My testimony regarding safeguarding our elections in NY State.
Full hearing can be viewed online here:
Prepared Remarks Below
TESTMONY TO ASSEMBLY STANDING COMMITTEE ON ELECTION LAW SUBCOMMITTE ON ELECTION DAY OPERATIONS AND VOTER DISENFRANCHISEMENT
NOVEMBER 9, 2017 9 AM
Mr. Chairman and the members of the NYS Assembly Committee. I want to thank you for taking the time to hold this important hearing and inviting me to testify today. My name is Dustin M. Czarny and I am a Democratic Elections Commissioner from Onondaga County NY. I also represent the New York State Elections Commissioner Association (NYSECA) as the Democratic Caucus Chair. Previously I have served as Legislative Chair for NYSECA and a member of the Legislative Committee for the previous four years. Today I intend to testify on behalf of the 62 Democratic Elections county boards in NY State but specifically the ones outside the New York City Area on how we handle cybersecurity on a county level. I also intend to make some legislative suggestions that can improve our Election Day operations and help prepare against Cyber-Security attacks.
County Boards deal with cyber security in three main facets: Election Preparation, Results Reporting, and in Voter Registration. For Election Preparation it is standard procedure that none of our Voting Machines are ever connected to the internet. Upgrades to the software of our Voting Machines are delivered on discs from the State Board of Elections and each machine is individually upgraded with bi-partisan supervision on each machine. Whenever voting machines leave our facility, whether for an election or training use, the machine software using our Hash Check Procedure to make sure the machines operating software is intact and unaltered.
Ballot templates are prepared on a closed internal system at each county board. Those templates are then loaded onto individual SD cards for each machine. The process for burning those ballots reformats the SD card each time to assure no stray data can interfere with the current election. The SD cards are loaded onto each machine and then tested to make sure all ballot styles and combinations. Totals are then zeroed out, seals are put in place and the machines are prepped for transportation to various poll sites throughout the county. Each of these steps are once again done manually under bipartisan review with no networking of the voting machines and no machine with internet access any step of the way. These provisions slow down the process of Election Preparation, but it ensures all machines are thoroughly tested and ready while keeping them protected from potential cyber threats.
Similar protections are in place for Results Reporting on Election Night and in the days after the election. On Election Night typical procedures are that one of the two SD cards Are returned in sealed pouches to central locations. Those SD cards are read, and the data compiled on computers not connected to the internet. Once the data has been compiled the data is then transferred to a flash drive and then uploaded to the individual Board websites for reporting of unofficial Election Night results to the public and periodically to the State Board of Elections as well. Neither the SD cards nor the machines compiling the data is ever connected to the internet or outside access.
After the election each machine after being transported back from the various poll sites are audited. The data provided on Election Night is compared to the data on the SD cards left in the machine, under seals. Additionally, we have our standard 3 percent hand audit. Three percent of all our machines at the end of Election Day, but before results come in, to undergo a hand recount of the ballots. That hand recount is compared to the machine counts to ensure accuracy. The same process is in place for our absentee ballots once they are opened and scanned in. Once again throughout this entire process there is bipartisan supervision and no internet access by any machine or scanner used to perform these tasks. Ballots are kept for two years and Poll Books for four in case there is a need for judicial review.
Our Voter Registration process also have similar redundancies and protection to ensure outside access cannot manipulate our voter files. It is important to remember our Registration System is decentralized in that each county has their own voter database. Only the individual county employees have access to this database and can make changes to it. The database itself is held on a separate server located in the Board of Election facility. Typically, it is on a closed network with now internet access. And only Board of Election Employees and County IT staff will have access to it. Changes to the database must be individually keyed in and verified under bi-partisan review. Mass changes to the database are not allowed and each individual record change must be verified by the opposite party of the person who makes the change.
The database itself is transmitted to the State Board through a firewall device provided by then, but this is a one-way communication and no access to our database can be achieved through this communication. When dual registrations are detected the county employees must make the decision to purge voters once again through the Bi-Partisan review process. Purges of voters who were placed in inactive status and then not voting for 2 federal cycles are done through the NVRA process after the general election each year, typically late December/early January.
Though I have ever confidence in the process that New York State has in place to ensure the validity of our elections and protection from potential cyber-attacks, there are legitimate concerns. One of which is the resources that individual boards may have at their disposal. Because we fund our elections primarily within the constraints of county budgets, we have a large gap in resources smaller counties will have to deal with a cyber attack as opposed to large counties. This resource differential is not just evident in cyber security but every aspect of the voting process. New York State should look to other states, namely Colorado for possible solutions in how to provide state funding to counties to help alleviate this issue. In Colorado they reimburse the county based on a formula of the percentage of the ballot taken up by state-mandated propositions and positions on the ballot.
Additionally, New York State should further reduce the ability of potential cyber-attacks to affect an election by eliminating the single target of Election Day. What I mean by this is that since New York State has such a reliance on Election Day as the only day to count votes, our window for detecting a potential problem and fixing it before votes are affected is extremely small. As you know New York State remains in a small minority of states that does not have early voting or no-excuse absentee voting. Not only would these initiatives allow for a more accessible voting process for citizens it could help with protection from cyber-attacks. By extending the voting process to weeks before an election the likelihood of detecting potential attacks as voting occurs during the Early Voting process. We then would not only have Election Day to identify issues and be able to detect possible attacks and changes early and have chances to correct any issues before Election Day.
Thank you very much for you time and attention to this very important matter. I know that all of the Elections Commissioners and Board employees throughout New York State on every side of the aisle are committed to a transparent and secure process to administer our solemn duty of collection of votes in as fair a manner as possible.
Dustin M. Czarny
Onondaga County Elections Commissioner (D)
Democratic Caucus Chair,
New York State Elections Commissioner Association