Reports this week of Russian intrusions into U.S. election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology – and leave old-fashioned paper tallies behind – created new sets of vulnerabilities that have taken years to fix. “There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”
Top House Democrats are asking the FBI to investigate whether connections between Donald Trump’s campaign aides and Russian interests led to the cyberattacks at the Democratic National Committee and Democratic Congressional Campaign Committee. “We are writing to request that the FBI assess whether connections between Trump campaign officials and Russian interests may have contributed to these attacks in order to interfere with the U.S. presidential election,” the lawmakers wrote in a letter sent to FBI Director James Comey on Tuesday. The letter was signed by Rep. Elijah Cummings, D-Maryland, ranking member on the House Oversight and Government Reform Committee; Rep. John Conyers, D-Michigan, ranking member on the House Judiciary Committee; Rep. Eliot Engel, D-New York, ranking member on the House Foreign Affairs Committee; and Rep. Bennie Thompson, D-Mississippi, ranking member on the Homeland Security Committee.
Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned. The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitri Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks. Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.
One day after reports the FBI had warned states of potential hacks on their election systems, Director James Comey declined to address the bureau’s investigation, simply insisting he takes the matter “very seriously.” The FBI alert — sent Aug. 18 and revealed publicly on Monday — sparked fears that recent cyberattacks on voter databases in Illinois and Arizona were harbingers of a nationwide hacking assault on state voting systems, possibly linked to Russia. “It won’t surprise you that I’m not going to give an answer that touches on any particular matter we’re looking at,” Comey said Tuesday at a conference hosted by digital security firm Symantec.
State election officials are looking at an additional level of security after fears earlier this year that the voter database had been hacked. Matt Roberts, spokesman for the secretary of state’s office, said Monday the agency wants to implement “two-factor authentication” before anyone can get access to the list of registered voters. That would involve users providing more than just the sign-in name and password now required. The move follows what Roberts said was the FBI telling state officials nearly two months ago there was a “credible threat” that the database had been compromised. He said the state took the database offline and then examined it to see if any malware had been uploaded into it. “We were unable to find any of that,” Roberts said.
California: Measure phasing out neighborhood polling places goes to Jerry Brown | The Sacramento Bee
California is on the verge of sweeping changes to its election system intended to boost plummeting voter turnout. The state Senate on Monday sent a measure to Gov. Jerry Brown that would begin shifting California away from its network of neighborhood polling places to primarily mail ballots. Based on a model used in Colorado, Senate Bill 450 would authorize counties beginning in 2018 to conduct elections where every voter is mailed a ballot and drop-off locations are available up to four weeks ahead of time in lieu of polling places. Temporary “vote centers” would also be open starting 10 days before the election to register voters and accept ballots.
A CBS4 inquiry of a law professor, the Secretary of State, a Second Amendment attorney and Marion County election officials about the legality of guns in Indiana polling places led to blank stares, confusion, misdirection and legal head scratching. Over the course of four days earlier this month, Donald Trump challenged gun owners to do something about what he termed Hillary Clinton’s plans to, “essentially abolish the Second Amendment,” and also called on poll watchers to prevent what he’s predicting to be a “rigged” election. “I would really be hopeful that anyone trying to make a point about exercising their Second Amendment rights would do that in a respectful way that wouldn’t in any way interfere with anyone’s right to vote,” said Carmel attorney Guy Relford who won a landmark voting-while-armed lawsuit following the 2012 primary election.
A former legislative candidate is asking the Kansas Supreme Court to force a grand jury investigation of Secretary of State Kris Kobach. Steven X. Davis, a Lawrence Democrat, said Tuesday that he has asked the state’s highest court to require that the Douglas County District Court summon a grand jury. Davis said in a statement that the jury needs to investigate Kobach because of rumors that his office intentionally suppressed voter registration. Davis does say that his evidence is slim. By law, people in Kansas can call for a grand jury investigation by gathering a specific number of signatures. Six states, including Kansas, let citizens petition for a grand jury. Davis said he successfully gathered the signatures and submitted them in late July.
… Something else she never thought she’d be doing in 2016 was fighting to preserve the right to vote. Yet that’s exactly what she and dozens of other black activists have undertaken across the country, some for the second time in their lives, after a 2013 Supreme Court decision gutted a major provision of the Voting Rights Act. The elimination of that provision, which required nine states and many other localities with a history of racial discrimination to secure federal approval before changing election laws and procedures, sparked a series of measures across the country effectively restricting access to the polls with a disproportionate impact, once again, on black voters.
When a federal appeals court overturned much of North Carolina’s sweeping 2013 election law last month, saying it had been deliberately intended to discourage African-Americans from voting, something else was tossed out as well: the ground rules for this year’s elections in a critical swing state. In each of the state’s 100 counties, local elections boards scheduled new hearings and last week filed the last of their new election rules with the state. Now, critics are accusing some of the boards, all of which are controlled by Republicans, of staging an end run around a court ruling they are supposed to carry out. Like the law that was struck down, say voting rights advocacy groups and some Democrats who are contesting the rewritten election plans, many election plans have been intentionally written to suppress the black vote. “It is equal to voter suppression in its worst way,” said Courtney Patterson, the sole Democrat on the Lenoir County elections board.
North Carolina: Does same-day voter registration increase fraud risk? Experts disagree. | The Charlotte Observer
The N.C. Republican Party has urged GOP-led county elections boards this year to limit the hours of early voting, warning about the higher chances of voting fraud with same-day registration. The state party has cited data that shows people who use same-day registration are unable to be verified at a higher rate than people who use regular registration. But defenders of same-day registration say that doesn’t amount to attempted voter fraud. Most of the focus of the state’s 2013 voter law has been on the requirement for a photo ID, which Republicans said would prevent fraud and Democrats said would suppress minority voting. In July, a panel of the 4th Circuit Court of Appeals overturned the state’s voting law. Barring a reversal, there will be no photo ID needed in November, and same-day registration has been resurrected for early voting. On Aug. 21, N.C. GOP Executive Director Dallas Woodhouse tweeted, “Fraud Alert. In North Carolina Same day registration 8 TIMES more likely to be invalid after the vote has occurred and been counted.” Earlier this month, Woodhouse emailed GOP appointees to county elections boards to “make party line changes to early voting” by limiting the number of hours and keeping polling sites closed on Sundays.
Texas: Attorney General’s office questions state’s authority in maintaining voter lists | The Monitor
A representative from the Texas Attorney General’s office appeared her in court Monday to argue that the state should not be held responsible in the lawsuit by the American Civil Rights Union against the Starr County elections administrator. Assistant Attorney General Adam Bitter said the office was contacted by the ACRU about the case and proceeded to submit a brief arguing that, in this case, the state did not have the authority to ensure that Starr County maintain proper voter lists. However, U.S. District Judge Ricardo Hinojosa appeared confused as to why the attorney general’s office had gotten involved and said it was the Texas Secretary of State that should be held responsible. “I really don’t understand why you refuse to bring in the proper party,” Hinojosa told the attorneys representing the ACRU.
A legal battle over some of the state’s political districts still isn’t over. About half a decade ago, a group of Texas voters sued the state claiming the legislature’s 2011 redistricting maps discriminated against minorities. About two years ago, there was a trial, but since then nothing has happened. There are a lot of reasons for Texas’ political districts have been the subject of contention for a while. For one, some voting advocates say the state is divided in really partisan ways, and it’s made people less interested in voting here, says Grace Shimane with the League of Women Voters of Texas. “There is not as much competition in Texas as there are in other places,” Shimane explains. “And there isn’t much competition in races sometimes because of the way that the maps have been configured. It makes it so people are as though ‘What’s the point? My person never wins, I’m not going to try.’”
China: Candidates to face ‘follow-up action’ if they back Hong Kong independence, government warns | South China Morning Post
Candidates who advocate independence for Hong Kong on the campaign trail ahead of Sunday’s Legislative Council elections will face possible “follow-up actions”, the government warned on Tuesday. The heads-up came a day after a third Legco candidate, Kacee Wong Sum-yu, publicly declared her support for the idea of separating Hong Kong from China. The issue is at the centre of a fierce debate in the city, with the government warning that it violates the Basic Law while advocates counter that it is a mater of free speech. Voters go to the polls this weekend for the first full legislative elections since the 2014 Occupy protests in the name of democracy. “The government is concerned that … individual candidates have during the election period advocated or promoted the independence of the Hong Kong SAR,” an official spokesman said.
When Hong Kong goes to the polls on Sunday a new brand of politician pushing for a complete break from Beijing will be fighting for votes in a frustrated and divided city. It is the most important election since the mass “Umbrella Movement” pro-democracy rallies of 2014, which failed to win political reform despite huge numbers and a global spotlight. Since then, fears have grown that Beijing is tightening its grip in many areas of the semi-autonomous city — from politics to education and media. Some young activists now say there is only one choice: a declaration of independence from China. Many residents still dismiss the idea as a pipe dream, but the independence movement has gathered momentum as authorities in Hong Kong and Beijing rail against it.
Security forces fanned out across Gabon’s capital and residents stockpiled food on Tuesday as the central African country awaited results of a hotly contested presidential election. The most prominent opposition candidate, Jean Ping, was looking to defeat incumbent President Ali Bongo Ondimba and topple a family dynasty that stretches back to the 1960s. Bongo, 57, came to power after the death of his father, Omar Bongo, who ruled Gabon for more than 40 years. Ping, 73, has spent the three days since Saturday’s vote predicting victory and calling on Bongo to step down. Bongo’s camp, meanwhile, has said the president is sure to win.
Russia will hold elections to the State Duma, the lower house of the parliament, on Sept.18. For Russian citizens living in Ukraine, participating in next month’s parliamentary elections won’t be as easy as it was five year ago, when there were 17 voting stations scattered across the country, Meduza reports. This year, citing concerns about safety, Russia is only making four voting stations available to citizens. In 2011, roughly 23,000 Russians voted in Ukraine.
In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would hardly raise a blip on the cybersecurity community’s radar. But in this strange and digitally fraught election season, the breach of two state board of election websites not only merits an FBI warning—it might just rise to the level of an international incident. On Monday, an FBI alert surfaced warning state boards of election to take precautions against hackers after two election board websites were breached in recent months. According to Yahoo News, those breaches likely targeted Arizona and Illinois board of election sites, both of which admitted earlier this summer that they’d been hacked. Cybersecurity researchers are already speculating that the attacks link to Russia, pointing to the string of recent, likely Russian attacks that have hit the Democratic National Committee and the Clinton campaign. “Someone is trying to hack these databases, and they succeeded in exfiltrating data, which is significant in itself,” says Thomas Rid, a cybersecurity-focused professor in the War Studies department at King’s College of London and author of Rise of the Machines. “In the context of all the other attempts to interfere with this election, it’s a big deal.”
The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections. Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cyber security experts to scan for vulnerabilities, according to a “readout” of the call released by the department.
National: Harry Reid Cites Evidence of Russian Tampering in U.S. Vote, and Seeks F.B.I. Inquiry | The New York Times
The Senate minority leader, Harry Reid of Nevada, asked the F.B.I. on Monday to investigate evidence suggesting that Russia may try to manipulate voting results in November. In a letter to the F.B.I. director, James B. Comey Jr., Mr. Reid wrote that the threat of Russian interference “is more extensive than is widely known and may include the intent to falsify official election results.” Recent classified briefings from senior intelligence officials, Mr. Reid said in an interview, have left him fearful that President Vladimir V. Putin’s “goal is tampering with this election.” News reports on Monday said the F.B.I. warned state election officials several weeks ago that foreign hackers had exported voter registration data from computer systems in at least one state, and had pierced the systems of a second one. The bureau did not name the states, but Yahoo News, which first reported the confidential F.B.I. warning, said they were Arizona and Illinois. Matt Roberts, a spokesman for Arizona’s secretary of state, said the F.B.I. had told state officials that Russians were behind the Arizona attack.
The FBI says that computer hackers accessed, and in one case stole, voter registration files in two states, potentially compromising personal information and putting crucial election data at risk just three months before voters head to the polls. And if that weren’t unsettling enough, the techniques that the hackers used were neither sophisticated nor particularly hard to employ, proving that it’s not just high-end hackers from foreign governments, like the ones believed to be targeting U.S. political organizations, that elections officials need to worry about in the runup to November. “I don’t think anyone can assume that these vulnerabilities would be unique to these states,” Pamela Smith, the president of Verified Voting, a nonprofit group that advocates transparency and security in U.S. elections, told The Daily Beast. “This is a time when assuming is not the best thing to do.”
It’s 2016: What possible reason is there to vote on paper? When we use touchscreens to communicate, work, and shop, why can’t we use similar technology to vote? A handful of states, and many precincts in other states, have already made the switch to voting systems that are fully digital, leaving no paper trail at all. But this is despite the fact that computer-security experts think electronic voting is a very, very bad idea. For years, security researchers and academics have urged election officials to hold off on adopting electronic voting systems, worrying that they’re not nearly secure enough to reliably carry out their vital role in American democracy. Their claims have been backed up by repeated demonstrations of the systems’ fragility: When the District of Columbia tested an electronic voting system in 2010, a professor from the University of Michigan and his graduate students took it over from more than 500 miles away to show its weaknesses; with actual physical access to a voting machine, the same professor—Alex Halderman—swapped out its internals, turning it into a Pac Man console. Halderman showed that a hacker who has access to a machine before election day could modify its programming—and he did so without even leaving a mark on the machine’s tamper-evident seals. But it wouldn’t even take a full-fledged cyberattack on an electronic voting system to throw a wrench in a national election. Even the specter of the possibility that the American electoral system is anything but trustworthy provides ammunition to skeptics to call foul if an election doesn’t go their way.
Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state. The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week. It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County. … This spring, a DHS official cautioned that online voting is not yet secure. “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” said Neil Jenkins, an official in the department’s Office of Cybersecurity and Communications.
California: Election Officials on guard after cyber attacks on elections databases in two states | Los Angeles Times
California’s elections agency announced that there is no evidence that the state’s voter registration databases had been targeted by the foreign hackers who reportedly infiltrated elections systems in Arizona and Illinois. Yahoo News reported Monday that personal voter registration information for up to 200,000 people at the Illinois Board of Elections had been downloaded by foreign hackers. The FBI issued an alert early this month warning state elections officials about the data breach, according to the Yahoo report. A spokesman for California secretary of state said the agency, which oversees elections statewide, was aware of the cyber attack reports. “We have no evidence of any breaches or hacks of our system,” agency spokesman Sam Mahood said. Mahood declined to say whether any extra precautions are being taken, saying the agency does not disclose its security protocols. The secretary of state’s website has been down most of Monday but Mahood said that was not caused by a hack or breach. Unlike some other states, California counties have maintained their own databases of registered voters. However, the secretary of state’s office is in the process of centralizing voter registration information in a statewide VoteCal database, which is expected to be operational in September.
Sandra Abdoulaye wants to cast a vote in this year’s presidential election but wasn’t sure she was eligible to register, because she is homeless. On Friday, volunteers at the resource center run by the Colorado Coalition for the Homeless asked the 60-year-old a few questions, and soon, Abdoulaye was filling out the one-page form to register to vote, listing a shelter for both her home and her mailing address so the state can send her a ballot. “It was fast and easy,” Abdoulaye said. “I don’t know why anyone would refuse.” This year, some organizations and the Secretary of State’s office are targeting voter registration efforts at people who are homeless. In Colorado, voters have long been able to use any location — a shelter or a park — as a home address, as long as they also list a mailing address where they can receive ballots. Having an identification card isn’t a requirement to register.
Georgia: State That Exposed 6 Million Voters’ Private Data Says It Doesn’t Need Election Security Aid | ThinkProgress
Georgia’s aging, paperless voting machines have been called a “sitting duck” for hackers. Six million Georgia voters had reams of personal information exposed by a data breach in Republican Secretary of State Brian Kemp’s office earlier this year. Yet Kemp is refusing an offer from the Department of Homeland Security to help shore up the cyber-security of the state’s vulnerable voting machines. Instead, he accused the federal government of attempting to “subvert the Constitution to achieve the goal of federalizing elections under the guise of security.” He said the state is capable of handling its own election security, and opined a hack is “not probable at all.” Less than a year ago, Kemp’s office accidentally mailed out a dozen discs containing the private information of more than six million Georgia voters, including Social Security numbers, birth dates, and driver’s license numbers. At the time, Kemp told state lawmakers that while he is “no expert on data security,” he was confident that no information “made it out to the bad guys.” A year before that, tens of thousands of new voter registrations went missing from the state’s database — the vast majority of them belonging to low-income people of color.
Early voting schedules for the fall elections remain unresolved in at least one-quarter of North Carolina’s counties after a federal court ruling that struck down key portions of the state’s 2013 voter identification and ballot access law. The 4th U.S. Circuit Court of Appeals determined Republican legislators acted with discriminatory intent toward black voters when they approved several provisions, including one that reduced the number of early voting days from a maximum of 17 days to 10. Early in-person voting is popular in North Carolina, used by more than half of the people casting ballots in the 2012 presidential election, when it covered 17 days. Its use could make a difference Nov. 8. County boards of elections had approved 10-day plans for early voting sites and hours of operation. They had until late last week to give the State Board of Elections revised plans based on a schedule beginning Oct. 20 instead of Oct. 27.
Retired state judges and justices who experimented with drawing the state’s congressional districts without regard to voters’ party registration have produced a plan that creates a few districts where candidates of either party would have a chance to win. The redistricting simulation, a project of Duke University and Common Cause North Carolina, aims to show one way the state’s 13 congressional districts could look if drawn without political considerations. It includes six likely Republican districts, four likely Democratic districts, and three toss-ups, the sponsors said. The experiment produced results strikingly different from the districts legislators approved this year. Legislative Republicans drew the existing congressional map to elect 10 Republicans and 3 Democrats. No district is considered competitive. Common Cause is suing over the current congressional map, claiming that extreme partisan gerrymandering violates the Constitution.
The Virginia Supreme Court’s impressionistic reading of the state constitution, by which it conjured a provision absent from the actual text, has sent Gov. Terry McAuliffe (D) back to the drawing board in his effort to restore voting rights to tens of thousands of former convicts, who are disproportionately African American. The governor’s determination is commendable, both to reverse an essentially racist legacy of the commonwealth’s history and to ensure that future elections in the state are as broadly democratic as possible. Mr. McAuliffe is following in the footsteps of recent predecessors from both parties, who have regarded the permanent disenfranchisement of former convicts as an injustice. (Virginia is one of just a handful of states with such an onerous ban.) Those governors expanded the restoration of voting rights, taking advantage of explicit constitutional language that enables them to do so — a power that the document’s principal draftsman, University of Virginia law professor A.E. Dick Howard, said was virtually unlimited. Mr. McAuliffe is moving aggressively to further right a wrong that has deprived more than 200,000 Virginians from voting, in some cases for a half-century or longer after they paid their debt to society.
A federal appeals court on Friday offered what some described as a compromise over Wisconsin’s strict voter ID law. But a closer look suggests the new rules will still keep eligible voters from the polls, maintaining a barrier to voting in a crucial presidential swing state this fall. To voting rights advocates, the arrangement underscores more starkly than ever how voter ID laws are designed not to ensure the integrity of the election, as their backers claim, but to make voting harder for certain groups. The U.S. Court of Appeals for the 7th Circuit last week overturned a lower court’s ruling that had required Wisconsin to let people without acceptable ID cast a ballot if they signed an affidavit attesting to their identity. The appeals court said the affidavit option wasn’t necessary, because Wisconsin recently promised to make it very easy to get an ID at the DMV. Specifically, in a set of emergency rules issued in May amid litigation over the ID law, the state said it would mail a free temporary ID to anyone who comes to a DMV office to request one, showing whatever documentation they have. (Previously, many voters were required to show a birth certificate or other underlying documentation to get a voter ID). As long as the state keeps to that pledge and publicizes the new rule, there’s no need to soften the law, the appeals court unanimously concluded.