EAC Takes up New Security Standards for Election Machines
The Election Assistance Commission is delving into long-overdue upgrades to the technology that runs elections.
Heads up election technology researchers and tech nerds.
The Election Assistance Commission (EAC) Technical Guidelines Development Committee is taking up security standards for voting machines during a meeting today.
Live stream link to meeting is here:
https://www.youtube.com/channel/UCpN6i0g2rlF4ITWhwvBwwZw
Agenda and background are here:
https://www.eac.gov/events/2025/07/02/eac-technical-guidelines-development-committee-virtual-meeting
As EPEC Team has reported, election machines and equipment need a quantum leap forward in security features.
That’s the view expressed by a consensus of election integrity experts, as well as EPEC Team analysis after reviewing current standards that are applied to election systems in the United States, many of which are voluntary.
Right now, not one vendor currently operating in the United States is believed to be certified to the “VVSG 2.0” standard for securing election machines. Most are still being certified to the outdated “VVSG 1.1” standard.
The EAC’s technical committee is the vehicle for assisting states and vendors with voluntary security standards.
See the latest draft of the VVSG 2.1 guidelines here:
Requirements for the Voluntary Voting System Guidelines 2.1
Many of the draft’s changes to the older VVSG standards are designed to align with President Trump’s recent Executive Order on election integrity and securing election.
Changes based on the EO include the following:
1. Barcodes. The EO prohibits barcodes containing voter selections with the exception for supporting accessible voting for voters with disabilities. This is incorporated in VVSG 2.0, but the language has been clarified to make this more apparent in VVSG 2.1.
Specifically, the only systems capable of producing such barcodes are electronic systems that are required to meet the accessibility requirements in the VVSG, which also encompasses mandates to be ADA and Section 508 compliant to support accessible voting.
2. Voter-verifiable paper records. VVSG 2.0 allows for future systems to not use paper to incentivize the development of innovative systems. The requirements have been updated to require voter-verifiable paper records; this aligns with all currently known voting systems. A prohibition of paperless systems does not change the EAC’s ability to certify any existing system. This is an issue that can be revisited as new voting architectures are developed.
The draft document also addresses external network connections in voting machines, a critical security measure in need of modernization.
The working draft says:
“VVSG 2.10 does not permit devices or components using external network connections to be part of the voting system.”
The draft references “significant security concerns introduced when networked devices are … connected to the voting system. This connectivity provides an access path to the voting system through the Internet and thus an attack can be orchestrated from anywhere in the world (e.g., nation state attacks). The external network connection leaves the voting system vulnerable to attacks, regardless of whether the connection is only for a limited period or if it is continuously connected. These types of attacks include the following:
1. The loss of confidentiality and integrity of the voting system and election data through malware injection or eavesdropping.
2. The loss of availability to access data or perform election process (e.g., ransomware attack).
EPEC Team is following the technical committee’s progress and will have more in our next report. #
Read Prior Coverage:
