June 21, 2017
Dear Member of Congress:
Faith in American democracy rests on the integrity of our elections. So it
stands to reason that lawmakers and administrators from both political
parties should prioritize efforts to minimize election security risks. While
there has been encouraging progress to improve election security in recent
years, too many polling stations across the nation are still equipped with
electronic machines that do not produce voter-verified paper ballots. Many
jurisdictions are also inadequately prepared to deal with rising cybersecurity
risks.
We are writing to you as members of the computer science and cybersecurity
communities, together with statisticians and election auditing experts, to
convey our concern about these and other vulnerabilities in our voting system
and to urge you to take the following simple, straightforward, and costeffective actions to set meaningful standards to protect American elections.
We represent both major political parties, independents, and a range of
academic institutions and private sector organizations, but we are united in
our belief that the United States, the world’s oldest representative democracy,
needs prompt action to ensure prudent elections security standards.
Specifically, we recommend action to accomplish the following objectives:
1. Establish voter-verified paper ballots as the official record of voter
intent.
· Phase out the use of voting technologies such as paperless Direct Recording
Electronic voting machines that do not provide a voter-verified paper ballot.

 2. Safeguard against internet-related security vulnerabilities and assure
the ability to detect attacks.
· Create firewalls (software barriers) between internet and all voter
registration, vote-tabulating machines, ballot delivery, and election
management systems. Require layered backup systems to ensure that
intrusions and corruption of the databases can be detected and corrected.
· Review and document compliance with the recommendations and
checklists prepared by the US Department of Homeland Security for security,
penetration testing, network scanning, and detection and management of
potential cyber-attacks. Review and track FBI security alerts.
· Ensure that voting systems and information technology that supports
voting systems have the latest security patches, and that those patches have
been provided from trusted sources on trusted media. Limit physical access
and regularly audit sensitive and critical election systems.
· Discourage voters from voting online in any form—via web, email or fax—
even in states where it is legal. Inform voters that electronically submitted
ballots can be modified, copied, rerouted or simply deleted during
transmission.

3. Require robust statistical post-election audits before certification of
final results in federal elections.
· Compare random samples of voting system totals to hand counts of the
votes on the corresponding paper ballots.
· Audit in a way that has a large chance of detecting and correcting any
incorrect electoral outcomes, whatever their cause.
· Recruit technical experts to assist with tests and audits. Resources for
finding experts, many of whom may provide pro bono services, include

 the Election Verification Network, professional societies such as
the American Statistical Association, and academic institutions.
· Allow public oversight of all audits, and prominently publicize all testing
and audit results.
· Report and publicize ballot accounting and final results in detail before
certification
This is not an exhaustive list of recommendations. However, the above items
can form the basis of robust, enforceable, sensible federal standards that can
restore needed confidence in American elections.
Signed,

1. Ben Adida, Vice President, Engineering, Clever
2. Andrew W. Appel, Professor of Computer Science, Princeton University
3. Arlene Ash, Professor and Division Chief, Biostatistics and Health Services
Research, Department of Quantitative Health Sciences, University of
Massachusetts Medical School
4. Michael Bailey, University of Illinois at Urbana-Champaign
5. Ron Bandes, Cybersecurity member of the Pennsylvania Joint State
Government Commission's Advisory Committee on voting system technology
6. Mary K. Batcher, Founding Partner, BDS Data Analytics and Former
Executive Director, Ernst & Young
7. Steven M. Bellovin, Percy K. and Vida L.W. Hudson Professor Computer
Science, Columbia University
8. Jan BenDor, MI Elections Administrator, MI Election Reform Alliance

 9. Matt Bishop, Professor, Department of Computer Science, University of
California, Davis
10. Matthew Blaze, Associate Professor of Computer and Information
Science, University of Pennsylvania
11. Scott Bradner, Professor, Information Science Department, Harvard
University Extension School
12. Harvey H. Branscomb, Election Quality, Colorado Voter Group
13. Duncan Buell, Professor, Computer Science and Engineering and NCR
Chair in Computer Science and Engineering, University of South Carolina
14. Eric W. Burger, Research Professor and Director, Security and Software
Engineering Research Center, Georgetown University
15. David Chaum, ScanTegrity and Random-Sample Voting Projects
16. Stephen Checkoway, Assistant Professor, Department of Computer
Science, University of Illinois at Chicago
17. Bryan Cunningham, Executive Director, Cybersecurity Policy & Research
Institute, University of California, Irvine
18. Robert K. Cunningham, Chair, IEEE Cybersecurity Initiative
19. Reza Curtmola, Associate Professor, Department of Computer Science,
New Jersey Institute of Technology
20. David L. Dill, Donald E. Knuth Professor in the School of Engineering,
Stanford University and Founder of VerifiedVoting.org
21. Peter Eckersley, Chief Computer Scientist, Electronic Frontier
Foundation
22. David Evans, Professor of Computer Science, University of Virginia

 23. David J. Farber, Moore Professor Emeritus of Telecom, University of
Pennsylvania and Adjunct Professor of Internet Studies, Carnegie Mellon
University
24. Ariel Feldman, Assistant Professor of Computer Science, University of
Chicago
25. Edward W. Felten, Robert E. Kahn Professor of Computer Science and
Public Affairs at Princeton University; former Deputy United States Chief
Technology Officer
26. Bryan Ford, Associate Professor of Computer and Communications
Sciences, Swiss Federal Institute of Technology Lausanne, Switzerland
27. Carrie Gates, CEO, Securelytix Inc.
28. Jeremy Gillula, Senior Staff Technologist, Electronic Frontier Foundation
29. Alex Glaros, CEO, Center for Government Interoperability
30. Ian Goldberg, Professor and University Research Chair, Cheriton School
of Computer Science, University of Waterloo
31. Sharon Goldberg, Associate Professor of Computer Science, Boston
University
32. Edward Gracely, Associate Professor of Epidemiology and Biostatistics,
School of Public Health, Drexel University
33. Matthew Green, Assistant Professor, Department of Computer Science,
Johns Hopkins University
34. J. Alex Halderman, Professor, Computer Science and Engineering and
Director, Center for Computer Security and Society, University of Michigan
35. Joseph Lorenzo Hall, Chief Technologist, Center for Democracy &
Technology

 36. Eleanor O. Hare, Associate Professor Emerita, Department of Computer
Science, Clemson University
37. Candice Hoke, Co-Director, Center for Cybersecurity & Privacy
Protection, Cleveland State University
38. Ryan Hurst, Product Manager, Google
39. Harri Hursti, Founding Partner, Nordic Innovation Labs
40. David Jefferson, Visiting Scientist, Lawrence Livermore National
Laboratory, Board of Directors, VerifiedVoting.org
41. Jonathan Katz, Professor, Department of Computer Science, University of
Maryland and Director, Maryland Cybersecurity Center
42. Joe Kiniry, CEO and Chief Scientist, Free & Fair
43. Alex Kreilein, Managing Partner and Cofounder, SecureSet Accelerator
44. Jack I. Lerner, University of California, Irvine, Director, UCI Intellectual
Property, Arts, and Technology Clinic
45. Mark Lindeman, Adjunct Assistant Professor, Department of Political
Science, Columbia University
46. Victoria Collier, Director, National Election Defense Coalition
47. Margaret MacAlpine, Election Auditing Specialist and Systems Testing
Technologist, Nordic Innovation Labs
48. David A. Marker, Senior Statistician and Associate Director, Westat
49. Marilyn Marks, Executive Director, Rocky Mountain Foundation
50. Morgan Marquis-Boire, Director of Security, First Look Media
51. Neal McBurnett, Independent Election Integrity Consultant; Colorado
Risk-Limiting Audit Representative Group member; Board of Directors,
Center for Election Science

 52. Bruce W. McConnell, Global Vice President, EastWest Institute and
Former Deputy Under Secretary for Cybersecurity, U.S. Department of
Homeland Security
53. Patrick McDaniel, Distinguished Professor of Computer Science and
Engineering and Director, Institute for Networking and Security Research,
Pennsylvania State University
54. Aleecia M. McDonald, Non-resident Fellow, Stanford Center for Internet
& Society
55. Walter Mebane, Professor, Department of Political Science and
Department of Statistics, University of Michigan
56. Sascha Meinrath, Director, X-Lab, Palmer Chair in Telecommunications,
Penn State University
57. Suzanne Mello-Stark, Associate Teaching Professor and Cybersecurity SfS
Program Manager, Computer Science Department, Worcester Polytechnic
Institute
58. Gregory A. Miller, Chief Election Technology Strategist, OSET Institute
59. Justin Moore, Software Engineer, Google and Member of the Board of
Advisors, VerifiedVoting.org
60. Deirdre K. Mulligan, Associate Professor, School of Information and
Faculty Director, Berkeley Center for Law and Technology, University of
California, Berkeley
61. Clifford Neuman, Director, Center for Computer Systems Security,
University of Southern California
62. Peter G. Neumann, Senior Principal Scientist, SRI International
Computer Science Lab and Moderator, ACM Risks Forum
63. Brian Nussbaum, Assistant Professor of Homeland Security and
Cybersecurity, University at Albany

 64. Ben Ptashnik, Executive Director, National Election Defense Coalition,
Retired Vermont State Senator
65. Cooper Quintin, Technologist, Electronic Frontier Foundation
66. Ronald L. Rivest, Institute Professor, Department of Electrical
Engineering and Computer Science, Massachusetts Institute of Technology
67. Phillip Rogaway, Professor, Department of Computer Science, University
of California, Davis
68. Paul Rosenzweig, Professorial Lecturer in Law, George Washington
University and Former Deputy Assistant Secretary for Policy, Department of
Homeland Security
69. Gabe Rottman, Deputy Director, Freedom, Security and Technology
Project, Center for Democracy & Technology
70. Avi Rubin, Professor, Computer Science and Technical Director,
Information Security Institute, Johns Hopkins University
71. Peter Ryan, Professor of Applied Security, University of Luxembourg
72. Andy Sayler, Security Engineer, Twitter
73. Fritz Scheuren, Former President, American Statistical Association
(2006)
74. Jeffrey I. Schiller, Computer Scientist, Massachusetts Institute of
Technology and Former Internet Engineering Steering Group Area Director
for Security (1994-2003)
75. Bruce Schneier, Fellow, Harvard Kennedy School
76. Alexander A. Schwarzmann, Professor and Head of Computer Science
and Engineering Department, Director of the Center for Voting Technology
Research, University of Connecticut

 77. E. John Sebes, Chief Technology Officer, OSET Institute and
TrustTheVote Project
78. Lt. Col. Tony Shaffer (retired), Senior Fellow, London Center for Policy
Research
79. Micah Sherr, Provost’s Distinguished Associate Professor, Department
of Computer Science, Georgetown University
80. Barbara Simons, IBM Research (retired)
81. Ashkan Soltani, Former Chief Technologist, Federal Trade Commission
82. Richard Spires, Former Chief Information Officer, U.S. Department of
Homeland Security
83. Philip B. Stark, Associate Dean, Mathematical and Physical Sciences and
Professor, Department of Statistics, University of California
84. Paul Stokes, United Voters of New Mexico
85. Justin Talbot-Zorn, Truman National Security Fellow
86. Vanessa Teague, Senior Lecturer, School of Computing and Information
Systems, The University of Melbourne
87. Brad Templeton, Computing Chair, Singularity University and Chairman
Emeritus, Electronic Frontier Foundation
88. Zeynep Tufekci, Associate Professor, School of Information and Library
Science, University of North Carolina
89. Jessica Utts, President, American Statistical Association and Professor,
Department of Statistics, University of California, Irvine
90. Giovanni Vigna, Professor, Computer Science, University of California,
Santa Barbara

 91. Poorvi L. Vora, Professor of Computer Science, The George Washington
University
92. Dan Wallach, Professor, Computer Science and Rice Scholar, Baker
Institute for Public Policy, Rice University
93. Mark Weatherford, Chief Cybersecurity Strategist, vArmour and Former
Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland
Security
94. Luther Weeks, Executive Director, Connecticut Citizen Election Audit
95. Daniel Weitzner, Founding Director of the MIT Internet Policy Research
Initiative and Principal Research Scientist, Massachusetts Institute of
Technology Computer Science and Artificial Intelligence Lab
96. Kenneth White, Director, Open Crypto Audit Project
97. Filip Zagorski, Assistant Professor, Wroclaw University of Science and
Technology
98. Daniel Zappala, Associate Professor, Computer Science, Brigham Young
University
99. Amy B. Zegart, Co-Director and Senior Fellow, Center for International
Security and Cooperation, Stanford University and Davies Family Senior
Fellow, Hoover Institution
100. Daniel M. Zimmerman, Principled Computer Scientists, Free & Fair
101. Philip R. Zimmermann, Cryptographer, Creator of PGP, Associate
Professor, Delft University of Technology, Netherlands
102. Mary Ellen Zurko, Independent Cybersecurity Consultant
103.

Trevor Zylstra, President and CEO, IDVector

 Please note: Individual affiliations are for identification purposes only and do not
signify organizational endorsement.
The National Election Defense Coalition (NEDC) and coalition partners
compiled signatures for this letter.