National: Hackers are out to jeopardize your vote | MIT Technology Review

Russian hackers targeted US electoral systems during the 2016 presidential election. Much has been done since then to bolster those systems, but J. Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, says they are still worryingly vulnerable (see “Four big targets in the cyber battle over the US ballot box”). MIT Technology Review’s Martin Giles discussed election security with Halderman, who has testified about it before Congress and evaluated voting systems in the US, Estonia, India, and elsewhere.

Lots of things, from gerrymandering to voter ID disputes, could undermine the integrity of the US electoral process. How big an issue is hacking in comparison?

Things like gerrymandering are a question of political squabbling within the rules of the game for American democracy. When it comes to election hacking, we’re talking about attacks on the United States by hostile foreign governments. That’s not playing by the rules of American politics; that’s an attempt to subvert the foundations of our democracy.

National: DHS works to strengthen election security on heels of bipartisan legislation | BiometricUpdate

What one congressional observer called, “a day late and a dollar short,” the bipartisan Prevent Election Hacking Act of 2018 (HR 6188) was recently introduced and referred to the House Committee on House Administration. If passed, it would “direct the Secretary of [the Department of] Homeland Security [DHS] to establish a program to improve election system cybersecurity by facilitating and encouraging assessments by independent technical experts to identify and report election cybersecurity vulnerabilities, and for other purposes.” An industry cybersecurity official said on background to Biometric Update that, “HR 6188’s potentially ground breaking — sorry, overstated deliberately — concept of outsourcing cybersecurity execution to the private sector is something worth looking into.”

National: Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms | Dark Reading

Two 11-year-old budding hackers last week at DEF CON in Las Vegas used SQL injection attack code to break into a replica of the Florida Secretary of State’s website within 15 minutes, altering vote count reports on the site. Meanwhile, further down the hall in the adult Voting Machine Hacking Village at Caesars Palace, one unidentified hacker spent four hours trying to break into a replica database that housed the real, publicly available state of Ohio voter registration roll. He got as far as the secured server — penetrating two layers of firewalls with a Khali Linux pen testing tool — but in the end was unable to grab the data from the database, which included names and birthdates of registered voters. “He got to the secure file server but didn’t know how to write the query to pull the data out,” says Alon Nachmany, solution engineer with Cyberbit, which ran the voter registration database simulation. That he got as close to the data as he did was no small feat, however. “He got very far, but he didn’t have the skill needed to pull the file itself,” Nachmany says.

California: Legislature approves new Office of Elections Cybersecurity to repel attacks and combat disinformation | StateScoop

California is poised to officially create an Office of Elections Cybersecurity, a new bureau dedicated to combating cyberattacks directed at the state’s voting systems and correcting disinformation directed at voters. The new agency, which will be housed under the secretary of state’s office, was approved this week by both houses of the state legislature. The Office of Elections Cybersecurity will be responsible for disseminating information on cyberthreats against voting systems to county- and city-level elections officials. It is also designed to be a point of contact for federal officials to coordinate responses and to oversee cybersecurity training for local boards of elections, which are often less equipped than larger government agencies to fend off threats from foreign intelligence agencies. Federal officials have said that Russian hackers attempted to penetrate voter registration systems in at least 21 states — including California — during the 2016 presidential race, and have said this year that Kremlin-backed actors continue to target U.S. election infrastructure.

California: Voting Machines Aren’t the Only Vectors for Attack, California Election Officials Say | Government Technology

California election officials are guarding their voting machines and registration lists against Russian hackers — although no one has spotted any. “I operate under the assumption that hacking is actually happening and California is a target,” Secretary of State Alex Padilla says. “This year, there’s a big focus on several congressional races that could determine the House majority. The stakes in California have national implications.” But would the Russians actually try to change election outcomes? “I have no doubt that if they could, they would,” says Padilla, a Democrat who’s heavily favored to win reelection in November. Hacking into California’s voting system and altering votes, however, is considered by most experts to be practically impossible. That’s because voting machines aren’t hooked up to the internet. State law forbids it. A hacker might attack one machine but couldn’t reach into the entire vote-collecting system.

Delaware: Voting machine bid data is released to public | Delaware First Media

Common Cause Delaware has posted a link to bid data the First State received to replace its current voting machines. Six vendors, Electec Election Services, Dominion Knowlink, Election Systems & Software, Everyone Counts, Hart InterCivic and Tenex Software Solutions submitted bids. Jennifer Hill of Common Cause says some of these companies have had problems in other states. She said a city in Kansas using an ES&S system faced issues during a primary last week. “There were election night reporting delays that they could not explain,” she said. “So, you know those are the things that we hope will be looked at before our you know our state invests $8 or $10 or $13 million in a voting system.”

Georgia: Voter records exposure raises election security concerns | SC Magazine

Despite Georgia Secretary of State Brian Kemp’s contentions that reports questioning the security of the state’s election systems are fake news, a breach discovered in 2016 exposed the records of more than six million George voters, according to a lawsuit. “The data was open to anyone in the world who had an internet connection,” said Marilyn Marks, executive director of the Coalition for Good Governance, one of the plaintiffs in the suit cited by CNN. “Even when confronted with a security disaster, she noted, Kemp, who’s currently running at a GOP gubernatorial candidate, blamed “managers under his supervision for their incompetence and [left] the security disaster without so much as a forensic review of the impacts of the security failures.”

Georgia: Concerns over Georgia’s election security grow | WGCL

Concerns over Georgia’s election security are growing as November’s election draws closer. To advocate for you, we asked for a sit-down with the man running Fulton County’s elections. CBS46 obtained new details about the extent of suspected Russian probing of some of Fulton County’s website, and what going to paper ballots might really entail. Robert Mueller’s indictment of a dozen Russians fueled the fire. “I think the Russians were mostly focused on public opinion through social media,” said Richard Barron, the Fulton County director of registration and elections. Still, court documents reveal several Russian operatives checked out websites for Georgia and, specifically, Fulton and Cobb counties. Since we’re advocating for transparency, we wanted to find out what that really means.

Iowa: Secretary of State Pate says hackers cannot alter votes on paper ballots | Radio Iowa

Secretary of State Paul Pate — the commisioner of Iowa elections — said Tuesday there is no way for hackers to alter votes in Iowa because every one of the state’s voters cast a paper ballot. “In Iowa, we don’t vote on the internet…so you can’t be voting from Moscow, Russia. You can’t. The only ones that I would let vote from Moscow are the folks from Moscow, Iowa,” Pate said. “That’s it.” Pate spoke yesterday on The Des Moines Register’s Soapbox at the Iowa State Fair. Pate warned the crowd “bad actors” on social media platforms like Twitter and Facebook may try to sow doubt about election results.

Michigan: Officials seek stay of injunction that allows straight-ticket voting | MLive

Michigan Secretary of State Ruth Johnson is asking a federal judge to reconsider his decision to allow straight-ticket voting on the November 2018 ballot, according to an emergency court motion filed Tuesday. The motion asks U.S. District Judge Gershwin Drain to issue an immediate stay  pending appeal of Drain’s Aug. 9 injunction on a 2016 Michigan law that removes the straight-party voting option. The motion asks for a decision by Friday, Aug. 17, citing the need to set the November ballot. The motion, which was filed by Attorney General Bill Schuette, argues that the state is likely to prevail on appeal and voters will not be harmed if the straight-ticket option is not available.

North Carolina: Judges skeptical of challenges to proposed amendments | WRAL

A panel of three Superior Court judges on Wednesday ordered state elections officials to hold off printing ballots for the November election until the courts could weigh in on challenges brought by Gov. Roy Cooper to two proposed constitutional amendments. Cooper charges that amendments giving lawmakers the power to fill vacant judgeships between elections and appoint people to dozens of state boards and commissions are worded so poorly on the ballot that they will mislead voters as to their impact. “A ballot question that does not fairly and accurately present [what it does] amounts to a deceit on the people of North Carolina, and it corrodes and, I suggest, it corrupts their right to amend their constitution,” said John Wester, an attorney for Cooper. “This cannot become the law of our state.” The two proposals use “feel-good phrasing” to encourage voters to approve them, Wester said, when state law requires that amendment language be fair and non-discriminatory.

Utah: A county clerk’s deceptive attempt to keep Grayeyes out of the San Juan commission race should lead to criminal charges | The Salt Lake Tribune

Sure, we’ve seen malfeasance in Utah politics — sex scandals, run-of-the-mill corruption, pay-to-play. But I can’t recall ever seeing a public servant conspiring so ruthlessly to deny a Utahn a fundamental constitutional right as we just saw in San Juan County. I’m referring to San Juan County Clerk John David Nielson, who helped falsify and backdate an election complaint and used it to disqualify Democrat Willie Grayeyes from the County Commission race, asserting Grayeyes was ineligible to run because he didn’t live in the county. On Tuesday, U.S. District Judge David Nuffer righted the wrong, ordering Grayeyes’ name be put back on the ballot, basing his decision, in part, on the clerk’s deceit.

Afghanistan: Protesters Shutter Kabul’s Election Commission | Al Bawaba

The election commission in Afghanistan on Monday warned the government of further delays in the long-due parliamentary elections as protesters shut down its office in the capital Kabul. Angry loyalists to a number of politicians barred by the commission from taking part in the polls on various charges have taken to the streets in different cities. In Kabul, protesters shut down the headquarters of Independent Election Commission (IEC) on Monday against the move, sparking fears about further delay in parliamentary elections that are due for years. Abdul Badi Sayad, the head of the election commission, urged the government to provide effective security to the electoral commission office otherwise IEC would not take responsibility for the delay.

Maldives: Human Rights Watch: Change needed for free election in Maldives | Associated Press

An international human rights group said Thursday that the Maldives government is intimidating the political opposition and the media and that threatens the prospects for a fair presidential election next month. New-York-based Human Rights Watch said in a report that the government of the Indian Ocean archipelago state also has interfered with the judiciary and the elections commission. “Immediate steps are needed to restore political freedoms and democratic rule to ensure free and fair elections in September,” said Brad Adams, the group’s Asia director. The election is September 23.An international human rights group said Thursday that the Maldives government is intimidating the political opposition and the media and that threatens the prospects for a fair presidential election next month. New-York-based Human Rights Watch said in a report that the government of the Indian Ocean archipelago state also has interfered with the judiciary and the elections commission. “Immediate steps are needed to restore political freedoms and democratic rule to ensure free and fair elections in September,” said Brad Adams, the group’s Asia director. The election is September 23.

Mali: President Gets 2nd Term With Victory in Runoff Vote | The New York Times

President Ibrahim Boubacar Keïta of Mali claimed an overwhelming victory on Thursday in a runoff vote after a controversial first round of voting last month that was marred by insecurity and allegations of electoral fraud. Mr. Keïta will serve a second term after being declared the winner of the second round, which was held this past weekend. He received 67 percent of the vote; his chief rival, Soumaïla Cissé, took 33 percent. Mali has struggled with security issues, and the violence carried out by Islamist extremists for years spilled over into polling places during the election. In Arkodia, a village in the northern region of Timbuktu, a local election official was shot to death by extremists during the voting, local officials said. In all, security concerns kept nearly 500 voting sites from opening, mostly in the north and center of the country where extremist groups operate, government officials said.

Pakistan: Internet Voting Task Force: Foreign spy agencies may disrupt internet voting | The Nation

The Internet Voting Task Force (IVTF) on Overseas Pakistanis’ Voting Rights has said that internet voting was likely to be attacked by foreign governments and intelligence agencies. In a report, the IVTF said the applications such as internet banking and e-commerce were typically targeted by insiders, hackers or in organised gangs, whereas an internet voting system used in binding political election results was far more likely to be attacked by foreign governments and intelligence agencies. It stated that foreign government agencies posed an entirely different class of threat as compared to standard hackers adding these organizations typically had unsurpassed resources and capabilities at their disposal. “We have the example of Skynet, a US NSA operation, specifically deployed in Pakistan.

National: Researchers show how to alter emailed ballots in use in 30 states | McClatchy

Top computer researchers gave a startling presentation recently about how to intercept and switch votes on emailed ballots, but officials in the 30 or so states said the ease with which votes could be changed wouldn’t alter their plans to continue offering electronic voting in some fashion. Two states — Washington and Alaska — have ended their statewide online voting systems. The developments, amid mounting fears that Russians or others will try to hack the 2018 midterm elections, could heighten pressure on officials on other U.S. states to reconsider their commitment to online voting despite repeated admonitions from cybersecurity experts. But a McClatchy survey of election officials in a number of states that permit military and overseas voters to send in ballots by email or fax — including Alabama, Kansas, Missouri, North Carolina, South Carolina and Texas — produced no immediate signs that any will budge on the issue. Some chief election officers are handcuffed from making changes, even in the name of security, by state laws permitting email and fax voting. … Researchers at the DefCon convention were sharply critical of any sort of electronic voting, including voting by smartphone, which will occur for the first time in November. West Virginia announced last week that it will allow military personnel posted overseas and registered to vote in West Virginia to vote via smartphone in the Nov. 6 election, using an app created by Voatz, a Boston-based startup.

National: Research shows gap in House, Senate candidates’ website security | CyberScoop

Nearly 30 percent of House of Representatives candidates have significant security issues in their websites compared to less than 5 percent of Senate candidates, according to new research. The disparity underscores the challenge that smaller, resource-strapped campaigns have in making themselves less vulnerable to hacking. About 3 in 10 House candidate websites scanned by election-security expert Joshua Franklin and his research team were not using important security protocols for routing data or had a major certificate issue. The scans, most of which took place in June, covered the websites of more than 500 House candidates and nearly 100 Senate candidates. “The House has significantly more candidates running and that provides more opportunities for security errors,” Franklin told CyberScoop. He presented his findings at the DEF CON conference in Las Vegas. The major political parties’ Senate candidates also tend to be more experienced on the campaign trail and have bigger staffs for those statewide races.

National: US voting systems: Full of holes, loaded with pop music, and ‘hacked’ by an 11-year-old | The Register

DEF CON Hackers of all ages have been investigating America’s voting machine tech, and the results weren’t great. For instance, one 11-year-old apparently managed to hack and alter a simulated Secretary of State election results webpage in 10 minutes. The Vote Hacking Village, one of the most packed-out locations at this year’s DEF CON hacking conference in Las Vegas, saw many of the most commonly used US voting machines hijacked using a variety of wireless and wired attacks – and replica election websites so poorly constructed they were thought too boring for adults to probe, and left to youngsters to infiltrate. The first day saw 39 kids, ranging in age from six to 17, try to crack into facsimiles of government election results websites, developed by former White House technology advisor Brian Markus. The sites had deliberate security holes for the youngsters to exploit – SQL injection flaws, and similar classic coding cockups. All but four of the children managed to leverage the planted vulnerabilities within the allotted three-hour contest. Thus, it really is child’s play to commandeer a website that doesn’t follow basic secure programming practices nor keep up to date with patches – something that ought to focus the minds of people maintaining election information websites. 

National: Hacking competitions help the military; they could secure elections too | Washington Examiner

Public-facing websites and services used by the Marine Corps were targeted by hackers over the weekend – but that was part of the plan. To help identify vulnerabilities In the Marine Corps Enterprise Network, the Department of Defense and HackerOne, a service that runs crowd-sourced security testing, launched Hack the Marine Corps, a “bug bounty program” that pays hackers to identify and report vulnerabilities. As the United States faces increasing cybersecurity threats, programs such as Hack the Marine Corps are a great way to identify and fix potential problems before they really do become damaging security breaches. Hack the Marine Corps has already been successful. The program kicked off with a live event in Las Vegas with nearly 100 ethical hackers who, during the nine-hour event, identified 75 unique security vulnerabilities. True to the idea of “bug bounty,” the Marine Corps shelled out more than $80,000 to those who had identified problems.

National: For Former Felons, Voting Rights Could Be a Click Away | Roll Call

Millions of new voters could register across the country, starting Tuesday, with the launch of an online tool meant to help former felons restore their right to vote. The Campaign Legal Center’s website, restoreyourvote.org, attempts to guide users through a sometimes confusing jumble of state laws to determine whether past convictions or unpaid fines would keep them from the ballot box. It is the latest salvo in a growing movement to politically empower formerly incarcerated people, a group that is disproportionately African-American. It is unclear how much of an effect such efforts will have on elections because they are more likely to infuse urban areas that already lean left with more Democratic voters. But organizers have framed the issue as a question of civil rights. 

National: Fears of Voting Machine Hacking Erupts as an Issue in US Election | Coda Story

The potential for Russian hacking of election systems in the 2018 midterm elections has emerged as an urgent and destabilizing issue in the run-up to the U.S. elections. State and local election officials are accused of mismanagement and a lack of focus on the dangers of election systems hacking. Five U.S. states rely on outdated electronic voting systems with no paper trail, according to The Guardian, which also reported that eight more states will be using antiquated systems vulnerable to Russian cyberattack over at least part of their territory in the upcoming November elections.

Georgia: Group files lawsuit to force Georgia to adopt paper ballots | The Hill

A coalition in Georgia is filing a lawsuit to force the state to adopt paper ballots in the upcoming midterm elections, a move it claims will improve election security. The Coalition for Good Governance is alleging in a federal lawsuit that Republican gubernatorial candidate Brian Kemp, Georgia’s current secretary of state, failed to adequately safeguard the state’s voting system from a breach that allegedly left 6 million Georgia voters’ records exposed, CNN reported. The group is claiming Georgia is one of the only states left that does not use a paper ballot, which makes it harder to verify election results. 

Georgia: 6 million Georgia voters’ records exposed: ‘Could have easily been compromised’ | CNN

Georgia’s shotgun-toting, Trump-style Republican candidate for governor Brian Kemp has sought to assure voters that his state’s election system is secure and that any allegations to the contrary are “fake news.” But Kemp, who is also the secretary of state in charge of Georgia’s elections, is now being accused in a federal lawsuit of failing to secure his state’s voting system and allowing a massive breach that exposed voter records and other sensitive election information. The allegations in the lawsuit come as the subject of election security has come into focus nationally, particularly as the November’s midterm elections approach. The suit describes how a private researcher discovered the records of more than 6 million registered Georgia voters, password files and encryption keys could be accessed online by anyone looking. Days after the lawsuit was filed, technicians erased the hard drives of the server in question.

Michigan: Despite explanation for election night glitches, calls persist for Wayne County primary audit | Michigan Radio

The Wayne County Board of Canvassers heard what went wrong with the county’s election results website last Tuesday, as questions and concerns linger about problems with the Aug. 7 primary election. The Grand Rapids-based company ElectionSource runs the site that reports Wayne County’s election results. As vote totals started coming in last Tuesday, the site initially reported the results of some races wrong before shutting the site down altogether for a few hours. ElectionSource CEO Ryan DeLongchamp told the board that was the result of an “internal error” caused by larger-than-expected data files from the county.

New Hampshire: Federal court bars New Hampshire from disenfranchising voters because of their handwriting | Slate

A federal court blocked New Hampshire’s “signature mismatch” law on Tuesday, prohibiting the state from rejecting ballots on the basis of inconsistent handwriting. The court found that election officials had violated voters’ constitutional rights by tossing out their ballots due to perceived discrepancies between signatures. In 2016 alone, officials disenfranchised 275 voters for alleged signature mismatches, a disproportionate number of whom were disabled.

Cambodia: How Cambodia’s prime minister rigged an election | The Conversation

Hun Sen and the Cambodian People’s Party (CPP) won a recent landslide victory in the Southeast Asian country. After outlawing the main opposition party that challenged the ruling CPP, Hun Sen secured more than 80 per cent of the popular vote and well over 100 of the 125 contested seats in the National Assembly. Despite calls to boycott the election, voter turnout was around 82 per cent, or about 6.88 million people. The response from the international community has been split. Australia, Canada, the European Union and the United States have expressed “profound disappointment” with the lack of opposition participation. Regional countries and populist European leaders, on the other hand, have endorsed the result.

Mali: President claims election victory amid fraud accusations | Reuters

Malian President Ibrahim Boubacar Keita has won re-election “comfortably” based on his campaign’s vote count, his spokesman said on Tuesday, dismissing claims from the opposition that they won. With official results not expected for a few days, the two sides have been swapping counterclaims and accusations since Monday’s second-round run-off. The ballot pitted Keita, who is seeking a second term to rule the West African gold- and cotton-producing country, against opposition leader Soumaila Cisse, who said on Monday that the vote was fraudulent and that he was victor. 

Pakistan: Election Commission’s task force highlights flaws in proposed e-voting mechanism for overseas Pakistanis | Dawn

A task force set up by the Election Commission of Pakistan on the directives of the Supreme Court (SC), to test the viability of implementing an online voting mechanism for overseas citizens, has recommended against implementing the e-voting system, DawnNews TV reported. The Internet Voting Task Force (IVTF) was formed by the Election Commission of Pakistan (ECP) in April on the SC’s orders, to conduct a technical audit of the Internet voting solution process that was proposed by National Database and Registration Authority (Nadra). In a report submitted before the top court on Tuesday, the IVTF said that while overseas Pakistanis have the right to vote in the elections, the e-voting platform that Nadra had proposed to use for the purpose, iVote, has drawbacks that pose risks to the conduct of transparent voting.