The States With the Worst Election Security

Certainly there are vulnerabilities in the country's election systems. It's relatively easy to hack voting machines. Personal information can be purchased to alter voter registrations in as many as 35 states, according to one Harvard study. Disinformation campaigns by other countries can confuse voters and manipulate public opinion.

Much of our democracy depends on eliminating these security issues in our voting system.

All 50 states have taken at least some steps to provide more election security, according to the Center for American Progress. Many have gotten help from the Department of Homeland Security or the National Guard to assess and identify some of the potential threats.

This list is based on a 2018 report by the Center for American Progress, an independent nonpartisan policy institute that seeks to improve life in America by developing new policy ideas, challenging the media to cover critical issues, and shape the national debate.

To grade each state's level of election security preparedness, CAP awarded points based on a state's adherence to a set of best practices included within each category. Categories include: minimum cybersecurity for voter registration systems, voter-verified paper audit trail, post-election audits, ballot accounting and reconciliation, paper absentee ballots, voting machine certification requirements, and pre-election logic and accuracy testing. The number of points in a category are translated as "good," "fair," "unsatisfactory" and "mixed."

These are the states with the worst election security:

Florida
Florida

The States With the Worst Election Security

Florida

Grade: F*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Unsatisfactory
  • Pre-election logic and accuracy testing: Fair

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: KMH Photovideo / Shutterstock

Indiana
Indiana

Indiana

Grade: F*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Unsatisfactory

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

Arkansas
Arkansas

Arkansas

Grade: F/D*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

Kansas
Kansas

Kansas

Grade: F/D*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

Tennessee
Tennessee

Tennessee

Grade: F/D*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Unsatisfactory

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: f11photo / Shutterstock

Arizona
Arizona

Arizona

Grade: D

  • Minimum cybersecurity for voter registration systems: Mixed
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Delaware
Delaware

Delaware

Grade: D

  • Minimum cybersecurity for voter registration systems: Good
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Georgia
Georgia

Georgia

Grade: D

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Kentucky
Kentucky

Kentucky

Grade: D

  • Minimum cybersecurity for voter registration systems: Good
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Louisiana
Louisiana

Louisiana

Grade: D

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Mississippi
Mississippi

Mississippi

Grade: D

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: iStock

Missouri
Missouri

Missouri

Grade: D*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Fair
  • Post-election audits: Mixed
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

New Jersey
New Jersey

New Jersey

Grade: D

  • Minimum cybersecurity for voter registration systems: Good
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Unsatisfactory
  • Pre-election logic and accuracy testing: Fair

Photo: Splask/Shutterstock

Pennsylvania
Pennsylvania

Pennsylvania

Grade: D

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

South Carolina
South Carolina

South Carolina

Grade: D

  • Minimum cybersecurity for voter registration systems: Good
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Texas
Texas

Texas

Grade: D

  • Minimum cybersecurity for voter registration systems: Mixed
  • Voter-verified paper audit trail: Unsatisfactory
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Rudy Mareel / Shutterstock

Hawaii
Hawaii

Hawaii

Grade: D/C*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Fair
  • Post-election audits: Fair
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Unsatisfactory

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

Alabama
Alabama

Alabama

Grade: C

  • Minimum cybersecurity for voter registration systems: Good
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: JNix / Shutterstock

California
California

California

Grade: C

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Fair
  • Post-election audits: Mixed
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Joseph Sohm / Shutterstock

Idaho
Idaho

Idaho

Grade: C

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Illinois
Illinois

Illinois

Grade: C

  • Minimum cybersecurity for voter registration systems: Mixed
  • Voter-verified paper audit trail: Fair
  • Post-election audits: Fair
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Joseph Sohm / Shutterstock

Iowa
Iowa

Iowa

Grade: C*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Nagel Photography / Shutterstock

Maine
Maine

Maine

Grade: C

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Massachusetts
Massachusetts

Massachusetts

Grade: C

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Michigan
Michigan

Michigan

Grade: C

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Nagel Photography / Shutterstock

Montana
Montana

Montana

Grade: C

  • Minimum cybersecurity for voter registration systems: Fair
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Nebraska
Nebraska

Nebraska

Grade: C

  • Minimum cybersecurity for voter registration systems: Good
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

Nevada
Nevada

Nevada

Grade: C

  • Minimum cybersecurity for voter registration systems: Mixed
  • Voter-verified paper audit trail: Fair
  • Post-election audits: Fair
  • Ballot accounting and reconciliation: Unsatisfactory
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Photo: Shutterstock

New Hampshire
New Hampshire

New Hampshire

Grade: C*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Fair
  • Voting machine certification requirements: Unsatisfactory
  • Pre-election logic and accuracy testing: Fair

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

North Dakota
North Dakota

North Dakota

Grade: C*

  • Minimum cybersecurity for voter registration systems: Incomplete
  • Voter-verified paper audit trail: Good
  • Post-election audits: Unsatisfactory
  • Ballot accounting and reconciliation: Fair
  • Paper absentee ballots: Unsatisfactory
  • Voting machine certification requirements: Fair
  • Pre-election logic and accuracy testing: Fair

Nine other states also got an overall grade of C: Oklahoma, South Dakota, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.

Ohio had a grade of C/B*

Eleven states earned a B: Alaska, Colorado, Connecticut, Washington, D.C., Maryland, Minnesota, New Mexico, New York, North Carolina, Oregon, and Rhode Island.

No state received an A.

Visit the Center for American Progress to see the report and detailed methodology.

*The state either failed to share some information regarding minimum cybersecurity practices, refused to share information citing legal or security reasons, or declined to participate in the research.

Photo: Shutterstock

Advertisement