Top computer researchers gave a startling presentation recently about how to intercept and switch votes on emailed ballots, but officials in the 30 or so states said the ease with which votes could be changed wouldn’t alter their plans to continue offering electronic voting in some fashion. Two states — Washington and Alaska — have ended their statewide online voting systems. The developments, amid mounting fears that Russians or others will try to hack the 2018 midterm elections, could heighten pressure on officials on other U.S. states to reconsider their commitment to online voting despite repeated admonitions from cybersecurity experts. But a McClatchy survey of election officials in a number of states that permit military and overseas voters to send in ballots by email or fax — including Alabama, Kansas, Missouri, North Carolina, South Carolina and Texas — produced no immediate signs that any will budge on the issue. Some chief election officers are handcuffed from making changes, even in the name of security, by state laws permitting email and fax voting. … Researchers at the DefCon convention were sharply critical of any sort of electronic voting, including voting by smartphone, which will occur for the first time in November. West Virginia announced last week that it will allow military personnel posted overseas and registered to vote in West Virginia to vote via smartphone in the Nov. 6 election, using an app created by Voatz, a Boston-based startup.
Nearly 30 percent of House of Representatives candidates have significant security issues in their websites compared to less than 5 percent of Senate candidates, according to new research. The disparity underscores the challenge that smaller, resource-strapped campaigns have in making themselves less vulnerable to hacking. About 3 in 10 House candidate websites scanned by election-security expert Joshua Franklin and his research team were not using important security protocols for routing data or had a major certificate issue. The scans, most of which took place in June, covered the websites of more than 500 House candidates and nearly 100 Senate candidates. “The House has significantly more candidates running and that provides more opportunities for security errors,” Franklin told CyberScoop. He presented his findings at the DEF CON conference in Las Vegas. The major political parties’ Senate candidates also tend to be more experienced on the campaign trail and have bigger staffs for those statewide races.
National: US voting systems: Full of holes, loaded with pop music, and ‘hacked’ by an 11-year-old | The Register
DEF CON Hackers of all ages have been investigating America’s voting machine tech, and the results weren’t great. For instance, one 11-year-old apparently managed to hack and alter a simulated Secretary of State election results webpage in 10 minutes. The Vote Hacking Village, one of the most packed-out locations at this year’s DEF CON hacking conference in Las Vegas, saw many of the most commonly used US voting machines hijacked using a variety of wireless and wired attacks – and replica election websites so poorly constructed they were thought too boring for adults to probe, and left to youngsters to infiltrate. The first day saw 39 kids, ranging in age from six to 17, try to crack into facsimiles of government election results websites, developed by former White House technology advisor Brian Markus. The sites had deliberate security holes for the youngsters to exploit – SQL injection flaws, and similar classic coding cockups. All but four of the children managed to leverage the planted vulnerabilities within the allotted three-hour contest. Thus, it really is child’s play to commandeer a website that doesn’t follow basic secure programming practices nor keep up to date with patches – something that ought to focus the minds of people maintaining election information websites.
National: Hacking competitions help the military; they could secure elections too | Washington Examiner
Public-facing websites and services used by the Marine Corps were targeted by hackers over the weekend – but that was part of the plan. To help identify vulnerabilities In the Marine Corps Enterprise Network, the Department of Defense and HackerOne, a service that runs crowd-sourced security testing, launched Hack the Marine Corps, a “bug bounty program” that pays hackers to identify and report vulnerabilities. As the United States faces increasing cybersecurity threats, programs such as Hack the Marine Corps are a great way to identify and fix potential problems before they really do become damaging security breaches. Hack the Marine Corps has already been successful. The program kicked off with a live event in Las Vegas with nearly 100 ethical hackers who, during the nine-hour event, identified 75 unique security vulnerabilities. True to the idea of “bug bounty,” the Marine Corps shelled out more than $80,000 to those who had identified problems.
Millions of new voters could register across the country, starting Tuesday, with the launch of an online tool meant to help former felons restore their right to vote. The Campaign Legal Center’s website, restoreyourvote.org, attempts to guide users through a sometimes confusing jumble of state laws to determine whether past convictions or unpaid fines would keep them from the ballot box. It is the latest salvo in a growing movement to politically empower formerly incarcerated people, a group that is disproportionately African-American. It is unclear how much of an effect such efforts will have on elections because they are more likely to infuse urban areas that already lean left with more Democratic voters. But organizers have framed the issue as a question of civil rights.
The potential for Russian hacking of election systems in the 2018 midterm elections has emerged as an urgent and destabilizing issue in the run-up to the U.S. elections. State and local election officials are accused of mismanagement and a lack of focus on the dangers of election systems hacking. Five U.S. states rely on outdated electronic voting systems with no paper trail, according to The Guardian, which also reported that eight more states will be using antiquated systems vulnerable to Russian cyberattack over at least part of their territory in the upcoming November elections.
A coalition in Georgia is filing a lawsuit to force the state to adopt paper ballots in the upcoming midterm elections, a move it claims will improve election security. The Coalition for Good Governance is alleging in a federal lawsuit that Republican gubernatorial candidate Brian Kemp, Georgia’s current secretary of state, failed to adequately safeguard the state’s voting system from a breach that allegedly left 6 million Georgia voters’ records exposed, CNN reported. The group is claiming Georgia is one of the only states left that does not use a paper ballot, which makes it harder to verify election results.
Georgia’s shotgun-toting, Trump-style Republican candidate for governor Brian Kemp has sought to assure voters that his state’s election system is secure and that any allegations to the contrary are “fake news.” But Kemp, who is also the secretary of state in charge of Georgia’s elections, is now being accused in a federal lawsuit of failing to secure his state’s voting system and allowing a massive breach that exposed voter records and other sensitive election information. The allegations in the lawsuit come as the subject of election security has come into focus nationally, particularly as the November’s midterm elections approach. The suit describes how a private researcher discovered the records of more than 6 million registered Georgia voters, password files and encryption keys could be accessed online by anyone looking. Days after the lawsuit was filed, technicians erased the hard drives of the server in question.
Editorials: Kris Kobach ruined the 2018 Kansas GOP primary just like he ruins everything else | Mark Joseph Stern/Slate
It has never been clear whether Kris Kobach understands what his job is. As Kansas’ secretary of state, a position he’s held for nearly eight years, Kobach’s main responsibility is to serve as the state’s chief elections officer. But instead of ensuring that Kansas’ elections run smoothly, Kobach has used his office to foment nativist…
Michigan: Despite explanation for election night glitches, calls persist for Wayne County primary audit | Michigan Radio
The Wayne County Board of Canvassers heard what went wrong with the county’s election results website last Tuesday, as questions and concerns linger about problems with the Aug. 7 primary election. The Grand Rapids-based company ElectionSource runs the site that reports Wayne County’s election results. As vote totals started coming in last Tuesday, the site initially reported the results of some races wrong before shutting the site down altogether for a few hours. ElectionSource CEO Ryan DeLongchamp told the board that was the result of an “internal error” caused by larger-than-expected data files from the county.
New Hampshire: Federal court bars New Hampshire from disenfranchising voters because of their handwriting | Slate
A federal court blocked New Hampshire’s “signature mismatch” law on Tuesday, prohibiting the state from rejecting ballots on the basis of inconsistent handwriting. The court found that election officials had violated voters’ constitutional rights by tossing out their ballots due to perceived discrepancies between signatures. In 2016 alone, officials disenfranchised 275 voters for alleged signature mismatches, a disproportionate number of whom were disabled.
Hun Sen and the Cambodian People’s Party (CPP) won a recent landslide victory in the Southeast Asian country. After outlawing the main opposition party that challenged the ruling CPP, Hun Sen secured more than 80 per cent of the popular vote and well over 100 of the 125 contested seats in the National Assembly. Despite calls to boycott the election, voter turnout was around 82 per cent, or about 6.88 million people. The response from the international community has been split. Australia, Canada, the European Union and the United States have expressed “profound disappointment” with the lack of opposition participation. Regional countries and populist European leaders, on the other hand, have endorsed the result.
Malian President Ibrahim Boubacar Keita has won re-election “comfortably” based on his campaign’s vote count, his spokesman said on Tuesday, dismissing claims from the opposition that they won. With official results not expected for a few days, the two sides have been swapping counterclaims and accusations since Monday’s second-round run-off. The ballot pitted Keita, who is seeking a second term to rule the West African gold- and cotton-producing country, against opposition leader Soumaila Cisse, who said on Monday that the vote was fraudulent and that he was victor.
Pakistan: Election Commission’s task force highlights flaws in proposed e-voting mechanism for overseas Pakistanis | Dawn
A task force set up by the Election Commission of Pakistan on the directives of the Supreme Court (SC), to test the viability of implementing an online voting mechanism for overseas citizens, has recommended against implementing the e-voting system, DawnNews TV reported. The Internet Voting Task Force (IVTF) was formed by the Election Commission of Pakistan (ECP) in April on the SC’s orders, to conduct a technical audit of the Internet voting solution process that was proposed by National Database and Registration Authority (Nadra). In a report submitted before the top court on Tuesday, the IVTF said that while overseas Pakistanis have the right to vote in the elections, the e-voting platform that Nadra had proposed to use for the purpose, iVote, has drawbacks that pose risks to the conduct of transparent voting.
Zimbabwean President Emmerson Mnangagwa has filed submissions in the land’s highest court opposing a court challenge to his victory by main opposition leader Nelson Chamisa, one of his lawyers said on Wednesday. The first election since Robert Mugabe was forced to resign after a coup in November had been expected to end Zimbabwe’s pariah status and launch an economic recovery but post-election unrest has brought back uncomfortable reminders of its violent past. Mnangagwa has urged Zimbabwe to unite behind him but questions remain over the death of six people in an army crackdown on protests against the ruling party’s victory.