The future of voting should not involve your cellphone, according to a leading cybersecurity expert. In a first-of-its-kind pilot program, West Virginia will test blockchain encrypted mobile phone voting for members of the U.S. military. But Joe Hall, chief technologist and director of internet architecture at the Center for Democracy & Technology, warned that the plan presents a host of risks. “West Virginia has taken the ridiculous step of deciding that they’re going to not only vote on a mobile device, which in and of itself is just a bad idea, but use a blockchain mechanism, something associated with crypto-currency or bitcoin,” Hall told Grant Burningham, host of the Yahoo News podcast “Bots & Ballots.” In a September interview with Burningham, venture capitalist Bradley Tusk argued that his foundation’s plan to test cellphone voting was a way to boost voter participation in the U.S. However, Hall believes the risks outweigh the possible benefits.
Pop quiz: which part of the federal government is tasked with preventing cyber interference in our elections? Congress has refused to say. We have reached a point of a significant gap between an important federal need and existing federal power. And in the absence of that federal power, federal agencies have stepped into the gap and extended their authority into domains unanticipated by Congress. Of course, there is clear statutory guidance for some aspects of protecting election integrity. We can think about preventing campaign interference in our elections. Portions of that job fall squarely within the domain of the Federal Elections Commission, which enforces campaign finance laws. We can also think about prosecution or punishment of those who engage in either foreign campaign interference, like the Justice Department’s recent criminal indictment of a Russian woman with interference in the 2018 midterm elections, or foreign cyber interference, like actions from the Obama and Trump administrations to sanction those who interfere with election systems in the United States. But that’s focused on punishing election interference that has already occurred.
Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas.
The National Academy of Sciences report is blunt: “There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.” But election officials can and should audit votes — rather than performing time-consuming full recounts — before election results are certified to confirm their legitimacy, the report states. Risk-limiting audits are a relatively new way to double-check the results of an election after the fact. First implemented in Colorado in 2017, the audits examine a randomly chosen, statistically significant number of paper ballots and compare the results in those ballots to the actual result. They’re done no matter the margin of victory; suspicious results may trigger a full recount. “It’s an abbreviated recount, in a sense,” said Ronald Rivest, one of the inventors of the RSA public-key cryptosystem and a member of the NAS panel that wrote the report.
A group of security researchers and voting technology vendors trying to hash out cybersecurity requirements for voting systems once again butted heads over whether to require vendors to let anyone test their products. The subject arose during a teleconference late last week of the Voluntary Voting System Guidelines cyber working group. When election security consultant Neal McBurnett suggested that the new guidelines require vendors to make products available for open-ended vulnerability testing, Joel Franklin of voting giant Election Systems & Software shot back with a question: “Is there other software tied to critical infrastructure software that’s open to public OEVT?” Franklin said he wasn’t dismissing the value of OEVT. “I’m just wondering if we’re putting an undue burden on voting systems when there are computers in nuclear security and every other critical infrastructure industry” that aren’t available for OEVT.
lection officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. … But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials. “So what we’ve seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward,” said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.
Election officials across the country have closed thousands of polling places and reduced the number of workers staffing them in recent years, citing cost savings and other new realities like increased early and absentee balloting. However, days from what many expect will be one of the busiest midterm elections in decades, the burden of Americans’ shrinking access to in-person voting options is falling more heavily on urban areas and minority voters, a USA TODAY analysis of national and state data shows. Voting rights advocates say the disappearance of polling sites could create confusion about where to vote, and thinner staffing of remaining sites could mean longer lines. Those problems, they fear, could shrink voter turnout in some neighborhoods.
Since the adoption of electronic voting machines in the 1990s, election experts have argued that paper records are critical for auditing elections and detecting potential tampering with vote tallies. The issue gained new prominence following the 2016 elections, which spurred multiple investigations into allegations of Russian interference in the electoral process. In a panel discussion hosted by Princeton’s Center for Information Technology Policy (CITP), experts examined the state of U.S. election security. The moderator Ed Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs and director of CITP, opened the discussion by noting that “Princeton has quite a bit of expertise in this area.” He cited two faculty members working in election technology and policy, Andrew Appel and Jonathan Mayer. Appel, the Eugene Higgins Professor of Computer Science, recently served as a member of the National Academies’ Committee on the Future of Voting, while Mayer, assistant professor of computer science and public affairs, recently developed bipartisan election security legislation as a staffer in the United States Senate. Also on the panel was Marian Schneider, a former Pennsylvania elections official and the president of Verified Voting, a nonprofit organization that aims to improve election security practices.
Sometimes, it’s the scale. Hundreds of thousands of votes take longer to tally than just a few, so huge urban areas often lag behind smaller places. Other times, it’s the mail. California, for instance, where there are seven tight House races, is notoriously slow, in part because more than half of voters opt to use vote-by-mail ballots (a.k.a. “absentee” ballots in some places). California ballots postmarked on Election Day have three days to show up at county elections offices. A few other states allow a week or 10 days; Alaska will accept ballots from abroad up to 15 days later. “I’ve always speculated about a worst-case scenario where an Alaska Senate seat could determine control of the U.S. Senate, and there may still be ballots sitting at local ‘post offices,’” said Paul Gronke, director of the Early Voting Information Center at Reed College, in an email. “Post office,” he said, could actually mean a remote bait shop or grocery store from which ballots would need to be airlifted, validated and counted.
Arizona: Maricopa County to rely on employees, not tech company, during next election | Downtown Devil
The Maricopa County Recorder’s Office is turning to county employees to set up voting equipment instead of hiring a technology company for the general election in November after facing criticism for reports of delays in the opening of polling sites in the primary election in August.
Maricopa Recorder Adrian Fontes said reports of delays from some voters were blown out of proportion by the media and that record voter participation is what’s worth noting. He said the focus on “minor issues” is frustrating and dissuades voters.
The Arizona Secretary of State’s Office reported that a record 1.2 million people cast a ballot in August, 33 percent of registered voters. An interim report by the Internal Audit Office says 62 out of 503 polling stations opened at 11:33 a.m. rather than 6 a.m. when they were scheduled to open.
The Internal Audit Office’s report identifies a lack of a contingency plan as the main cause for delays in August, something Fontes’ office denies.
“We attacked the problem. All Maricopa voters had a place to vote,” Fontes said.