Redefining “No Evidence of a Breach” in Election Security

Authors

Yunsieg P. Kim, University of Missouri School of LawFollow

ORCID

https://orcid.org/0000-0001-6748-8838

Abstract

For legal purposes, we rightly understand the lack of evidence to mean a lack of existence. For example, many candidates in the 2022 elections baselessly claimed that the 2020 presidential election was stolen. But, absent evidence of systemic fraud, the law correctly determines that President Biden was duly elected. If the law entertained any outlandish assertion regardless of evidentiary support, accusers could peddle whatever claims they please, forcing the accused to disprove them. Similar to the legal understanding of “no evidence,” many appear to believe that no evidence of a security breach in our voting equipment indicates no breach. For example, in the run-up to the 2022 elections, Georgia’s Secretary of State Brad Raffensperger “spent months voicing skepticism that . . . a security breach ever occurred” in Coffee County’s voting machines, arguing that “[t]here’s no evidence of any of that” and therefore that “[i]t didn’t happen.”

A lack of evidence is rightly equivalent to a lack of existence, for legal purposes. But, for security purposes, no evidence of a breach does not necessarily mean no breach because security breaches can occur without the target’s knowledge. Indeed, the more competent the infiltrators are, the more likely they are to commit breaches undetected. The Allies taught the world this lesson in World War II, when they infiltrated the encrypted communications of the Axis powers without being exposed. To this day, it remains an axiomatic rule of cyber security practice that one should never interpret the lack of evidence of a security breach to mean no breach. Shortly after Raffensperger claimed that a breach did not happen because there was no evidence, it was revealed that voting machines in Coffee County had been breached.

This Article calls for a bifurcated understanding of “no evidence of a breach” in the context of elections. For election fraud claims, we should continue to take no evidence to mean no fraud. But for evaluating the security of our election infrastructure, officials and legal scholars must understand that a breach can still occur despite the lack of evidence of a breach. I argue that the widespread conflation of no evidence of a breach and no breach is a frequently overlooked obstacle to election security reform. If one interprets no evidence of a breach as no breach, both the public and the politicians who represent them can rationalize not spending money on updating voting equipment as long as there is no definitive evidence that it was breached. Persuading the public of the fact that security breaches can occur despite the lack of evidence, while also showing why no evidence must still be interpreted as no existence for legal purposes, is a critical challenge that scholars must meet in order to effect meaningful election security reform.

Recommended Citation

Yunsieg P. Kim, Redefining “No Evidence of a Breach” in Election Security, 76 SMU L. Rev. F. 131 (2023)