Colorado cites cybersecurity concerns in banning QR codes on ballots

Colorado on Monday became the first state in the U.S. to ban the use of QR codes on ballots, citing cybersecurity concerns associated with the use of these codes in tabulating votes.

Colorado Secretary of State Jena Griswold (D) noted in announcing the change that cybersecurity experts have raised concerns around the security of using the QR codes on ballots. 

{mosads}Griswold also cited findings by U.S. intelligence that Russian operatives attempted to interfere in the 2016 presidential election as a reason to enhance cybersecurity of elections. 

Currently, residents in Colorado make their choices on a ballot-marking device, which then prints a physical ballot that includes both a QR code embedded with the voter’s choices and a read-out for the voter to verify their choices. 

The votes are then tabulated by a machine that scans the QR codes, which officials say have the potential to be changed by hackers and be different than the votes cast.

Colorado will now require that votes only be counted based on human-verifiable information, specifically the marked ovals on the printed ballot, and not based on the counting of votes embedded in QR codes.

“I am proud that Colorado continues to lead the nation in election cybersecurity,” Griswold said in a statement. “Voters should have the utmost confidence that their vote will count. Removing QR codes from ballots will enable voters to see for themselves that their ballots are correct and helps guard against cyber meddling.”

Griswold added that “our adversaries are not standing still, and neither can we.”