Matt Blaze's
EXHAUSTIVE SEARCH
Science, Security, Curiosity
Scientists say no credible evidence of computer fraud in the 2020 election outcome, but policymakers must work with experts to improve confidence
A brief statement from my colleagues and me

A PDF of this letter can be found here.

 


Scientists say no credible evidence of computer fraud in the 2020 election outcome, but policymakers must work with experts to improve confidence

16 November 2020

We are specialists in election security, having studied the security of voting machines, voting systems, and technology used for government elections for decades.

We and other scientists have warned for many years that there are security weaknesses in voting systems and have advocated that election systems be better secured against malicious attack. As the National Academies recently concluded, "There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats." However, notwithstanding these serious concerns, we have never claimed that technical vulnerabilities have actually been exploited to alter the outcome of any US election.

Anyone asserting that a US election was "rigged" is making an extraordinary claim, one that must be supported by persuasive and verifiable evidence. Merely citing the existence of technical flaws does not establish that an attack occurred, much less that it altered an election outcome. It is simply speculation.

The presence of security weaknesses in election infrastructure does not by itself tell us that any election has actually been compromised. Technical, physical, and procedural safeguards complicate the task of maliciously exploiting election systems, as does monitoring of likely adversaries by law enforcement and the intelligence community. Altering an election outcome involves more than simply the existence of a technical vulnerability.

We are aware of alarming assertions being made that the 2020 election was "rigged" by exploiting technical vulnerabilities. However, in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise.

That said, it is imperative that the US continue working to bolster the security of elections against sophisticated adversaries. At a minimum, all states should employ election security practices and mechanisms recommended by experts to increase assurance in election outcomes, such as post-election risk-limiting audits.

If you are looking for a good place to start learning the facts about election security, we recommend the recent National Academies of Science, Engineering, and Medicine (NASEM) study, "Securing the Vote", which is available for free download at https://doi.org/10.17226/25120.

Signed,

(Affiliations are for identification purposes only; listed alphabetically by surname.)

Tony Adams, Independent Security Researcher

Andrew W. Appel, Professor of Computer Science, Princeton University

Arlene Ash, Professor, University of Massachusetts Medical School

Steven M. Bellovin, Percy K. and Vida L.W. Hudson Professor of Computer Science; affiliate faculty, Columbia Law, Columbia University

Matt Blaze, McDevitt Chair of Computer Science and Law, Georgetown University

Duncan Buell, NCR Professor of Computer Science and Engineering, University of South Carolina

Michael D. Byrne, Professor of Psychological Sciences and Computer Science, Rice University

Jack Cable, Independent Security Researcher

Jeremy Clark, NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies, Concordia Institute for Information Systems Engineering

Sandy Clark, Independent Security Researcher

Stephen Checkoway, Assistant Professor of Computer Science, Oberlin College

Richard DeMillo, Chair, School of Cybersecurity and Privacy and Warren Professor of Computing, Georgia Tech

David L. Dill, Donald E. Knuth Professor, Emeritus, in the School of Engineering, Stanford University

Zakir Durumeric, Assistant Professor of Computer Science, Stanford University

Aleksander Essex, Associate Professor of Software Engineering, Western University, Canada

David Evans, Professor of Computer Science, University of Virginia

Ariel J. Feldman, Software Engineer

Edward W. Felten, Robert E. Kahn Professor of Computer Science and Public Affairs, Princeton University

Bryan Ford, Professor of Computer and Communication Sciences, Swiss Federal Institute of Technology Lausanne (EPFL)

Joshua M. Franklin, Independent Security Researcher

Juan E. Gilbert, Banks Family Preeminence Endowed Professor and Chair, University of Florida

J. Alex Halderman, Professor of Computer Science and Engineering, University of Michigan

Joseph Lorenzo Hall, SVP Strong Internet, Internet Society

Harri Hursti, co-founder Nordic Innovation Labs and Election Integrity Foundation

Neil Jenkins, Chief Analytic Officer, Cyber Threat Alliance

David Jefferson, Lawrence Livermore National Laboratory (retired)

Douglas W. Jones, Associate Professor of Computer Science, University of Iowa

Joseph Kiniry, Principal Scientist, Galois, CEO and Chief Scientist, Free & Fair

Philip Kortum, Associate Professor of Psychological Sciences, Rice University

Carl E. Landwehr, Visiting Professor, University of Michigan

Maggie MacAlpine, co-founder Nordic Innovation Labs and Election Integrity Foundation

Bruce McConnell, former Deputy Under Secretary for Cybersecurity, Department of Homeland Security, (currently) President, EastWest Institute

Patrick McDaniel, Weiss Professor of Information and Communications Technology, Penn State University

Walter Mebane, Professor of Political Science and of Statistics, University of Michigan

Eric Mill, Chrome Security PM, Google

David Mussington, Professor of the Practice, School of Public Policy, University of Maryland College Park

Peter G. Neumann, Chief Scientist, SRI International Computer Science Lab

Lyell Read, Researcher at SSH Lab, Oregon State University

Ronald L. Rivest, Institute Professor, Massachusetts Institute of Technology

Aviel D. Rubin, Professor of Computer Science, Johns Hopkins University

Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School

Alexander A. Schwarzmann, Dean of Computer and Cyber Sciences, Augusta University

Hovav Shacham, Professor of Computer Science, The University of Texas at Austin

Micah Sherr, Provost's Distinguished Associate Professor, Georgetown University

Barbara Simons, IBM Research (retired)

Kevin Skoglund, Chief Technologist, Citizens for Better Elections

Michael A. Specter, EECS PhD Candidate, MIT

Alex Stamos, Director, Stanford Internet Observatory

Philip B. Stark, Professor of Statistics and Associate Dean of Mathematical and Physical Sciences, University of California, Berkeley

Jacob Stauffer, Director of Operations, Coherent CYBER

Camille Stewart, Cyber Fellow, Harvard Belfer Center

Rachel Tobac, Hacker, CEO of SocialProof Security

Giovanni Vigna, Professor, Computer Science, University of California, Santa Barbara

Poorvi L. Vora, Professor of Computer Science, The George Washington University

Dan S. Wallach, Professor, Departments of Computer Science and Electrical and Computer Engineering, Rice Scholar, Baker Institute of Public Policy, Rice University

Tarah Wheeler, Cyber Fellow, Harvard Belfer Center

Eric Wustrow, Assistant Professor, Department of Electrical, Computer and Energy Engineering, University of Colorado Boulder

Ka-Ping Yee, Review Team Member, California Secretary of State's Top-to-Bottom Review of Voting Systems

Daniel M. Zimmerman, Principal Researcher, Galois and Principled Computer Scientist, Free & Fair