A decade after New Jersey voters were promised more secure voting machines, some districts will receive new machines through a federally funded pilot program. Voters in Gloucester, Union and Essex counties have already seen new machines, and Passaic County intends to join the pilot this year. Meanwhile, Bergen County officials are taking a wait-and-see approach. Robert Giles, director of the state Division of Elections, wrote to county election officials in September to explain one of the initiatives: the Voter Verified Paper Audit Trail pilot. “This pilot program will afford counties the opportunity to purchase and test new VVPAT voting machines,” Giles wrote. “The goal of this pilot program is to assist counties to begin the process of transitioning from their current paperless voting systems to the new voting systems that produce a voter-verifiable paper record of each vote cast.” The program rolls out in a climate of heightened concern over ballot security. “It’s a step forward; there are better ways to do it and worse ways to do it,” Professor Andrew Appel of Princeton University said about the upcoming replacements.
Sen. Ron Wyden (D-Ore.) on Thursday attacked the small but powerful group of companies that controls the production of most voting equipment used in the U.S. “The maintenance of our constitutional rights should not depend on the sketchy ethics of these well-connected corporations that stonewall the Congress, lie to public officials, and have repeatedly gouged taxpayers, in my view, selling all of this stuff,” Wyden said during the Election Verification Network conference, a gathering of voting integrity advocates and election security experts in Washington. Wyden has been a leading voice among lawmakers who have criticized the voting machine industry as too opaque and not subject to enough oversight from Washington, especially as concerns grow among U.S. intelligence officials that elections will once again be a prime hacking target in 2020. “We’re up against some really entrenched, powerful interests, who have really just figured out a way to be above the law,” he said. “There is no other way to characterize it.” Furthermore, Wyden said, voting machine vendors have “been able to hotwire the political system in certain parts of the country.” He noted that newly elected Georgia Gov. Brian Kemp picked the top lobbyist for the voting giant Election Systems & Software as his deputy chief of staff. The companies, he said, “are accountable to nobody.”
Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop
Researchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.
As special counsel Robert Mueller’s investigation on Russian hacking and collusion with the Trump campaign ends, the Department of Homeland Security is gearing up to prevent a repeat for the 2020 US presidential election. The federal agency, which formed the Cybersecurity and Infrastructure Security Agency last November, said that it’s “doubling down” on its efforts, calling election security for 2020 a top priority. It hopes to do that by focusing on local election officials, Matt Masterson, a DHS senior adviser on election security, said in an interview with CNET. The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place’s security and handling vote auditing.
The release of special counsel Robert Mueller’s report may provide Americans with the best playbook yet on how to defend democracy in the lead-up to the 2020 presidential election. In the days since Attorney General William Barr’s letter to Congress, much of the focus has boiled down to one line from President Trump: “No Collusion, No Obstruction.” But judging by Barr’s language and the details that have come to light through indictments filed by Mueller’s team over the past two years, the report may also reveal more about how Russia attacked the 2016 U.S. presidential election. The report’s first section, according to Barr, focuses on Russian “computer hacking operations,” which included the theft of emails from the Democratic National Committee and Hillary Clinton’s campaign, as well as agitation online to try to exacerbate divisions among Americans. Barr’s summary didn’t address an aspect of the interference that Mueller has described elsewhere, including the cyberattacks that targeted state elections infrastructure.
The collusion question now answered, another one looms ahead of 2020: Will U.S. elections be secure from more Russian interference? The 22-month-long special counsel investigation underscored how vulnerable the U.S. was to a foreign adversary seeking to sow discord on social media, spread misinformation and exploit security gaps in state election systems. With the presidential primaries less than a year away, security experts and elected officials wonder whether the federal government and the states have done enough since 2016 to fend off another attack by Russia or other hostile foreign actors. “Although we believe that Russia didn’t succeed in changing any vote totals, the Russian playbook is out there for other adversaries to use,” said Virginia Sen. Mark Warner, a Democrat and vice chairman of the Senate Committee on Intelligence. “As we head towards the 2020 presidential elections, we’ve got to be more proactive in protecting our democratic process.” Special counsel Robert Mueller detailed the sweeping conspiracy by the Kremlin to meddle in the 2016 election in an indictment last year, charging 12 Russian military intelligence officers with hacking the email accounts of Clinton campaign officials and breaching the networks of the Democratic Party. The indictment also included allegations the Russians conspired to hack state election systems and stole information on about 500,000 voters from one state board of elections’ computers.
Illinois: Cook County rolling out new voting machines in west suburbs, expects countywide use by 2020 primaries | Chicago Tribune
New voting machines are coming to three west suburban Cook County townships for next week’s consolidated elections in preparation for a countywide rollout next year. The Cook County clerk’s office will test machines in 147 precincts in Oak Park, River Forest and Proviso townships, and hopes to have the new voting machines in every suburban Cook County precinct by the 2020 presidential primary election. “Our current equipment has served us well for a decade, but these new machines have the latest technology,” county Clerk Karen Yarbrough said at a Tuesday morning news conference. “The touch screens are more intuitive and accessible for voters with disabilities, and every single voter will get to review their ballot with paper in their hands before their vote is cast,” Yarbrough said. Each machine can accommodate three voters at one time, with two touch screens and a paper ballot. A voter will use the touch screen as a ballot marker, then print the ballot to review it, according to a demonstration by the clerk’s election director, Tonya Rice. The voter will then hand the ballot in a privacy sleeve to an election judge, who will initial it and place it in the scanner. The scanner accepts the paper ballot and creates an image of the ballot. Because it’s the same machine, the paper ballot and touch screen ballots are automatically consolidated, according to information provided by the clerk’s office. One touch screen is lower to accommodate voters who use wheelchairs, and voters will be able to change the text size and color contrast if they need. An audio ballot is available in English, Spanish, Hindi and Chinese.
Verified Voting Blog: Statement on Maryland HB706/SB919 Online Delivery and Marking of Absentee Ballots
To download the PDF click here. Verified Voting supports Maryland House Bill 706 (Senate Bill 919) as an immediate, short-term mitigation to reduce risks inherent in Maryland’s current online absentee ballot system by limiting its use to only those who would otherwise be unable to vote. Going forward, substantial changes are necessary to provide Maryland’s…
Secretary of State Jocelyn Benson today announced an Election Security Commission to recommend reforms and strategies for ensuring the security of elections in Michigan. The first-of-its-kind effort brings together 18 local and national experts on cybersecurity and elections to secure elections and protect the integrity of every vote. Together they will advise the secretary of state and Bureau of Elections on best practices. … The commission will convene in early April to begin its review and assessment of election security in Michigan. It later will host hearings throughout the state and invite citizen and expert input on election problems and security. The commission will deliver a set of recommended reforms and actions to the secretary of state by the end of 2019. Its work is funded through a federal grant for election security. Benson has named David Becker, executive director of the nonprofit Center for Election Innovation & Research, and J. Alex Halderman, professor of computer science and engineering at the University of Michigan, as co-chairs of the commission. It will be staffed and facilitated by designated secretary of state employees.
Pennsylvania: Cyber security expert urges Pennsylvania to find the money for new voting machines | WITF
A national cyber security expert says the state legislature must find the money to upgrade Pennsylvania’s voting system ahead of the 2020 election. Anthony Shaffer is a retired Army Lieutenant Colonel and intelligence officer who now works for a conservative think tank. At a state capitol news conference Tuesday, he warned Pennsylvania, as a swing state, is a target for foreign agents looking to sow doubt in the next election. But he noted adversaries typically look for easy prey. “So, if Russia, if China sees the state of Pennsylvania is doing something, they’re probably going to go to another state and take another target which they perceive as less able to defend itself or less prepared,” Shaffer said. He added the legislature needs the proper funding, technology, and perception to protect the state’s voting system.
Editorials: Texas Bill promises better election security. Let’s be sure to get it right. | Dan Wallach/Austin American-Statesman
Election security experts in Texas and nationwide have been pushing for the use of paper ballots in elections to defend against cyber attacks and bolster public confidence in election results. The Texas Legislature has finally taken notice. This week, the Senate heard testimony on Sen. Bryan Hughes’s election security bill, which would require a paper record of every vote and implement post-election audits of every election. This change is long overdue—but the details matter. As a cybersecurity and elections security expert, I know those details well. In fact, my colleagues from across Texas are joining me in pushing for an even stronger bill. Legislators must recognize that paper ballots are the means to a much more important end: ensuring the final results are correct, even when sophisticated adversaries try to interfere. This requires implementing “risk limiting” post-election audits, where auditors randomly sample paper ballots to make sure they match up with the digital records. Discussion about “paper trails” and “voter-verified paper audit trails” can seem complicated. Unfortunately, not all paper trails are created equal. When it comes to elections, “paper” can mean three things: paper ballots filled out (“marked”) by hand, paper ballots marked by a machine (a “ballot-marking device”), or a paper receipt of some kind printed by an electronic voting machine. What makes a good paper ballot? It must be human-readable (not a bar code or other non-English symbols) and auditable (by human auditors, not just machine scanners). Voters must be able detect errors on machine-marked paper ballots and have opportunity to correct them (e.g., “spoil” the ballot and start over), as they can with hand-marked ballots.
Amid growing national concerns about election security, Tennessee’s three largest counties plan to begin using voting machines that produce a verifiable paper trail in time for the presidential primaries in March 2020, whether the Republican-led state requires it or not. Tennessee is one of only 14 states without a statutory requirement of a paper record of all ballots — regarded by most election security experts as crucial to ensuring accurate vote-counting. But election officials in the three Tennessee counties switching to paper-trail machines say they aren’t worried about the paperless technology. bRather, they just want to be sure voters trust the process. “Now, you’ve got an issue of voter confidence and public perception, factors which cannot be ignored, at least by election commissions,” said Elections Administrator Clifford Rodgers in Knox County, one of the Tennessee local governments looking to switch. He said he’s doing so “reluctantly” and predicted problems with printers and scanners. The others are Shelby County, anchored by Memphis, and Davidson County, encompassed by Nashville. Knox, Shelby and Davidson account for 1.3 million of Tennessee’s 4.16 million registered voters.
Some New South Wales voters have had trouble casting their ballot as issues plaguing the state’s electronic voting system ran into election day. Technical issues began on Friday night but continued Saturday morning as thousands flooded iVote to register and cast their ballot. Frustrated voters then turned to the telephone registration system, which itself was then overloaded, with some told to call back later. Some New South Wales voters have had trouble casting their ballot as issues plaguing the state’s electronic voting system ran into election day. Technical issues began on Friday night but continued Saturday morning as thousands flooded iVote to register and cast their ballot.
Israel: Cybersecurity researchers find security flaws in Likud, Labor party Android apps | The Times of Israel
Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they had found “serious security breaches” granting access to “highly sensitive personal information” in the Android phone apps of the Likud and Labor parties. “There has been much talk of impact attacks on social networks and we learn more and more about the offensive capabilities of various countries and entities in cyberspace. But we often ignore the factor that allows these attacks — access to sensitive information we share, sometimes without any intention of doing so,” Check Point said in a emailed statement. “Sensitive information such as political opinion, social contacts, demographic data, telephone numbers, and addresses of us and those close to us can be of great help to the various elements operating in cyberspace,” the statement said.
Ukraine: With elections just days away, Ukraine faces disinformation, cyber attacks and further Russian interference | Global Voices
Ukrainians will head for the polls on Sunday 31 March in what will be the first regular national elections since the country’s 2014 Euromaidan revolution. With its Crimean peninsula still occupied by Russian forces, an ongoing military conflict in eastern Ukraine, and rising activity of far-right groups, the country is a prime target for both domestic and external information influence operations. Ukraine has been in the crossfire of disinformation warfare since 2014, with multiple political actors attempting to disrupt its democratic development. The elections for both the office of the president and parliamentary seats will be a crucial test for Ukraine’s democracy and stability. Much of the action has taken place on Facebook, which is the country’s most popular social network. Despite persistent efforts of civil society and media groups, Facebook has done relatively little to respond to Ukraine’s disinformation problem in the past. But the company changed its tune in January, when it publicly announced that it had taken steps to counter some of these issues.