2023 Legislature — Southern Utahns for Transparency

Utah’s 2023 Legislature

Did they make elections MORE secure or LESS secure?

Utah legislators passed about a dozen election bills in their 2023 General Session. Will these new laws improve our elections? It’s doubtful, and it looks like some of the new laws actually make things worse.

Here’s the problem: contests like our U.S. Senate & House races are high-value targets outside our county, outside our state, and outside our nation. Cyber and national-security experts continue to warn that we are vulnerable to outside interference through tabulator manipulation and ballot-stuffing. Since these are our two biggest-scale susceptibilities, we’d expect Utah legislators to focus on these two areas, right?

…Wrong. Not one bill passed this year will end vulnerabilities to tabulator manipulation or ballot-stuffing. In fact, not one bill passed this year even set up any standards to meaningfully check for tabulator manipulation or ballot-stuffing. Worse yet, some bills actually make our elections even less secure. Here are the bills, with links, and comments on specific sections:

SB0017 (utah.gov) —Voter Residency

This bill actually introduces MORE vulnerabilities into our elections. Here are a few:

--Problem 1: Lines #322-457 weaken Utah oversea voters laws (which were already very loose): No notarization or authentication is required, and those who live overseas were given more time to apply to vote here: they can now register electronically all the way up until the day before the election, in which case, they can vote electronically a full day after the election ends. With no authentication of these electronic votes (coming in AFTER the election is over), what assurance do we have that all these internet votes are legitimate?

--Problem 2: Lines #50-52 now reduces voter residency requirements to mere “intent”: a voter living outside Utah or outside America need only intend to return, and they can still vote in Utah indefinitely (and this new law now states that their actions can even be completely inconsistent with an intent to return).

--Problem 3: Line #240 now allows a foreign US citizen with a ‘domestic partner’ in Utah to vote, even if the foreigner has “never established a principal place of residence in the US”. Does this make our elections more secure, or less?

--Problem 4: Line #159 requires Utah to now accept registrations and ballots from “a location without a structure”. If an empty lot now qualifies as a “principal place of residence”, how will auditors or canvassers verify if mail-in votes from these lots are legitimate homeless voters? This new loophole increases ballot stuffing vulnerabilities.

HB0269 (utah.gov) —Election Audits

An election audit is much-needed in Utah, but this bill falls so short in many ways:

--Problem 1: Line #14 excludes audit provisions for both municipal elections and presidential primaries—why no audits for these elections?

--Problem 2: Line #116 gives auditors very little time to perform audits. Even with “evidence that raises a substantial doubt regarding the accuracy” of a general election, state deadlines require auditors to cover the entire state in just a few weeks between Thanksgiving and Christmas

--Problem 3: Contrary to Line #16, this bill outlines no audit standards whatsoever. Why would legislators unwisely omit these critical decisions?

--Problem 4: Lines #194-198 of this bill do not even require an audit: it makes audits optional. Instead, it requires only a survey (with no standards outlined); an audit “may” be done, but is not required, and depends on “the opinion of the office”—again, with no standards outlined.

--Problem 5: Line #9 of this bill does NOT give election audit authority to third-party independent auditors, which is desperately needed. Instead, sole responsibility was given to the State’s OLAG, and this is insufficient, especially considering the problems in their 12/2022 Audit1. Here are just three “whitewash” examples:

• Page 1 of the OLAG’s misleading report claims they “found no evidence of…widespread errors”, and this summary was quoted in the press releases. But it’s false: their report contains 80 pages of errors, including page 25, for example, which exposes “a mismatch between ballots counted and voter credit assigned in 22 counties”. If election counts are off in 22 of 29 counties, isn’t that “evidence of widespread error”?

• Or what about page 17, which “found that 8% of all voter records [reviewed] contained mismatching information”? Isn’t this “evidence of widespread error”?

• Also page 1 of the OLAG’s report misleads by claiming “no evidence of… significant fraud”, but the truth is that they were completely unable to check for fraud: page 51 finally exposed the fact that our “post election audit…lacks the ability to validate election results”. It’s impossible to find fraud when you haven’t checked for it for over 15 years.

Why no mention of these critical failures in the OLAG’s summary? It’s misleading. Why would the public trust this group to be the sole statewide auditor of our elections? We need INDEPENDENT evaluations, as was called for in a much better bill (HB155); but unfortunately, HB155 failed to get a hearing in Utah’s state senate.

HB0448 (utah.gov) —Election Changes

This bill creates multiple problems:

--Problem 1: Line #1865 makes it illegal for the public to see dropbox videos to check for ballot stuffing, and puts limits on officials too. Doesn’t this make our elections less secure; not more?

--Problem 2: Lines #1157 and 1266 reduce the standard for vote-by-mail (VBM) signature review, and say the signature comparisons only need to be “reasonably consistent” (First, this is an unacceptable standard for signature matching. Second, VBM signature review is a sham2. Third, this standard fails to address the problem of impossibly perfect matches (forgeries) created mechanically.)

--Problem 3: Line #1391 sets the sample size for signature review audits during ballot processing at only 1%. This is low, and doesn’t bother checking for statistical significance.

--Problem 4: Lines #543, 983, 1262, 1339, etc. set NO meaningful standards for post-election audits, signature review audits, chain of custody rules, reconciliation requirements, etc. Instead, legislators unwisely deferred these critical decisions to the LG’s Office. This is problematic since the LG’s Office has had faulty standards in place since at least 2006. From the OLAG report1, here are just three examples of how the LG’s Office has failed us:

• Page 51 finally exposed the fact that our “post-election audit…lacks the ability to validate election results”, and this has been the case for at least 15 years.

• Page 39 finds “that Utah’s guidelines and standards for signature verification are” the worst of any state conducting vote-by-mail elections: worse than California, Washington, Oregon, Nevada, and more.

• Page 20 finds that “the LG’s Office is not following up …to ensure that county clerks remove the names of deceased voters from the rolls”.

Given these failings, plus 80 more pages of errors in the OLAG report, why wouldn’t legislators create meaningful election standards themselves, instead of deferring to the LG’s Office, which has been deficient for over a decade?

HB0545 (utah.gov) (*and SB0127 (utah.gov) ) --Cybersecurity Modifications

Both of these cybersecurity bills cover generic statewide issues, but will hopefully cover election cybersecurity too. Here are some ironies, however:

--Irony #1: Lines #62 (*and #154/#175) attempt to provide cyber help after it’s too late: the deadline to merely CONSIDER (or identify funding for) statewide cyber-security practices comes AFTER Utah’s critical 2024 Primary Election is already over.

--Irony #2: Lines #101 (*and #147) recommend using cyber guidance from CISA; but ironically, this is the Federal Government’s own Cybersecurity Agency which was hacked for about a year without their knowledge during the 2020 SolarWinds Breach.

--Irony #3: Line #105 admits that we need to begin “shifting away from a paradigm of trusted networks, toward …a presumption of compromise”. Yes, we must presume compromise: the Joint Staff of the Dept of Defense spends about $10 billion per year on cyber-security, and they still can’t protect their own networks from compromise. It’s ludicrous to presume that any local county can. That’s why much of Europe and many nations have already returned to hand-counted elections, and we should too.

HB0069 (utah.gov) —Election Modifications

Utah’s “voter registration audit” was already weak, requiring checks on only 0.0002 of active voters per year. (This equates to only about 21 voters in our county). Lines #882-900 of this bill weaken these audits even more by drastically reducing frequency: Audits that were done 4 times every 2 years will now be done just 1 time every 2 years.

HB0303 (utah.gov) —Election Records

The best parts of this bill were deleted prior to passage. Problems like the following were left intact:

--Problem 1: voters classified as “private” before 5/12/20 were changed by the state to “hidden/withheld” voters without their consent, which was wrong, and line #64 of this bill further codifies this error in state law. It also makes our elections less secure since nearly 50% of all voters cannot be verified by the public, making them susceptible to voter identity-theft.

--Problem 2: Line #54 sets very loose standards for hidden ‘withheld’ voters: they require no verification, and are never re-checked (for example, practically any 18-yr old girl qualifies as ‘likely’ to be a victim of dating violence (or, she will be a roommate of someone who is likely), and the state keeps these registrants with a hidden voter status for life making them publicly non-auditable and susceptible to voter identity-theft)

--Problem 3: Line #59 is similar: hidden voter standards are loose, with no verification, and no re checking (for example, who qualifies as a “public figure” and why is withheld status in place for life for these, and anyone they once resided with? And what about those who no longer work for law enforcement or the armed forces, including anyone they ever resided with? By default, the state keeps all these registrants with a hidden status for life, making them publicly non-auditable and susceptible to voter identity-theft.)

HB0347 (utah.gov) ---Ballot Drop Box Amendments

This bill created an alarming disparity. Comparing Lines #57/64 to their counterparts in Lines #43/66, you’ll find that this amendment makes it a felony to remove a drop-box, even if it’s empty, and even when it’s not an election season. By comparison, it is only a misdemeanor to “fraudulently interfere with an election by willfully tampering with” election returns. This disparity is completely unacceptable.

HB0037 (utah.gov) —Voter Signature Verification

This bill repeats problems of bills already covered above:

--Problem 1: Line #181 weakens the standard set for vote-by-mail (VBM) signature review, saying the signature comparisons only need to be “reasonably consistent” (First: this standard is unacceptable. Second: VBM signature review is a sham2. Third: this standard fails to address the problem of impossibly perfect matches (forgeries) created mechanically.)

--Problem 2: Line #303 set no criteria for signature review. Instead, this bill leaves it up to the Lt. Governor’s (LG) Office. (First: the LG’s Office is not a reliable source of election standards--audits of the LG’s Office have found multiple deficiencies1. Second: p. 39 of the audit1 showed Utah’s LG Office to have the worst signature standards of any other state in our nation. Third: VBM signature review is a sham2)

HB0365 (utah.gov) —Voter Affiliation

NOT APPLICABLE: this bill covers political party affiliations and does nothing to address our two biggest susceptibilities to outside election interference; namely, vulnerabilities to either tabulator manipulation or ballot-stuffing.

SB0063 (utah.gov) —Candidate Replacement

NOT APPLICABLE: this bill covers candidate vacancies and does nothing to address our two biggest susceptibilities to outside election interference; namely, vulnerabilities to either tabulator manipulation or ballot-stuffing.

Conclusion

In summary, Utah’s 2023 Legislature passed several bad bills that make our elections even less secure, as outlined above. A few minor election problems were fixed, but other fixes may or may not materialize since legislators didn’t set important standards themselves-- instead they unwisely deferred these critical decisions to state groups who have proven to be unreliable.

Further, Utah’s 2023 Legislature did not pass anything to end current vulnerabilities to either tabulator manipulation or ballot-stuffing. …Nor did legislators pass any standards to meaningfully check for either tabulator manipulation or ballot-stuffing. The only bills that came close to this were HB155 and SB189, and unfortunately, neither of these bills ever got a hearing in Utah’s state senate.

In conclusion: Utah’s 2023 Legislative Session was NOT a win for election integrity.

Footnotes:

1 Utah’s 12/13/22 Election Review (Office of Legislative Auditor General): 2022-17_RPT.pdf (utleg.gov)

2 Here’s what national-security expert Col. Shawn Smith* said about “signature review” in Washington County on 3/7/23:

“It’s a sham… The companies doing the automatic signature verification, or providing the tools for that, have no oversight whatsoever: no certification, no standards, no post-election auditing, nothing. Then the election judges themselves that are being asked to verify signatures are given a tiny little amount of time, no instrumentation… If you go look in the phone book right now, find a questioned document examiner to sit on a witness stand, and testify whether or not a signature is authentic, you need someone who has a minimum probably of a Bachelors Degree, six months of experience before they get certified and accredited professionally, they have a mentor in the field, they have a track record, and they will use forensic instruments like a light table and microscopic capabilities under different lighting sources, they’ll use an electro-static discharge table to see if it was a real pen that made the indents, they’ll be able to measure 17 different indices of whether that’s an authentic signature: stroke, weight, pressure, direction, velocity of the movement, how the paper tears… They do all of that.

What do we give citizen election judges? About 4-10 seconds and something that is not magnified, and often isn’t even a color image or a high-resolution image. It’s impossible. It’s a sham.”

*Shawn Smith is a national security expert and a retired Air Force colonel with over 25 years active duty in space and missile operations. He has two Masters degrees, including one in National Security Affairs from the Naval Postgraduate School, and has held Top Secret security clearance since 1992, and has been cleared for Sensitive Compartmented Information since 1996. During his service, Smith was responsible for testing and testing oversight for some of the nation’s most complex computer-based national security systems. He was a U.S. Air Force Fellow to the RAND Corporation, a squadron commander, and the Senior Military Evaluator for Space, Intelligence, Surveillance, and Reconnaissance Systems for the Director of Operational Test & Evaluation under the Office of the Secretary of Defense.

For a PDF of the information above, click here Utah’s 2023 Legislature
(Note that the links are active above, but not in the PDF)