Maryland

Maryland Legislators Consider Limiting Electronic Absentee Ballots

Maryland legislators are considering a bill to change the way voters can get absentee ballots after a News4 I-Team investigation exposed vulnerabilities in the current system. Investigative Reporter Jodie Fleischer has what critics say has to change to make Maryland elections more secure.

Maryland legislators are considering a bill to change the way voters access absentee ballots after a News4 I-Team investigation exposed what critics say are vulnerabilities in the system.

All Maryland voters are able to request an absentee ballot online. But some security experts say the online system makes it a target for hackers intending to interfere in U.S. elections. Those experts want to limit electronic ballots to those who most need it.

"It's a small change in policy that could greatly impact the cybersecurity resiliency of Maryland's voting system," testified Netta Squires, a cybersecurity law expert who works with the University of Maryland's Center for Health and Homeland Security.

She was among several people who testified before Maryland's House Ways and Means Committee Tuesday in support of H.B. 706. None spoke against it.

Last fall, a News4 I-Team investigation found Maryland is one of only three states that allow anyone to request ballots electronically. Under the current process, elections officials email the ballot to the voter, who is required to print and mail it back.

But the I-Team found 47 other states limit access to the military, overseas voters and people with disabilities.

"That says to me things need to change," said Del. Alonzo Washington, a Democrat from Prince George’s County who is sponsoring the bill.

Local

Washington, D.C., Maryland and Virginia local news, events and information

Two teens arrested in U Street crime spree linked to man's death

Storm Team4 takes part in ‘STEM for Her' event

His measure would also largely limit online ballot delivery to the military, overseas voters, people with disabilities or those with other special circumstances. While all voters would still have access to absentee ballots, those who don't meet the standard for online delivery would have to receive their ballot in person or through the mail.

Washington said the bill was a result of a 2018 election security report. “This is a vulnerability in our elections and we need to protect our elections,” he said.

Cybersecurity experts previously presented the I-Team with several scenarios in which bad actors could exploit the system's vulnerabilities. For example, they said a hacker could obtain personal information for registered voters and request absentee ballots on their behalf, but redirect them to a fake email address to intercept them.

Another scheme could register new voters and cast ballots on their behalf. Bad actors could also send active voters a link to a fake ballot, so they would think they already voted and not show up to the polls.

George Washington University computer science professor Poorvi Vora testified that Maryland's election leaders would likely be unable to detect those sorts of schemes and urged legislators to tighten its absentee ballot process, particularly in the wake of Russian attempts to meddle in U.S. elections.

"It is grossly negligent for the state of Maryland to continue its current approach after the [Robert] Mueller indictments, which describe a Russian company carrying out all the activities necessary to perpetrate online absentee ballot fraud," Vora testified, referring to the ongoing investigation by special counsel Robert Mueller into Russian election tampering.

State Board of Elections Deputy Administrator Nikki Charlson previously told the I-Team Maryland has put in place measures to detect those types of scenarios and protect against vulnerabilities, but she could not disclose specifics for security reasons.

But Charlson acknowledged no system is foolproof. The state warns voters who use the online system that it "cannot guarantee secrecy" when marking a ballot online before printing and returning it, "nor can it protect against all risks when using the internet."

"I can tell you that we've put in place all the right things; we look for the right things," Charlson said. "But it would be irresponsible for me to say it's 100 percent secure because nobody can make that."

Legislators expanded the online ballot delivery system in 2013 in an effort to increase voter participation and make voting more accessible. Cybersecurity experts told legislators that the more voters use the system, the more it becomes a target.

Cyril Draffin, Jr., a project advisor for the Massachusetts Institute of Technology, cited the NBC4 report last fall in his testimony and warned legislators that they "may be perceived as unwilling to address election security" if they do not make changes to the law.

"Maryland's absentee ballot system appears to be the least secure state in the United States," Draffin said.

Last year, a similar bill failed to advance out of committee, but Washington said he’s hopeful it has more support this session.

Reported by Jodie Fleischer, produced by Katie Leslie, edited by Steve Jones and shot by Chester Panzer.

Exit mobile version