Broward County’s election warehouse is often full of voting equipment. In one section of the building, dozens of vote-scanning machines sit in rows, waiting to go out to polling places for elections.
During a tour of another area of the facility, Supervisor of Elections Brenda Snipes points to voter check-in machines that look like black chests. They’re called EViDs, and Snipes says they help protect voter registration data.
They’re “difficult to breach and we just bought some new EViDs,” Snipes says in an interview as election workers test some of them. “So there are a lot of things in place to help us” protect voter records.
The security of voter data has drawn increasing scrutiny since the 2016 election when Russian hackers infiltrated registration rolls. In Florida, the issue has been a source of additional worry and debate after Sen. Bill Nelson said Russians penetrated the state’s registration database ahead of this year’s midterm elections.
Florida officials say there is no evidence that voter data has been altered. Still, Snipes and the election supervisors in Miami-Dade and Palm Beach counties are taking precautions to protect registration rolls. And they want voters to be confident about the security of the voting system as Election Day nears.
“Supervisors of elections have been taking cybersecurity as part of our normal jobs since we’ve started doing this job,” says Miami-Dade Supervisor Christina White. “This is nothing new.”
Foreign tampering of voter data could theoretically have dramatic consequences on the election process. It could result in registered voters showing up to polls only to find that their names are not on registration lists and that they cannot vote.
But White and other supervisors say people will not face such situations because voter data is stored offline and therefore less susceptible to tampering. Counties will also have back-up lists in case voter records go missing during the election.
In Broward, Snipes is relying on the electronic EViDs to check in voters and store their data. Counties across the country use the machines. And Snipes says her county recently used a statewide cybersecurity grant to purchase new EViDs that feature updated software.
Palm Beach County, by comparison, will have a set of iPads with separate copies of registration lists at each polling place. Election Supervisor Susan Bucher says if one iPad is hacked and voter names on it go missing, poll workers can switch to another iPad to check in voters. Miami-Dade will have the same process using paper back-ups.
“It’s not new that we’re holding personal data, and people are trying to get in,” Bucher says. “We store our database in many, many ways” and also upload registration data to the state every evening.
In addition to securing voter registration data, the supervisors have worked to protect other aspects of the voting process.
In 2016, spear-phishing emails flooded the inboxes of election officials in several Florida counties. The emails were meant to compromise election systems and steal data for malicious purposes.
Snipes says her election staff has since undergone cybersecurity training to learn how to spot such emails. The county’s information technology director randomly sends out suspicious emails to test whether election workers can spot them.
White adds that Miami-Dade and other counties are partnering with the U.S. Department of Homeland Security and FBI to watch out for suspicious activity.
In an interview, she refused to elaborate on the information-sharing partnership with the federal agencies out of concern of providing hackers with information about her county’s protections.
“It’s a fine line for us as supervisors because one of our main jobs is voter confidence. You want to be able to talk about things, so voters feel confident,” she says. But you also don’t want to give a bad actor “the playbook on how to do something.”
Bucher says false information on social media is also a concern for her county after Russian trolls spread misinformation about candidates during the 2016 election.
Her office is now monitoring platforms like Facebook and Twitter for misleading posts about the election and referendum items on ballots.
“The largest impact on cybersecurity in 2016 happened on social media,” Bucher says. “I’m not really a good social media person. But I’ve become aware that I need to watch what that is."