Flagler Supervisor of Elections Kaiti Lenhart shares election security measures ahead of July 27th’s Palm Coast Mayoral Special Election.
CRITICAL INFRASTRUCTURE DESIGNATION
Our nation’s elections were designated as critical infrastructure by the Department of Homeland Security in January 2017. This important designation allows local election officials many free resources, including access to the latest cybersecurity intelligence information from the DHS. The Flagler County Elections Office has developed a strong partnership with the DHS to improve our cyber and physical security protections.
FLAGLER COUNTY ELECTION SECURITY MEASURES
You may wonder why there so much media attention on election security. The answer is simple, it’s because your vote matters! Voter confidence in the electoral process is a contributing factor to participation and turnout. This information has been developed as a resource to help voters learn what the Flagler County Supervisor of Elections is doing to protect your vote.
Every visitor to the Elections Office has the opportunity to see all of our operations and to ask questions. We notify our candidates and local political party leadership of our Canvassing Board meeting schedule so they may personally attend or send a representative. These meetings include testing the voting system, opening and tabulating mail ballots, election night results, automatic and machine recounts, eligibility determinations for mail ballots and provisional ballots, and the voting system’s post manual audit. We’ve had many visitors in the past, and not one has left disappointed. The public is always welcomed and encouraged to attend.
I personally respond to voters’ questions by phone, email, US Mail, and on social media who have questions about our election security procedures. I have written many op-eds published in local news media on election security and often appear on news radio stations (WNZF in Flagler and WNDB in Daytona) to answer questions and explain election-related issues. I authored and published a Mail Ballot FAQ during the 2020 election cycle which answered questions regarding the integrity of the Vote-By-Mail process in Flagler County. I also send the monthly Flagler Elections Newsletter to nearly 1,000 subscribers and post regular updates on the Elections Office social media accounts. Sign up here to receive your Flagler Elections Newsletter by email.
Besides our open-door policy, Florida has one of the most open public records laws in the nation. In the state of Florida, anyone may request public records from a government agency. There are various benefits of open government which help to ensure transparency and accountability of public officials. The public record law states that any records made or received by any public agency in the course of its official business are available for inspection unless specifically exempted by Florida law. This also means that not all records are public. Some records are exempt from public disclosure and protected by law. These are the types of information you would expect to be protected, such as a record that contains a person’s social security number. All other records are open for inspection.
VOTING EQUIPMENT UPGRADES
A PAPER-BASED VOTING SYSTEM:
All voters in Flagler County cast their vote using a paper ballot, which allows for a full audit of an election. Our previous voting system was 18 years old and replacement parts were no longer manufactured. It was common for refurbished parts to be used for regular maintenance repairs. When the Legislature outlawed the use of electronic touch-screen tabulators, each Florida county was required to comply by 2020. I led negotiations with the Department of State in 2015 with two other Supervisors of Elections to secure Federal grant funding for the purchase of new voting systems in 13 counties in Florida. A Federal grant of over $147,000 was secured for Flagler County for the purchase of new equipment. We upgraded ahead of the state-mandated deadline and in time for the 2018 election cycle. Flagler County’s voters now have state-of-the-art voting equipment with the latest software patches and security upgrades. These devices sit behind an enterprise-grade firewall (what is a firewall?) that communicates with our tabulators through a zero tunnel private network (what is a private network?). Machine transmissions move through the zero tunnel without ever connecting to the Internet. Private networks like the these are a backbone of high-security critical infrastructure communications.
ELECTRONIC POLL BOOKS WITH REAL-TIME COMMUNICATION:
The electronic poll book serves the same function as the old-fashioned paper register, providing each polling place with a list of registered voters eligible to vote in an election. The difference is, our electronic poll books are able to prevent someone from voting twice. If someone votes early at one location, their voter record is immediately flagged as already voted. That real time communication prevents anyone from voting again at another location during early voting or on Election Day. The same principle applies for a voter who returns a voted mail ballot and then attempts to vote in person during early voting or on Election Day. These electronic poll books are used at each Election Day polling site with a backup paper copy at every precinct. They are also easy for our workers to use, reducing the incidence of human error. All of our electronic poll books were upgraded just before the Primary Election in August 2018 using our allocated portion of the Federal Election Security grant, an amount over $112,000 for Flagler County.
BALLOT ON-DEMAND TECHNOLOGY:
We participated in 2015 beta testing with our vendor and printed early voting ballots on-demand for the first time during 2016 Presidential Primary Election. Printing ballots on-demand decreases the margin of error in the process of choosing one of over 100 ballot styles for a single voter during early voting. A ballot is printed based upon the voter’s district (and party in a Primary). They are accurate and economical, saving money and unused overstock. The ballots are only printed as needed, saving thousands of dollars of ballot printing costs and eliminating the ballot custody risk of stocking our early voting sites with an enormous supply of unvoted ballots. Our printers were purchased using a Federal grant through the Help America Vote Act.
VOTER LIST MAINTENANCE
We now receive updates from the Social Security Administration, which provides information for potential death matches in the county after entering the agreement with the SSA in 2015. This agreement was presented yet went unsigned for several years prior. We now receive death matches weekly from the Bureau of Vital Statistics and the Social Security Administration.
The voter registration database in Flagler County is maintained through the regular list maintenance mandated by Section 98.065, Florida Statutes. Supervisors of Elections throughout the State of Florida are required to conduct these list maintenance activities on a schedule according to the law, once during every odd-numbered year and no later than 90 days prior to a Federal election. These list maintenance procedures help us keep up with voters who have moved in and out of Flagler County.
We conduct these list maintenance activities according to schedule, along with information received that matches voter records for those ineligible for various statutory reasons, which include felony convictions or those who have been adjudicated mentally incapacitated in respect to voting. These match files are processed in accordance with Section 98.075, Florida Statutes and the outlined procedures for removal. Learn more about felon voting rights after Amendment 4 here: Civil Rights and Clemency in Florida.
Our registration totals are reviewed monthly by precinct, precinct split, district and party for any anomalies. It is normal to see a spike in registration numbers or party changes before an election. We review and analyze this data, then compare to the Department of State totals after the registration deadline passes.
Many people who move to Florida do not cancel their registration in their previous state. Currently, not all states share voter registration data. Election integrity starts with eligible registered voters. Supervisors of Elections in Florida have been fighting for years, myself included, for legislation to allow Florida to join the Electronic Registration Information Center (ERIC) program and check for dual state registrations. The law was finally passed and our first dual state registration matching process began in June 2021. The ERIC program also identifies potentially ineligible citizens while also finding those who have recently moved here but have not yet registered to vote. I’m serving on the ERIC Implementation Committee to help ensure we receive accurate cross-state voter registration information compatible with our local county systems, so we can actually use it to improve Florida’s voter registration rolls.
We thoroughly test each component of the voting system before each election. Every oval position in every race is tested to ensure the voting equipment is reading ballots accurately. The equipment is further tested to ensure the ballots are read in every orientation and that an over-voted ballot is rejected by the tabulator to give the voter the opportunity to review their choices. Thousands of test ballots from each vote type, source (mail, ballot on-demand, early voting, Election Day) and ballot style are counted on each piece equipment as part of our rigorous testing procedures to ensure the tabulators are functioning correctly. Our testing procedures in Flagler County are above and beyond the state requirements and our equipment and procedures testing period may last for several months.
We also test the upload to the elections management server to ensure the cumulative results produced are the same as the predetermined totals on each individual tabulator. During a public meeting of the Canvassing Board, we perform the voting system’s Logic and Accuracy testing. The public is welcomed to come and witness the process first-hand and have an opportunity to ask questions.
The Elections Office was not designed with an emphasis on security. I imagine that’s because the world was a different place, back in 2004-2005. After our physical risk assessment from the Department of Homeland Security, it was recommended that we make improvements to the building to protect the equipment and sensitive information. All the firewalls in the world won’t help if anyone can access the vote tabulation server because there’s no door and there are no access controls in place. I presented these needs to the County Commission and requested funding in 2019.
Our tabulation area is now enclosed, with physical access restrictions and video surveillance. We installed glass barriers across our front counter to protect sensitive documents and ballots within reach of the public. This is now dual purpose because of the COVID pandemic, while other offices rushed to install Plexiglas barriers, we didn’t need them. We also have more video cameras and locks on doors to implement access controls and monitoring for different ballot storage areas in the office. Our office drop box was previously installed through a window in our early voting area. After the DHS physical risk assessment, our drop box was moved outside of the building, at the entrance of the office.
The physical networking has been re-organized so that now all ports are easily identified and those which are not in use are disconnected. We installed jack locks on all the unused Ethernet ports in the entire office and lobby. We implemented custody controls for each piece of our voting system equipment with an asset management system, additional physical locks, and tamper-evident seals.
Ballot reconciliation and custody controls are essential yet often unmentioned aspects of elections administration. Our rigorous ballot reconciliation procedures compare the number of ballots to voters throughout the process. All voting methods are reconciled in a similar fashion: mail ballots, those cast during early voting and Election Day. Our procedures also require that precinct totals be reconciled with composite results to confirm they equal the totals for each precinct and vote type. This is the final reconciliation that happens on Election Day, after all precincts are fully reported.
Mail ballots are reconciled daily. When a mail ballot is received, it is date stamped and sorted by precinct. In order for a mail ballot to be counted, the signature on the returned voter’s certificate must match the signature on file. Each of the thousands of mail ballot envelope signatures are reviewed by trained Elections Office staff, which takes many hours. In the 2020 General Election, we personally reviewed and matched over 31,000 voter signatures. If there is a difference, the ballot is escalated for review by two other staff members. A voter whose ballot signature is missing or does not match is contacted by mail, phone and/or email immediately and instructed to complete an affidavit. They must provide photo ID to “cure” the signature difference. If the ballot return envelope is not signed, the ballot cannot be counted unless the same affidavit and ID are provided.
Mail ballots returned each day are added to the cumulative total. The totals received for each precinct are reconciled before staff leaves for the day. They are stored in our fireproof vault, which is under video surveillance and our security procedures require two-person control to enter. The ballots are stored there in precinct order until they are opened and counted during a public meeting of the Canvassing Board.
Can the ballots be copied?
Someone recently asked me about the possibility of someone making copies of the ballots and mailing them to the office. Our mail ballots cannot be simply photocopied. In a General election, they are either 8.5×17″ or 8.5×19″ which is not standard letter or legal size paper available at Staples or Office Depot. The paper stock is custom for our high-speed scanners, not the typical 20lb copy paper. Even if someone were to acquire the correct size paper somehow, the copy could not be skewed or low-quality. Even our printing in-house is done with precision settings because the encoding marks must be printed on the paper within a specific threshold in order to be read by our scanners. I don’t believe there’s a copier machine which could recreate our ballot accurately. In fact, our opening teams are trained to look for photocopies (and more than one ballot in an envelope). Yes, this happens. For whatever reason, we receive one or two copies per election. They’re easy to identify because they are the wrong size, often skewed, low-quality and much lighter than the official ballots. Even if the opening teams did not notice it, any copy paper or skewed ballot will not scan. Our tabulation team and the Canvassing Board members are observing this entire process. We don’t tabulate mail ballots in a dark alley behind the office. All of this is done in a public meeting of the Canvassing Board.
The photocopy scenario also does not take into account the legal requirement for a voter’s identity to be verified. In order to vote by mail, a citizen must be registered to vote and provide ID at the time of registering. If no ID is provided, the voter must return a copy of their ID along with their balloting materials and complete an affidavit. In order for a mail ballot to be counted, the signature on the returned voter’s certificate must match the signature on file. Each one of the thousands of mail ballot envelope signatures are reviewed by trained Elections Office staff, a process which takes many hours. In the most recent election, we reviewed over 16,000 signatures. If there is a difference, the ballot is escalated for review by two other staff members. A voter whose ballot signature is missing or does not match is contacted by mail, phone and/or email immediately and instructed to complete an affidavit. They must provide photo ID to “cure” the signature difference. If the ballot return envelope is not signed, the ballot cannot be counted unless the same affidavit and ID are provided. Back to reconcilliation…
Ballot reconciliation occurs several times each day during in-person voting, comparing the number of voters checked in to the number of ballots distributed to the number of votes cast on the tabulator. During early voting, we use ballot-on-demand (BOD) printers. I prefer on-demand ballot printers because they are accurate and economical, saving money and unused overstock. The ballots are only printed as they are needed. The physical voted ballots are returned to the office by Elections Office Staff after the close of every early voting day. The following day, the early voting ballots are sorted by location by precinct so they can be compared to the overall voter check-in by location. The voted ballots are stored inside a locked metal cage in our warehouse, which is under video surveillance and again, our security procedures require two-person control to enter.
On Election Day, we order pre-printed ballots, and therefore these reconciliation procedures include comparing the votes cast versus the number of blank ballots remaining. Our precinct clerks are required to reconcile their totals every hour during the day. Election Day ballots’ final reconciliation is performed after the precinct machine totals are confirmed on Election Night. The Department of State requires a reconciliation report following each countywide election.
We audit every election in Flagler County. One race and one precinct are selected randomly by the Canvassing Board, and the paper ballots for the selected precinct and race are counted by hand. The purpose of the audit is to ensure the ballots match the tabulation totals. The precinct-level results are not released until after the Manual Audit has been completed, so the counting team does not know the precinct results. The tabulation totals are compared to the hand-counted totals for each candidate and each race for every vote type and ballot style. In the past 12 years, every audit has been 100% accurate.
The truth is there are so many layers of security that it becomes not only difficult to explain but challenging for someone to understand without basic knowledge of elections administration and technology. It is also difficult to balance enough explanation to promote understanding without giving away the keys to the castle. Our network security is where things really get interesting. When I started working in this office 12 years ago, we did not have a dedicated IT staff person. Our IT needs were outsourced and serviced by a retired IT professional in Volusia county. Back in those days, office staff members used to keep passwords written on sticky notes or in a Rolodex on their desks. To say that our network and cybersecurity have been improved could be the understatement of the year. I cannot detail the hardware, software versions, settings, and components of our IT systems, but I can provide a list of improvements since 2015. Many of these improvements were made based on our Department of Homeland Security risk assessments, cybersecurity training, and the Joint Election Security Initiative with the Department of State.
NETWORK SECURITY IMPROVEMENTS SINCE 2015:
- All new, state-of-the-art voting system components
(tabulators, data and comm servers, software, high-speed ballot scanners, electronic poll books)
- All new, state-of-the-art office server components
(data servers, software, hardware)
- Backup recovery systems both offsite and onsite
- Zero tunnel private network for results reporting
- Active directory / GPO analysis and updates
- Network user-based directory access permissions
- Vulnerability scanning, weekly third-party scanning of our external IP’s
- Two-factor authentication (2FA) methods for all systems and accounts which support it
- Firewall settings updates including whitelisting, port scanning
- Updated network switches
- SQL server updates
- DMARC email authentication protocols
(Domain-based Message Authentication, Reporting & Conformance)
- Intrusion Prevention System (IPS) and Intrusion Detection System (IDS)
- A segregated computer for checking inbound email attachments
- Complete IT asset inventory, including ports, drives, hardware, software
- Log scanning, encryption and storage
- IT Incident Response Plan
- Acceptable use and information security policies for staff
- Staff training, so much training: phishing awareness, cyber best practices, IT certifications, FBI/DHS tabletop exercises and more.
In preparation for 2022, we are working on a backup connection to the state Voter Registration System (FVRS), installing RFID for auditable access controls to sensitive areas in the office and plan to complete our implementation of the CIS (Center for Internet Security) controls.
Media Release: Kaiti Lenhart, MFCEP
Supervisor of Elections
Phone: (386) 313-4170
Email: Contact Form