Voting by mail: a Markov chain model for managing the security risks of election systems

TL;DR

This paper develops a Markov chain model to quantitatively assess the security risks of vote-by-mail systems, incorporating threats, mitigations, and dynamic risk factors, validated through a Milwaukee case study.

Contribution

It introduces a novel layered network and discrete-time Markov chain framework for dynamic risk assessment of vote-by-mail processes, considering both malicious and non-malicious threats.

Findings

Ballot drop boxes and notification systems significantly reduce attack surface.

The model effectively evaluates security measures against hypothetical attack scenarios.

Dynamic risk assessment captures evolving threats over time.

Abstract

The scrutiny surrounding vote-by-mail (VBM) in the United States has increased in recent years, highlighting the need for a rigorous quantitative framework to evaluate the resilience of the absentee voting infrastructure. This paper addresses these issues by introducing a dynamic mathematical modeling framework for performing a risk assessment of VBM processes. We introduce a discrete-time Markov chain (DTMC) to model the VBM process and assess election performance and risk with a novel layered network approach that considers the interplay between VBM processes, malicious and non-malicious threats, and security mitigations. The time-inhomogeneous DTMC framework captures dynamic risks and evaluates performance over time. The DTMC model accounts for a spectrum of outcomes, from unintended voter errors to sophisticated, targeted attacks, representing a significant advancement in the risk assessment of VBM planning and protection. A case study based on real-world data from Milwaukee County, Wisconsin, is used to evaluate the DTMC model. The analysis includes hypothetical worst-case attack scenarios to stress-test VBM processes and to assess the efficacy of security measures and the impact of different attack timings. The analysis suggests that ballot drop boxes and automatic ballot notification systems are crucial for reducing the attack surface to ensure secure and reliable operations.