National: How Vulnerable Are Electronic Voting Machines? | WBUR

A federal judge ruled this week that Georgia does not have to replace its electronic voting machines with machines that create paper records before the election in November. In her ruling, though, the judge noted she’s “gravely concerned” about Georgia’s slow pace in addressing electronic voting vulnerabilities. Here & Now’s Jeremy Hobson talks with Marian Schneider, president of Verified Voting, a nonpartisan nonprofit that advocates for accurate and verifiable elections, about those vulnerabilities and how secure electronic voting machines are.

On her opinion of the judge’s ruling in Georgia: “I do think that it’s a significant decision, but I think that the judge was concerned about the amount of time before the election, that there wasn’t enough time to smoothly implement paper ballots. “There’s only seven weeks between now and the election, and the early voting would start soon, too. So I think that was a greater concern for the court, but I think the judge made a lot of very significant findings about the vulnerabilities that are present in paperless computer systems that count our votes.”

National: The Plot to Subvert an Election: Unraveling the Russia Story So Far | The New York Times

On an October afternoon before the 2016 election, a huge banner was unfurled from the Manhattan Bridge in New York City: Vladimir V. Putin against a Russian-flag background, and the unlikely word “Peacemaker” below. It was a daredevil happy birthday to the Russian president, who was turning 64. In November, shortly after Donald J. Trump eked out a victory that Moscow had worked to assist, an even bigger banner appeared, this time on the Arlington Memorial Bridge in Washington: the face of President Barack Obama and “Goodbye Murderer” in big red letters. Police never identified who had hung the banners, but there were clues. The earliest promoters of the images on Twitter were American-sounding accounts, including @LeroyLovesUSA, later exposed as Russian fakes operated from St. Petersburg to influence American voters. The Kremlin, it appeared, had reached onto United States soil in New York and Washington. The banners may well have been intended as visual victory laps for the most effective foreign interference in an American election in history.

National: State Elections Agencies Focus on Voting Security Ahead of Midterms | StateTech

During the last election, Russian cyberattackers looking for vulnerabilities scanned 21 state election systems, including those in Illinois, over the 2016 campaigns. While the Department of Homeland Security says the scanning activity did not necessarily breach systems, some individual states have reported compromised data. This year, for instance, the Illinois State Board of Elections reported a 2016 breach of its voter registration system, detailing a SQL injection attack of unknown origin that exposed records in the state’s voter registration database. Since the attack, the Illinois board has worked with state IT experts as well as DHS cybersecurity professionals to keep the database of 18 million records and the servers on which it resides safe from attackers, says Matt Emmons, the agency’s IT director. And there are plenty of hackers out there.

National: DOD’s new cyber strategy stresses election security | FCW

The Defense Department’s newly released cyber strategy draws attention to election meddling, infrastructure protection and greater reliance on commercial technology to get ahead of the curve. A summary of the DOD’s cyber strategy released Sept. 18 boasted an assertive stance on election meddling and attribution, calling out cyber “challenges to [U.S.] democratic processes” as a means for Russia, China, North Korea and Iran to inflict damage without engaging in armed conflict. However, the Pentagon remained firm in its infrastructure protection role. DOD will partner with the private sector and other agencies on improved information sharing “to reduce the risk that malicious cyber activity targeting U.S. critical infrastructure could have catastrophic or cascading consequences,”  the document indicated.

National: Cleanup time for tech firms as midterm elections approach | AlphaStreet

Investigations carried out by federal agencies showed that hackers exploited seemingly minor flaws in the electronic voting system to manipulate the vote tally in the last presidential election. The findings might not surprise Americans as much as it would have done a few years ago, because now we know a bigger threat is hanging over the election process. Skeletons of the illegal online campaign launched by Russian agencies a couple of years ago to rig the presidential election are still tumbling out of the closets of technology companies like Facebook (FB) and Google (GOOG). With the midterm polls around the corner, the security agencies are busy plugging all the loopholes in the system to ensure a free and fair election. That the attackers managed to hack important government websites and breached huge volumes of voter data show the severity of the campaign, and that justifies the extra alert this time. Reports show that hackers, with possible Russia connections, are already doing the groundwork to interfere in the November election.

National: Could white hat hackers boost security of voting machines? | Fifth Domain

Government officials and cybersecurity experts are arguing that companies need to embrace vulnerability disclosure programs to guard against hacking amid pushback from the largest voting machine company in the United States, which has portrayed efforts to test their systems as a tactic of foreign spy-craft. Vulnerability disclosure programs that invite hackers to test computer systems are a show of strength, participants in a Sept. 18 event at the Atlantic Council argued. “Not having a vulnerability disclosure program amounts to cybersecurity negligence,” said Marten Mickos, the head of Hacker One. It’s a myth that companies can test their systems on their own, said Chris Nims, chief information security officer at Oath, a cybersecurity company. Even large companies who perform penetration testing on their own products cannot catch all vulnerabilities, he argued. “The reality is that is simply not true.”

National: Wyden: Senators need protection from ongoing Russian hacking campaign | Politico

Russian hackers behind the 2016 Democratic National Committee hack appear to be targeting the personal email of senators and their staffers, according to Sen. Ron Wyden. In a letter today to Senate leaders, the Oregon Democrat urged support for legislation that would allow the Sergeant at Arms to protect those email systems. The letter from Wyden follows reports in January that the Russian hacking group Fancy Bear — which the U.S. intelligence community identified as one group that penetrated the DNC in the lead-up to the 2016 election — was going after Senate offices.

Arizona: Judge won’t order immediate address updates of Arizona’s voter registration list | Arizona Daily Star

A federal judge has refused to order Secretary of State Michele Reagan to immediately update voter registration addresses of 384,000 Arizonans who moved since the last election. But the ruling leaves the door open to further court action to ensure that Reagan — or whoever succeeds her — finally brings the state into compliance with federal voting laws. Judge James Teilborg acknowledged Wednesday the system operated by the Motor Vehicle Division for address changes for driver’s licenses requires people to affirmatively “opt-in” to also having their voter information updated. And the judge did not dispute the National Voter Registration Act requires these forms to make registration changes automatic unless people opt out.

Florida: State rejects tens of thousands of mail ballots | Miami Herald

A study of Florida’s past two presidential elections finds that mail ballots were 10 times more likely to be rejected than votes cast at early voting sites or on election day. The study also found that mail ballots cast by youngest voters, blacks and Hispanics were much more likely to be rejected than mail ballots cast by white voters, and that those voters are less likely to cure problems with their ballots when notified by election supervisors than other voters. The study also shows that rejection rates vary widely across the state. The report was produced by Daniel Smith, chairman of the political science department at the University of Florida, on behalf of the ACLU of Florida, whose director, Howard Simon, cited the state’s “uncertain history in election administration” in a conference call with reporters.

Georgia: Georgia district ordered to redo primary after voting errors | CNN

A judge said he will order a Georgia Legislature district to redo a primary election between two Republicans because errors in voter data called the results into question. The announcement came in response to a lawsuit filed by state Rep. Dan Gasaway that challenged the legitimacy of the election he lost by 67 votes to businessman Chris Erwin in May. Following his loss, Gasaway personally examined voter rolls and determined that “cross-contamination” in his district’s voter information had led to at least 67 people voting in the wrong district, according to his lawsuit.

Kansas: Johnson County Primary Voting Saga Continues As ACLU Sues County Election Commissioner | KCUR

The ACLU of Kansas is now suing Johnson County Election Commissioner Ronnie Metsker to gain access to lists of 900 voters who filed provisional ballots and about 150 voters whose advance ballots were not counted in the August primary.  It’s the latest in an ongoing saga over the controversial Johnson County primary, which involved a serious delay in vote counting and a technical glitch in the county’s new, $10.5 million voting machines. The lawsuit is filed on behalf of Davis Hammet, president of Loud Light, a nonprofit working to increase voter turnout. He’s suing after being denied access to the lists, but more than that, he said, he’s concerned there are bigger issues in the county. 

Wisconsin: Adams County clerk resigns following investigation into unauthorized computer access | WKOW

A meeting to hear charges against Cindy Phillippi was scheduled for Wednesday morning. But the hearing was canceled after Phillippi, through her attorney, submitted a 5-page resignation agreement to the Adams County Board during a closed door session Tuesday night. The resignation is effective Wednesday. The agreement does not include an admission of liability. Phillippi will be on paid leave through the end of the year. Board Chair John West said she will continue to provide consultation during the transition period.

Malaysia: Cabinet decides to lower voting age from 21 to 18 | The Straits Times

The Malaysian Cabinet has decided to lower the voting age from 21 to 18. The decision was made at its weekly meeting on Wednesday (Sept 19), and work on amending the Federal Constitution will begin soon, said Youth and Sports Minister Syed Saddiq Syed Abdul Rahman. “One of the things to be done is to work closely with the youth wings of opposition parties as a two-thirds majority is needed for laws to be amended,” he told reporters. “By the next general election, 18-year-olds can cast their votes, that is for certain,” he added.

Maldives: Opposition party raises alarm over fair conduct of presidential poll | Times of India

The Maldives’ opposition party Wednesday raised concerns over conduct of the presidential elections on Sunday in a free and fair manner by the country’s poll body, which it alleged has deployed activists of the ruling dispensation for the poll duty. President Abdulla Yameen, of the ruling Progressive Party of Maldives (PPM), is seeking a second five-year term in the Indian Ocean archipelago, a popular high-end tourist destination. Yemeen had imposed a state of emergency in February after the Supreme Court quashed the conviction of nine opposition leaders, including the country’s first democratically elected president Mohamed Nasheed. Nasheed, the main opposition Maldivian Democratic Party (MDP) leader, is currently in exile in Sri Lanka. He has been barred from contesting the Sunday’s polls.

New Zealand: Plans for online voting at local govt elections ‘dangerous’ | Radio New Zealand

An Australian IT expert says New Zealand would be crazy to adopt online voting for local government elections and would be opening itself up to widespread electoral fraud. Nine councils including Auckland, Wellington, Hamilton and Tauranga want to use it at next year’s elections, despite there being few examples overseas of where it is being used successfully or safely. Online voting was first used at government elections in Estonia in 2005. Its take up by the rest of the world since then has been limited at best, in large part due to vulnerabilities in its systems that allowed hackers to cast fake votes and rig elections. Australian IT expert Vanessa Teague alerted authorities to faults in the 2015 New South Wales state elections, where a quarter of a million voted online. There were plenty of hackers worldwide happy to take money from a vested interest looking to manipulate an election in their favour, she said.

Russia: Election in Russia’s Far East to be re-run after fraud scandal | Reuters

A regional election in Russia’s Far East will be re-run, the local election commission said on Thursday, dealing a rare blow to the Kremlin after allegations the vote had been rigged in its candidate’s favor. The ruling, in Russia’s Primorsky Region which includes the Pacific port of Vladivostok, 6,400 km (4,000 miles) east of Moscow, came a day after Russia’s top election official recommended that the election be re-run. Ella Pamfilova, head of the Central Election Commission, had not accused the Kremlin-backed candidate, Andrei Tarasenko, of orchestrating the vote-rigging, but had said that a raft of irregularities had been identified, including ballot stuffing and vote buying. 

Sweden: IT sector advises Swedish government on elections and voting system | Computer Weekly

Swedish IT sector is helping the government make election systems more secure and reduce external influence. The security measures assembled and implemented around the 2018 election in Sweden were devised in consultation with leading actors within Sweden’s private IT sector. The primary role of the IT suppliers was to advise government panels, which included the national security service (Säpo), the National Police Board (Rikspolisstyrelsen), the National Civil Contingencies Agency and the National Election Authority. Säpo was at the head of a government-commissioned election taskforce that organised an IT-based protective shield around the voting process and implemented measures to minimise hostile external inference.