National: America’s new voting machines bring new fears of election tampering | The Guardian

By design, tens of millions of votes are cast across America on machines that cannot be audited, where the votes cannot be verified, and there is no meaningful paper trail to catch problems – such as a major error or a hack. For almost 17 years, states and counties around the country have conducted elections on machines that have been repeatedly shown to be vulnerable to hacking, errors, breakdowns, and that leave behind no proof that the votes counted actually match the votes that were cast. Now, in a climate of fear and suspicion over attacks to America’s voting system sparked by Russia’s attacks on the 2016 elections, states and counties across the country are working to replace these outdated machines with new ones. The goal is to make the 2020 elections secure. “There’s a lot of work to do before 2020 but I think there’s definitely opportunities to make sure that the reported outcomes are correct in 2020,” said Marian Schneider, president of the election integrity watchdog Verified Voting. “I think that people are focusing on it in a way that has never happened before. It’s thanks to the Russians.” The purchases replace machines from the turn of the century that raise serious security concerns. But the same companies that made and sold those machines are behind the new generation of technology, and a history of distrust between election security advocates and voting machine vendors has led to a bitter debate over the viability of the new voting equipment – leaving some campaigners wondering if America’s election system in 2020 might still be just as vulnerable to attack.

National: Mueller report highlights scope of election security challenge | The Washington Post

Special counsel Robert S. Mueller III’s investigation of the “sweeping and systematic fashion” in which Russia interfered in the 2016 election highlights the breadth and complexity of the U.S. voting infrastructure that needs protecting. From voter registration to the vote itself to election night tabulation, there are countless computers and databases that offer avenues for foreign adversaries to try to create havoc and undermine trust in the democratic process. In addition to targeting the Democratic Party and Clinton campaign in 2016, Mueller noted in his report, Russian hackers also went after election technology firms and county officials who administer the vote — officials often without the resources to hire information technology staffs. [Through email leaks and propaganda, Russians sought to elect Trump, Mueller finds] “The Mueller report makes clear that there’s a much larger infrastructure that we have to protect,” said Lawrence Norden, an election security expert at New York University Law School’s Brennan Center for Justice. “There’s clearly a lot to do before 2020.”

National: Cyber aspects of Mueller report tread familiar ground on ’16 election hacks | InsideCyberSecurity

The redacted Mueller report on Russia and the 2016 elections contains politically contentious elements on collusion and obstruction of justice, but the aspects directly related to cybersecurity largely have been released and absorbed through earlier reports and indictments. The document released Thursday by the Justice Department is in a format that’s not searchable, but there are parts on cyber issues such as botnets, which is heavily redacted, and lengthy discussion of what Russian agents did to hack into computers associated with the presidential campaign of Democrat Hillary Clinton. The basic cybersecurity issues involved have been known for some time and were reflected in the Senate Intelligence Committee’s election-security recommendations issued in March 2018. Intelligence Chairman Richard Burr (R-NC) said Thursday that final reports from his committee’s Russia probe will begin coming out in a matter of “weeks.”

National: Mueller Report: Russia Funded US Election Snooping, Manipulation with Bitcoin | GCN

It is no news by now that the long-awaited Mueller Report has revealed extensive Russian efforts to interfere with the 2016 U.S. presidential election. While much attention has been focused on whether or not president Donald Trump was in any way complicit with these efforts, what is less reported is that the report showed that state-backed Russian operatives used bitcoin extensively in their attempts to impede Hilary Clinton and help Donald Trump’s campaign. According to the report, agents working on behalf of Russian military intelligence used bitcoin to do everything from purchasing VPNs to buying domains hosting political propaganda. This was part of a wide-reaching and apparently successful attempt to hack the 2016 election that saw Trump emerge victorious against all expectations. While this may not be news to anyone familiar with cryptocurrencies, the Russian agents apparently worked under the mistaken assumption that the mere fact of their transactions being carried out using cryptocurrency made them anonymous and untraceable. In fact, as has been demonstrated several times, bitcoin transactions are not that difficult to trace, given the presence of some key data.

National: 2020 Campaigns Are Still Vulnerable to Cyber Attacks | Time

Most Americans aren’t yet paying a lot of attention to the 2020 presidential campaign. The same can’t be said for Russian spies. Aides and advisers to the vast field of Democratic hopefuls are ringing alarm bells, telling their bosses they should assume that Moscow is laying the groundwork to disrupt, if not derail, their campaigns, just as Russian intelligence did to Hillary Clinton’s in 2016. But interviews with the campaigns show cyber security is a secondary concern, with most of the campaigns contacted by TIME say they have not “finalized” their tech plan or hired a security chief. The biggest problem is money. Every campaign focuses vast amounts of effort raising money to compete on ground troops, ads and campaign offices in key locations. Spending precious cash on cyber tools, whose successful deployment results in a non-event, is hard to defend. “There’s nothing sexy about it,” says Mike Sager, the chief technology officer at EMILY’s List, a group that works to elect women who support abortion rights. But, he says, “the folks who have been through it, who know what happens when you don’t do this, get it.” Nobody disputes the threat. Russia’s larger goals remain the same as they were in 2016: making American democracy look bad. “It is about the legitimacy of democracy and about the trust people have in their democracy,” said Eric Rosenbach, a former Pentagon chief of staff who now heads Harvard’s Defending Digital Democracy program. “Unfortunately, there are a lot of different ways in the information age that bad actors and nefarious nation-states can undermine that.”

National: Democrats Urge Judge Not to Dismiss Russian Hacking Suit | Bloomberg

While much of the U.S. was poring over the Mueller Report, the Democratic National Committee argued Thursday that its civil suit against President Donald Trump, the Russian Federation, WikiLeaks and members of the Trump campaign and White House should go forward. The DNC claims the defendants violated U.S. racketeering, computer fraud and other laws by conspiring to hack emails from DNC computers and leak them in advance of the 2016 election in a “brazen attack on American democracy.” The conspiracy sought to help Trump become president and continued into his presidency, according to the DNC. “After securing Trump’s grip on power, defendants worked tirelessly to keep it, lying to the American public, Congress, the Justice Department and the FBI to conceal any misconduct that jeopardized Trump’s presidency,” the DNC said in court papers filed late Thursday in Manhattan federal court.

Editorials: It’s up to Congress to prevent Russian interference from happening again | The Washington Post

Whether President Trump obstructed justice is a crucial question, the answer to which special counsel Robert S. Mueller III implied but did not state clearly. What is crystal clear in his 448-page report is a conclusion that Mr. Trump, charged with making the highest-level national security decisions, has routinely denied: “The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.” One reaction from Congress must be to weigh the evidence of obstruction. The other must be to ensure that Russia — and any other hostile actor — does not succeed in interfering again. Mr. Mueller, confirming the long-standing conclusions of the U.S. intelligence community, found that the Kremlin ran a social media campaign that evolved from a program “to provoke and amplify political and social discord in the United States” and “to sow discord in the U.S. political system through what it termed ‘information warfare’” into one “that favored presidential candidate Donald J. Trump and disparaged presidential candidate Hillary Clinton.” Meanwhile, Russian military intelligence hacked the Democratic National Committee’s servers and the Clinton campaign, then released damaging material at strategic times. It remains outrageous that Mr. Trump, having benefited from the Kremlin’s meddling, continually plays down Russia’s election-year activities — and, indeed, has pursued a closer relationship with Russian President Vladimir Putin — even while the leaders he picked to run the U.S. intelligence community repeat that Russia is culpable and likely to try again.

Editorials: Russia’s next election hack | Alan Berger/The Boston Globe

It is hardly surprising that coverage of the Mueller report centers on the domestic political effects of the special counsel’s findings. But we Americans would be making a serious mistake if we overlook the international repercussions of a Kremlin influence operation that historians may recognize as Vladimir Putin’s American putsch. It may be that Putin’s troll farms did not need the polling data that Trump backers provided. The hackers employed by Russia’s military intelligence service might have had their own means of determining how to target Bernie Sanders supporters who could be persuaded to stay home or vote for Jill Stein; black voters who could be reminded about Hillary Clinton’s allusions to “super predators”;’ or industrial workers in Michigan, Wisconsin, and western Pennsylvania who voted twice for Barack Obama but were persuaded to vote for Donald Trump to protect their jobs from an imaginary tidal wave of immigrants. However much these operational details might bedevil investigators and the American public, the crucial lesson for autocrats and spy chiefs around the world is that a cheap hacking operation by Putin’s hired temps could shape the political destiny of the most powerful country in the world. And if Trump could be elevated to the White House by Putin’s spooks, maybe he could be replaced by a candidate who would be even more convenient — for Russia and for select friends of the Kremlin.

Arizona: Mueller report says Russian hacking once went through Arizona server | Cronkite News

The road from Washington to St. Petersburg apparently passes through Arizona – at least the cyber-road does. That’s according to the long-awaited Mueller report on the two-year investigation into possible Russian meddling in the 2016 presidential election. Buried in the 448-page report is a little more than a page that said Russian intelligence officers used a “leased computer” in Arizona to help funnel information that was stolen from hacked Democratic Party computers. About half of the page on the Arizona server is redacted because the information relates to an “investigative technique” – one of the areas blacked out from the report, along with information about grand jury testimony, ongoing investigation and privacy concerns. The unredacted portions do not reveal where in Arizona the leased computer was located or which company might have leased it.

Florida: Scott demands FBI information on Russian hacking | Politico

Sen. Rick Scott today demanded that the FBI release information about a suspected Russian hack of at least one Florida county, a revelation that came to light in Thursday’s report from special counsel Robert Mueller. The Florida Republican, in a letter to FBI Director Christopher Wray, asked the agency to provide information to both Congress and the Florida Department of State. He asked the FBI to identify which Florida county had been compromised and gave the agency seven days to comply. “It is my goal to have free and fair elections with zero fraud,” wrote Scott, who noted his push to spend money on election cybersecurity ahead of the 2018 elections. “This is a very serious issue that needs the immediate attention of the FBI.” The FBI did not immediately reply to a request for comment.

Minnesota: While hackers threaten 2020 election systems, politics intruding on security fixes | Minneapolis Star Tribune

Despite broad agreement that foreign hackers will again target American voting systems in 2020, partisan friction in St. Paul and Washington has stalled efforts to bolster election security, with less than a year to go before Minnesotans cast presidential primary ballots. The delay has alarmed elections officials and cybersecurity experts who warn of a repeat of 2016, when Russians targeted Minnesota and 20 other states in what special counsel Robert Mueller’s report, released Thursday, called a “sweeping and systematic fashion.” “Hackers learn from hackers: The question becomes if [Russia] can do it, why wouldn’t any hacker around the world do it?” said Clint Watts, a former FBI agent and cybersecurity scholar. “We can talk Russia all day, but everybody knows this can be done now.” Amid the warnings of Russian interference, Minnesota lawmakers remain at odds over using more than $6 million in federal funds approved by Congress more than a year ago to shore up election security. Minnesota is the only state that has yet to touch its share of the $380 million federal appropriation. At the same time, a measure co-sponsored by Minnesota U.S. Sen. Amy Klobuchar to improve cybersecurity information sharing between federal agencies and local election workers also is at a standstill. Local officials warn that time is running out.

New Jersey: Who will pay to upgrade New Jersey’s voting technology? | WKXW

Counties are preparing to adopt the latest in election technology – but progress could depend on whether and when the state pays for the upgrade. As part of their effort to get lawmakers, freeholders and others familiar with what’s available, the New Jersey Association of Election Officials recently held a trade show at the Trenton War Memorial showing off the current state of technology – items common in some states but rare, for now, in New Jersey. Cape May County Clerk Rita Fulginiti said the pace for the updates will depend on state law and state funding. “It will cost a lot to upgrade to better equipment, but it’s all about the voter and making voting systems accessible to the voter,” Fulginiti said. New Jersey would need to spend $64 million to upgrade all the voting machines in the state, New York University’s Brennan Center for Justice estimates.

North Carolina: Mueller report: Did Russian government hack 2016 North Carolina voting? | Raleigh News & Observer

The Mueller report released Thursday found that Russian spies successfully hacked into a U.S. voting software company during the 2016 elections, and North Carolina officials think there’s a chance it was software that’s in use here. The N.C. Board of Elections now has sent a letter to VR Systems, whose voting software was used by 21 North Carolina counties in 2016. The letter, which was first reported by WRAL, asks the company to “provide immediate, written insurance regarding the security of your network.” The Mueller report didn’t specifically name the company. But VR Systems confirmed in a written statement that it’s the company in question. The company’s software can’t be used to count or change votes. Instead, it manages the electronic polling books used to check in voters, to make sure people don’t vote twice. The Mueller report found that “Russian cyber actors in 2016 targeted” the company, and “installed malware on the company network.” Durham County, which had numerous problems and delays in the 2016 elections, was using the company’s check-in software at the time. The Mueller report does not go into the full extent of the hacking, and while it does say at least one Florida county was hacked, the report does not name any North Carolina successes for the hackers.

Pennsylvania: Pennsylvania is spending millions on election security, but the effort has its critics | PennLive

The release of special counsel Robert Mueller’s redacted report on Russian meddling in the 2016 presidential election brings the issue of election security back into the spotlight. Protecting the integrity of elections is of particular concern to Pennsylvania after escaping an unsuccessful hacking attempt of the statewide voter registration database by Russian operatives in 2016. With the next presidential election now just a year away, county and state election officials are scrambling to make sure they have done everything they possibly can to avoid foreign actors creating chaos when voters go to the polls to elect the nation’s chief executive. Under an order by Gov. Tom Wolf, Pennsylvania is moving to voting machines that leave a paper trail that can be audited. Other efforts include securing the voter registration data. Election officials maintain they are ferreting out potential vulnerabilities that could cast doubt on the integrity of election results and making changes to address them before next year’s primary. That’s why Acting Secretary of the Commonwealth Kathy Boockvar says with certainty, “Pennsylvania voters can be completely confident that when they vote in the presidential primary their vote will be counted accurately.” With those efforts, though, come some resistance from county officials along with concerns, particularly about the cost of new voting systems. Replacing those machines alone is expected to cost between $93 million and $150 million, depending on which system the counties choose, according to Boockvar’s department.

South Carolina: Tony Shaffer: New Report Highlights Urgent Need to Replace South Carolina Voting System | FITSNews

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have confirmed that Russian hackers targeted all 50 states during the 2016 elections – not just the 21 states previously reported. This new information highlights the urgent need to replace South Carolina’s old, vulnerable digital touchscreen “DRE” voting machines. As a cyber operations expert with nearly forty years of national security experience, I feel the need to speak up: It’s critical to deter and mitigate these threats before the 2020 elections. South Carolina is moving in the right direction. The legislature has appropriated $40 million for a new voting system and, to ensure a smooth procurement process, given responsibility for procuring the system to the S.C. Department of Administration (SCDOA). As the department examines the available systems, it should carefully consider the efficiency, cost, and security of each system. It should also avoid the mistakes made in Georgia, where the legislature fast-tracked a bill requiring a $150 million voting system comprised of ballot-marking devices (BMDs) without considering a more secure, lower-cost system of hand-marked paper ballots. BMDs, which require voters to select their preferred candidates using a touchscreen, may be more high-tech than paper ballots but are by no means higher quality. BMDs contain vulnerable computer systems that can be hacked to change ballots after they are cast. Although BMDs print a paper record of votes cast, they often do so in barcode format, making it impossible for voters to ensure that their vote will ultimately be recorded accurately. And like any machine, BMDs are susceptible to technical glitches and power outages, increasing chances that voters will be forced to wait in long lines on election day.

Switzerland: Trapdoor commitments in the SwissPost e-voting shuffle proof | Vanessa Teague

Verifiability is a critical part of the trustworthiness of e-voting systems. Universal verifiability means that a proof of proper election conduct should be verifiable by any member of the public. The SwissPost e-voting system, provided by Scytl, aims to offer a partial form of verifiability, called “complete verifiability”, which resembles universal verifiability but adds the assumption that at least one of the components on the server-side, i.e., the computers running the voting system, behaves correctly. (Universal verifiability offers guarantees even if all server-side components are malicious.) In the SwissPost system, encrypted electronic votes need to be shuffled to protect individual vote privacy. Each server who shuffles votes is supposed to prove that the set of input votes it received corresponds exactly to the differently-encrypted votes it output. This is intended to provide an electronic equivalent of the publicly observable use of a ballot box or glass urn. We show that the mixnet specification and code recently made available for analysis does not meet the assumptions of a sound shuffle proof and hence does not provide universal or complete verifiability. We give two examples of how an authority who implemented or administered a mix server could produce a perfectly-verifying transcript while actually – undetectably – manipulating votes.