Alarmed about voting security, the federal government is doing what it does best – showering money on the problem.
Congress has appropriated about $4 billion since 2000 and $380 million this year alone for a range of items that in many cases will do little or nothing to thwart a hacker assault on voting systems, auditors and watchdogs say.
These include iPad minis, employee raises, building renovations, physical (not cyber) security, travel and other expenses largely unrelated to achieving industry standards to prevent Russians, Chinese, or other sophisticated hackers from corrupting the count.
The hacking threat has “created this feeding frenzy where money is thrown out there with no results needed,” said Doug Jones, professor of computer science at the University of Iowa, who has studied voting technology for decades.
“People are finally taking the hacking threat seriously, but it’s a weird seriousness,” Jones said. “Throwing money at elections at random is not the way to do it, and that’s what Congress is doing.”
Records show that election divisions are struggling to spend all the money being tossed their way in the name of cybersecurity. And they're using their discretionary leeway to dispense the largesse in questionable ways.
Several states plan to use the cash to train their poll workers on voting technology, a task that is already addressed extensively as part of any contract to buy voting machinery. Minnesota will add three new jobs, two paying six figures, with annual raises through 2022 of more than 6 percent, twice the average private sector raise of 3 percent.
Washington, D.C., is planning to spend $150,000 of the federal money to hire temporary poll workers – something the district does every election.
Illinois’ plan would team elections with the state’s Department of Innovation and Technology, a new agency created in 2016, and break off $65,000 to cover travel for contractors to be hired through 2020.
The federal handouts are happening under the Help America Vote Act of 2002, or HAVA, which was passed in response to the infamous “hanging chad” recount of punch-card ballots in South Florida in 2000. The last of the upgrades to address that voting debacle were completed by 2011, but the dormant law sprang back to life with new funding after the reported hacking of election systems in several states in 2016.
New federal money was hurried through in March, tacked onto an omnibus bill with three lines inserted to ensure it was appropriated.
But Jones says officials needn’t wait around for federal money to shore up the security of voting systems through regular audits and recounts, and routine technology upkeep.
Further, while the money was publicly presented as being approved in the name of security, it's being allocated in a deliberately vague way.
Mark Abbott, a grant manager from the Election Assistance Commission, or EAC, charged with overseeing and distributing the HAVA funds, told a gathering of activists for the disabled in June that statute language “allows for all manner of improvements to election administration and processes from equipment to training to fiscal accessibility. All are allowable under this grant. “
Abbott added that “this is flexible money and the EAC is being incredibly flexible in how we administer it.”
In Florida, some of the $19 million the state will receive will pay for physical security at election sites, even though hackers do not need on-site access to monkey with the vote. The state also paid nearly $1 million for 1,750 iPad minis for poll workers to check in voters, not to shore up cybersecurity, since the tablets are easily hacked, experts say. North Dakota, Wisconsin and West Virginia are among other states using some of the federal cash for similar devices.
Overall, $78.1 million of this year’s $380 million allocation, 20 percent, is going for a budget line item called “all other costs” -- a placeholder category meant for money that is approved but has no determined use.
The Election Assistance Commission’s oversight capabilities have been hobbled in recent years. Its commissioners have met sparingly due to a lack of a quorum. Since March, the agency has had only two commissioners of the required four, and cannot meet until a new appointee takes office.
“Their staffing is not what it should be,” said Vermont Secretary of State Jim Condos, noting that last year his state was audited for federal election funds it received 12 years ago.
An EAC spokeswoman did not return repeated calls for comment.
According to a 2017 audit of New Hampshire’s HAVA spending going back several years, money was poorly accounted for and misspent. A $1 million addition was built onto the state’s archives and records building in Concord with some of the funding: The audit asked that the state return the money because it was unauthorized under the rules.
“Spending funds to build the HAVA Facility was reasonable, practical, and justifiable,” was the state’s response.
The money went to constructing a 4,100-square-foot second floor on the existing building, where state elections chiefs conduct training for the state’s poll workers and officials.
“We’re in this building rent-free forever,” said Assistant Secretary of State Anthony Stevens, who advises the EAC. “And we have 60 to 80 years left on this building.”
The state refused to hand back the money and, to date, the EAC has backed down.
Even before the new spate of money was disbursed this year, the spending has been poorly managed. In Oklahoma, the state borrowed $10 million from its HAVA money to pay for a budget shortfall in 2009.
Some states contend they have already shored up their voting technology and won’t have a good reason to spend the money before November’s election.
New Hampshire has spent less than 50 percent of its payment, said Secretary of State William Gardner. Michigan last year appropriated $30 million in HAVA money that it had sitting around for a decade. Vermont spent under 5 percent of its funds between 2002 and 2010, or $664,941.
And other states said this money will be part of future, not present, spending.
“We will probably be able to spend it by 2020,” said Sam Taylor, a spokesman for the Texas secretary of state.
He said the only guidance the feds have given the states is that the money must go to election security.
In practice, that means much of it won’t help, said E. John Sebes, chief technology officer for the Open Source Election Technology Institute. He said items such as electronic poll books or new software are allowable under government spending standards, “but they don’t do a damn thing for security.”
“To use this money to provide additional cybersecurity is a worthy goal,” he said. “There doesn’t seem to be a lot of attention to how the tail end of the HAVA billions is being spent. Most elections officials are operating in good faith, though, given that [election security] is a broad mandate.”
Still, the states are going to need a continuing influx of federal money if they are expected to keep cyberthreats at bay, said Condos, the Vermont secretary of state.
“Instead of getting a lump sum every 10 or 15 years, we need ongoing, sustainable funding,” Condos said. “I just hope Congress understands that this is the core of our democracy.”