Election security has moved beyond abstract warnings and into a phase of practical innovation. Over the last three years jurisdictions that treat procedures and people as part of the tech stack have made measurable gains. We need to double down on those gains, and we need to be honest about what still looks like unproven promise dressed as progress.

Risk limiting audits are the most concrete, field-proven innovation to scale. These audits provide a statistically based check that the paper record actually supports the reported outcome. States and counties that run RLAs do not have to rely on faith in a vendor or a single machine to demonstrate accuracy. In 2024 and through 2025 multiple states ran successful statewide RLAs and many more continue with county or pilot programs, showing the method is operational at scale. Expanding RLAs should be a top priority for election offices and funders alike because they deliver verifiable assurance without changing how most voters cast ballots.

Open-source audit and election tools are not just ideological playthings. They are practical tools that increase transparency and reduce single-vendor lock in. Arlo, the open-source auditing platform from VotingWorks, has been adopted by multiple states and jurisdictions to administer RLAs and to make audit processes reproducible and transparent. When software that runs audits is open, security researchers and election officials can independently inspect assumptions, reproduce results, and improve procedures. Jurisdictions should evaluate open-source audit tooling as an option alongside commercial tools, rather than reflexively defaulting to closed-source offerings.

End-to-end verifiable cryptographic techniques are an important research and pilot track, but they are not a turnkey solution for the next national election. Projects such as ElectionGuard and a long lineage of E2E-V research show how cryptography can give mathematically checkable evidence that votes were included in tallies. These systems are promising for increasing auditability and voter-level verification, but they also introduce complexity in operations and explanation. The sensible path for most jurisdictions is incremental: use E2E-V techniques to harden in-person, supervised voting pilots first and keep internet voting experiments strictly limited and well controlled. Large scale or remote internet voting without robust E2E protections remains a significant risk.

Cryptographic research continues to yield new designs that could be operationalized in the medium term. For example, 2025 research has proposed variants that promise tallied-as-cast guarantees without exposing votes, innovations that could be layered onto existing systems rather than replacing them outright. These advances deserve careful attention from election engineers, but they also require extra scrutiny for voter privacy, usability, and operational fit before broad adoption.

While we focus on audits and verification, do not lose sight of the basics that make those techniques effective. Paper ballots and voter-verifiable paper records remain the anchor of trustworthy elections. If you cannot produce a reliable paper trail, you cannot audit. That is why policies that mandate paper ballots for tabulation and require robust ballot chain-of-custody practices are still the single most important control. Tools that improve manifest accuracy and that cryptographically or procedurally bind batch totals to physical containers reduce the risk that an audit cannot find the right ballots when it needs to. Examples from states that publish full batch manifests and make audit artifacts available for public review have proven useful for external validation and research.

Operational innovations matter as much as algorithmic ones. Real election security gains come from better training, documented procedures, and automation that reduces human error in high-risk steps. A recurring theme in post-audit reports is that most discrepancies are caused by procedural mistakes, not by cryptographic failures. Automating evidence collection, standardizing chain-of-custody labels, and using reproducible, open audit scripts materially reduce error rates and improve public confidence. Arming local officials with tested playbooks and interoperable tooling is low hanging fruit with immediate returns.

Information sharing and federal support are indispensable for scaled, resilient election security. Federal programs and no-cost services that provided threat intelligence, tabletop exercises, and vulnerability scanning have historically filled capability gaps in smaller, rural jurisdictions. Interruptions or rollbacks to these coordination mechanisms reduce the national baseline for preparedness. Where federal capacity is reduced, states and regional consortia must backfill services quickly and transparently, and funders should prioritize resources for under-resourced counties.

Misinformation and narrative attacks are now part of the threat model. Technical verification is necessary but not sufficient. Clear, early, and public communications from election officials paired with accessible technical artifacts help inoculate the public against false claims. Joint guidance from federal partners on how to communicate security measures and audit outcomes is a useful tool for election offices to deploy.

A short checklist for jurisdictions that want to translate innovations into real improvements:

  • Treat RLAs as core infrastructure. Budget for them, train staff, and publish results and artifacts in machine readable form.
  • Evaluate open-source audit tooling like Arlo and consider hybrid deployments where a jurisdiction can self-host or use a trusted third party.
  • Pilot E2E verifiable components in supervised, in-person environments first. Keep remote voting pilots small, monitored, and subject to independent verification.
  • Standardize ballot manifests and chain-of-custody procedures. Use cryptographic hashing of exported artifacts where practical so external researchers can verify published data corresponds to what was counted.
  • Preserve and rebuild information sharing and no-cost federal services that help smaller jurisdictions. If federal support is paused, create regional alternatives and fund them.
  • Invest in communications. Publish plain language explanations of what audits do, what they do not do, and how voters can confirm reporting.

Technology is a force multiplier for election security when it reduces uncertainty and increases verifiability. When it is used to obscure processes or knit together complex, nontransparent stacks it increases risk. The innovations that deserve our support in 2025 are those that deliver independent, inspectable checks on outcomes, reduce human error through better tools and training, and make it practical for local election officials to execute defensible audits. Those are the investments that buy public confidence without pretending that security is a single product that can be purchased off the shelf.

If you want to move forward, start with audits and open tools, keep paper ballots at the center, and do the hard work of funding the people and procedures that make the math meaningful.