Election Security Separating Rumor from Reality

Election Security: Separating Rumor from Reality

Here is a Q&A that answers questions about spoofing the voter. The answers come from Chris Krebbs, CISA director.

Mis- and Disinformation can undermine public confidence in the electoral process, as well as in our democracy.  

A message from the CISA Director. This video is also available directly on YouTube


Reality: Election officials provide writing instruments that are approved for marking ballots to all in-person voters using hand-marked paper ballots.

Rumor: Poll workers gave specific writing instruments, such as Sharpies, only to specific voters to cause their ballots to be rejected.

Get the Facts: Election jurisdictions allow voters to mark ballots with varying types of writing instruments, based on state law and other considerations such as tabulation system requirements. Poll workers are required to provide approved writing devices to voters.  

Although felt-tip pens, like Sharpies, may bleed through ballots, some election officials have stated that ballot tabulation equipment in their jurisdictions can still read these ballots. Many jurisdictions even design their ballots with offset columns to prevent any potential bleed through from impacting the ability to easily scan both sides of ballots. 

If a ballot has issues that impact its ability to be scanned, it can be hand counted or duplicated, or adjudicated by election officials, who use defined procedures such as chain of custody to ensure protect ballot secrecy and integrity. Many states additionally have “voter intent” laws that allow for ballots to be counted even when issues such as bleed-throughs or stray marks are present, as long as the voter’s intent can still be determined.


Reality: Robust safeguards including canvassing and auditing procedures help ensure the accuracy of official election results.

Rumor: A bad actor could change election results without detection.

Get the Facts: The systems and processes used by election officials to tabulate votes and certify official results are protected by various safeguards that help ensure the accuracy of election results. These safeguards include measures that help ensure tabulation systems function as intended, protect against malicious software, and enable the identification and correction of any irregularities. 

Every state has voting system safeguards to ensure each ballot cast in the election can be correctly counted. State procedures often include testing and certification of voting systems, required auditable logs, and software checks, such as logic and accuracy tests, to ensure that ballots are properly counted before election results are made official. With these security measures, election officials can check to determine that devices are running the certified software and functioning properly.

Every state also has laws and processes to verify vote tallies before results are officially certified. State processes include robust chain-of-custody procedures, auditable logs, and canvass processes. The vast majority of votes cast in this election will be cast on paper ballots or using machines that produce a paper audit trail, which allow for tabulation audits  to be conducted from the paper record in the event any issues emerge with the voting system software, audit logs, or tabulation. These canvass and certification procedures are also generally conducted in the public eye, as political party representatives and other observers are typically allowed to be present, to add an additional layer of verification.

Reality: Election results reporting may occur more slowly than prior years. This does not indicate there is any problem with the counting process or results. Official results are not certified until all validly cast ballots have been counted, including ballots that are counted after election night.

Rumor: If results as reported on election night change over the ensuing days or weeks, the process is hacked or compromised, so I can’t trust the results.

Get the Facts: Elections will look different this year amidst the COVID-19 pandemic. Although ballot processing in some states may take longer than in past years due to increases in mail-in ballot usage and process adaptations to make voting safer during the pandemic, this does not impact the accuracy of the counting process. Election results reported on election night are always unofficial and are provided solely for voters’ convenience. In fact, no state requires that official results be certified on election night itself. Fluctuations in unofficial results reporting will occur during and after election night as more ballots are processed and counted, often including military and overseas ballots, and validated provisional ballots. Variations in state processes may also mean ballots cast through different methods (e.g., early in-person voting, mail-in voting, and election-day voting) are counted and unofficially reported in different orders. Official results are released after rigorous canvassing (verification) and certification by local and state election officials.

Reality: Provisional ballots are counted in every election regardless of result margins.

Rumor: Provisional ballots are only counted if there’s a close race.

Get the Facts: All provisional ballots are reviewed by election officials in every election regardless of result margins. Provisional ballots cast by individuals whose eligibility can be verified are counted. Additionally, election officials are required to provide individuals who cast provisional ballots written information regarding how they can determine whether their vote was counted and, if it was not counted, the reason for its rejection.

Reality: In some circumstances, elections officials are permitted to “duplicate” or otherwise further mark cast ballots to ensure they can be properly counted.

Rumor: Witnessing election officials marking ballots means that fraudulent voting is taking place.

Get the Facts: Some ballots cannot be read by a ballot scanner due to issues such as damage or misprinting. Some jurisdictions hand count such ballots, while others create duplicate ballots so they can be read by a ballot scanner. Some jurisdictions permit election officials to enhance markings on ballots that are too faint to scan following a process to adjudicate the voter’s intent based on state law. In jurisdictions where duplication of unscannable ballots is permitted, election officials duplicate the ballot precisely to ensure all the voter’s choices are transferred correctly to the new ballot. Both the original and duplicate ballot are labeled and logged so that the two ballots can be tracked and audited. Many jurisdictions require bipartisan teams of two or four personnel to complete this process and verify that votes are accurately transferred to duplicated ballots. The process is often open to public observation.

In some jurisdictions, ballot duplication is referred to as ballot remaking, ballot replication, or ballot transcription.

Reality: Election night results are not official results.

Rumor: If election night reporting sites experience an outage, vote counts will be lost or manipulated.

Get the Facts: Election night results are not official results. These sites may experience outages due to a variety of issues including too many people trying to view the site or cyberattacks. Such disruptions do not impact the integrity of votes or the official certified results. Election results made available on election night are always unofficial. Official results are rigorously canvassed (reviewed), and certified by local and state election officials. Most states have requirements for post-election audits as well.

Reality: A defaced or manipulated election night reporting webpage would not impact counting and certification of official results.

Rumor: If the election night reporting webpage is defaced or displays incorrect results, the integrity of the election is compromised.

Get the Facts: If a webpage has been defaced or is displaying incorrect results, it would not impact the integrity of votes or the official certified results. Election results made available on election night are always unofficial.

Reality: Malicious actors can use fake personas and impersonate real accounts.

Rumor: If a social media account claims an identity, the account must be run by that person or organization.

Get the Facts: Malicious actors often use fake personas and impersonate real accounts to trick the public into believing disinformation, including election-related disinformation.
Popular social media platforms such as Facebook, Instagram, Twitter, Snapchat, and others provide an indication, such as a checkmark that is either blue or grey, to indicate that an account is verified by the platform.  If an account claims to be a well-known person or official organization but is not verified, they may be an imposter.

There are multiple things to look for if you think an account is fake or spoofed. Is the account brand new? Do they create content or merely re-share? Do they have a coherent profile description and does it match what they are sharing? Do they have a real profile photo?  A best practice when looking for election-related information is to go to trusted sources, like your local election official.

If you find a suspicious social media post or account, consider reporting the activity to the platform so others don’t get duped. Most platforms have a “report” function built into posts, so it’s easy to report suspicious items, such as misinformation about election infrastructure. If an account is posting election disinformation, consider reporting to your state or local election official.

Reality: Cyber actors can "spoof" or forge email sender addresses to look like they come from someone else.

Rumor: I received an election-related email that looks like it came from a certain organization, so the organization must have sent it.

Get the Facts: Cyber actors can forge emails to look like they came from someone else. This common tactic is called email spoofing, where attackers send an email pretending to be from a specific domain or organization in an attempt to harvest personal data or spread malware. Such spoofed emails can also be used to disseminate false or inflammatory information. To send realistic-looking emails, cyber actors may forge the sender address to hide the origin of an email or set up spoofed domains that have a slightly different name from the real domain. Always be wary of out of the ordinary emails and look to trusted sources, such as the organization’s official website, in order to verify. Never provide personal information or download files from suspicious emails. If you receive a suspicious election-related email, consider reporting it to your local election official or local FBI field office.


Reality: Some voter registration data is publicly available.

Rumor: Someone possessing or posting voter registration data means voter registration databases have been hacked.

Get the Facts: Some voter registration information is public information and is available to political campaigns, researchers, and often members of the public, frequently for purchase. According to a recent FBI and CISA public alert, cyber actors may make false claims of “hacked” voter information to undermine confidence in U.S. democratic institutions.

Reality: Online voter registration websites can experience outages for non-malicious reasons.

Rumor: An online voter registration website experiences an outage and claims are made the election has been compromised.

Get the Facts: Outages in online voter registration systems occur for a variety of reasons, including configuration errors, hardware issues, natural disasters, communications infrastructure issues, and distributed denial of service (DDoS) attacks. As CISA and FBI warned in a recent public alert, a system outage does not necessarily mean the integrity of voter registration information or any other election system has been impacted. When an outage occurs, election officials work to verify the integrity of voter registration information.

Reality: A compromise of a state or local government system does not necessarily mean election infrastructure or the integrity of your vote has been compromised.

Rumor: If state or local jurisdiction information technology (IT) has been compromised, the election results cannot be trusted.

Get the Facts: Hacks of state and local IT systems should not be minimized; however, a compromise of state or local IT systems does not mean those systems are election-related. Even if an election-related system is compromised, a compromise of a system does not necessarily mean the integrity of the vote has been affected. Election officials have multiple safeguards and contingencies in place, including provisional ballots or backup paper poll books that limit the impact from a cyber incident with minimal disruption to voting.  Additionally, having an auditable paper record ensures that the vote count can be verified and validated.

Reality: Malicious actors can fake manipulation of voter registration data to spread disinformation.

Rumor: Videos, images or emails suggesting voter registration information is being manipulated means voters will not be able to vote.

Get the Facts: Claims are easy to fake and can be used for disinformation purposes. If voter registration data were to be manipulated, states have several safeguards in place to enable voters to vote, including offline backups of registration data, provisional ballots, and in several states, same-day registration.

Reality: Safeguards are in place to prevent home-printed or photocopied mail-in ballots from being counted.

Rumor: A malicious actor can easily defraud an election by printing and sending in extra mail-in ballots.

Get the Facts: This is false. Committing fraud through photocopied or home-printed ballots would be highly difficult to do successfully. This is because each local election office has security measures in place to detect such malicious activity. While the specific measures vary, in accordance with state and local election laws and practices, such security measures include signature matching, information checks, barcodes, watermarks, and precise paper weights.

Reality: Safeguards are in place to protect against fraudulent voting using the Federal Write-In Absentee Ballot (FWAB).

Rumor: A malicious actor can easily defraud an election using the Federal Write-In Absentee Ballot (FWAB).

Get the Facts: Changing an election using fraudulently submitted FWABs would be highly difficult to do. This is because election offices have security measures in place to detect such activity.
The FWAB is primarily used as a backup ballot for military and overseas voters who requested but did not yet receive their absentee ballot. FWAB users must provide their signature and meet varying state voter registration and absentee ballot request requirements, which can include provision of full or partial social security number, state identification number, proof of identification, and/or witness signature.
Since only military and overseas voters are eligible to use the FWAB, relatively few of them are submitted each election. In 2016, states reported that only 23,291 total FWABs were submitted nationwide, with all but six states receiving less than 1,000 FWABs statewide. Since use is relatively rare, spikes in FWAB usage would be detected as anomalous.


Reality: Voters are protected by state and federal law from threats or intimidation at the polls, including from election observers.

Rumor: Observers in the polling place are permitted to intimidate voters, campaign, and interfere with voting.

Get the Facts: While most states have a process to permit a limited number of credentialed or registered observers at in-person voting locations to observe the voting process, state and federal laws offer voters general protection from threats and intimidation, including from observers. States use varying terms for observers, including “poll watchers,” “challengers,” and “poll agents.” In general, observers are prohibited from violating ballot secrecy, campaigning, collecting private voter information, and obstructing or interfering with the voting process. Observers in some states may report potential issues to election officials, such as questioned eligibility of a voter, suspicious behavior, or suspected rule violations. Intimidation or threatening behavior is never permissible.

Under certain circumstances, the U.S. Department of Justice (DOJ) Civil Rights Division may monitor polling place procedures for the protection of voters under federal voting rights laws. International observers, including delegations from the Organization for Security and Cooperation in Europe or the Organization for American States, who have been invited by the U.S. Department of State, may also observe in-person voting processes in some states.

If you feel that you’ve been a victim of, or witnessed, voter intimidation or threats, please report the experience to the DOJ Civil Rights Division’s Voting Section by phone 800-253-3931 or through its complaint portal at https://civilrights.justice.gov/. If you experience an emergency, please call 911.

Reality: Safeguards are in place to protect ballot secrecy.

Rumor: Someone is claiming to know who I voted for.

Get the Facts: Ballot secrecy is guaranteed by law in all states. Election officials implement various safeguards to protect voters’ choices from being viewable or knowable by others, including the election officials themselves. With few exceptions, these security measures ensure that individual ballots, once cast, cannot be traced back to the voters who cast them. For in-person voting, privacy measures include dividers between voting stations and requirements that poll workers maintain distance from voters while they are casting their ballots. For mail-in and provisional voting, election officials follow strict procedures to ensure ballot secrecy when ballots are retrieved from mail-in and provisional ballot envelopes. 

Ballot secrecy rights may be voluntarily waived by voters in certain circumstances, and waiver may be required in some of these, such as military and overseas voters that vote by fax or e-mail. 

While ballot choices are secret in almost all circumstances, a voter’s party affiliation and history of voting generally are not. Information contained in voter registration records, such as name, address, phone number, and political party affiliation (in states with party-based voter registration), is generally available to political parties and others. This data also regularly contains information on whether a voter voted in a particular election, but not their ballot choices. 

Reality: Polling place lookup sites can experience outages for non-malicious reasons.

Rumor: If polling place lookup sites experience an outage, election infrastructure must have been compromised.

Get the Facts: Polling place lookup sites, like all websites, may experience outages for a variety of reasons, impacting their availability to voters. Polling place lookup sites are not connected to infrastructure that counts votes and are typically segmented from infrastructure that enables voting, such as the voter registration database. Election officials will point potential voters to alternate tools and resources for this information in the event of an issue.


  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

Featured Cybersecurity


New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3