Texas voters experiencing issues with voting machines used in that state have been told by election officials that they are the problem, not the machines. The state says voters are inadvertently touching the machines in ways they shouldn’t, causing the machines to alter or delete their vote in the hotly contested senate race between Republican incumbent Ted Cruz and Democratic challenger Beto O’Rourke. But Dan Wallach, a computer science professor at Rice University in Houston who has examined the systems extensively in the past, told Motherboard in a phone interview that the problem is a common type of software bug that the maker of the equipment could have fixed a decade ago and didn’t, despite previous voter complaints. What’s more, he says the same systems have much more serious security problems that the manufacturer has failed to fix that make them susceptible to hacking. The problem involves eSlate voting machines made by Hart InterCivic—direct-recording electronic machines that use a dial and button for voters to make their selections. Voters turn the dial in the lower right corner of the machine to scroll through each race and page of a digital ballot, and press the “enter” button, located just left of the dial, to make their selections.
You could call it buyer’s remorse. Five US states went all in on electronic voting machines, and four of those states are poised to get out. Delaware, Georgia, Louisiana, New Jersey and South Carolina are the only states relying solely on voting machines that produce no paper record of an individual voter’s ballot. All but Georgia are on the cusp of swapping those out for new machines that print out a paper record of each completed ballot — and Georgia is under pressure to do the same. None, though, will be ready for next week’s midterm elections. It’s the next step in voting systems since Florida’s infamous hanging chads and butterfly ballots determined the 2000 presidential election. … Hackers could also infiltrate the computers that tabulate results, as security experts found when they examined voting-related software at the annual Defcon hacking conference this year, and they could attack or alter the websites that announce winners. The Defcon experts also found half of US states are using voting machines that have known software vulnerabilities.
National: How Electronic-Voting-Machine Errors Reflect a Wider Crisis for American Democracy | The New Yorker
When reports began circulating last week that voting machines in Texas were flipping ballots cast for Beto O’Rourke over to Ted Cruz, and machines in Georgia were changing votes for the Democratic gubernatorial candidate Stacey Abrams to those for her Republican opponent, Brian Kemp, it would not have been unreasonable to suppose that those machines had been hacked. After all, their vulnerabilities have been known for nearly two decades. In September, J. Alex Halderman, a computer-science professor at the University of Michigan, demonstrated to members of Congress precisely how easy it is to surreptitiously manipulate the AccuVote TS, a variant of the direct-recording electronic (D.R.E.) voting machines used in Georgia. In addition, Halderman noted, it is impossible to verify that the votes cast were not the votes intended, since the AccuVote does not provide a physical record of the transaction.
National: Fewer than half of US states have undergone federal election security reviews ahead of midterms | ABC
With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking. Under the department’s National Protection and Programs Directorate, the agency branch that coordinates cyber protection of U.S. infrastructure, a team of DHS officials are prepared to examine statewide election systems. They can check for cybersecurity vulnerabilities and run in-person exercises like phishing tests to ensure election officials are prepared to guard against attempts to hack their email accounts. The Department of Homeland Security has already provided or is scheduled to provide the service, which is free for states that request it, to only 21 states, a department spokesman told ABC News, concerning election experts who fear some states may not be aware of potential vulnerabilities.
Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas. Experts have urged states to have backup systems after officials from U.S. intelligence agencies and the Department of Homeland Security said that Russian entities scanned election systems in at least 21 states before the 2016 election in an attempt to breach. Seven states had their computer systems breached to various degrees, officials have said. Illinois has said its voter registration system was breached. But officials have said no votes were altered.
Drawing on her years of military experience, Maureen Heard was careful to follow all the rules when she filled out an absentee ballot in 2016. She read the instructions thoroughly, signed where she was supposed to, put the ballot in its envelope and dropped it off at the clerk’s office in her New Hampshire town. She then left so she could return to a temporary federal work assignment in Washington, D.C. “I have learned over the years, many years in the military of filling out forms, how to fill out forms — and I was very intimidated by the process,” said Heard, who served in the Air Force and was a lieutenant in the U.S. Coast Guard. “I was like, ‘Oh my gosh, I have to make sure I get it absolutely right.’ And then it didn’t count.” Heard, 57, discovered last year that she was among roughly 319,000 voters across the country whose absentee ballots were rejected during the last presidential election. The reasons varied, ranging from missed deadlines to failure to sign the return envelope. Heard’s ballot was tossed out because her signature did not match the one on file at her local election office.
It was a mystery worthy of crime novelist Raymond Chandler. On 8 November 2016, African Americans did not show up. It was like a day of absence. African Americans had virtually boycotted the election because they “simply saw no affirmative reason to vote for Hillary”, as one reporter explained, before adding, with a hint of an old refrain, that “some saw her as corrupt”. As proof of blacks’ coolness toward her, journalists pointed to the much greater turnout for Obama in 2008 and 2012. It is true that, nationwide, black voter turnout had dropped by 7% overall. Moreover, less than half of Hispanic and Asian American voters came to the polls. This was, without question, a sea change. The tide of African American, Hispanic and Asian voters that had previously carried Barack Obama into the White House and kept him there had now visibly ebbed. Journalist Ari Berman called it the most underreported story of the 2016 campaign. But it’s more than that. The disappearing minority voter is the campaign’s most misunderstood story. Minority voters did not just refuse to show up; Republican legislatures and governors systematically blocked African Americans, Hispanics and Asian Americans from the polls.
To help shore up the nation’s election infrastructure, Congress repurposed $380 million of leftover funding from the 2002 Help America Vote Act into grant funding for states to improve election security. States collectively invested an additional $19 million in matching funds for the same purpose. States could use the grants to replace old voting machines, upgrade election-related computer systems to address vulnerabilities identified by the Department of Homeland Security, implement post-election audits, provide cybersecurity training for state and local election officials or other activities that are specifically tailored to addressing cybersecurity needs.According to the Election Assistance Commission, 41 states used 36.3 percent of those funds to directly improve election cybersecurity. An additional 27.8 percent of the funding went to purchase new voting equipment while another 13.7 percent went to upgrade voter registration systems. Only 5.6 percent of the funds were used to implement post-election audits. However, it’s important to understand that these upgrades and expenditures are expected to take place over the course of the next two to three years; relatively little of the work is being completed before the midterm elections.
National: Center for Internet Security looks to expand threat sharing program to political campaigns | CyberScoop
While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise. “Especially in the early phases of the campaign, it is not staffed by professional IT and certainly not cybersecurity people,” said John Gilligan, the executive chairman of the nonprofit Center for Internet Security (CIS). When a candidate decides to run, the campaign might acquire a few computers and start building databases without prioritizing cybersecurity, Gilligan said Tuesday at the Center for Strategic and International Studies. CIS, which runs a center for sharing threat data with state and local officials, is looking to extend its information-sharing initiative to campaigns. The goal is to chip away at the security-resource deficit facing candidates, as numerous tech companies are trying to do by offering free security services to campaigns.
National: The Amazing Disappearing Voter: Voter purges have become the right’s new voter suppression tool of choice | TPM
Houston photographer Lynn Lane has voted in every general election and primary over the last five years. He hasn’t changed his address, so he was stunned this year to receive an official letter warning him that he might soon be erased from the rolls. Lane was one of 4,000 voters whose registrations were personally challenged by a single Republican, Alan Vera, who chairs the Harris County GOP’s “Ballot Security Committee.” This sort of individual challenge is illegal in some states, but Texas law permits it. Republicans blamed the county’s election registrar, a Democrat, for automatically suspending the registrations of 1,700 of those voters — but not before Vera boasted on his Facebook page about what he was up to: Voters whose registrations were suspended for failure to return a confirmation postcard would have to cast provisional ballots, which are “reviewed by the Ballot board,” he wrote, “and I appoint all Republican members of that board.” His “project,” he added, “could make a big difference in the November election results.” Stories like Lane’s are becoming all too familiar to a growing number of American voters, who are being dropped from the rolls at a rapid clip, particularly in states with histories of voter discrimination. Such purges are the new face of voter suppression, civil rights advocates say. Unlike the Jim Crow laws of yore, which blocked access to the rolls with tests and taxes, voter purges take registered voters — often, voters of color — and make them disappear. And unlike voter ID laws, which at least give voters advanced warning, purges can be sudden, silent, untraceable, and irremediable.
National: Native Americans Voting In 2018 Are Confronting Barriers — And It’s Not Just Voter ID | Bustle
Voting rights organizations are making a final push to get out the vote with just a week to go until the midterm elections. In North Dakota, those efforts have taken on greater urgency because a new voter ID law will be in effect come Nov. 6. Tribes and advocacy groups are on a mission to overcome longstanding obstacles that have hindered Native Americans’ right to vote and ensure their communities have access to the ballot box. Earlier this month, the Supreme Court decided that it would allow North Dakota’s voter ID law to stand. That means voters will be required to present identification showing their street addresses when they vote at their polling place. There’s one glaring problem with that requirement: Native Americans who live on reservations in North Dakota don’t necessarily have street addresses. They typically use P.O. boxes instead, which are listed on their IDs.
Thomas Hicks, commissioner of the U.S. Election Assistance Commission, said today that EAC has developed a set of voluntary voting system guidelines to aid local election authorities, but the commission currently lacks a quorum to vote on the standards and distribute the guidance to localities. EAC currently has two active commissioners of a possible four, but requires a quorum of three in order to vote. President Trump has nominated two people to serve on EAC, but there has been no movement in Congress to confirm the nominees. “I’m hoping the Senate Rules Committee and the Senate come together and vote those two folks up or down relatively soon,” Hicks said today at the Symantec Government Symposium.
The quarterly incident response (IR) threat report from Carbon Black isn’t usually such an exciting read, aggregating as it does data from across a number of partners in order to provide actionable intelligence for business leaders. The latest report, published today, is a politically charged exception. Not only does it reveal that nation-state politically motivated cyberattacks are on the up, with China and Russia responsible for 41.4% of all the reported attacks, but that voter databases from Alabama to Washington (and 18 others) are for sale on the dark web. These databases cover 21 states in all, with records for 81,534,624 voters that include voter IDs, names and addresses, phone numbers and citizenship status. Tom Kellerman, Carbon Black’s chief cybersecurity officer, describes the nation-state attackers as not “just committing simple burglary or even home invasion, they’re arsonists.” Nobody relishes their house burning down, even figuratively speaking. Which is why, according to another newly published report, this time from Unisys, suggests one in five voters may stay at home during the midterms as they fear their votes won’t count if systems suffer a cyberattack.
Editorials: How to protect against voting glitches and security breaches in the midterms and in 2020. | Lawrence Norden/Slate
In the past week, reports of foreign interference in American elections have reached what appears to be a crescendo, with multiple reports about foreign influence operations and targeting of our election infrastructure as well as federal and state efforts to push back. Amid these reports, it’s important for the American public to understand that in the nearly two years since November 2016, election officials (in coordination with state and federal agencies) have done much to secure our voting infrastructure. Perhaps most importantly, federal and state agencies as well as security experts have worked with election officials to provide cybersecurity trainings, risk assessments, and new tools for preventing and detecting attacks. But no election is perfect. Whether or not there are additional attacks against our election system, there will inevitably be some failures. For both glitches and cyberattacks, there are critical, immediate steps that officials can take (and in most cases, are already taking) to ensure that all citizens can vote and that their votes will be accurately counted. The infrastructure we use to administer and vote in elections in the United States is vast and includes election websites that provide voters information on their polling places, voting machines, and systems that report unofficial results on election night. Past attacks on election systems, both here and abroad, show that we should assume any part of them could be a target, and act with measures to prevent, detect, and recover against such attacks. Here are the kinds of election-security issues and voting-system glitches that we need to be most aware of—as well as the steps we can take to ensure they don’t interfere with our ability to cast and count ballots—as we approach both the 2018 midterms and the 2020 presidential race.
Editorials: How to Punish Voters: The prosecution of individual voters for fraud is a trend that seems intended to intimidate | Josie Duffy Rice/The New York Times
Georgia Secretary of State Brian Kemp, the chief elections official in the state, is a pioneer of present-day voter suppression. Mr. Kemp has a record of making it harder for people to register to vote, and more difficult for those voters to remain on the rolls. Since 2012, his office has canceled more than 1.4 million voter registrations. In July 2017, over half a million people — 8 percent of the state’s registered voters — were purged in a single day. As of earlier this month, over 50,000 people’s registrations, filed before the deadline to vote in the coming midterm election, were listed as on hold. Seventy percent had been filed by black applicants. Even as Mr. Kemp claims his draconian voting policies are intended to prevent fraud, it’s clear that his real aim is to weaken black voting power in a state where political affiliation is largely dictated by race. He has warned his fellow Republicans about Democrats “registering all these minority voters.” Mr. Kemp’s attempts to prevent people from voting exemplify the familiar ways in which access to the ballot has been restricted for people of color across the United States. But voter suppression also happens in ways that aren’t as well-known, and are even more insidious. In particular, local prosecutors have increasingly brought criminal charges against black voters and community activists for small technical infractions. They’re sending the frightening message that casting a ballot is risky — a message that resonates even when the charges turn out to be baseless and the people charged are acquitted.
Around the state, counties have seen an increased amount of ballots cast through early voting and mail-ins that are far exceeding those tallied during the 2014 midterm election. Election Day is still a week away but voters have already been making their voices heard by casting their ballots early. Since tragedies like the high school shooting in Parkland that left 17 people dead, some young voters have eagerly awaited the midterms to vote on issues that matter to them: gun control, health care and education. Around the state, counties have seen an increased number of ballots cast through early voting and mail-ins that are far exceeding those tallied during the 2014 midterm election. As of Tuesday, more than 3 million people had already voted, according to the Florida Division of Elections, an uptick of nearly a million ballots compared with this time in 2014. About 1.8 million of those ballots were mail-in ballots.
A federal district judge in Georgia denied Secretary of State Brian Kemp’s request to pause an injunction the judge ordered last week that prevents election officials from tossing out certain absentee ballots. Judge Leigh Martin May said in an order filed late Tuesday that delaying the injunction “would only cause confusion, as Secretary Kemp has already issued guidance in accordance with the injunction to county elections officials,” according to The Atlanta Journal-Constitution. Kemp is also the GOP nominee for governor in next week’s election. May said last week that she was blocking election officials in the state from throwing out absentee ballots when a resident’s signature doesn’t exactly match the signature on their voter registration card. Kemp had requested that May delay the injunction while he appeals the decision to a higher court, the Journal-Constitution reported.
Drawing on her years of military experience, Maureen Heard was careful to follow all the rules when she filled out an absentee ballot in 2016. She read the instructions thoroughly, signed where she was supposed to, put the ballot in its envelope and dropped it off at her county elections office in New Hampshire. She then left town so she could return to a temporary federal work assignment in Washington, D.C. “I have learned over the years, many years in the military of filling out forms, how to fill out forms — and I was very intimidated by the process,” said Heard, who served in the Air Force and was a lieutenant in the U.S. Coast Guard. “I was like, ‘Oh my gosh, I have to make sure I get it absolutely right.’ And then it didn’t count.” Heard, 57, discovered last year that she was among roughly 319,000 voters across the country whose absentee ballots were rejected during the last presidential election. The reasons varied, ranging from missed deadlines to failure to sign the return envelope.
Opening a second Election Day polling place in Dodge City is impossible, an attorney for the county clerk at the center of a growing Kansas controversy over voting rights said Monday. An 18-year-old Dodge City resident and a Latino civil rights group are suing Ford County Clerk Debbie Cox in an effort to force her to reopen the polling location used by Dodge City’s 13,000 registered voters before Cox moved voting to a site a half mile outside the city limits. Attorneys for the resident, Alejandro Rangel-Lopez, and the League of United Latin American Citizens clashed with attorneys for Cox during a conference call in the case. With the Nov. 6 election approaching, Judge Daniel Crabtree decided to give both sides until 5 p.m. Tuesday to file written arguments.
Louisiana: State Supreme Court chief justice says new law on felons voting doesn’t go far enough | The Advocate
A Louisiana law that takes effect in March and will allow felons who have been out of prison for five years to register to vote — despite remaining on probation or parole — doesn’t go far enough to address state laws that “unconstitutionally disenfranchise” its citizens, Louisiana Supreme Court Chief Justice Bernette Johnson says. Johnson’s written comments came in a dissent Monday as the state high court denied an appeal filed by a group of felons who challenged a 1976 Louisiana law that barred felons on probation or parole from voting. While that case was on appeal, Gov. John Bel Edwards signed into law on May 31 a measure allowing felons who’ve been out of prison for five years, but remain on probation or parole, to register to vote.
Amid heightened conversation across the country about voting rights and who has access to the ballot, Maryland voters are deciding whether to amend the state constitution to allow people to register on Election Day. The Democratic-backed initiative, which was opposed by most Republican lawmakers and has not been endorsed by Gov. Larry Hogan (R), is one of two statewide questions on the ballot for the midterm elections. … Maryland already allows residents to register during early voting, which this year ends Thursday, but they cannot do it on Election Day.
Appeals court judges on Tuesday said a lawsuit can move forward that alleges Missouri lawmakers didn’t spend enough money on implementation of a new voter photo identification law and it consequently should not be enforced. The decision by the Western District Court of Appeals panel reversed a circuit court judge’s January ruling to dismiss the case , meaning the legal challenge can continue. The American Civil Liberties Union, Advancement Project, Missouri NAACP and League of Women Voters filed the lawsuit last year, alleging that state lawmakers didn’t budget enough money for the state to properly educate voters on the changes, provide free IDs and birth certificates, and train poll workers. As a result, the groups argued that the heart of the law should not be carried out.
Nobody in the squat yellow house serving as the Standing Rock Sioux Tribe’s get-out-the-vote headquarters knew its address. It was on Red Tail Hawk Avenue; they knew that much. But the number was anyone’s guess. Phyllis Young, a longtime tribal activist leading the voter-outreach effort, said it had fallen off the side of the house at some point. Her own home has a number only because she added one with permanent marker. This is normal on Native American reservations. Buildings lack numbers; streets lack signs. Even when a house has an address in official records, residents don’t necessarily know what it is. “We know our communities based off our communities,” said Danielle Ta’Sheena Finn, a Standing Rock spokeswoman and tribal judge. “We know, ‘Hey, that’s so-and-so’s house; you go two houses down and that’s the correct place you need to be.’”
Ohio: Court orders boards of election to count provisional ballots in midterms for certain voters purged from rolls | Cleveland Plain Dealer
A federal appeals court on Wednesday ordered boards of election in Ohio to count provisional election ballots for the 2018 midterm elections that are cast by certain people previously purged from the state’s voter rolls. A three-judge panel from the 6th U.S. Circuit Court of Appeals ruled 2-1 that votes cast by people purged from the rolls between 2011 and 2015 must be counted if they still live in the same county of their last registration and if they are not disqualified from voting because of a felony conviction, mental incapacity or death. The panel’s injunction comes as progressive advocacy groups appeal Senior U.S. District Judge George Smith’s decision to dismiss a lawsuit against Secretary of State Jon Husted that said notices the state sent to inactive voters were inadequate under federal law. Should the groups be successful on appeal, some voters may be wrongly denied the ability to vote unless the injunction is in place, the panel wrote.
Oregon’s paper-ballot voting system in the state has never been more accurate or secure, though the number of phishing attempts targeting election officials has increased, the state’s elections director said. Oregon Elections Director Steve Trout said he himself has been hit by a dozen phishing attempts since July. In all of 2017, he had only one or two. Phishing is an attempt to trick people into sharing sensitive information such as passwords and usernames, often by inducing them to click on a bogus link or by pretending to be an entity. The FBI and U.S. Department of Homeland Security officials advised Trout and others attending a security summit this week that there has been a huge increase in phishing attempts in the nation, targeting elections officials and other critical infrastructure such as energy and banking sectors, Trout told journalists Tuesday.
A software flaw can be just as damaging to the voting process as a hacker. That much is clear in Texas, where some early voters have claimed that machines are changing their votes in the midterm election. Keith Ingram, the Texas Director of Elections, said in an advisory that the problem is happening because voters are jumping the gun. The issue crops up if a voter selects the “straight party ticket” option, and then keeps pressing buttons before the page finishes loading on the screen, he said. “As a reminder, voters should always carefully check their review screen before casting their ballots,” Ingram said. … Electronic voting machine experts should expand their focus beyond looking for the kinds of flaws a hacker could exploit, and start looking for flaws that just make machines malfunction, said voting machine security expert Dan Wallach, a computer science professor at Rice University. “I would say that a decade ago we put a lot of focus on security bugs” he said. “Glitches have never received the same degree of attention.”
Online voting has been used in Canada for about 15 years, but you’d never know it judging by the most recent municipal election. That looked like our first swing at cyber voting, as if we were still trying to iron out the wrinkles. But those were no mere wrinkles. Those weren’t glitches, or hiccups. That was an absolute meltdown, an unmitigated disaster for which inexperience is not an excuse. Though the meltdown affected more municipalities than our own, nowhere was the impact greater or more embarrassing than in Waterloo Region, where an entire community was left in limbo for almost 48 hours as it waited for the winner of the top political job to be announced. Yes, it’s easy to second guess in the aftermath of such a massive malfunction and the enormity of the disaster leaves plenty to criticize. But with the credibility of an election at stake, the scrutiny is warranted and analysis is necessary.
Georgia (Sakartvelo): Election Commission: Georgia presidential vote goes to second round runoff | GDN
Georgia’s presidential election will go to a second round runoff between two of the country’s former foreign ministers after no single candidate won outright in the first round of voting, the country’s Central Election Commission (CEC) said on Monday. After all the votes from Sunday’s first round of voting had been counted French-born former diplomat and foreign minister Salome Zurabishvili had secured 38.7 percent of the vote, while Grigol Vashadze, also a former foreign minister, had won 37.7 percent of the vote, the CEC said. With neither managing to get more than 50 percent of the vote necessary to win outright, a runoff between Zurabishvili and Vashadze will now be held sometime between now and Dec. 2.
“If I was to vote, I would definitely vote for the rubbish bins because at least they feed us,” scoffed Claudine Rajaonarison. She had been scouring the streets of Antananarivo since 04:00 for plastic to sell. Rajaonarison, a 35-year-old mother of three, said she will not be voting for Madagascar’s next president in the November 7 poll. Not one of the 36 candidates has impressed her. “The candidates are vying for power for themselves – not the wellbeing of the country,” she said, a large sack of rice on her shoulders as she struggled to sift through piles of rubbish with her children alongside a railway line. She then washed her haul of two dozen plastic bottles to be sold for 1 000 ariary ($0.30), enough for 400 grams of rice for her family who sleep outside surrounded by rats.
Speaking to Lusa on Friday, João Tiago Machado, a CNE spokesman, said the first meetings took place this week, and entities will be selected to work on these initiatives, which are expected to invoilve a drill in early 2019. The aim, he added, is to “take precautionary measures to avoid these issues,” in the election year, at a time when cases of ‘fake news’ are the focus of passionate political debate in the presidential elections in Brazil. The CNE currently has no record of any complaint filed by parties or candidates related to fake news, he added.