Voting by mail: a Markov chain model for managing the security risks of election systems

The scrutiny surrounding vote-by-mail (VBM) in the United States has increased in recent years, raising concerns about the integrity and security of absentee voting. This paper addresses these issues by introducing a dynamic mathematical modeling framework for performing a risk assessment of VBM processes. We introduce a discrete-time Markov chain (DTMC) to model the VBM process and assess election performance and risk with a novel layered network approach that considers the interplay between VBM processes, malicious and non-malicious threats, and security mitigations. The time-inhomogeneous DTMC framework captures dynamic risks and evaluates performance over time. The DTMC model accounts for a spectrum of outcomes, from unintended voter errors to sophisticated, targeted attacks, representing a significant advancement in the risk assessment of VBM planning and protection. A case study based on real-world data from Milwaukee County, Wisconsin, is used to evaluate the DTMC model. The analysis includes the development of attack scenarios and the evaluation of security measures, to illustrate the impact of different attack timings. The analysis suggests that ballot drop boxes and automatic ballot notification systems are crucial for ensuring secure and reliable operations.