Stop the Nonsense About “Counterfeit” By-Mail Ballots – Here are the Facts
The baseless claims that the President of the United States and the U.S. Attorney General have recently made about the possibility of foreign countries interfering with the November election by creating "counterfeit" by-mail ballots are gaining lots of attention, and with good reason. These assertions need to be thoroughly clarified and corrected, because they are not based on facts.
In this article, we dig more deeply into the details of by-mail voting operations, as well as the technical features associated with creating and printing ballots. Through a series of Frequently Asked Questions (FAQs), we show that "counterfeit" by-mail ballots can't be simply "dropped into" an election, willy-nilly, as some inflammatory assertions would have you believe.
The facts are that outbound mailing of blank ballots, inbound return of voted ballots, and scanning and tabulation are all tightly controlled. More specifically:
Blank ballots are not simply sent out “en masse,” without controls
By-mail voting depends on well-vetted records to determine voter eligibility, just like in-person voting
Returned ballots undergo a rigorous verification process, to ensure that they are valid; and
Technical features of ballots make it difficult for a bad actor to copy them without detection —sort of similar to counterfeiting money, but not as complicated; yet, still difficult and so far, without the same level of criminal liability.
Is by-mail voting a coming “tidal wave”?
Answer: No. Despite what some would have you believe, there are no realistic efforts to impose “nationwide” by-mail voting for November, in the sense that millions of ballots would be proactively sent to people everywhere. In fact, the U.S. doesn't have a uniform national election system; instead, in accordance with the Tenth Amendment, each individual state decides how to administer its own elections, so it’s up to each state to decide whether to offer by-mail voting, and exactly how it will be implemented (because there are different ways of doing it, as we’ll see below).
Doesn’t by-mail voting favor one party over another?
Answer: No. Despite what the President says, by-mail voting has broad bipartisan support, and it is not “new.” In fact, for many years, every single state has had provisions to offer by-mail ballots to certain voters instead of voting in-person, and by-mail voting has been successfully used for military and overseas voters for decades.
Furthermore, to protect public health in response to the COVID-19 pandemic, Republican and Democratic states alike have greatly expanded access to by-mail voting. The trend is strongly bipartisan. The OSET Institute’s most recent research found that during the COVID-19 pandemic, 46 of 50 states are currently offering some form of by-mail voting to all voters; of those, 24 have Democratic governors, and 22 have Republican governors. Furthermore, recent research from Stanford University found that by-mail voting is neutral in its partisan effects, in terms of both turnout and outcomes.
With by-mail voting, isn’t there mass mailing of ballots to all manner of people?
Answer: No. With by-mail voting, the issuance of blank ballots is highly controlled. By-mail voting issues blank ballots only to registered voters, just like in-person voting. More specifically, election officials match voter registration records to individual blank ballots before any are sent through the U.S. Postal Service (USPS). And, when voters return marked ballots to the elections office, there are strict verification protocols in place (see below for details).
With by-mail voting, don’t all voters get a blank ballot?
Answer: No. Only 5 all-mail states (CO, HI, OR, WA, UT) proactively send blank ballots to all registered voters. During COVID-19, the vast majority of states are requiring voters to submit an absentee ballot request before the elections office will issue a blank ballot to the voter (and the request and the voter registration record are, of course, tracked by the elections office).
With by-mail voting, states continue to implement all of their state-specific rules to determine eligibility and to maintain integrity, including the need for IDs, signatures (under penalty of felony crime), and other forms of voter qualification. In short, elections offices know exactly who is issued a blank ballot, and how many ballots the office can expect to receive in return.
As a result, since every single ballot issued is tied to a specific voter registration record, for a malicious third party to "counterfeit" a ballot, they would need to know personal voter information, to “mimic” the real voter – and they would also need to return the voted counterfeit ballot at exactly the right time, (i.e., before the real voter – assuming that the bad actor could somehow know or verify that that individual voter had indeed requested a ballot, or was supposed to receive one). But that’s just the beginning. Keep reading…
Can't someone simply recreate the ballot? Isn't it just a bunch of titles, names & ovals?
Answer: No. For a long list of reasons associated with the complexity of election data, voting system software, and printing specifications, creating a counterfeit ballot that evades detection is difficult. [1]
First of all, to be accepted as a valid ballot by voting system scanners, ballots must be created with specialized software from the voting system; only that software can create a properly-formatted layout that the voting system will accept.
More specifically, for a ballot to be accepted by the voting system as valid, a counterfeiter would need to know all of the following technical specifications:
Codes that uniquely identify the specific election
Precinct codes associated with sub-units of the election jurisdiction
Specific election content
A variety of additional validation information, such as “checksums,” which are typically encoded in barcodes
In other words, when ballots are scanned, the voting system will only recognize ballots that were programmed from the voting system itself, through the use of specialized software that is secured in the elections back-office, as part of the “election management system.” Some of the validation that the scanners are looking for isn't even human-readable; sometimes, it's invisible to the eye, in a barcode; or it may be a handful of numbers, devoid of context or meaning to the casual observer.
And finally, another reason that it’s hard for a bad actor to counterfeit ballots is because of different “ballot styles.” In other words, in a given election, not all voters have ballots that look the same, due to cross-cutting Federal, State, and other district boundaries (which vary by address). As a result, an election could have dozens, hundreds, or even thousands of distinct ballot styles, each of which must be validated by the voting system software -- and a bad actor would need to get them exactly right.
What's so hard about printing a bunch of ballots? Isn't it like using a copier?
Answer: Again, No. Ballots must be printed to exacting specifications in order to be accepted by voting system scanners. It’s not like making copies on office-grade photocopy paper. In addition to all of the election data and ballot logic that a bad actor would need to get right (see above), ballots and scanners require:
specific paper weights;
exact margins;
exact image sizes; and
exact placement of option boxes or ovals.
If any of those printing specifications are incorrect, the scanner will reject the ballot, thereby alerting election officials of any ballots that require further investigation.
What's to prevent a counterfeit ballot sent to the elections office from being accepted?
Answer: Assuming a bad actor could jump through all the difficult technical and printing hoops we’ve described above to make a “fake” or counterfeit ballot, when it's received at the elections office, the envelope containing the ballot in its own secrecy envelope is validated with a barcode uniquely tied to a voter registration record.
So, every incoming piece of mail is being checked for three things:
Does it have a barcode in the specific format that the elections office uses?
Does the barcode on the envelope link to a valid voter registration record; and
Was a ballot actually mailed to that voter?
What's to prevent someone from returning a ballot that is intended for a different eligible voter?
Answer: Voter’s Signature. Ballots inside returned envelopes aren't accepted for counting until the voter's signature on the outer envelope is validated by authorized people - usually bipartisan teams.
Signature verification is a critical part of ensuring that only valid ballots from eligible voters get counted. In fact, some larger jurisdictions even train their elections staff and bipartisan teams on handwriting analysis from forensic experts associated with the FBI, for example.
If a ballot return envelope is missing a signature, or if the signature does not appear to match the one on file, some states have a process to address or “cure” these discrepancies by notifying the voter on the address of record there is a concern about the signature and allowing them to provide their signature again – but sadly, many states do not offer such an option to voters. Signature curing (where offered) ensures ballots from eligible voters can be counted – and conversely, since a bad actor would be unlikely to respond to inquiries about signature discrepancies, counterfeit ballots would be rejected, and never counted.
Note: As I mentioned above, not all states enable a voter to "cure" a signature mismatch; some states simply perform a “signature reject” and they may not even notify a voter to let them know their ballot was rejected.
It’s a source of concern that not all states currently require signature verification. Applicable policies or laws should be carefully assessed before November.
Review
To summarize, all of the following aspects of by-mail voting have a host of security protocols and safeguards:
Outbound mailing of blank ballots
Inbound validation of voted ballots
Processing and scanning of voted ballots
Here are the details...
The outbound issuance of blank ballots is controlled:
Ballots are not sent “en masse”
Ballots are not sent to “just anyone”
Ballots are usually not sent proactively
Ballots are tied to validated records of eligible voters
If a returned ballot cannot be associated with an eligible voter, it's investigated.
The inbound validation of returned ballots is controlled:
Returned envelopes are barcoded in a specific format
Returned envelopes are verified against voter registration records
Returned ballots are verified against records of ballots mailed
Returned envelopes are typically verified by comparing signatures to those on file
If a returned ballot fails any of these, it's investigated.
The processing and scanning of marked ballots is controlled:
Ballots must meet all technical specifications of voting system software
Ballots must meet conform with all data logic contained in the specific election definition
Ballots must meet all printing specifications
If a returned ballot fails any of these, it will be rejected by the scanner.
And last but not least, please do not listen to, read, or take as truth the inflammatory talk or content about "fraud" associated with by-mail voting. It's just talk, and the facts say otherwise. Documented rates of fraud associated with by-mail voting are incredibly small.
Conclusion
I hope this primer puts to rest some of the irresponsible claims that have been made about the security of by-mail voting. By-mail voting will be an essential part of protecting public health and democracy during the November 2020 General Election, along with a proper balance of in-person voting locations for those who want or need to vote that way.
So let’s stick with the facts; secure the much-needed funding from Congress to support smooth and safe elections; and take our time methodically and accurately counting the votes after November 3 (because we almost certainly won’t have clear answers the next morning).
We need to protect voters, poll workers, and election officials. And we need to protect our national security, even in the most challenging times. That’s democracy.
Footnote
As a matter of intellectual honesty for the election technology geeks among us, we feel obliged to offer some nuances about the notion of “counterfeiting.” First, there is little doubt that a foreign state actor with unlimited resources might have the wherewithal to make an attempt to create counterfeit ballots. Second, while it would be difficult, we caveat that that even if a ballot could somehow be fraudulently created, it remains unlikely it would be counted. And therefore, we offer some nuance:
It's hard to counterfeit a pre-printed optical scan ballot with a matching return envelope, although given the right tools and access to a legitimate ballot + return envelope, not impossible to duplicate. It's also conceivable to mail it back in a plain envelope, along with an affidavit document including a signature that (of course) would not match – and the very presence of a non-standard envelope would likely raise eyebrows.
Although such cases would not result in a fraudulently counted ballot, they might be effective as a “disruption attack” in an attempt to discredit the process, or create a lot of extra work for election officials (i.e., create confusion or doubt). We discuss “disruption attacks” in the latest edition of our Critical Democracy Infrastructure Briefing.
It's also not all that difficult to commit a felony by creating a “Federal Write-In Absentee Ballot” (“FWAB”) sent in an ordinary envelope. You see, election officials are required to process all such that they receive, although, again, they are only valid for voters that qualify to use them (i.e., UOCAVA, which is a small number of voters), and would only be counted if somehow the signature matched, or in a state that doesn't do signature matching.
So, the engineers among us here are obliged to note the more nuanced point that while it is very hard to counterfeit a ballot and have it counted, technically speaking, the counterfeiting itself is not completely impossible.