New U.S. guidelines ban network-connected voting systems, acknowledging vulnerability to attack

After years of warnings about state-sponsored hackers and the contentious end of the 2020 election, the federal commission that sets the standards for American voting machines has made a major change rather quietly: Going forward, vote systems cannot be connected to any digital networks, and wireless technology must be disabled too.

The Election Assistance Commission's Voluntary Voter System Guidelines 2.0 were released earlier this year without much fanfare and nominal media coverage, even though they were the first major revisions since 2015 and the first complete overhaul since VVSG 1.0 was issued 16 years ago.

The last guidelines from 2015 permitted connectivity to what was called "public telecommunications networks," provided that any data transmitted was encrypted and network-connected machines were able to "preserve the secrecy of voter ballot selections and prevent anyone from violating ballot privacy." Outside the guidelines, however, EAC urged election administrators and voting machine makers through certification reviews to avoid direct connections to the internet to have the best practices.

The new requirements provide a much more draconian ban on external access to the Internet or other computer networks, a security provision otherwise known as an "air gap." The commission specifically cited the potential threat posed by foreign adversaries to meddle in elections.