Skip to Content

Cybersecurity & Standards, Elections & Democracy

No Simple Answers: A Primer on Ballot Marking Device Security

Graphic for a CDT election security report, entitled "No Simple Answers: A Primer on Ballot Marking Device Security." Three rows of four ballot marking devices in purple, blue and light yellow colors. Subtle QR code over a light blue to purple gradient background. QR code graphic source: Bobmath and authors of en:QR code, CC BY-SA 3.0, via Wikimedia Commons.
Graphic for a CDT election security report, entitled “No Simple Answers: A Primer on Ballot Marking Device Security.” Three rows of four ballot marking devices in purple, blue and light yellow colors. Subtle QR code over a light blue to purple gradient background. QR code source: Bobmath and authors of en:QR code, CC BY-SA 3.0, via Wikimedia Commons.

Introduction

The 2020 election and its aftermath was marked by conspiracy theories and disinformation about the machinery of the U.S. election system — the rules and mechanisms for registering and authenticating voters, collecting and counting votes, reporting those votes to Congress, and so on. A subset of those conspiracy theories focused on the literal election machinery — the computerized systems used for casting and counting ballots. 

President Trump and his allies focused especially intensely on discrediting and attempting to overturn the results in the state of Georgia, which President Biden won by a narrow margin. One year prior, under court order, Georgia had replaced its paperless voting machines with touchscreen computers that print out a paper ballot — called ballot marking devices (BMDs) — for use by every in-person voter. After the 2020 election, Georgia election officials countered an array of mis- and disinformation about the new voting machines, such as the allegation that the machines were somehow modified to “flip” Trump votes to Biden votes

BMDs are widely used in U.S. elections and come with several benefits for election officials and voters. Because of their accessibility features — for example, allowing users to increase the displayed font size, use an auditory or sip-and-puff interface, or change the displayed language — they enable voters to vote independently and privately, when they might otherwise be unable to do so. They also prevent certain mistakes that could cause a ballot to be uncounted or counted incorrectly, like stray pen marks and overvoting (i.e., voting for too many candidates in a contest). 

Legitimate concerns about BMD security can be hard to distinguish from outlandish claims about election machinery.

However, BMDs have been generally criticized as posing serious security risks to elections. Georgia’s BMDs have specifically been the focus of recent investigation from security researchers. A report conducted by security researcher J. Alex Halderman, which is currently under seal, reportedly indicates specific vulnerabilities in these machines. In June 2022, the federal Cybersecurity and Infrastructure Agency (CISA) released an advisory summarizing these vulnerabilities.

Legitimate concerns about BMD security, however, can be hard to distinguish from outlandish claims about election machinery. BMDs are often the focus of viral misinformation and lawsuits that may be intended to undermine trust in election systems. This primer on BMD security outlines some of the key questions that are frequently raised about the security of BMDs, and makes recommendations for protecting elections in which BMDs are used. BMDs present certain security risks, but some of those risks can be mitigated through the best practices set forth below.

BMDs are likely to be an important part of election infrastructure in the U.S. for the foreseeable future. Accordingly, we also look ahead to how BMD security might be enhanced in the long term, particularly as vendors start implementing the provisions in the U.S. Election Assistance Commission’s recent update to the Voluntary Voting Systems Guidelines (VVSG 2.0)—the first major update in 15 years.

Read the full report here.