We validate our attack against a corpus of over 180,000 ballot images fromthe 2018 election in Clackamas County, Oregon, and find that UnclearBallot canmove marks on 34% of the ballots while leaving no visible anomalies. We alsotest our attack’s flexibility using six widely used styles of paper ballots, and itsrobustness to invalid votes using an established taxonomy of voter marks. As aproof-of-concept, we implement the attack in the form of a malicious Windowsscanner driver, which we test using a commercial-off-the-shelf scanner certifiedfor use in elections by the U.S. Election Assistance Commission.UnclearBallot illustrates that post-election audits in traditional voting systemsmust involve rigorous examination ofphysical ballots, rather than ballot images,if they are to provide a strong security guarantee. Without an examinationof the physical evidence, it will be difficult if not impossible to assure thatcomputer-based tampering has not occurred.