Thousands of voting machine vendor employees’ work emails and plaintext passwords appear in freely available third-party data breach dumps reviewed by CSO, raising questions about the security of voting machines and the integrity of past election results. While breached sites, like LinkedIn after the 2012 breach, force users to change their passwords, a significant number of people reuse passwords on other platforms, making third-party data breaches a gold mine for criminals and spies. For many years voting machine vendors have claimed that voting machines were air gapped — not connected to the internet — and were thus unhackable. Kim Zetter debunked that idea in The New York Times in February. An attacker who managed to break into a voting machine vendor employee’s work email, because the employee used the same password as on a breached site, could leverage that to gain access to the voting machines themselves. And if voting machine vendors install remote access software on voting machines, factory backdoors that vendor employees use to remotely access the machines for maintenance, troubleshooting or election setup purposes, this turns voting machine vendor employees into targets. Hack the vendor, hack the voting machine.
The Trump administration has told states exactly how much of a $380 million fund they will get to make their voting systems more cyber-secure ahead of the 2018 midterm elections. The funding, made available through a $1.3 trillion omnibus package passed last week, is one of Congress’s first major steps to prevent a repeat of Russian hackers’ meddling in U.S. elections. The money can be used to upgrade state computer systems and offer cybersecurity training to election officials, among other things. California, Florida, New York and Texas together will get a quarter of the cash, with California leading the pack with about $35 million. A full breakdown of the funding can be found here. The money is a “breakthrough for election security and the health of our country’s democracy,” said Lawrence Norden of the Brennan Center for Justice at NYU Law.
Most states won’t have risk-limiting audits in place by the November midterms, which makes how they spend the $380 million in federal funding for election security, due out within 39 days, that much more important. Congress included the money in the omnibus spending bill, at the Senate Intelligence Committee’s recommendation, to be disbursed to states under the Help America Vote Act and spent on verifiable paper balloting, post-election audits of votes and cyber defenses. The appropriation is a good first step in shoring up voting systems against Russian-connected hacking, according to election security experts, but it doesn’t come close to replacing vulnerable polling place equipment in most at-risk states. “I wouldn’t say it’s a drop in the bucket—a glass of water in the bucket,” Joe Kiniry, Free & Fair CEO and chief scientist, told Route Fifty by phone. “A big corporation spends this much money on cybersecurity in a year.”
National: Higher cyber security services demand around elections, says McAfee boss | Press Association
The chief executive of McAfee believes cyber security firms will see higher demand for election protection as authorities in countries such as the US and UK try to safeguard “integrity” at the ballot box. Chris Young said there was a growing trend of attacks targeting “major events” like the most recent Winter Olympics, with the next big focus likely to be the highly-anticipated US midterm elections in November. “We’re now at a point where you could almost be certain than any notable event will have a corresponding set of cyber attacks with it,” he told the Press Association, adding that “election protection is going to be … bigger.”
National: Trump administration says a citizenship question on the census will help enforce voting rights. Sure. | Los Angeles Times
He went ahead and did it. Of course he did. Bashing California is way too much fun and easy for President Trump. California Democratic leaders shouldn’t be shocked. Politically, they had it coming, proudly emerging as the president’s chief antagonist while revving up their liberal and Latino bases. Not that Trump didn’t deserve it. He has been feeding his political base by assailing California and immigrants in the country illegally since first running for president. But when a state plays hardball with a president — especially a brawler like Trump — it should expect to get hit hard. A president always has a bigger bat.
In addition to peddling fake news and hacking into email systems, Russia apparently tried but failed to interfere with the machinery of 2016 U.S. elections. No votes were changed, as far as we know, but Russian hackers attempted to invade election systems in 21 states and succeeded in penetrating Illinois’ voter registration database. The U.S. intelligence community believes that the Russians — and others — will keep trying to interfere with U.S. elections, not only through the dissemination of disinformation but also with continued attacks on computer systems. Testifying before Congress earlier this year about election security, Director of National Intelligence Dan Coats warned that “the United States is under attack.”
Editorials: The bitter lie behind the census’s citizenship question | Vanita Gupta/The Washington Post
Commerce Secretary Wilbur Ross failed a crucial test of leadership this week. Buckling to President Trump, Attorney General Jeff Sessions and their anti-immigrant agenda, Ross agreed to add a citizenship question to the 2020 Census, sacrificing the integrity, fairness and accuracy of the count. For the good of our democracy, Congress must overturn his decision. Ross testified just last week that he was still considering the Justice Department’s last-minute, “very controversial request” (as he put it) to jam an untested, unnecessary question about citizenship status onto the 2020 questionnaire. That request drew intense opposition from a nonpartisan and ideologically broad group of business leaders, state and local officials, social scientists, and civil and human rights advocates who know how much is at stake with a fair and accurate census.
Election security is the way we protect our elections from interference and allow voters to feel confident that their vote is being counted. Being able to trust election results is a cornerstone of democracy. 2016 was a harsh reminder of what can happen when we don’t have secure election systems- and demonstrates the need for…
The latest legal test over state Republicans’ efforts to enact new identification requirements for voting is pushing up against soon-approaching deadlines for the May 22 elections, prompting Secretary of State Mark Martin’s office to ask the courts to hurry up. The top attorney for the secretary of state’s office, A.J. Kelly, filed a petition with the Arkansas Supreme Court late Thursday that asks justices to force a Pulaski County circuit judge to issue an order on an injunction request by next Friday. That is the deadline for the office to mail ballots to military members and overseas voters. Kelly also issued a letter to the circuit judge, Alice Gray, reminding her of the deadline and asking her to rule before it occurs. Gray responded with a letter to Kelly, imploring patience of Martin and his attorneys.
California: Open-source voting in San Francisco may require match of state, local funds | The San Francisco Examiner
If San Francisco wants an open-source voting system that supporters say would be more reliable and transparent than current proprietary machines, it could cost between $11.5 million and $27.8 million, according to a new consultant’s report. The report comes as supporters of an open-source system, which includes the Elections Commission, are calling on Mayor Mark Farrell to help fund the effort. An open-source voting system means the software used to tabulate the ballots is open to public view. Anyone with computer knowledge can examine the software code and look for vulnerabilities or bugs.
A federal judge Friday cleared Broward Elections Supervisor Brenda Snipes in a lawsuit that accused her office of facilitating voter fraud. U.S. District Judge Beth Bloom concluded that Snipes had a program in place “that makes a reasonable effort to remove the names of ineligible voters from the official lists of eligible voters by reason of death or change of address.”Bloom said the American Civil Rights Union, which filed suit against Snipes because of the potential for voter fraud, had not proven that the Broward elections office violated the National Voting Rights Act.
Louisiana’s elections will be getting a face-lift over the next few years, with plans underway to replace the state’s decade-old bulky voting machines with sleeker, smaller equipment and beefed-up technology. The request seeking proposals from contractors for new voting machines went out this week, with bids due May 1. The solicitation went out as Secretary of State Tom Schedler learned Louisiana is getting a nearly $6 million federal grant to cover a portion of the costs. The state last purchased voting equipment in 2005. This time, Louisiana will be shopping for new equipment as concerns about cybersecurity threats are heightened and hacking worries have consumed election discussions – and as the state is struggling with repeated financial problems.
A Maine Superior Court justice — who said Friday afternoon that “you are asking me to do something courts don’t like to do” — will likely make the next key decision about whether ranked-choice voting will be used in the June primary election. Justice Michaela Murphy heard testimony Friday afternoon from attorneys for the Maine secretary of state and the Committee for Ranked Choice Voting on a matter that has been simmering between November 2016 when a referendum created ranked-choice voting in Maine and Wednesday of this week, when conflicts were discovered in different sections of Maine law. At issue is language in one place that says primary elections should be decided by a plurality — in other words whoever receives the most votes — and another section that says elections should be decided by a majority, as ranked-choice voting is supposed to do.
Maryland: Here’s why cybersecurity experts say Maryland’s ballot delivery system is a target for hackers | The Washington Post
Cybersecurity experts are asking lawmakers to bring Maryland’s ballot access laws — which they say prioritize accessibility to an extent that makes the voting system vulnerable to hacking — in line with other states ahead of November’s elections. Information revealed last month by special counsel Robert S. Mueller III about Russian interference in the political process highlights the need for states to examine the security of voting systems, advocates and computer scientists warn. But legislators say they must balance those concerns with ensuring ballots can be easily obtained by all eligible Marylanders who want to vote. “There is a tension there,” said state Sen. Cheryl C. Kagan (D-Montgomery). “With all the news of election tampering in 2016, it’s critically important that voters have confidence in the security and accuracy of our elections . . . . We are also a fairly progressive state that wants to make it reasonably easy for people to vote.”
The Missouri Senate is considering whether to permanently unplug the state’s touchscreen machines amid concerns that electronic voting machines might be susceptible to hackers. The proposal, which already passed the House in a 108-31 vote, would require voters to use paper ballots exclusively. Machines could still be used to count votes and to assist disabled voters in marking their ballots. But systems that only recorded votes electronically would be phased out. The bill’s sponsor, Republican Rep. Paul Curtman of Washington, said the proposal would help ensure the “highest confidence in the integrity of our election system.” If enacted, the proposal would not be a sea change for the state. Every county in Missouri already uses at least some paper ballots. About two dozen counties also use electronic voting machines that do not require a paper ballot, but those machines still create a paper trail for auditing vote totals.
Pennsylvania: Most Pennsylvania voting machines are old, hackable, and will likely be used to count the 2020 votes | Philadelphia Inquirer
One Pennsylvania county official claims his voting machines are unhackable. Another admits hers are old, but the county can’t afford to buy new ones. A third says he’s waiting for the state to tell him which new voting machines are safest for Pennsylvania voters. At a time of national concern over foreign interference in U.S. elections, 57 percent of the voters in Pennsylvania, including Philadelphia’s, are casting their ballots on machines that are outdated, hackable, and don’t provide a paper record of each vote to safeguard against fraud. After Texas, Pennsylvania has the most registered voters using machines with no paper trail, according to Verified Voting, a nonpartisan group promoting trustworthy voting systems.
A former labor minister and novelist from the governing party was decisively elected president of Costa Rica in a runoff on Sunday, holding off an evangelical Christian singer who had built an upstart campaign in part on his opposition to same-sex marriage. With ballots from most polling stations counted, the former minister, Carlos Alvarado Quesada, won three-fifths of the vote, while his opponent, Fabricio Alvarado Muñoz, received the rest, according to the federal election authorities. The overwhelming victory defied polls in recent weeks that showed the candidates locked in a statistical dead heat or Mr. Alvarado Muñoz with a lead.
The Egyptian president, Abdel Fatah al-Sisi, is expected to declare a landslide victory after an election in which his only challenger was a supporter of his rule. Preliminary results released last Thursday indicated that roughly 40% of the electorate turned out to vote, with 92% choosing Sisi. On Friday, this was revised to 42%, with Sisi securing 96.9% of valid votes, exactly the same as his last electoral victory in 2014. Mousa Mostafa Mousa, the alternative name on the ballot, whose party previously endorsed Sisi, initially came in third place to spoiled ballots, but was later awarded 3.1% of the vote. Friday’s unexplained revision suggested there were no spoiled ballots at all. Official results were due to be released on Monday afternoon.
The election ads were both urgent and familiar: If residents didn’t vote for Hungarian Prime Minister Viktor Orban’s party, Europe would be swamped with migrants. Pushed in billboards and Facebook ads, the campaign fell flat during local elections in this small town in the Hungarian heartland, once fiercely loyal to Mr. Orban, who built barbed-wire fences to keep out migrants at the height of Europe’s 2015 refugee crisis. “I am tired of this topic,” said pensioner Zoltanne Egressy, among the 58% of voters who backed the opposition at the polls in February, delivering a shock defeat to the internationally renowned politician on his home turf. “There is nobody at the border!”
Voting appeared to be peaceful on Saturday in Sierra Leone’s runoff presidential election, which had been delayed by a few days after a court challenge of the first round.Turnout in the West African nation was lower than in the first round on March 7. Security was tight and many streets were quiet for the holiday weekend. The winner of the runoff will be tasked with helping Sierra Leone continue to rebuild after the devastating 2014-2016 Ebola epidemic as well as a deadly mudslide in August that claimed some 1,000 lives in the capital, Freetown. The runoff vote had been set for Tuesday but was delayed after a ruling party member filed a court challenge alleging irregularities in the first round and a temporary injunction was issued, stalling preparations. The high court lifted the injunction early this week and the election commission asked for a few more days to prepare.
The Zimbabwe Electoral Commission could in the long-term introduce closed-circuit television cameras inside polling stations to help reduce post-election disputes. Countries like Russia use that technology, and electronic ballot boxes that count votes on casting to engender greater transparency. The cameras are mounted near polling booths and outside election centres. Zec Chairperson Justice Priscilla Chigumba, who observed Russia’s national polls two weeks ago, said the Commission was exploring the possibility of introducing CCTV after this year’s harmonised elections.
Election officials and voting advocates alike welcome the appropriation of the remaining $380 million authorization from Help America Vote Act (HAVA) to help fund states’ efforts to enhance voting systems security. But, as WIRED wrote “[o]bservers note, though, that the HAVA money has crucial drawbacks and limitations. Both the spending bill and HAVA allow states to use the money for a broad range of election system-related projects, so there’s no guarantee it will go toward critical defense upgrades. And the way HAVA allocates money means not every state will wind up with enough to meet their need. “This is a great first step, but it’s not going to solve the problem,” said Verified Voting President Marian Schneider, “[j]ust the heightened awareness of what is the threat model and what are best practices for dealing with that threat model makes me hopeful and optimistic that those steps will be taken. But I would like to see the vulnerable systems replaced, and the clock is ticking. The farther we get into the year, the less likely it is. That’s just a reality.”
Verified Voting and Brennan Center released a report that consider the extent to which the new appropriations could help states to begin deploying paper ballots, post-election audits, and other essential cybersecurity improvements. The report concluded by urging Congress to complete its work on the Secure Elections Act (SEA), a bipartisan bill that has been gaining momentum in the Senate. The SEA would establish cybersecurity guidelines, facilitate crucial information sharing, provide grants for states to fully replace DREs with paper ballots, and encourage states to implement robust statistical auditing.
In an editorial critical of administration efforts to add a question about citizenship to the 2020 Census questionaire, the New York Times explained that “[a]sking about citizenship would reduce responses from immigrant families, which are already less likely than others to answer government surveys and are terrified by President Trump’s anti-immigrant policies and statements.
U.S. District Judge Mark Walker in Tallahassee ordered Florida Gov. Rick Scott to dismantle Florida’s “fatally flawed” system of arbitrarily restoring voting rights to felons and to replace it by April 26. The court order was part of an injunction issued by Walker in favor of the Fair Elections Legal Network, which successfully sued Florida over the state’s system for restoring voting rights to convicted felons.
Acknowledging resistance from many voting advocates and organizations, including Verified Voting, the Georgia Senate declined to approve a bill that would have begun the process for replacing the state’s Diebold touchscreen voting machines. Language added to the House version of the bill would have allowed the tabulation of software generated barcodes rather than voters’ marks on paper ballots. Meanwhile, a bill was introduced in the Missouri Senate that would phase out the use of direct recording electronic machines in the state.
Wisconsin Gov. Scott Walker has abandoned an appeal of a special elections lawsuit challenging his decision to delay calling special elections in Wisconsin’s 1st Senate District and 42nd Assembly District. The seats — one in the state Senate and one in the Assembly — have been vacant since December, when Walker appointed the Republican incumbents to his administration. State law requires the Governor to call special elections to fill legislative vacancies that occur before May in regular election years, but Walker planned to leave the seats vacant until the November general election.
With his main rivals in jail or forced from the contest, Egypt’s President Abdel Fattah el-Sisi headed for a landslide victory with 92 percent of the vote. The margin was hardly a surprisie in a race where he eliminated all serious opposition months ago. The New Yorker notes that President Trump has embraced Sisi and making no mention of the human rights abuses under his regime. “Under Sisi, the government has arrested at least sixty thousand people, handed down hundreds of preliminary death sentences, and tried thousands of civilians in military courts, according to human-rights groups. Torture, including beatings, electric shocks, stress positions, and sometimes rape, has been systematically employed.”
After the lifting of an interim injunction that had stalled preparations for Sierra Leone’s presidential run-off-election, the country’s Supreme Court has approved the election commission’s request to delay until today. The vote had been set for Tuesday but was delayed after a ruling party member filed a court challenge alleging irregularities in the first round and a temporary injunction was issued, stalling preparations. It was lifted early this week and the election commission asked for a few more days to prepare.