Nothing ‘Authentix’ About It
The Washington Post ran an article recently about a legislative initiative surfacing in at least four states by Republican lawmakers to make ballots as hard to counterfeit as currency or passports. It’s a solution in search of a problem that its supporters don’t understand—for example, Mark Finchem, an Arizona state representative (also running for AZ Secretary of State) who is co-sponsoring one such waste of taxpayers’ dollars. Finchem has a penchant for interesting ideas and this notion of ballot integrity is another. Thus, given that level of sponsorship for this initiative, we cannot let it go without examining its merit on the facts. My thanks to John Sebes, our CTO for helping develop this piece.
We first want to observe that aside from the anti-counterfeiting techniques, there are a few concepts in the Arizona Ballot integrity Project that are good ideas and already implemented in one form or another in some jurisdictions across the country. For this commentary, we focus on the watermarking proposals of the legislation as drafted and envisioned by Finchem and Authentix.
These Are Not ‘Fraud Proof’ Ballots
They are paper ballots with paper authentication methods (think: watermarks on steroids as used for currency) to prevent counterfeiting.
Authenticated paper ballots do not stop fraudulent ballots.
Anybody with access to an authenticated-paper blank ballot can still commit election fraud by marking it even if they are not a legitimate voter (e.g., a poll worker, the spouse of an absentee voter, a postal worker, etc.).
The paper authentication says that the ballot probably was printed in a special way, but says nothing about whether the pre-printed paper ballot was legitimately marked and cast.
Counterfeit ballots are not a problem.
Fraudulently cast ballots are a small problem, but anti-counterfeit ballots won't stop fraud.
That's because you can't use authenticated paper for all ballots.
You can't stop absentee voters voting on plain paper. Federal law (UOCAVA) requires election officials to accept plain-paper absentee ballots from military and overseas voters, including a Federal standard form called an FWAB (Federal Write-In Absentee Ballot).
Several states are being sued by disability rights advocates to provide home-absentee-voting solutions with home-printed paper ballots.
And of course, HAVA (Help America Vote Act of 2002) requires the use in voting places of accessible ballot marking devices (“BMDs”), which print ballots on regular paper.
So, yes, a jurisdiction could use paper authentication methods on pre-printed ballots (for hand marking in voting places, and mailed-out absentee ballots), but that jurisdiction would still be required to accept ballots that cannot be authenticated (via some sort of watermarking technology), including FWABs, BMD-generated ballots, home printed ballots (for accessibility community), and others.
Thus, it's not clear what's accomplished by making some, but hardly all, ballots contain evidence of being legitimately printed, but not necessarily legitimately marked.
Furthermore, in the course of our research, CTO John Sebes discussed this idea a few years ago with a currency security expert — someone who is very knowledgeable about these issues based on past work with the undisputed leader in this technology, SICPA. This expert pointed out that these techniques are costly, but also only valuable if other measures are in place.
Importantly: it is totally false that only one Texas company can do this.
With all due respect to Authentix, the company supporters claim is the best to provide counterfeit-proof ballots, it is settled fact that SICPA is the global “go-to” company for this high security document authentication (e.g., paper currency). In any event, with currency-grade paper ballots, even for a subset of ballots, the security mechanisms require other processes in order to have any value:
Recipients of authenticated documents must have the equipment and expertise to examine every document that appears to be authenticated, and determine whether it really is authenticated—it is not a process of an untrained person saying, "Yes, this looks OK".
If the documents are printed on previously "secured paper" then access to the paper stock has to be controlled.
Do election officials have the ability to detect if some stock is missing?
And if they do, what next?
If the documents (ballots) have security measures applied during and/or after printing, then the devices to make them are critical devices that have to be access controlled. Here is what we know (given this is the kind of research the OSET Institute performs):
Even hypothesizing a new kind of ballot marking device that could authenticate paper in real time, we know products like that are several years in the future.
But, those devices could be fraudulently used to create ballots not marked by legitimate voters, or by anyone with physical access to the devices; thus, they become machines to create fraudulent ballots despite the document security methods.
Even if we can solve for those challenges, assuming we do not yet have a ballot counting device that can, in real time, authenticate ballots on intake, there remains yet another practical problem: examining each and every ballot before it is counted (presumably by a high-speed scanner) would create a processing bottleneck that would not please anyone chomping at the bit for speedy vote tallies and results.
Ballots Are Transactions Not Simply Currency
Yes, we often have said, “Ballots are the currency of democracy.” That is meant as a metaphor to emphasize the fundamental importance of ballots and why democracy demands a “durable paper ballot of record.” However, the Finchem proposal (and others like it) misunderstand the loose comparison. More precisely, ballots are a "transaction" (that is, they are being marked and not merely changing hands like currency), thus, there are three points:
A polling place full of currency-grade ballots does not prevent fraud.
People with access to those blank ballots can mark them and cast them to create voted ballots that were not marked by legitimate voters, just the same as with ordinary paper ballots.
Mailed currency-grade absentee ballots does not prevent fraud either—many people have physical access to mailed ballots, and can intercept them and vote them instead of the intended voter.
So then, how can that fraud be prevented? Simple: An absentee voter signature verification is already legally required, and it does not need currency grade paper ballots to work just fine.
The only theoretical problem that this initiative might solve is the edge-case where criminals make "counterfeit" absentee ballots (e.g., photocopying a mailed ballot and voting it while claiming to be a legitimate voter).
But this too is already addressed by the absentee voter affidavit signature validation process, which is already required specifically because (among other factors) UOCAVA voters are entitled by federal law to send an absentee ballot on any kind of paper that they wish.
The key here is: it is not the ballot that is authenticated, but the voter that is verified via the affidavit or at the time of check-in at the polls.
And This Does Not Solve Disinformation Attacks
Today, a threat actor can create a bunch of federal write-in ballots (FWABs) with legitimate looking voter affidavits for real registered voters, but with signatures that don't match — specifically for the purpose of having them be trapped in the adjudication process, thus creating the perception of rampant attempted absentee voter fraud.
And worse, the threat actor can also publicly (falsely) claim to have "sent thousands of them," when the Local Election Officials reported finding hundreds.
Viola! A great disinformation campaign that fraudulent ballots were actually counted thereby throwing that election into a disarray of distrust and illegitimacy.
With the addition of "authenticated" paper, the same claim can be made, and what then?
Do Local Election Officials (LEOs) have to go back and prove the authenticity of every ballot, in order to disprove the lie of having successfully forged some watermarked paper ballot that was then counted?
The existence of the authentication method creates a demand for proof that the authentication happened, and absent such proof, a demand that all counted ballots be authenticated publicly—which is tantamount to a public recount.
And that isn't the end of the reasons why "secure" paper not only doesn't prevent fraud, but actually can decrease confidence while dramatically raising costs.
Finally...
What troubles us about this reporting is the lack of understanding by the journalists themselves in preparing the story. There is a basic disconnect that they’re not reporting and thus, we end up with:
First,
Let's make it much harder to undetectably make and use a "counterfeit" ballot.
Let's have these hard-to-counterfeit ballots used widely.
Second,
Let's try to prevent the casting of fraudulent ballots.
Fraudulent ballots are those that were not cast by legitimate voters, but instead cast by criminals
Last,
Criminals can use the hard-to-counterfeit, widely-used ballots to create fraudulent ballots, just as they can for regular-paper ballots.
Wait a minute... Wait a minute! So, what is accomplished by making expensive ballots that are hard to counterfeit?
We would hope the very capable reporter on this story (especially with the support from this veteran) would have found somebody who could explain the point that
"Hard-to-Counterfeit" is completely unrelated to "Fraud-Proof."
The story itself is great and timely; it’s just that this important point should’ve been made, probably in conclusion.
John Sebes, our CTO made significant contributions to developing this response.