A Swiss Cheese argument for election integrity

I’ve served as an election inspector for two years in the municipality that is adjacent to my township of residence. I’ve compiled this post because I keep encountering propaganda insinuating our election results can’t be trusted.
It will always be possible to look at individual steps of the election facilitation process in isolation and insinuate weaknesses, but viewed in aggregate our elections are extremely resilient to vote tampering or count manipulations. The image I want you to hold in your mind as I make my case is to picture a thick stack of delicious Swiss cheese.
First, a comment on why to take me seriously when I claim our elections are secure. If you have questions about how elections work in the U.S. it’s a worthwhile exercise to track down incisive journalism or materials from election facilitators seeking to educate the public on the redundancies built into our election infrastructure. I am neither a scholar or journalist but I am an election inspector. I speak as someone who has sat at the registration tables, handled the tabulation machinery, set up the portable privacy booths, handed ballots to voters, helped process absentee ballots, and facilitated the opening and closing of a polling location.
My Swiss cheese example isn’t completely original and is a commonly understood analogy from risk management and accident causation. The Swiss cheese model is an apt analogy for any human designed system that operates within a complex array of interacting dynamics. Distributing, collecting, counting, and certifying ballots qualifies as such a complex system.
What I see in the election-integrity-denialist commentary is analogous to a presenter walking into a lecture where a pile of Swiss cheese slices sits on a waist-high stool. The presenter then precedes to pick up each slice of cheese individually and wax eloquently about the variety of holes present in each slice. A responsible and good-faith stakeholder seeking to educate the general public on election integrity would start and end such a presentation by emphasizing the effectiveness of the slices at blocking a pass-through when stacked together instead of drawing attention to each individual slice and then tossing it into the audience.
A foundational deterrent
A further dynamic associated with election fraud I think is worth highlighting before digging into more granular details is that as a criminal enterprise, election fraud is a high risk for low rewards proposition for conspirators. “But Nic, what could be a more sweet and appealing reward than phenomenal political power” you may be thinking in retort. To which I would reply that voting is a fundamentally single-person driven endeavor. To systemically alter the outcome of an election for anything above a local (think municipality or county) level, conspirators would need to figure how to coordinate hundreds to thousands of ballot casters any one of whom could spill the beans when faced with the threat of significant prison time for voting fraudulently.
The more systems of obfuscation a conspiracy leader would erect to keep their full plans a secret would only lends itself to the individual fraudster thinking they are acting alone. Without knowing the full scope of the conspiracy individual fraudsters are being asked to take a significant personal risk for an unknowable or intentionally obfuscated reward. This dynamic scales with the importance of the elected position. Once you get to state or federal district level races and beyond the whole system has a built in speed governor. Manipulating election outcomes only get’s harder and harder to pull off the more prominent the position because you go from competing within a narrow geographic region over a handful of votes to compiling votes across a vast geographic area. *“It’s not the Election Day voting fraud that we should be concerned about its the absentee voting or the integrity of the final numbers” *might be your retort to my reply, and its here that we address the significance of cheese defense.
Let them eat cheese
The defenses against tampering of election results runs through the whole voting process from registration to certification.
Registration
To vote in Michigan you need to have an entry in the Qualified Voter File (QVF). This file is managed at the local level, something that is unique to Michigan and a handful of other states, which is contrary to how most election administration occurs which is at the county or state level. The QVF is cross-checked against the states ID database. You can’t just obtain a fake ID like an undergraduate trying to sneak into a bar and waltz into a voting booth, you have to have an entry in the QVF to vote.
You either register to vote in Michigan as someone who was born and lived their life in Michigan or arrived from another place. If you were born and raised here there is a record of who you are already through your birth certificate and school records (though school records are private due to FERPA). If you’re coming here from some other place when you register to vote you have to have a Michigan ID. You must show up and stand face to face with a government employee, legal documentation in hand, to obtain your Michigan ID. Michigan IDs are Real ID compliant meaning that they already follow Federal guidelines for ensuring verifiability of identification.1 Real ID is rolling out as people register for an ID for the first time or their state license comes up for renewal so there is currently a gap, but it’s a rapidly shrinking one and doesn’t negate other checks and balances.
Depending on the documentation you bring, different data sources are being checked to confirm you are who you say you are. If you are registering as a Michiganian your birth records are being checked. If you are registering from another state Federal databases and other state databases are being cross referenced. If you are showing up as a non-citizen for a drivers license Federal databases are being pinged.
I think that all of us have probably watched one too many spy movies where the protagonist carries around a bag of passports or other forms of identification. Fun for cinema, but in the United States to obtain your first ID at any level requires standing in front of another human, attesting under legal penalty that you are who you say you are, and going through the necessary checks and verifications to prove you are who you say you are. Perhaps an enterprising individual could spoof verification in a targeted set of databases to facilitate their obtaining of a fake state ID and illegitimate QVF entry, but this has to be done HUNDREDS TO THOUSANDS of times2 if you are going to successfully steal a congressional or executive branch seat. You may sneak small cohort of people through the first slice of cheese but they quickly run up against the next slice.
Voting
You can vote in person early or on Election Day, or you can vote absentee. For voting in person you will be asked to fill out a slip of paper called an ‘application to vote.’ If you cannot produce a photo ID you can sign a signature on the back of the ‘application to vote’ stating that you are who you say you are. This slip of paper is saved and passed along to the county level canvassing board. A flood of attestations at an individual precinct of this sort would absolutely tripper an audit. Your ‘application to vote’ information is cross-checked against your QVF entry. There are all sorts of flags in the QVF that would prompt additional follow up from election inspectors, such as a recent change in address, or a necessity for an additional confirmation of voting status, or a call to the clerk’s office for more information.
My point in explaining this process is that if you are seeking to show up and vote as a fraud conspirator you are really exposing yourself. Aside from the choices you select on the ballot itself (which remain strictly confidential) your presence at the polling site, the time of day at which you arrive, and what number in the voter sequence you were for the precinct are all logged.
If you vote absentee you requested to be added to an absentee voter list. Your QVF includes your documented signature. Any ballot that gets mailed in or placed in a drop box is first processed by the local clerk’s office. Importantly, this is where the QVF is updated to reflect that a ballot for this voter has been received. There is always a record of who sent in a ballot and when it was received and verified.
Signatures are checked against the QVF to verify the ballot is legitimately cast. “*This is a point of weakness, all you need is someone who can fake signatures and the ballots can be intercepted!” *you might remark. To which I would argue that it’s actually very difficult to fake signatures on a mass scale. Just consider the cases of a fraud inflected Muskegon voter registration drive or candidates disqualified while rushing to collect enough signatures to be added to the ballot. Those efforts failed because of signature discrepancies were identified before a conspirator even had a chance to cast a ballot. Absentee voter counting boards follow the same conventions as early or Election Day voting. Clerks seek to have a balance of poll workers (election inspectors) from the major parties, the process can be observed by the public and poll challengers, and strict procedures exist to ensure that the person processing the envelope that identifies the voter is separate from the person that processes the ballot so it can be inserted into a tabulator.
A clever conspirator might be able to identify a method by which they could slip through the checks and balances on Election Day or connected to an absentee ballot, but once again, I would emphasize that to do so at scale is much more difficult. Even if they got through the registration cheese slice and now the voting cheese slice they move on to the next layer of cheese. This brings us to the next step in the process, counting votes.
Vote Counting
Every ballot that is cast in a Michigan election is traceable back to a paper ballot that is run through a tabulator. Ah yes, the dominion tabulators. It makes sense to me that this ends up being a point failure that gets a lot of scrutiny because this is really the only realistic place that a conspirator could hypothetically manipulate the election process in such a way that a candidate who wouldn’t have won is suddenly the winner. I could send you on a document hunt where you look up case files from the charges filed against 3 people who took tabulators and broke them down trying to find evidence of fraud (they failed to find any). I could also direct you to the Dominion and Fox News lawsuit that Fox ultimately decided to keep out of court. Suffice to say, any “serious” assertions that tabulators have already facilitated election fraud have crashed and burned. This is not to say that there aren’t potential vulnerabilities, but this is where the Swiss cheese strategy a reappearance!
Tabulators and the software used to calculate ballot choice counts are tested before elections occur at public gatherings. When tabulators are set up for operation they include sealed tags on their memory cards that document chain of custody and would help to identify any tampering. They also are NOT plugged into the internet while votes are being tabulated. Any changes are documented in the software logs themselves. Could someone gain access to an individual tabulator and tamper with the software? Possibly, but if they did it would be limited to a specific precinct and there would be the possibility to check for discrepancies between the ballots cast and the tabulator tally during the canvassing process.
Remember, all cast ballots are collected and sealed! A physical paper trail exists both from the ballots themselves AND a paper tape is generated by the tabulator and checked by all election inspectors at the precinct and at the county level canvass. To tamper with counts in such a way that they could be hidden from audits and canvassers would require manipulation beyond a single precinct machine and probably beyond a specific municipality. Conspirators might be able to sway a city or county level election in such a scheme but once you get to state wide or federal races the risk and complexity of such a conspiracy becomes difficult for me to believe that it could be done without someone being discovered.
A clear chain of custody is established once a ballot is cast. Tallied ballots are handled only when several election inspectors are present to observe the poll closing process. Clerks make every effort to ensure the presence of inspectors from both major parties. Ballots are sealed with tags so that if they are accessed later there is documentation about when, who, and why those seals were broken. The memory sticks used by the tabulator to process and produce a ballot count are sealed and secured in a similar fashion.
Any effort to manipulate counts after ballots have been cast would require breaking through layers of encryption and software redundancies, or would require interdicting materials that are sealed and remain under observation during their processing and transportation. This is a slice with very few holes and technical complexity making those holes difficult to locate and exploit. Even then, there is still another slice of cheese standing in the way of stealing an election.
Certification
For statewide offices a recount is automatically triggered when the gap between winner and loser is within 2000 votes. Candidates may also petition for a recount. Post-election audits or procedures, protocols, and random selections of cast ballots are conducted to further test the integrity of the election.
The canvassing process adds two additional steps for final certification of an election. A canvass occurs at all counties, and is then replicated again at the state level. ‘Unbalanced’ (meaning a discrepancy between ballots received and final counts) issues are handled during these processes. Candidates maintain legal avenues to petition or challenges these processes and ensure their integrity.
Conclusion
If you made it this far I commend your dedication. Too conclude, at every step of the process there are certainly means by which an extremely clever and dedicated conspirator could seek to manipulate election results on an individual or case-by-case basis. There are also cases of “manipulation” which end up being the result of incompetence or honest mistakes on the part of election facilitators. All such recent examples were rectified before certification. It is extremely rare for noncitizens to vote. To manipulate an election on the scale that would overturn a certified outcome requires getting holes to align on every slice of the Swiss cheese block that makes up the voting processes for Michigan citizens. To hide voter fraud from the regular checks and balances built into the voting system would require so many individuals to be involved that it would inevitably result in exposure, or a long sequence of human and administrative errors that would create an opportunity for an extremely talented and dedicated set of actors to exploit. Claims that such scenarios exist typically wither under legal and expert scrutiny.
Our elections face challenges, no doubt, but they are fundamentally secure. The decentralized nature of the process, particularly in Michigan, can certainly cause confusion for the general public but also acts as a counterbalance to fraud efforts. Further, the fact that the Federal government is currently so dedicated to seeking ways to centralize the voter verification process would only introduce fragility into the system. This, to me, is a tragedy of the election denial propaganda. Systems intentionally designed to be difficult to merge (and therefore easier to collectively manipulate) are now being slammed together to address a problem that does not exist at the scale it is claimed to exist. Having grown up in a conservative household if came from the future and told me that a group of Silicon Valley billionaires were working with the executive branch of the Federal government to smash together a bunch of different government databases holding sensitive private information and then combining them with privately collected data on individual citizens so they could surveil voters in real time, and then asked my household to guess the party affiliation of the administration I don’t think I they’d pick the “conservative” party.
I would encourage you to trust in the cheese. A lot of work and intention has gone into creating and stacking it together.
-
I don’t understand the emphasis in legislation like the SAVE act on insisting on U.S. citizenship documentation for registration or voting participation. Most states ++ALREADY++ require this simply to obtain a Real ID compliant state ID. ↩︎
-
For example, Elissa Slotkin, a Democrat beat her Republican rival for senator in Michigan in 2024 even though Donald J. Trump won the state vote for President. She won by a little over 19,000 votes. To ‘steal’ that election by casting fake ballots you’d need that many false ballots run through a tabulator. ↩︎





