LANSING (AP) — New measures to bolster security for Michigan’s 2018 midterm elections were announced this month, but experts said they don’t address all past gripes with state procedures.

During this year’s May election and November general election, Michigan will hand-count ballots for all precincts selected in the post-election audit, secretary of state spokesman Fred Woodhams said.

The state currently uses paper ballots that are scanned through optical voting machines. Past elections’ audits required reviewing voting machine equipment as well as procedural compliance of poll workers, he said, but did not entail recounting paper ballots.

“We thought it would give Michigan residents more confidence in election results,” Woodhams said about the new ballot validation process. “Part of the reason why we created post-election audits is to ensure accountability.”

Woodhams said the state has also replaced all election equipment since the 2016 presidential race, paid for by $40 million in state and federal funds. Additionally, Michigan’s Department of Technology, Management and Budget added a dozen full-time cybersecurity staffers since the 2016 election, spokesman Caleb Buhs said.

The ramp-up follows national concern over reports of the Russian hacking efforts in 21 states during the 2016 presidential election. Michigan was not one of them.

But the reforms don’t fully reassure Alex Halderman, a professor of computer science and engineering at the University of Michigan. He noted that under Michigan procedure, post-election audits occur after the results are already certified, rendering the practice moot when it comes to disputing a race outcome.

“It severely limits the utility of an audit if you do it months after an election and creates more opportunity for pieces of paper to be lost or tampered with,” he said.

Halderman said Michigan must conduct “risk-limiting audits,” a model that scours the statistical sample of ballots based on the margin of victory. The practice — recently required by New Mexico, Colorado and Rhode Island — is endorsed by researchers.

Woodhams said post-election audits conducted by the Bureau of Elections and county clerks usually happen weeks or months after election night. After the November 2017 election, 164 precincts were audited, seven of which piloted the new ballot validation system, he said. This November, 300 of Michigan’s 4,800 precincts will be audited. The practice began in 2012 to ensure accountability, Woodhams said.

“Close elections head to recounts and that is the proper way to have losing candidates test results,” Woodhams said. “That is not done in post-election audits.”

Michigan election officials are monitoring Colorado, which inaugurated its audit procedure in November, Woodhams said. Because the process is new and Colorado allows voters to vote via mail, “we can’t simply take what they’re doing and adopt it here,” he said.

Another lingering concern of cybersecurity experts is that post-election audits are still optional under Michigan law, unlike in 32 other states. Secretary of State Ruth Johnson orders them on her own terms, but there is no guarantee this tradition would be upheld in the future.

Liz Kennedy, senior director of Democracy and Government Reform at the Center for American Progress, was one of the experts who graded Michigan with a “C” rating for election security last month. She said the paper ballots were a key reassurance, but the lack of a mandatory audit was troubling.

“With Michigan it really was their post auditing and ballot counting and reconciliation that moved them down,” she said. “This new ballot-tally program is an improvement, but there’s a lot of room to move toward the gold standard.”

In Michigan, recounts in statewide races are only prompted when the margin of victory is under 2,000 votes or when an aggrieved candidate raises enough money. Green Party candidate Jill Stein did the latter during the 2016 presidential election, spurring widespread confusion over voting irregularities found in over one-third of Detroit precincts.

Woodhams said the new ballot validation system is unrelated to the anomalies in Detroit, which he attributed to human error, not compromised voting machines. He also touted the state’s fleet of vote-counting machines, which are not connected to the internet.

“The people who talk about these machines being hacked have speculative theories,” Woodhams said. “Everyone in Michigan uses a paper ballot; tabulators are not connected to the internet.”

Democrats introduced a bill in 2017 requiring post-election audits, but it went nowhere.