Ian Bassin is co-founder and Executive Director of Protect Democracy. He previously served as Associate White House Counsel, where he counseled the President and senior White House staff on administrative and constitutional law.
VoteShield and BallotShield
- July 4, 2021
Becca Leviss also contributed to this analysis.
After it was revealed in 2017 that Russia had made extensive efforts, and in some cases succeeded, in penetrating our election systems the year before, we canvassed the leading election security experts about their gravest concerns regarding election security going forward. All agreed: the danger of an intrusion into state voter registration databases.
Every state maintains a database with the records of every registered voter in the state that forms the foundation for the state’s election system. Those seeking to corrupt elections, if they were able to access these databases, could target the registration data of specific voters or groups of voters and change that data in advance of an election, rendering those voters either unable to vote or making it far more difficult for them to vote. These changes could be hard to detect by the naked eye, despite having an outsized impact on the ability of voters to vote.
For example, as Lisa Monaco, the former Deputy National Security Advisor for Homeland Security and Counterterrorism and current Deputy Attorney General (and someone with whom we consulted when building VoteShield) told the Senate Intelligence Committee:
“One of the things I worried about—and I wasn’t alone in this—is kind of worst-case scenarios, which would be things like the the voter registration databases. So if you’re a state and local entity and your voter registration database is housed in the secretary of state’s office and it is not encrypted and it’s not backed up, and it says Lisa Monaco lives at Smith Street and I show up at my [polling place] and they say ‘Well we don’t have Ms. Monaco at Smith Street, we have her at Green Street,’ now there’s difficulty in my voting. And if that were to happen on a large scale, I was worried about confusion at polling places, lack of confidence in the voting system, anger at a large scale in some areas, confusion, distrust.”
That same scenario of a changed address could also result in a voter’s mail ballot ending up at the wrong address and never reaching its intended recipient.This was no imaginary concern. The Department of Homeland Security reported in 2018 that nefarious foreign actors attempted to, and in some cases succeeded in, hacking into the voter registration databases of 21 states in 2016.
But terrifyingly, despite experts sounding the alarm and the demonstrated urgency of the threat, we found that no system existed to publicly monitor these voter databases and ensure there was no tampering. Existing efforts to protect these systems involved either (a) lobbying state election officials to improve their security systems or (b) reaching out to potentially vulnerable voters and asking them to monitor their own status, which is an obviously insufficient response. Since the voter databases are the most likely and scalable attack vector on our electoral system, we needed a system for protecting them.
To address that threat, we built VoteShield, a data analytics tool created to protect the integrity of American elections by monitoring changes to voter registration databases in each state. By tracking weekly and monthly changes (down to the record level) in publicly available voter databases and using a differencing engine to compare each ingestion to previous ones and historical trends, VoteShield’s partnered election administrators and in-house data analysts can identify irregularities that may indicate either malicious interference or administrative error. For example, if a state normally experiences roughly 6,000 address changes per week and has a week with 60,000 changes, or if one jurisdiction has changes that are very different than the rest of the state, or if a disproportionate amount of removals are Black voters (or young voters, or GOP voters, or anyone else), VoteShield triggers an alert.
VoteShield uses multiple anomaly detection methods to flag worrisome anomalies. If the first line of anomaly detection methods identifies an anomaly, both partnered election administrators and our in-house data analysts are alerted to analyze the anomaly. After this analysis and review, if a credible issue is found, we further escalate with election officials so they can remedy it well before Election Day.
As the COVID-19 pandemic moved many election administrators to expand options to vote absentee or by mail, we identified an additional attack vector on our elections and a corresponding opportunity to leverage VoteShield’s core competencies in software development and data analysis to further protect and improve our nation’s election systems.
So we launched BallotShield, a software product that tracks changes to absentee ballot requests, submissions, and curing rates in order to ensure timely processing of voter requests. Our goal was to be able to spot issues with voting-by-mail at the jurisdictional, precinct, and even address level that might compromise the integrity of the election, and to provide states with an early warning tool for potential administrative errors in the system for requesting, receiving, and casting absentee ballots so that they can be fixed before any voters are impacted. In piloting BallotShield, we worked directly with the Michigan Secretary of State’s office to design, develop, and review the data in their absentee ballot files. We then met with their team on a weekly basis heading into the election to discuss the product, review anomalies, and ensure full integrity in the system.
Over the course of the 2020 election season, VoteShield successfully protected voter registration databases in 19 states. And BallotShield helped ensure that as the nation shifted to a largely vote-by- mail election, the process for requesting, receiving, and submitting absentee ballots in key states was monitored and given another layer of protection. The Cybersecurity and Infrastructure Security Agency put out a statement calling the November 3 election the most secure in American history, which is a testament to the coalition of organizations dedicated to protecting our election infrastructure.
VoteShield and BallotShield both helped catch potential problems in the 2020 election in time for them to be fixed. For example:
- When tens of thousands of voters were inadvertently but improperly inactivated in a key swing state, the Secretary of State proactively notified us and indicated that they would work with the jurisdiction to restore those voters’ active status as soon as possible, which VoteShield was able to monitor and verify. This state mailed ballots to all active voters, which meant that nearly 100,000 reactivated voters received ballots. A post-election analysis shows that 31 percent of these reactivated voters subsequently cast their vote in the 2020 General Election, with 9 percent of those voters voting by mail with ballots that would not have otherwise been sent to them. For context, the number of reactivated voters nearly equaled the total margin in the presidential election for that state. The reactivated voters had an even more outsized impact on a local House race, where almost one- third of reactivated voters voted by mail, and again the total number of reactivated voters nearly equaled the margin of victory for that House race.
- Meanwhile, BallotShield identified unusually slow ballot application processing for voters in a major jurisdiction in a swing state. In our weekly call with state election officials, the state director of elections informed us that they had dispatched additional support to assist the local board. As a result, the jurisdiction caught up with the rest of the state; their backlog of unmailed ballots dropped steadily from over 10,000 to nearly 0. We also identified to the state an extremely high rate of ballot rejections for signature issues in another major locale. Again, the state elections team reached out to support the local administrators and the issue was resolved, demonstrating that with sufficient and timely intelligence, better outcomes for voters could be secured. Finally, we applied what we’d learned from BallotShield in the general election to the January 5 run-off in Georgia to ensure the election was secure and functional.
- BallotShield tracked 5,725,341 changes to the state’s early vote file over 53 days, including 1,358,453 requests for mail ballots. While we spotted a few minor issues, they were all escalated and resolved appropriately.
VoteShield/BallotShield’s relationships with officials and key individuals ensure our work has the widest and most direct impact on maintaining election integrity and security. For example, Iowa Secretary of State Paul Pate issued a press release in 2020 describing how Iowa’s First-in-the-Nation partnership with VoteShield/BallotShield helped protect the integrity of Iowa’s elections. Secretary Pate has since nominated his partnership with VoteShield/BallotShield for an award from the National Association of Secretaries of State, and we were announced as finalists for our work together protecting Iowan voters.
Related Content
It can happen here.
We can stop it.
Defeating authoritarianism is going to take all of us. Everyone and every institution has a role to play. Together, we can protect democracy.
DonateSign Up for Updates Sign Up for Updates
Explore Careers Explore Careers
How to Protect Democracy How to Protect Democracy