In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would hardly raise a blip on the cybersecurity community’s radar. But in this strange and digitally fraught election season, the breach of two state board of election websites not only merits an FBI warning—it might just rise to the level of an international incident. On Monday, an FBI alert surfaced warning state boards of election to take precautions against hackers after two election board websites were breached in recent months. According to Yahoo News, those breaches likely targeted Arizona and Illinois board of election sites, both of which admitted earlier this summer that they’d been hacked. Cybersecurity researchers are already speculating that the attacks link to Russia, pointing to the string of recent, likely Russian attacks that have hit the Democratic National Committee and the Clinton campaign. “Someone is trying to hack these databases, and they succeeded in exfiltrating data, which is significant in itself,” says Thomas Rid, a cybersecurity-focused professor in the War Studies department at King’s College of London and author of Rise of the Machines. “In the context of all the other attempts to interfere with this election, it’s a big deal.”
The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections. Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cyber security experts to scan for vulnerabilities, according to a “readout” of the call released by the department.
National: Harry Reid Cites Evidence of Russian Tampering in U.S. Vote, and Seeks F.B.I. Inquiry | The New York Times
The Senate minority leader, Harry Reid of Nevada, asked the F.B.I. on Monday to investigate evidence suggesting that Russia may try to manipulate voting results in November. In a letter to the F.B.I. director, James B. Comey Jr., Mr. Reid wrote that the threat of Russian interference “is more extensive than is widely known and may include the intent to falsify official election results.” Recent classified briefings from senior intelligence officials, Mr. Reid said in an interview, have left him fearful that President Vladimir V. Putin’s “goal is tampering with this election.” News reports on Monday said the F.B.I. warned state election officials several weeks ago that foreign hackers had exported voter registration data from computer systems in at least one state, and had pierced the systems of a second one. The bureau did not name the states, but Yahoo News, which first reported the confidential F.B.I. warning, said they were Arizona and Illinois. Matt Roberts, a spokesman for Arizona’s secretary of state, said the F.B.I. had told state officials that Russians were behind the Arizona attack.
The FBI says that computer hackers accessed, and in one case stole, voter registration files in two states, potentially compromising personal information and putting crucial election data at risk just three months before voters head to the polls. And if that weren’t unsettling enough, the techniques that the hackers used were neither sophisticated nor particularly hard to employ, proving that it’s not just high-end hackers from foreign governments, like the ones believed to be targeting U.S. political organizations, that elections officials need to worry about in the runup to November. “I don’t think anyone can assume that these vulnerabilities would be unique to these states,” Pamela Smith, the president of Verified Voting, a nonprofit group that advocates transparency and security in U.S. elections, told The Daily Beast. “This is a time when assuming is not the best thing to do.”
It’s 2016: What possible reason is there to vote on paper? When we use touchscreens to communicate, work, and shop, why can’t we use similar technology to vote? A handful of states, and many precincts in other states, have already made the switch to voting systems that are fully digital, leaving no paper trail at all. But this is despite the fact that computer-security experts think electronic voting is a very, very bad idea. For years, security researchers and academics have urged election officials to hold off on adopting electronic voting systems, worrying that they’re not nearly secure enough to reliably carry out their vital role in American democracy. Their claims have been backed up by repeated demonstrations of the systems’ fragility: When the District of Columbia tested an electronic voting system in 2010, a professor from the University of Michigan and his graduate students took it over from more than 500 miles away to show its weaknesses; with actual physical access to a voting machine, the same professor—Alex Halderman—swapped out its internals, turning it into a Pac Man console. Halderman showed that a hacker who has access to a machine before election day could modify its programming—and he did so without even leaving a mark on the machine’s tamper-evident seals. But it wouldn’t even take a full-fledged cyberattack on an electronic voting system to throw a wrench in a national election. Even the specter of the possibility that the American electoral system is anything but trustworthy provides ammunition to skeptics to call foul if an election doesn’t go their way.
Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state. The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week. It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County. … This spring, a DHS official cautioned that online voting is not yet secure. “We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” said Neil Jenkins, an official in the department’s Office of Cybersecurity and Communications.
California: Election Officials on guard after cyber attacks on elections databases in two states | Los Angeles Times
California’s elections agency announced that there is no evidence that the state’s voter registration databases had been targeted by the foreign hackers who reportedly infiltrated elections systems in Arizona and Illinois. Yahoo News reported Monday that personal voter registration information for up to 200,000 people at the Illinois Board of Elections had been downloaded by foreign hackers. The FBI issued an alert early this month warning state elections officials about the data breach, according to the Yahoo report. A spokesman for California secretary of state said the agency, which oversees elections statewide, was aware of the cyber attack reports. “We have no evidence of any breaches or hacks of our system,” agency spokesman Sam Mahood said. Mahood declined to say whether any extra precautions are being taken, saying the agency does not disclose its security protocols. The secretary of state’s website has been down most of Monday but Mahood said that was not caused by a hack or breach. Unlike some other states, California counties have maintained their own databases of registered voters. However, the secretary of state’s office is in the process of centralizing voter registration information in a statewide VoteCal database, which is expected to be operational in September.
Sandra Abdoulaye wants to cast a vote in this year’s presidential election but wasn’t sure she was eligible to register, because she is homeless. On Friday, volunteers at the resource center run by the Colorado Coalition for the Homeless asked the 60-year-old a few questions, and soon, Abdoulaye was filling out the one-page form to register to vote, listing a shelter for both her home and her mailing address so the state can send her a ballot. “It was fast and easy,” Abdoulaye said. “I don’t know why anyone would refuse.” This year, some organizations and the Secretary of State’s office are targeting voter registration efforts at people who are homeless. In Colorado, voters have long been able to use any location — a shelter or a park — as a home address, as long as they also list a mailing address where they can receive ballots. Having an identification card isn’t a requirement to register.
Georgia: State That Exposed 6 Million Voters’ Private Data Says It Doesn’t Need Election Security Aid | ThinkProgress
Georgia’s aging, paperless voting machines have been called a “sitting duck” for hackers. Six million Georgia voters had reams of personal information exposed by a data breach in Republican Secretary of State Brian Kemp’s office earlier this year. Yet Kemp is refusing an offer from the Department of Homeland Security to help shore up the cyber-security of the state’s vulnerable voting machines. Instead, he accused the federal government of attempting to “subvert the Constitution to achieve the goal of federalizing elections under the guise of security.” He said the state is capable of handling its own election security, and opined a hack is “not probable at all.” Less than a year ago, Kemp’s office accidentally mailed out a dozen discs containing the private information of more than six million Georgia voters, including Social Security numbers, birth dates, and driver’s license numbers. At the time, Kemp told state lawmakers that while he is “no expert on data security,” he was confident that no information “made it out to the bad guys.” A year before that, tens of thousands of new voter registrations went missing from the state’s database — the vast majority of them belonging to low-income people of color.
Early voting schedules for the fall elections remain unresolved in at least one-quarter of North Carolina’s counties after a federal court ruling that struck down key portions of the state’s 2013 voter identification and ballot access law. The 4th U.S. Circuit Court of Appeals determined Republican legislators acted with discriminatory intent toward black voters when they approved several provisions, including one that reduced the number of early voting days from a maximum of 17 days to 10. Early in-person voting is popular in North Carolina, used by more than half of the people casting ballots in the 2012 presidential election, when it covered 17 days. Its use could make a difference Nov. 8. County boards of elections had approved 10-day plans for early voting sites and hours of operation. They had until late last week to give the State Board of Elections revised plans based on a schedule beginning Oct. 20 instead of Oct. 27.
Retired state judges and justices who experimented with drawing the state’s congressional districts without regard to voters’ party registration have produced a plan that creates a few districts where candidates of either party would have a chance to win. The redistricting simulation, a project of Duke University and Common Cause North Carolina, aims to show one way the state’s 13 congressional districts could look if drawn without political considerations. It includes six likely Republican districts, four likely Democratic districts, and three toss-ups, the sponsors said. The experiment produced results strikingly different from the districts legislators approved this year. Legislative Republicans drew the existing congressional map to elect 10 Republicans and 3 Democrats. No district is considered competitive. Common Cause is suing over the current congressional map, claiming that extreme partisan gerrymandering violates the Constitution.
The Virginia Supreme Court’s impressionistic reading of the state constitution, by which it conjured a provision absent from the actual text, has sent Gov. Terry McAuliffe (D) back to the drawing board in his effort to restore voting rights to tens of thousands of former convicts, who are disproportionately African American. The governor’s determination is commendable, both to reverse an essentially racist legacy of the commonwealth’s history and to ensure that future elections in the state are as broadly democratic as possible. Mr. McAuliffe is following in the footsteps of recent predecessors from both parties, who have regarded the permanent disenfranchisement of former convicts as an injustice. (Virginia is one of just a handful of states with such an onerous ban.) Those governors expanded the restoration of voting rights, taking advantage of explicit constitutional language that enables them to do so — a power that the document’s principal draftsman, University of Virginia law professor A.E. Dick Howard, said was virtually unlimited. Mr. McAuliffe is moving aggressively to further right a wrong that has deprived more than 200,000 Virginians from voting, in some cases for a half-century or longer after they paid their debt to society.
A federal appeals court on Friday offered what some described as a compromise over Wisconsin’s strict voter ID law. But a closer look suggests the new rules will still keep eligible voters from the polls, maintaining a barrier to voting in a crucial presidential swing state this fall. To voting rights advocates, the arrangement underscores more starkly than ever how voter ID laws are designed not to ensure the integrity of the election, as their backers claim, but to make voting harder for certain groups. The U.S. Court of Appeals for the 7th Circuit last week overturned a lower court’s ruling that had required Wisconsin to let people without acceptable ID cast a ballot if they signed an affidavit attesting to their identity. The appeals court said the affidavit option wasn’t necessary, because Wisconsin recently promised to make it very easy to get an ID at the DMV. Specifically, in a set of emergency rules issued in May amid litigation over the ID law, the state said it would mail a free temporary ID to anyone who comes to a DMV office to request one, showing whatever documentation they have. (Previously, many voters were required to show a birth certificate or other underlying documentation to get a voter ID). As long as the state keeps to that pledge and publicizes the new rule, there’s no need to soften the law, the appeals court unanimously concluded.
The Armenian authorities officially confirmed on Monday that they will not implement a recent agreement with the opposition that was supposed to ensure the proper conduct of next year’s parliamentary elections. The Central Election Commission (CEC) attributed the deal’s collapse to logistical problems related to the introduction of a biometric registry of voters meant to prevent multiple voting by government loyalists. The compromise agreement reached with three parliamentary opposition parties in June committed the authorities to installing electronic machines that would check voters’ identity through plastic ID cards containing their fingerprints. The landmark deal, which took the form of amendments to Armenia’s new Electoral Code, also envisaged live online broadcasts of voting and ballot counting from all 2,000 or so polling stations across the country.
Citizenship – and nothing more – guarantees the right to vote, say two disenfranchised Canadian expatriates whose legal struggle to reclaim their votes is headed to the Supreme Court of Canada in a case affecting more than one million non-resident Canadians. Gillian Frank, a Toronto native, and Jamie Duong, a Montreal native, wanted to vote in the 2011 general election but, since both work at U.S. universities, were refused online ballots under a 1993 Canada Elections Act rule that bars citizens from voting if they’ve lived outside Canada for more than five years. The rule was loosely enforced until 2007, when the then-Conservative government said expats’ short-term visits back home no longer reset the five-year clock, as had been the practice.
Gabon’s presidential election “lacked transparency”, the head of the 73-strong EU electoral monitoring team in the country said on Monday, a day before the official results were due out. Speaking to reporters in the capital Libreville, Bulgarian MEP Mariya Gabriel said Saturday’s vote in the oil-rich Central African country, was “managed in a way that lacked transparency.” “The mission condemns the lack of transparency in the electoral bodies which failed to make essential information available to the campaigns, like the electoral roll or a list of polling stations,” she said. The EU observers said that a week before the election only half of voters had received their ballot cards. The remarks came after a bitterly disputed election in which both sides accused the other of electoral fraud. Official results will not be published until Tuesday, and there are fears that the tensions may erupt into a repeat of the violence seen after the disputed 2009 election.
The Indonesian Government is looking at electronic voting for the 2019 presidential and legislative elections. The plan is being discussed by ministries under the Coordinating Minister for Politics, Legal and Security, revealed Soedarmo, director general of politics and general administration. The government is yet to make a final decision, however. Digital voting will help eliminate fraud and will return voting results within minutes, he said, according to the Jakarta Globe. Over 700 cases of election fraud were received by the constitution court during the 2014 elections. Most cases were rejected due to lack of evidence.
Iraq’s official electoral commission on Sunday rejected proposals to allow the Hashd al-Shaabi, an umbrella group of pro-government Shia militias, to register itself as a political party in advance of elections slated for next year. The decision came one day after prominent Shia cleric Muqtada al-Sadr declared that the country’s next government would be a “government of militias” if the Hashd al-Shaabi were allowed to field candidates in provincial council and parliamentary polls slated for 2017 and 2018 respectively. In a Sunday statement, the commission said it had based its decision on the fact that the Hashd al-Shaabi constituted a “military organization with links to the [Iraqi] security agencies”.