Pennsylvania’s message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems. But there’s a problem: Many of these new systems still run on old software that will soon be outdated and more vulnerable to hackers. An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts. That’s significant because Windows 7 reaches its “end of life” on Jan. 14, meaning Microsoft stops providing technical support and producing “patches” to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023. Critics say the situation is an example of what happens when private companies ultimately determine the security level of election systems with a lack of federal requirements or oversight. Vendors say they have been making consistent improvements in election systems. And many state officials say they are wary of federal involvement in state and local elections.Full Article: AP Exclusive: New election systems use vulnerable software.
National: Here’s an overlooked election cybersecurity danger: outdated software | Joseph Marks/The Washington Post
There’s a big hacking danger facing the 2020 election that’s so far been overlooked: software so old that companies aren’t updating it anymore. The “vast majority” of the nation’s 10,000 election jurisdictions rely on Microsoft’s Windows 7 operating system, which was introduced in 2009 and will reach the end of its technological life span in January, according to a report this weekend from the Associated Press’s Tami Abdollah. And some of those jurisdictions are relying on software that’s even older. That means those systems — which are running in numerous swing states’ election systems — won’t get automatically updated to protect against newfound computer bugs, leaving the systems far more vulnerable to hackers who exploit those bugs, Abdollah reports. The report highlights yet another way in which elections remain vulnerable to hacking despite calls for vastly improved election cybersecurity after the 2016 contest was upended by Russian hacking and disinformation operations — and amid warnings from Intelligence officials that Russia and other U.S. adversaries want to similarly compromise the 2020 contest. The vulnerable software is deployed on systems to create ballots, program voting machines, tally votes and report counts, per the AP. It also demonstrates how many election cybersecurity challenges evade easy fixes.Full Article: The Cybersecurity 202: Here's an overlooked election cybersecurity danger: outdated software - The Washington Post.
National: Who’s behind voting-machine makers? Money of unclear origins | Emery P. Dalesio/Associated Press
The voting-machine makers that aim to sell their systems in North Carolina are largely owned by private equity firms that don’t disclose their investors. The companies didn’t want the public to know even that much. North Carolina’s statewide elections board demanded the machine-makers’ ownership information last month after special counsel Robert Mueller’s April report into Russian efforts to sway the 2016 presidential election. Their concerns about potential foreign interference have grown since Maryland officials learned last year that a company maintaining that state’s election infrastructure did not disclose its financing by a venture fund whose largest investor is a Russian oligarch. The private-equity backers of the three voting systems vendors seeking approval to sell to county elections boards in North Carolina told The Associated Press they’re controlled by U.S. citizens. They claimed they have no ties to foreign oligarchs or other nefarious persons facing financial sanctions by Washington. But they didn’t provide information about the sources of the money they invest. And they asked the board not to share what they did disclose with the public. The elections board released the companies’ responses — as required by law — under a public records request from The AP. Election security watchdogs remain frustrated.Full Article: Who's behind voting-machine makers? Money of unclear origins - News - Gaston Gazette - Gastonia, NC.
National: Thousands of election systems running software that will soon be outdated: report | Tal Axelrod/The Hill
The vast majority of the nation’s 10,000 election jurisdictions are using an operating system that will soon be outdated, according to an Associated Press analysis. Those jurisdictions using Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts will reach its “end of life” on Jan. 14 — meaning Microsoft will no longer provide technical support or produce “patches” to deal with vulnerabilities that hackers could possibly exploit. Microsoft told the AP in a statement Friday that it would offer continued Windows 7 security updates for a fee through 2023. The company did not immediately respond to a request for comment from The Hill. Critics told the AP that the obsolescence was an example of what happens when private companies determine the security level of election systems without federal guidelines. Vendors defended themselves, saying they’ve been making consistent improvements on security, but state officials said they were wary of federal involvement in state and local races.Full Article: Thousands of election systems running software that will soon be outdated: report | TheHill.
Los Angeles County has too many voters. An estimated 1.6 million, according to the latest calculations – which is roughly the population of Philadelphia. That’s the difference between the number of people on the county’s voter rolls and the actual number of voting age residents. This means that L.A. is in violation of federal law, which seeks to limit fraud by requiring basic voter list maintenance to make sure that people who have died, moved, or are otherwise ineligible to vote aren’t still on the rolls. Los Angeles County has made only minimal efforts to clean up its voter rolls for decades. It began sending notices to those 1.6 million people last month to settle a lawsuit brought by the conservative watchdog group Judicial Watch. Los Angeles County may be California’s worst offender, but 10 of the state’s 58 counties also have registration rates exceeding 100% of the voting age population. In fact, the voter registration rate for the entire state of California is 101%. And the Golden State isn’t alone. Eight states, as well as the District of Columbia, have total voter registration tallies exceeding 100%, and in total, 38 states have counties where voter registration rates exceed 100%. Another state that stands out is Kentucky, where the voter registration rate in 48 of its 120 counties exceeded 100% last year. About 15% of America’s counties where there is reliable voter data – that is, over 400 counties out of 2,800 – have voter registration rates over 100%.Full Article: Who Will Clean Up America's Voter Rolls? | RealClearPolitics.
Florida: Here’s (more) evidence Bill Nelson suffered from bad ballot design in 2018 | Langston Taylor/Tampa Bay Times
Evidence continues to mount that shows former U.S. Senator Bill Nelson’s race for re-election in 2018 was hampered by a ballot design quirk. Florida has already enacted a law that would standardize ballots to avoid a repeat of what happened in part of heavily-Democratic Broward County: a ballot design that made the Senate race “easy to overlook.” It was immediately clear after the Nov. 6 election that far more voters than expected were leaving the Senate box blank. Many of those voters supported other Democrats, like the losing candidate for Governor, Andrew Gillum. In a new academic paper presented Thursday at the Election Sciences, Reform, & Administration Conference, two researchers looked beyond vote totals, drilling down to the individual ballot level. What they found was this: In Broward County, voters who skipped the Senate race likely did so by accident, rather than purposely avoiding the race. Broward County ballots put voting instructions in the first column, rather than stripped across the top. That design pushed the Senate race far down the page, isolating it from other marquee contests.Full Article: Here’s (more) evidence Bill Nelson suffered from bad ballot design in 2018 | Tampa Bay Times.
Blue Valley Mobile Home Park, a community of about 900 people in Boise’s far southeast corner, was annexed into the city in 2014. But when it came to city elections, Blue Valley voters were disenfranchised. A clerical error kept about 150 voters off the city voting rolls in the 2015 city election and 190 in the 2017 election, according to county Elections Director, even though property owners were paying city taxes by then. Voters in Blue Valley were added to city rolls in June, Levine said Wednesday, after Blue Valley residents realized what had happened and complained. He said officials are looking into how the problem occurred and who is responsible. One resident, Jennifer Wiley, told the Statesman that she went to her polling place to vote in the 2015 mayoral race just to be turned away. An Idaho Statesman reporter who reviewed voting rolls was unable to find a single Blue Valley address on more than a hundred pages of voting rolls for November city elections in those years — the first two elections in which Blue Valley residents should have been able to vote. Blue Valley, along with other homes near the neighborhood, is assigned to Precinct 1803 in Ada County. When Wiley got to her polling place, poll workers told her she wasn’t eligible to vote in the city election.Full Article: Error left tax-paying Boise residents off city voter rolls | Idaho Statesman.
Illinois: Audit: State’s technology department full of waste, unequipped to deal with disaster | Jerry Nowicki/Northwest Herald
In its first two years of existence, the state’s lead technology agency was not equipped to handle technology disasters, maintained servers and computers with inadequate or nonexistent anti-virus protection, failed to implement cybersecurity controls, and did not properly document purchases or property inventory, according to areport from the Illinois Auditor General’s office. The audit of the Illinois Department of Innovation and Technology — a state agency created in January 2016 through an executive order signed by former Republican Gov. Bruce Rauner — also found that an effort to consolidate financial, human capital and procurement functions for all state agencies will cost $150 million more than initially estimated over a six-year implementation period. The Enterprise Resource Planning System, launched during former Democratic Gov. Pat Quinn’s administration and overseen by the Illinois Department of Central Management Services before being taken over by DOIT, will cost just under $400 million by 2021, up from an initial estimate of $250 million. These findings were among 30 listed in Auditor General Frank Mautino’s report for fiscal years 2017 and 2018, the first two years of operation for the department created to “deliver best-in-class innovation and technology to client agencies.” Jennifer Schultz, a spokeswoman for DOIT, said failure to execute the requirements of the executive order was due to a number of factors, including state government dysfunction.Full Article: Audit: State’s technology department full of waste, unequipped to deal with disaster | Northwest Herald.
Voters in large swaths of North Carolina may use touchscreen voting equipment again for the 2020 presidential elections, despite the legislature voting in 2013 to phase out these machines in favor of paper ballots. Legislation to delay that for a third time in the last 6 years is pending at the General Assembly, and the state’s elections director has backed the delay as the State Board of Elections weighs what new machines to sign off on. Separate legislation is also moving through the General Assembly to require all the companies that want to sell voting machines in North Carolina to put up a $17 million bond, a change that at least one competing vendor sees as a way to discourage competition, and the current vendor says is only fair. Meanwhile the federal government is probing poll books used in Durham in the 2016 elections for evidence of foreign tampering. State elections officials are also doing a deeper dive on the three companies hoping to sell voting machines to local boards of election, probing whether any have foreign ownership. State officials asked the U.S. Department of Homeland Security to assist with that and report back on any potentially troubling ties, State Board member Stella Anderson said Friday. “I doubt (they find anything), but you never know,” Anderson said.Full Article: New elections loom without decision on voting machines :: WRAL.com.
Should malign actors – foreign, domestic, or indeterminate – mess with Canada’s election this fall, a gathering of five senior federal bureaucrats will decide whether the action constitutes a threat to our otherwise “free and fair” election. If it does, they’ll let us know. There’s nothing wrong with this, unless the process is as cumbersome as the label pinned on it. In that case, the Critical Election Incident Public Protocol, or CEIPP (seep?), would alert us to election skullduggery sometime after the next Parliament is sworn in. The five members of the CEIPP panel are the clerk of the Privy Council, the prime minister’s national security and intelligence adviser, and the deputy ministers of Justice, Public Safety, and Foreign Affairs. This high-powered group will draw information from Canada’s intelligence agencies who are, we’re told, hard at work defending us from unseen malevolence, and spying on environmental activists. Actually, we weren’t told that bit about spying on environmentalists. We learned that this week after a federal court unsealed a raft of documents that showed the Canadian Security Intelligence Service traded intel about environmentalists with oil companies. That has little to do with free and fair elections, but it raises troubling questions about the power imbalance that makes a mockery of democracy itself. But I digress.Full Article: JIM VIBERT: Federal election panel may have tough call | Local-Perspectives | Opinion | The Chronicle Herald.
A large number of civil rights groups including National Alliance for People’s Movement (NAPM) and Nation for Farmers (NFF) along with several political parties have decided to launch a nationwide people’s movement on August 9 to reject Electronic Voting Machines (EVMs) and bring back paper ballot in elections. “We will be starting it on the eve of Quit India movement with the slogan “EVM Bharat Chhodo, Ballot Paper Vapis Lao,” said Dr. Sunilam, convenor of NAPM. The two-day meeting participated by representatives of political parties discussed the shocking 2019 elections results that paled even the election results of 1977 when anger was at its height against the Indira Gandhi government.Full Article: Revert to ballot papers, demand activists.
Technology company Smartmatic remains optimistic that it will still be the government’s pick to be the provider of vote-counting machines (VCMs) for succeeding elections, despite President Rodrigo Duterte’s view that the Commission on Elections (Comelec) must end ties with them. Machines that reject ballots, transmission delays, and over-voting which eventually led to votes not being counted were just some of the problems encountered during the May 2019 elections. The Department of Information and Communications Technology (DICT) and the Comelec hosted a technology fair on Monday, July 15, to scout for possible alternatives to Smartmatic’s system. Despite the President’s criticism, Smartmatic showed up and presented hardware such as a direct recording electronic voting machine or touchscreen.Full Article: Smartmatic still wants to be part of Philippine elections.
House members and senators emerged from two election security briefings by top Trump administration officials Wednesday with plenty of questions. “There is real interest on the part of members of Congress to know who is in charge or what are the operating procedures for the process to move forward,” said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. “And the answers were not as clear as they need to be.” Some reportedly didn’t get answers about whether President Donald Trump himself has received a comprehensive briefing.Sen. Angus King (I-Maine) told MC that while he was impressed with the 2020 preparation thus far, more needs to be done. “One of the open questions is, what is the responsibility of the intelligence community to notify a campaign if they’re being victimized by a foreign adversary?” he said.As for the administration: “Today we shared with Congress how we continue to bring the full strength, capabilities, and expertise of our departments and agencies to identity and defend against threats to the United States,” agency officials involved in the briefing said in a joint statement. “Just like our successful, whole-of-government approach to securing the 2018 elections, we will work together with our Federal, state, local and private sector partners as well as our foreign allies to protect the 2020 elections and maintain transparency with the American public about our efforts.”Full Article: Election security briefings failed to satisfy congressional critics - POLITICO.
National: As Feds struggle, states create their own anti-election propaganda programs | Kevin Collier/CNN
As the 2020 presidential campaign heats up, individual states are ramping up education efforts to counter the threat posed by foreign disinformation campaigns to US elections. A lack of action at the federal level has prompted many states to craft their own programs designed to counter foreign efforts to undermine American democracy and educate the next generation of voters in schools. “It harms our democratic process when disinformation is at any point fed to voters in our democratic process,” Michigan Secretary of State Jocelyn Benson told CNN. “So I do think as secretaries of state, we have a responsibility to it take to the people.” Declassified intelligence reports on Russian meddling, by design, refuse to analyze the effectiveness of American opinion. And though most of Russia’s known propaganda efforts in the 2016 election were unsophisticated — armies of trolls with often strongly partisan opinions on polarizing subjects — they were effective enough to be widely quoted in the media and cited by a number of political figures, including Texas Republican Sen. John Cornyn, Donald Trump’s then-campaign manager Kellyanne Conway, and Michael Flynn, who went on to briefly serve as Trump’s national security adviser and was later charged and pleaded guilty to lying to the FBI about conversations with Russia’s ambassador.Full Article: As Feds struggle, states create their own anti-election propaganda programs - CNNPolitics.
National: Voting Machine Makers Claim The Names Of The Entities That Own Them Are Trade Secrets | Tim Cushing/Techdirt
Recently, the North Carolina State Board of Elections asked suppliers of electronic voting machines a simple question: who owns you? (h/t Annemarie Bridy) On June 14, 2019, the State Board of Elections requested that your companies disclose any owners or shareholders with a 5% or greater interest or share in each of the vendor’s company, any subsidiary company, of the vendor, and the vendor’s parent company. This seems like very basic information — information the Board should know and should be able to pass on to the general public. After all, these are the makers of devices used by the public while electing their representatives. They should know who’s running these companies and who their majority stakeholders are. If something goes wrong (and something always does), they should know who’s ultimately responsible for the latest debacle. It’s not like the state was asking the manufacturers to cough up code and machine schematics. All it wanted to know is the people behind the company nameplates. But the responses the board received indicate voting system manufacturers believe releasing any info about their companies’ compositions will somehow compromise their market advantage. Hart Intercivic said letting the public know that the company is owned by H.I.G. Hart, LLC and Gregg L. Burt is a fact that would devalue the company if it were made public. Hart InterCivic, a corporation that derives independent actual value from this information not being generally known or readily ascertainable and makes reasonable efforts to maintain the secrecy of this information, requests that it be designated as a trade secret pursuant to G.S. § 132-1.2(1)d. and G.S. § 66-152(3).Full Article: Voting Machine Makers Claim The Names Of The Entities That Own Them Are Trade Secrets | Techdirt.
National: Disabled voters left behind in push to amp up 2020 security, advocates say | Jordan Wilkie/The Guardian
Russian attacks on American democracy in 2016, carried out over the internet, have triggered a national debate over the use of technology in the United States’ upcoming 2020 elections. But some of the best ways to beef up the security of the voting process and fight off future cyber-attacks could have an unintended consequence: limiting access to the vote for people with disabilities. Voting on hand-marked paper ballots – which by definition can’t be hacked – combined with robust audits of how the elections were carried out and how the votes were counted is widely seen as the most secure way to run an election. Cybersecurity experts want hand-marked paper ballot systems, but disability rights advocates want voting machines to be used for all voters, as they are best for disabled access. The two groups have been butting heads over this since the Help America Vote Act (Hava) of 2002, which gave states $3.9bn to buy new voting technology and required every polling place have at least one accessible voting machine. Rather than operate parallel systems – and since it was on the federal dime – many county and state governments decided to purchase voting machines to be used by all voters – something now seen as a security weakness.Full Article: Disabled voters left behind in push to amp up 2020 security, advocates say | US news | The Guardian.
The Federal Election Commission (FEC) on Thursday approved a request from a private company to provide discounted cybersecurity services to political campaigns, saying it did not violate campaign finance rules. The decision came in response to a request from Area 1 Security, a California-based company, to offer cybersecurity services to federal political candidates and political committees at discounted rates. The FEC, which has jurisdiction over campaign finance for presidential and congressional elections, decided the arrangement did not violate campaign contribution rules because the company offers similar discounted services to nonpolitical clients as well. The decision allows the company to sell anti-phishing services to federal candidates and political committees for as little as $1,337 per year, according to the FEC. The agency wrote that “doing so would be in the ordinary course of Area 1’s business and on terms and conditions that apply to similarly situated non-political clients.”Full Article: Feds allow campaigns to accept discounted cybersecurity services | TheHill.
National: Oh, lovely, a bipartisan election hack alert law bill for Mitch McConnell to feed into the shredder | Shaun Nichols/The Register
Two US lawmakers are pushing a bipartisan bill that would force the Department of Homeland Security (DHS) to alert the public of hacking attempts on election computer systems. House reps Mike Waltz (R-FL) and Stephanie Murphy (D-FL) agreed to reach across the aisle to sponsor HR 3259, the Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act). The bill, right now resting in the hands of the House Administration Committee, would require Homeland Security officials issue a notification to Congress, state governments, and local officials whenever they, or any other federal agency, “have credible evidence of an unauthorized intrusion into an election system and a basis to believe that such intrusion could have resulted in voter information being altered or otherwise affected.” It seems incredible that this wouldn’t already happen, but then we remembered we’re living in America in 2019. In addition to state and local authorities, the bill would require individual members of the public be notified when any of their personal information – such as information on voter rolls – is thought to have been pilfered by hackers.Full Article: Oh, lovely, a bipartisan election hack alert law bill for Mitch McConnell to feed into the shredder • The Register.
What happens if the 2020 presidential election is very close? Polls suggest that’s a real possibility. And it’s a question that should shape the strategy of the Democratic Party, not just at the top of the ticket, but in the down-ballot races that could ultimately determine who sits in the White House. If Donald Trump wins battleground states such as Wisconsin, Arizona, and Florida, he can lose Pennsylvania and Michigan, and lose the popular vote by 5 million or more, but still win the Electoral College by a single vote, as David Wasserman of “The Cook Political Report” has noted. If a congressional district in Nebraska or Maine were to vote for a Democrat, there could be a tie. Even if the result is not that close, it is possible to imagine a nightmare scenario in multiple states like what we saw in Florida in 2000—in this case, contests about electoral votes that might have a state legislature endorsing a different set of electors than the popular-vote count mandates, or contests about popular votes and provisional ballots stretching beyond the deadline for an official electoral count. With the stakes so high, with tribal identities overcoming norms of behavior, with many legislatures in states such as Wisconsin and North Carolina having already taken extraordinary, antidemocratic steps to cling to power, it is not fanciful to imagine such situations.Full Article: What Happens If the 2020 Election Is a Tie? - The Atlantic.
Georgia: Judge: Georgia must allow inspection of election databases | Kate Brumback/Associated Press
A federal judge has ordered Georgia election officials to allow computer experts and lawyers to review the databases used to create ballots and count votes. The ruling came Tuesday in a lawsuit that challenges Georgia’s election system and seeks statewide use of hand-marked paper ballots. U.S. District Judge Amy Totenberg gave the state until Friday to turn over electronic copies of the databases to the plaintiffs’ lawyers and computer experts. The lawsuit was filed by a group of voters and the Coalition for Good Governance, an election integrity advocacy organization. It argues that the paperless touchscreen voting machines Georgia has used since 2002 are unsecure, vulnerable to hacking and unable to be audited. Lawyers for the plaintiffs have argued that they need to inspect the databases at issue because they provide the information that is loaded onto voting machines and then record the cast vote records.Full Article: Judge: Georgia must allow inspection of election databases - Fairfield Citizen.