National: Voting machines are totally hackable. But who’s going to pay to fix them? | NPR

The midterm elections are here. Early voting is already happening in some places. We’re spending the rest of the week on election security and technology, starting with voting machines. Candice Hoke, founding co-director of the Center for Cybersecurity and Privacy Protection at the Cleveland-Marshall College of Law, believes insecure voting machines are the biggest security threat to the midterm elections. And they’re definitely insecure. Last summer at the DefCon hacking conference, security experts hacked and whacked at a variety of voting machines and came away saying the machines were hopelessly vulnerable to even the most basic hacking, like the kind where the default password is still “password.” And lots of them don’t even create paper receipts to ensure the votes were counted correctly. “We have not required voting systems vendors to operate under the same kinds of rules as, say, pharmaceuticals as to the safe and effectiveness of their products,” Hoke said. “So safety, privacy, auditability, transparency, whatever word you want to use, these are all marketing terms in the voting systems arena rather than reflective of some kind of standards that are actually being enforced.”

National: Paper and the Case for Going Low-Tech in the Voting Booth | WIRED

In September 2017, barely two months before Virginians went to the polls to pick a new governor, the state’s board of elections convened an emergency session. The crisis at hand? Touchscreen voting machines. They’d been bought back in the early aughts, when districts across the country, desperate to avoid a repeat of the 2000 “hanging chads” fiasco, decided to go digital. But the new machines were a nightmare, prone to crashes and—worse—hacking. By 2015, Virginia had banned one of the dodgiest models, but others were still in use across the state. Now, with the gubernatorial election looming, officials were concerned that those leftover machines were vulnerable.

They had good reason. Evidence of Russian interference in the US democratic process was mounting. And at the DefCon security conference that summer, whitehat hackers had broken into every electronic voting machine they tried, some in a matter of minutes. (One model had as its hard-coded password “abcde.”) “That really triggered us to action,” recalls Edgardo Cortés, at the time Virginia’s top elections official. So, at the emergency session, he and his colleagues instituted a blanket ban on touchscreen machines. But what next? Virginia officials needed a superior voting technology. They settled on paper. When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source. You can tally ballots rapidly using low-tech scanners, and if it’s necessary to double-check the results (as was the case with several down-ticket contests in Virginia), you can do a manual recount. Paper isn’t perfect, but it’s better than the alternative.

National: Officials prepare for potential false claims of election interference | The Hill

State and federal officials say they are well prepared for the possibility of a cyberattack on American election systems Nov. 6, but experts warn that even a false claim of interference by foreign actors on Election Day could undermine the public’s faith in the voting process. The top cyber official at the Department of Homeland Security (DHS) said it’s a very real possibility that groups will announce they successfully hacked certain election results. That would require swift action from federal authorities to decisively refute any unsubstantiated declarations of election meddling, analysts say. “I could absolutely envision a scenario where someone claims to have had access or claims to have hacked” an election, Christopher Krebs, the undersecretary of the National Protection and Programs Directorate (NPPD), told reporters last week.

National: New study scrutinizes time and effort it takes to vote in each state |

Wide variations among the 50 states when it comes to the ease of casting a ballot are impacting the quality of democracy in the United States, a new study shows. Forget voter fraud. States are influencing who votes by making it easier or harder to cast a ballot, and that’s likely shaping election results, said study lead author Scot Schraufnagel, chair of the Department of Political Science at Northern Illinois University. He worked on the study with co-authors Michael J. Pomante II and Quan Li. Pomante II earned his doctorate from NIU in 2016 and works as a professor at Jacksonville University in Florida, while Li is a professor at Wuhan University in China. They created a “Cost of Voting Index”—using what is described in the study as “the largest assemblage of state election laws”—to rank each state according to the time and effort it took to vote in each presidential election year from 1996 through 2016. They analyzed the impact of 33 different variables dealing with registration and voting laws, with differences in registration deadlines carrying the most weight.

National: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections | The New York Times

The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation. The campaign, which includes missions undertaken in recent days, is the first known overseas cyberoperation to protect American elections, including the November midterms. The operations come as the Justice Department outlined on Friday a campaign of “information warfare” by Russians aimed at influencing the midterm elections, highlighting the broad threat the American government sees from Moscow’s influence campaign.

National: Google steps up security efforts as most campaigns use its email services | The Washington Post

Google has been stepping up its efforts to protect political campaigns against phishing attacks — one of the most pressing threats facing candidates as hackers continue to target them via email. U.S. political campaigns overwhelmingly use Google as their email provider, according to data collected by anti-phishing start-up Area1 Security. Of the 1,460 candidates the company is tracking who are running for the Senate, House of Representatives or governor, 65 percent use Google as their email provider. The 2018 midterms will be the first test of the security measures Google and other tech companies have adopted since Russian hackers successfully spear phished Hillary Clinton campaign chair John Podesta. Hackers stole more than 50,000 of his emails after a click on a “change password” button on an email disguised as a security alert from Google.

Editorials: Voter-Suppression Tactics in the Age of Trump | Jelani Cobb/The New Yorker

Decades ago, amid the most overt privations of Jim Crow, African-Americans used to tell a joke about a black Harvard professor who moves to the Deep South and tries to register to vote. A white clerk tells him that he will first have to read aloud a paragraph from the Constitution. When he easily does so, the clerk says that he will also have to read and translate a section written in Spanish. Again he complies. The clerk then demands that he read sections in French, German, and Russian, all of which he happens to speak fluently. Finally, the clerk shows him a passage in Arabic. The professor looks at it and says, “My Arabic is rusty, but I believe this translates to ‘Negroes cannot vote in this county.’ ” Old jokes have lately been finding renewed salience. Literacy tests, poll taxes, and grandfather clauses, once the most common mechanisms for disadvantaging minority voters, have been consigned to the history books, but one need look no further than the governor’s race in Georgia to see their modern equivalents in action. 

Editorials: Is the Assault on Voting Rights Getting Worse, or Are We Just Noticing It More? | Richard Hasen/

Over the weekend, President Donald Trump threatened prosecutions against nonexistent voter fraud, a message likely aimed at intimidating voters and stopping some from voting. With Trump’s heightened rhetoric and a seemingly increasing number of stories about voter suppression around the country, it is worth asking: Has voter suppression actually gotten worse in the 2018 midterm election season? Or are we just hearing about it more thanks to the hyperpolarized political environment? The truth depends on which state you are talking about. In many parts of the U.S., even in many Republican states, registering to vote and voting is becoming easier. But in some key Republican states, Supreme Court decisions have allowed states to put up new hurdles for voting. Just ask Native Americans in North Dakota, black voters in Georgia, or Latinos in Dodge City, Kansas. Whether or not these hurdles actually affect election outcomes, they are outrageous, unjustified, and a drain on state resources.

California: FBI investigating cyberattacks targeting California Democrat: report | The Hill

The FBI has opened up an investigation into cyberattacks that targeted a California Democrat who eventually lost a tight House primary race earlier this year, according to Rolling Stone, citing a source close to the campaign. The inquiry centers on distributed denial of service (DDoS) attacks against the campaign website for Bryan Caforio, who finished third in the June primary. He was running in California’s 25th Congressional District, which is represented by Republican Rep. Steve Knight and is considered a seat that Democrats could flip in November. The attacks involved creating artificially heavy traffic on his website that forced the hosting company to block access to four times before the primary, including during a crucial debate and in the week before the primary. No website data was accessed from the site during the attacks.

Missouri: Judge clarifies voter ID ruling ahead of key Senate contest | PBS

A Missouri judge on Tuesday made clear that local election workers cannot enforce a core requirement in a new voter photo identification law, taking away the teeth of the law in advance of a marquee U.S. Senate election on Nov. 6. At issue is a new law that had directed voters to present a valid photo ID or sign a sworn statement and present some other form of identification in order to cast a regular ballot. Senior Cole County Circuit Judge Richard Callahan earlier this month struck down the requirement that voters without proper photo ID sign a sworn statement. But Republican Secretary of State Jay Ashcroft, who supports a photo ID law, said the ruling caused “mass confusion” just weeks before the pivotal election between Democratic Sen. Claire McCaskill and her Republican rival, Attorney General Josh Hawley.

New Hampshire: ‘It’s a poll tax’: how New Hampshire became a battlefield for voting rights | The Guardian

Among the symmetrically mown lawns and grand homes of suburban New Hampshire, Garrett Muscatel was knocking on doors to talk about a subject that took many by surprise: voter suppression. At just 20 years old, this student at Dartmouth College is vying to become the youngest member of the state’s 400-person house of representatives in November’s midterm elections. But, so he told potential voters in this precinct, what is at stake was not just the beginning of his political career but the future of democracy in the Granite state. “Hi, my name is Garrett,” he told one woman in her 60s, tending to her barking dog. “I’m a student here at Dartmouth and I’m running for office. Did you know much about laws Republicans have passed that make it harder for people like me to vote?” She hadn’t heard much. But agreed that turning up to vote, even in a heavily Democratic precinct like this one, was important in the Trump era.

North Dakota: Voter ID Law Could Keep Rural Native Americans From Voting | WBUR

The Supreme Court declined this month to overturn a North Dakota law that requires voters to present an ID listing their residential address at the polls. The decision could have a negative impact on tens of thousands of rural voters — many of them Native Americans who live on one of the states five reservations, where residents are not required to have a street address. Native Americans have long faced unique challenges relating to voter suppression. They were the last to gain suffrage in 1924 and couldn’t vote in states like Arizona, New Mexico and Utah until 1948.

Texas: Students sue Waller County, allege voting rights violations | Associated Press

A group of students from a historically black university have filed a lawsuit alleging a southeast Texas county is suppressing the voting rights of its black residents. In a lawsuit filed in federal court in Houston on Monday, five Prairie View A&M University students allege Waller County election officials are violating the civil rights of black students and residents in Prairie View — which is predominantly African-American — by not providing any early voting locations on campus or anywhere in the city during the first week of early voting, which started Monday. In the second week of early voting, the county is providing five days in Prairie View, but two of them are off-campus and at a site that is not easily accessible to many students who lack transportation, according to the lawsuit.

Vermont: Secretary Of State: Hacking Attempt ‘That Said Russian Federation’ Raised Concerns | WBUR

The Vermont Secretary of State told On Point that in late August hackers used three different methods to attempt to access Vermont’s online voter registration database. One of the attempts came from Russia. “We experienced scans,” Vermont Secretary of State Jim Condos said. “Our logs of the system showed where they were coming from. The one that raised our attention, if you want to call it, was the one that said ‘Russian Federation,’ and we forwarded that on to Department of Homeland Security.” None of the attacks were successful. The attempts were first reported by NBC News. Condos revealed the Russian attempt to On Point. The Department of Homeland Security said in an intelligence assessment obtained by NBC News that it’s aware of growing “cyberactivity targeting election infrastructure in 2018. … Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data and undermine confidence in the election.”

Afghanistan: Officials vow to probe chaotic legislative vote | AFP

Embattled Afghan election officials on Monday vowed to investigate the mishandling of the weekend’s problem-plagued legislative ballot, as voters prepare to wait weeks for the results. Initial figures show around four million voted in the long-delayed election that was extended by a day after many polling centres opened late or not at all due to glitches with biometric verification devices and missing or incomplete voter rolls. That is less than half of the nearly nine million voters who had registered to participate in the parliamentary election, though many suspect that a significant number of those were based on fake identification documents that fraudsters hoped to use to stuff ballot boxes. The turnout figure does not include those who voted on Sunday, the Independent Election Commission (IEC) said.

Australia: ​Electoral Commission seeks advice on overhauling 30-year-old systems | ZDNet

The Australian Electoral Commission (AEC) wants to overhaul its election systems, but it doesn’t exactly know how such overhaul will look, or what it will comprise of. The AEC published a request for information (RFI) this week, seeking specifically “innovative” ideas and approaches to designing and delivering an Election Systems Modernisation Program, asking the market for guidance on everything from procurement constraints to the end result. The core software platforms currently in place at the AEC have been in use for almost 30 years, the RFI revealed, with the AEC’s systems environment consisting of approximately 93 systems and supporting sub-systems. The 90-plus systems deliver services to citizens and political parties, support the work of the AEC, and provide integration and interface services, the AEC explained.

Canada: Online voting causes headaches in 51 Ontario cities and towns | The Toronto Star

Glitches with a private online voting company impacted local elections in 51 cities and towns across the province on election day, causing at least six to extend voting hours until Tuesday in an example one expert says highlights the wild west of internet voting. Dominion Voting blamed the “slow traffic” that voters experienced just after 6 p.m. Monday on a third-party Toronto-based data centre placing an “unauthorized limit on incoming voting traffic,” in a press release sent to affected municipalities. … Aleksander Essex, an assistant professor of software engineering at Western University, in London, Ont., said Dominion Voting is essentially “blaming it on their subcontractor,” adding it’s not clear why the entire website appeared to shut down temporarily. But the incident highlights bigger concerns with online voting, the use of which has been steadily growing in Ontario.  “Wild west is exactly the term I’ve been using,” he said. “It absolutely is dangerous for democracy.”

Congo: Controversial voting machines start arriving | Reuters

Congo’s deputy prime minister said on Saturday that tablet-like voting machines for December’s election had been made to order and will finish arriving this month, despite suspicions by diplomats and the opposition that they may enable fraud. President Joseph Kabila is due to step down after 17 years in power after a long-delayed vote scheduled for Dec. 23 to choose his successor. The election, which was meant to happen before Kabila’s mandate expired in 2016, had been delayed for so long that many doubted it would happen. If it goes ahead, it will be Democratic Republic of Congo’s first peaceful transition of power since independence from Belgium in 1960. This year, crucial milestones of the calendar — such as candidate registration — have been passed on time.