Election Equipment Access Authority Failure Through Tamper-Evident Seal Bypass

State election codes mandate physical security measures for electronic voting equipment between elections, during storage, and at polling locations. These requirements include tamper-evident seals applied to equipment access panels, memory card compartments, and communication ports to detect unauthorized access that could compromise firmware or vote tallies. Election officials apply numbered seals after equipment certification, record serial numbers in chain-of-custody logs, and verify seal integrity before each election. The seals serve as the authoritative verification mechanism for determining whether unauthorized access occurred between certification and deployment.

The seal verification system operates under regulatory mandate—state election codes specify requirements, and the Election Assistance Commission's Voluntary Voting System Guidelines include physical security provisions. Certified equipment enters a custody chain spanning months between elections where physical seals become the primary access verification mechanism. During warehouse storage, transport to polling locations, and multi-day early voting, tamper-evident seals provide the only verifiable evidence that equipment has not been accessed by unauthorized individuals.

Beginning in 2006, security researchers at Argonne National Laboratory, Princeton University, and other institutions systematically evaluated the tamper-evident seals used on electronic voting equipment and demonstrated that commonly deployed seal types could be defeated without leaving detectable evidence of tampering. Researchers showed that adhesive tamper-evident labels—the most widely used seal type on voting machines—could be removed intact using readily available solvents, heat application, or careful mechanical techniques, then reapplied to the equipment with the same serial number visible and no detectable residue or damage indicating removal.

Wire seals and numbered plastic pull-tight seals used on equipment storage containers and transport cases proved similarly vulnerable. Researchers demonstrated techniques for opening wire seals without cutting the wire, removing and replacing pull-tight seals using simple tools, and in some cases fabricating replacement seals with matching serial numbers. The techniques required no specialized equipment—common household items including hair dryers, dental floss, solvents available at hardware stores, and basic hand tools were sufficient to defeat the seals used on voting equipment across multiple jurisdictions.

The tamper-evident seal system failed as an access verification mechanism because the seals' physical security properties were insufficient to prevent undetectable removal and replacement using low-cost techniques, and the visual inspection procedures used to verify seal integrity could not detect sophisticated tampering. The regulatory mandate requiring seals created an institutional assumption that sealed equipment was secure—but the seals themselves could not structurally enforce that assumption. Election officials, courts, and the public relied on seal integrity as evidence of equipment security without the seals possessing the physical properties necessary to provide that assurance.

The serial number logging system—the authoritative record for custody verification—was compromised because seal replacement techniques included number reproduction. When a tampered seal was replaced with a visually identical seal bearing the same serial number, the log comparison that constituted the verification procedure would show a match despite unauthorized access having occurred. The verification checked whether the observed number matched the recorded number, not whether the physical seal was the original seal applied during certification. The system of record captured a data point (the serial number) that could be reproduced independently of the seal's actual chain of custody.

Election security recommendations called for supplementing seals with additional layers including video surveillance of storage facilities, electronic access logging, and cryptographic hash verification of voting machine firmware before each election. Some jurisdictions implemented these measures. However, the EAC guidelines remained voluntary, and adoption varied substantially across approximately 8,000 election jurisdictions. Many continued relying primarily on tamper-evident seals without supplemental verification, constrained by budgets that could not accommodate surveillance or technical firmware verification.

Enhanced seal technologies were evaluated including seals with embedded electronic identifiers, holographic features, and chemical indicators providing detection beyond visual inspection. However, cost across millions of access points and the need for corresponding verification equipment limited adoption. Most jurisdictions continued using the same adhesive and wire seal types demonstrated to be defeatable.