What are the documented technical safeguards and post‑2020 reforms for U.S. voting machines and election infrastructure?
Executive summary
Since 2020 U.S. election officials, federal agencies and independent experts have doubled down on technically grounded safeguards—paper ballots or voter‑verifiable paper records, pre‑ and postelection testing, audits, and physical security measures—while Congress and states funded upgrades to replace paperless machines EAC.pdf" target="blank" rel="noopener noreferrer">[1] [2] [3]. Yet reform has been uneven, vulnerabilities tied to human insiders and certain technologies remain, and a fierce political debate over machines, audits and internet voting continues to shape policy choices [4] [5] [6].
1. Core technical safeguards now in routine use: paper records, testing and audits
The backbone of modern election security is paper: most jurisdictions now use voter‑marked paper ballots or machines that produce a voter‑verifiable paper record so audits can confirm electronic tallies, a change experts and federal reports repeatedly endorse [2] [3] [7]. Election systems are subject to certified testing regimes before and after use, and many states require public logic‑and‑accuracy testing of equipment; post‑election audits—especially risk‑limiting audits—are increasingly used to provide statistical evidence that reported outcomes match paper records [1] [8] [2]. Physical protections—locks, tamper‑evident seals, chain‑of‑custody rules and often cameras—complement technical controls, and jurisdictions keep machines offline on election day to limit remote hacking risks [1] [8].
2. Investments and regulatory steps after 2020: replacing old machines and guidance
Federal and state funding flowed into replacing aging, paperless direct‑recording‑electronic machines: Congress allocated funds under HAVA and related appropriations that states used to buy machines with paper audit trails, and individual states like Ohio, California and North Dakota moved to replace vulnerable equipment ahead of 2020 [3] [2] [7]. The EAC’s Voluntary Voting System Guidelines and HAVA‑driven certification regimes continue to set functional and security requirements, while legislative proposals such as the SAFE Act and other bills sought to tighten standards and, in some versions, to ban internet‑connected tabulators or require U.S. manufacturing of machines [9] [10].
3. What still fails to inspire universal confidence: insider threats, ballot‑marking devices and breaches
Security experts and election officials warn that the largest practical risks are not mythical remote hacks but insider threats, physical tampering, and misuse of systems—examples since 2020 include investigations of poll workers or voters inserting media into devices and focused efforts by partisan actors to access systems in several states [4] [5]. Ballot‑marking devices (BMDs) remain controversial because they can produce paper records that voters may not fully verify, and computer scientists and advocates have urged limiting BMDs in favor of hand‑marked paper ballots when feasible [5] [8]. High‑profile conspiracy claims about vendors and machines have driven political pressure and even proposals to seize equipment, despite authoritative post‑2020 statements by federal cybersecurity officials that the 2020 election was the most secure in modern U.S. history [11] [12] [4].
4. Expert prescriptions still guiding reform: audits, decentralization and no internet voting
Scholars and agencies converge on a portfolio approach: require voter‑verified paper records, conduct routine risk‑limiting audits, keep voting equipment off the internet, harden physical security and logging, and phase out purely paperless DREs—recommendations echoed by the National Academy of Sciences and the Brennan Center [7] [8] [2]. Leading academic critiques add a firm prohibition on internet voting for public elections because client devices and servers are routinely compromised and cannot yet provide reliable, provable end‑to‑end verification for the scale of U.S. elections [6].
5. Bottom line, tradeoffs and open questions
Documented post‑2020 reforms have materially reduced certain technological attack surfaces—more paper records, more audits, state and federal funding and clearer guidance—but patchwork implementation, residual paperless pockets, political pressure and human factors keep risks and controversies alive; the evidence in reporting shows progress without total elimination of vulnerabilities, and policy choices (e.g., BMD use, audit laws, internet‑connected reporting) will determine whether that progress endures [3] [7] [5]. Reporting reviewed here does not resolve some political disputes about federal authority or proposed new rules, which remain contested in legislatures and courts [10] [13].