New study on election security evaluates potential vulnerabilities in widely used Precinct Count Optical Scanners
Embargoed for release until December 8, 2025
For media Inquiries regarding the study, please contact Natalie Judd or Emma Scott
Washington, D.C., December 8, 2025 – About 70% of Americans voted in person in the 2024 presidential election, their ballots counted by machines called Precinct Count Optical Scanners (PCOS). Researchers at Towson University have systematically analyzed thousands of ways that PCOS machines could have process or security vulnerabilities – with the goal of helping local officials identify and mitigate those risks. Their work will be presented at the annual meeting of the Society for Risk Analysis, held Dec. 7-10 in Washington, D.C.
“In-person voting is more complex than mail voting, and that means there are more points in the process where things can go wrong,” says Natalie M. Scala, Ph.D., professor in the College of Business and Economics and co-director of the Empowering Secure Elections Lab at Towson University. Her team built custom software to map out the “what-if” PCOS threat scenarios. Their Threat Modeling Analysis Tool visualizes and evaluates over 70,000 unique vulnerability pathways during the PCOS voting process – including the setup, voting, and teardown phases. (For example, a flowchart shows how an unauthorized change could occur within a local device.)
“Our model highlights each possible path in a scenario, so we can see weak spots and understand where extra protection would make the greatest impact,” says Scala. “Seeing all those routes mapped out showed us how important it is to secure every link in the process – not just the machines themselves.”
A sensitivity analysis allowed the researchers to see which security issues could have the biggest effect on the integrity of the election process. “This helps local election officials focus their time and resources on the fixes that matter most,” says Scala.
The study showed that some of the most influential security issues are:
The study showed that small procedural gaps can have large consequences. “It’s not always about software or code,” Scala explains. “Sometimes it’s about missing paperwork or incomplete chain-of-custody documentation. Our work showed that tightening those everyday details greatly improves overall election security.”
The team is also developing an interactive version of the model that lets election officials explore “what-if” scenarios in their own voting processes—showing how even small procedural improvements can strengthen overall security. They’ve also begun a new phase of research that looks at how total election risk changes when different mitigations are added into the process. That work will help identify which safeguards have the biggest impact, and where resources make the most difference.
“The long-term goal is to turn this research into something practical that election officials can use to visualize, measure, and manage risk before it becomes a problem,” says Scala.
###
EDITORS NOTE:
This research will be presented on December 9 at 8:30 EST at the Society for Risk Analysis (SRA) Annual Conference at the Downtown Westin Hotel in Washington, D.C. SRA Annual Conference welcomes press attendance. Please contact Emma Scott at emma@bigvoicecomm.com to register.
About Society for Risk Analysis
The Society for Risk Analysis (SRA) is a multidisciplinary, global organization dedicated to advancing the science and practice of risk analysis. Founded in 1980, SRA brings together researchers, practitioners, and policymakers from diverse fields including engineering, public health, environmental science, economics, and decision theory. The Society fosters collaboration and communication on risk assessment, management, and communication to inform decision-making and protect public well-being. SRA supports a wide range of scholarly activities, publications, and conferences. Learn more at sra.org.
Media Contact:
Emma Scott
Media Relations Specialist
Emma@bigvoicecomm.com
(740)632-0965
