Pennsylvania’s elections — like many other states’ — are vulnerable to cyber attack, leaving our democracy in a precarious state. As a former Pennsylvania legislator and member of Congress representing the Keystone State, I know how important free, fair, and secure elections are to governing. A lack of public trust in the vote imperils our great American experiment in popular sovereignty.
The most pressing challenge in Pennsylvania rests with our voting machines. In the 2018 midterm elections, more than 80 percent of Pennsylvania voters cast their ballots on less secure, paperless machines (called direct-recording electronic systems, or DREs). These machines are vulnerable to hacking and technological errors, something that researchers have long demonstrated. The machines used also lack a paper trail, making it impossible for officials to recount individual ballots in close races or conduct routine post-election audits. Pennsylvania is not alone: 13 states total used paperless DREs in this past November’s elections.
These threats are grave enough to demand action in any state, and Pennsylvania’s status as a perennial battleground adds to the immediacy of the problem. In 2016, for example, Donald Trump prevailed in Pennsylvania by fewer than 50,000 votes, and in this past November’s congressional elections, voters decided several races by a few percentage points. These close races coupled with the commonwealth’s vulnerable voting machines make Pennsylvania a prime target for any sophisticated attacker set on shifting the results of national elections.
Nation-state adversaries have the means to conduct such an attack, which would exploit long-known vulnerabilities. We are fortunate that sophisticated hackers have not yet, as far as we know, stolen an election.
Rather than wait for the worst, officials should instead be taking decisive action to protect our elections. The Blue Ribbon Commission on Pennsylvania’s Election Security (on which I serve as a senior adviser) brought together an impressive group of leaders from across Pennsylvania to study the state’s election cybersecurity. This independent, bipartisan commission chronicled the weaknesses in Pennsylvania’s cyber readiness and issued a report with concrete, actionable recommendations.
Chief among those recommendations: Replace paperless DREs with voter-marked paper ballots, backed up by robust, post-election audits. The commission also called on the General Assembly to help counties bear the financial burden of replacing voting systems and asked Congress to further support such efforts in the states. These recommendations and others are detailed in the commission’s comprehensive report, which officials ought to heed as a call to action.
Implementing these measures will require a financial investment. In Pennsylvania, the County Commissioners Association of Pennsylvania estimates the cost of replacing voting systems statewide at $125 million. As a fiscal conservative, I am sensitive to the budgetary concerns of state and county officials, but the cost of leaving vulnerable machines in place is far greater than the price tag to replace them.
I am confident that Pennsylvania’s leaders, from both political parties, are up to the task of doing what is necessary to protect our elections.
Our leaders should embrace the recommendations of the commission’s report, which are supported by the evidence and work of experts in the field and — importantly — are achievable. And across the country, officials should look to the commission as a model for how to work in a bipartisan fashion to offer tangible solutions to secure our elections.
Our citizens deserve nothing less.