Election Fact Check: Could someone mail in fake ballots?
Matt Blaze @mattblaze on Twitter is the McDevitt Chair of Computer Science and Law, focusing on interdisciplinary research and teaching that bridges computer science and law/public policy. And he shared a great series of tweets on May 7, 2021 explaining why altering an election via forged ballots is unlikely to succeed and would be easily detected.
The "bamboo ballots" being looked for with Junior-CSI UV lights in AZ are an obvious, and particularly silly, hoax, but it's worth understanding why altering an election via forged mail-in ballots is unlikely to succeed (and easily detected without fancy flashlights).
Mail-in ballot forms aren't security sensitive; some jurisdictions (including military and overseas voters) allow you to print your own before mailing it in. The protections against fraud occur when the ballot is received and processed, not because the forms are hard to forge.
Mail-in ballots generally have the voter's name, signature, etc on an outer envelope. The first step in processing a received ballot is to check that it came from a registered voter, and then, importantly, note that their ballot was received so they can't vote a second time.
At that point, the ballot is separated from the enclosing ID info and sent for tallying. There are two frauds that someone might try here. One is that a corrupt official might try to bypass this and slip in extra ballots. Another is that someone might mail in forged ballots.
But either of these would be detected quickly. Let's start with the corrupt insider. If extra ballots are slipped in for tallying, the number of ballots scanned wouldn't match the number of ballots received and processed. Such a discrepancy would be apparent immediately.
What about an outsider mailing in a large number of fake ballots? To get them past the initial processing, they'd have to each identify a unique registered voter. But the attacker has a problem: they have no way of knowing which real voters will return real ballots.
So the attacker would have to hope that none of the voters they forge ballots for actually tries to vote. At any kind of scale, they'll guess wrong a significant fraction of the time. And that will be very quickly noticed as duplicate ballots start being rejected.
Duplicate ballots from the same voter are extremely unusual and are an indication of something going very wrong. Multiple occurrences would raise very loud alarms and would be detected immediately, well before election day.
"If it’s easily detectable yet we see no indication that it happened, we can be confident it didn’t."
There are other safeguards, too. But it isn’t necessary to get into them, because the mechanisms I described are sufficient to give us confidence in elections that have already occurred in which none of the obvious discrepancies were present.