also praised the absentee voting system in Florida, where he voted by mail himself this year. 

In fact, there are no states where 100 percent of people vote by mail. In the five states where the vast majority of people vote by mail, officials have gone to great lengths to regularly verify voters' identity and are voting from known addresses. 

California, Vermont and Nevada have announced plans to mail ballots to all registered voters this year. But many states where the president has attacked mail voting, such as Michigan, are still requiring voters to request mail ballots and go through a separate verification process. 

And the states likely to face the longest delays in counting mail ballots are those that have historically avoided the practice rather than those that have embraced it

New York, which struggled with mail voting during the primaries, for example, traditionally requires an excuse for people to vote by mail and only 4 percent of voters cast ballots that way in the 2018 midterms, according to a tally from NYU's Brennan Center for Justice. In Florida, 31 percent of voters cast ballots by mail that year. 

The keys

Trump wants the government to get a cut if Microsoft buys TikTok.

The White House has set a Sept. 15 deadline for Microsoft or another U.S. company to acquire TikTok's U.S. assets from Chinese parent company ByteDance. Trump said he will ban the company for posing a national security threat if no sale occurs by then.

Whether it's Microsoft or somebody elsethe United States couldshould get a very large percentage of that price because we're making it possible, Trump told reporters. We make it possible to have this great success. TikTok is a tremendous success.

It would be highly unusual for the government to get a large payout when one private company acquires another. Trump did not clarify which party in the deal was expected to pay.

“Whatever the number is, it would come from the sale,” the president said. “Which nobody else would be thinking about but me. But that’s the way I think.”

Trump's order for ByteDance to sell off TikTok's U.S. operations follows a Treasury Department-led review into national security concerns. Lawyers familiar with the review process told The Post that Treasury typically collects a small fee from companies for the review. 

A Treasury Department representative did not immediately respond to a request for comment. A White House spokesman also did not immediately return a request for an explanation.

Republicans want a classified briefing on the dangers of other Chinese apps. 

The lawmakers cited possible national security concerns from facial recognition company DeepCam and subsidiaries of China's TCL, which they say develop and offer apps with spyware and malware designed to harvest user data and send it back to China.

“While we remain deeply concerned with TikTok, such concerns extend beyond the popular short-form video app, House Minority Whip Steve Scalise (R-La.), Energy and Commerce Committee ranking Republican Greg Walden (Ore.) and Rep. Cathy McMorris Rodgers (R-Wash.) wrote in a letter to Secretary of State Mike Pompeo

Trump plans to act soon on a broad array of national security concerns about Chinese software, Pompeo told Fox News Sunday.

Trump's threat of banning TikTok has sparked nationalist outrage in China

“Stop politicizing economic and trade issues, stop abusing the concept of national security and stop pursuing policies of discrimination and exclusion,” Chinese Foreign Ministry spokesman Wang Wenbin said at a regular briefing, the Wall Street Journal reports.

Chat room

Trump's unusual proposal for the government to profit off the TikTok deal has sparked confusion and criticism.

The Verge's Adi Robertson:

Marketplace's Molly Wood:

It's possible Trump will seek another deal:

Global Cyberspace

Russian hackers probably were behind a document leak aimed at influencing the 2019 U.K. election.  

The Kremlin was already widely suspected of leaking those documents about U.S.-U.K. trade negotiations, but it wasn’t clear how they got them. The hackers accessed an email account of former trade minister Liam Fox multiple times between July and October of last year, Jack Stubbs and Guy Faulconbridge at Reuters report

Sources declined to name which group was behind the attack but said it seemed like a Kremlin-backed operation. British Foreign Minister Dominic Raab stated last month that Russian actors were behind amplifying the stolen government documents. Reuters could not determine which one of Fox's accounts had been compromised. 

Russia has repeatedly denied allegations of election interference by the United States, Britain and other countries. The Russian government also attempted to sway a referendum on Scottish independence in 2014 and a 2016 vote on leaving the European Union, a British Parliament report concluded last month. Representatives for Fox declined to comment. A spokeswoman for the British government also declined to comment, citing the ongoing criminal investigation.

Hackers targeted members of the political opposition and religious leaders in Togo using NSO spyware.

It's the latest case of the Israeli spyware company's software being used against human rights activists and dissidents, according to a new report from Internet rights watchdog Citizen Lab, Lorenzo Franceschi-Bicchierai at Motherboard reports

The Togolese targets were four of nearly 1,400 WhatsApp users whose accounts were breached by governments using NSO software. WhatsApp owner Facebook is suing NSO Group for facilitating the hacks.

Citizen Lab could not conclusively attribute the spying to the Togo government, but evidence suggests the hacking software was used by security forces in the country. 

NSO Group says it only sells its tools to help governments fight crime and terrorism. “As we have also made clear before, we are not privy to who our authorized and verified sovereign government clients target using our technology, though they are contractually obliged to only do so against terrorists and criminals,” NSO told Motherboard in a statement.

More international cybersecurity news:

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns (CyberScoop)

Hill happenings

Intel officials will brief the Senate on foreign efforts to influence the election this week. 

The House held classified briefings on the same topic last week, Craig Caplan at C-SPAN reports

More Hill news:

House Republicans introduce legislation to give states $400 million for elections (The Hill)

Industry report

Twitter could face a fine of up to $250 million from the FTC for misusing personal user data.

Twitter disclosed the potential loss in an SEC filing, Salvador Rodriquez at CNBC reports. The Federal Trade Commission's complaint related to the company targeting ads with data from users'  phone numbers and email addresses provided for security purposes. Twitter ended the practice in September, calling the use of the data “inadvertent.”

The FTC says the practice violated a  2011 agreement barring the company from misleading consumers about its privacy practices. 

The new filing also notes a recent hack of 130 high-profile accounts including those of Joe Biden and Barack Obama could “impact the market perception of the effectiveness of our security measures." It notes "people may lose trust and confidence in us, decrease the use of our products and services or stop using our products and services in their entirety.”

More industry news:

Zoom ends sales to customers in China (The Hill)

Cyber Chiefs Watch Their People for Burnout as Pandemic Rolls On (Wall Street Journal)


  • Black Hat will take place virtually through Thursday.
  • The House Homeland Security Committee will hold a hearing “Secure, Safe, and Auditable: Protecting the Integrity of the 2020 Elections” today at 10 a.m.
  • The Senate Armed Services Committee will hold a hearing to examine the findings of the Cyberspace Solarium Commission today at 2:30 p.m.
  • The Senate Energy and Natural Resources Committee will hold a hearing to examine federal and industry efforts to improve cybersecurity in the energy section Wednesday at 10 a.m.
  • DEF CON will take place virtually August 5-8.

Secure log off

A TikTok explainer on TikTok: