National: Will hacked voting machines decide the 2020 election? | Andrew Eversden/Fifth Domain

Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February. According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results. U.S. government leaders, however, stress that they have prioritized the security of election systems, with one senior administration official on a June 24 press call referring to the defense against hacking of election infrastructure “our highest priority.” “We do believe that the 2020 elections are a potential target for state and non-state cyber actors and we continue to observe unknown actors attempt suspicious and malicious activity against internet-connected infrastructure periodically,” a senior intelligence official said.

National: US election security official highlights email threat | Morgan Lee/Associated Press

Beware the phishing attempts. An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers. The emails appear as if they come from a legitimate source and contain links that, if clicked, can open up election data systems to manipulation or attacks. Geoff Hale, director of the department’s Election Security Initiative, told a gathering of secretaries of state that the nation’s decentralized voting systems remain especially vulnerable to emails that can trick unsuspecting workers into providing access to elections databases. “We know that phishing is how a significant number of state and local government networks become exploited,” Hale told scores of secretaries of state gathered in the New Mexico capital city. “Understanding your organization’s susceptibility to phishing is one of the biggest things you can do.”

National: New study shows Russian propaganda may really have helped Trump | Ken Dilanian/NBC

President Donald Trump and his allies have long insisted that Russian’s 2016 propaganda campaign on social media had no impact on the presidential election. A new statistical analysis says it may well have. The study, by researchers at the University of Tennessee, Knoxville, does not prove that Russian interference swung the election to Trump. But it demonstrates that Trump’s gains in popularity during the 2016 campaign correlated closely with high levels of social media activity by the Russian trolls and bots of the Internet Research Agency, a key weapon in the Russian attack. “Our results show that the weeks when Russian trolls were accumulating likes and retweets on Twitter, that activity reliably foreshadowed gains for Trump in the opinion polls,” wrote Damian Ruck, the study’s lead researcher, in an article explaining his findings. The study found that every 25,000 re-tweets by accounts connected to the IRA predicted a 1 percent increase in opinion polls for Trump. In an interview with NBC News, Ruck said the research suggests that Russian trolls helped shift U.S public opinion in Trump’s favor. As to whether it affected the outcome of the election: “The answer is that we still don’t know, but we can’t rule it out.” Given that the election turned on 75,000 votes in Michigan, Wisconsin and Pennsylvania, “it is a prospect that should be taken seriously,” Ruck wrote, adding that more study was needed in those swing states.

National: DOD’s cyber policy deputy clarifies homeland support role | Lauren C. Williams/FCW

The Defense Department is settling into its support role when it comes to defending national infrastructure from cyberattacks. B. Edwin Wilson, the deputy assistant secretary of defense for cyber policy, said during a panel talk at the Defense One Tech Summit June 27 that DOD doesn’t replace Homeland Security but has a clear, firm role in relaying intelligence and providing support during elections. “The department does have a role in the defense of the homeland,” Wilson said. “We’re not trying to do DHS’ job … we’re here to support” in areas such as the midterm elections. He added that while DHS’ primary role is securing election infrastructure, DOD shares intelligence on threats to it and help update sensors to compromised systems. “We want to bring the weight, the scale, the scope of the Department of Defense to be able to defend the homeland, our critical infrastructure, and key national interests,” he said.

National: On election security, these members bring a fresh(man) take | Tami Abdollah/Daily Journal

For the past eight weeks, seven freshman members of Congress have quietly met each Monday in a spare House conference room to tackle a problem they feel their more senior colleagues haven’t done enough to address: election security. The six Democrats and one Republican call themselves Task Force Sentry, a title meant to signal their focus on crafting legislation to keep foreign adversaries from interfering with the U.S. political system. They bring a variety of backgrounds to the table, including some with experience in the CIA, military and the technology field. “We’re drawing a line in the sand,” said Rep. Abigail Spanberger, D-Virginia, a former Central Intelligence Agency operations officer. “We’re standing watch, we’ve been attacked, and a sentry stands watch to ensure it doesn’t happen again.”

Editorials: The U.S. isn’t prepared to fend off foreign meddling in 2020. We need a national strategy | Casey Corcoran, Bo Julie Crowley and Raina Davis/Los Angeles Times

Russia’s 2016 election interference operation was a clumsy collection of fake memes and leaked emails. Still, it divided American society, eroded trust in national institutions and caught Washington flat-footed. A new wave of sophisticated, artificial-intelligence-enabled influence campaigns is surely headed our way in 2020, yet the United States is nowhere near ready. Continued division over the meaning of meddling in 2016 must not eclipse what should be a clear bipartisan priority — a national strategy to combat malicious foreign influence. The tip of the influence operations spear is found in the Asia-Pacific region, yet few are paying attention. Working with the Defending Digital Democracy project at Harvard’s John F. Kennedy School of Government, we conducted more than 30 interviews with government officials, journalists and civil society members in Taiwan and found that Taiwanese society is saturated with Chinese disinformation and influence.

Editorials: Election security: The dire issue the Democrats barely mentioned | Dick Polman/WHYY

How was it possible that 20 Democrats, vying to appear on the 2020 ballot, debated last week for four hours without ever assailing the Republicans’ steadfast refusal to protect the 2020 ballot from Russian interference? Didn’t that dire issue warrant at least a few substantive minutes? Mitch McConnell, the GOP Senate leader who’s seemingly determined to do Vladimir Putin’s bidding, continues to block all Democratic reform efforts — including a requirement that all states use backup paper ballots to thwart a cyber-invasion (New Jersey and Delaware don’t have them, nor do most Pennsylvania jurisdictions — although all three states are moving towards buying new voting machines). Candidate Amy Klobuchar, a paper-ballot reformer, zinged McConnell in a random sentence, entrepreneur Andrew Yang said the Russians “have been hacking our democracy successfully and they’ve been laughing their asses off,” and Bill de Blasio said, “we need to stop them” — but you’d have to scour the transcripts with a magnifying glass to find much more. Elizabeth Warren unveiled an election security plan early last week, but, during the debate, she never mentioned it.

California: Russian hackers haunt San Diego Electronic Poll Book | Matt Potter/San Diego Reader

It’s being pitched as the latest voting reform elixir, widely adopted by counties across the country, but a call for proposals to create and operate a so-called electronic voting book system for the San Diego County Registrar of Voters comes amidst rising questions about costs, reliability, and security against Russian hackers. “The Electronic Poll Book system eliminates manual voter lookup, promoting shorter check-in queues with better and immediate alerts for staff or voter guidance,” says the county’s June 26 request for proposals, kicking off a solicitation for services from would-be vendors set to close July 25. “The Electronic Poll Book system will decrease the time it takes to manually complete the election canvass while using fewer resources,” per the document. “As the voter roster increases, the Electronic Poll Book system shall scale up. This allows the County to meet a growing base without impacting the voting experience.” But as with all such outsourcing, the devil is in the details, heavily dependent on the good faith and integrity of vendors, and experiences elsewhere have flashed repeated warnings about the cutting-edge systems.

Michigan: 3 ways Michigan elections remain vulnerable — and what the state can do about it | Riley Beggin/Bridge Magazine

Around 50 elections officials and analysts met at an outpost of the Lansing City Clerk’s office in June, eagerly awaiting the day’s activity: Piloting a relatively new method for ensuring accurate election results. The volunteers — from as near as Delta Township and as far as California — were there to learn an election audit method considered the “gold standard” for verifying votes as the nation barrels toward its first presidential election following widespread Russian tampering in 2016. The method is known as a risk-limiting audit, which essentially involves hand-counting a statistically significant sample of ballots to be confident election results are accurate. A spokesman for the Michigan Secretary of State said it’s one of a handful of techniques the state is testing ahead of the 2020 statewide election, when it will be required to audit elections across the state — a legacy of Proposal 3, the citizen-initiated constitutional amendment passed last November.  The fact that the state is required to audit is a new phenomenon; before the amendment passed last fall, the state audited a fixed percentage of precincts after each election but wasn’t bound by law to do so.  And that change is good news, elections security experts told Bridge. A robust post-election audit is one of the best ways the state can make sure state elections are protected against hacking or manipulation by foreign or domestic adversaries.

Pennsylvania: Politics of elections snares Pennsylvania voting-machine aid | Marc Levy/The Associated Press

The fate of legislation to help Pennsylvania’s counties afford new voting machines before next year’s election is in doubt after getting wrapped up in the politics of voting and election laws. Gov. Tom Wolf said Monday that he will decide later in the week whether to sign or veto the bill, despite the Democrat’s support for the $90 million it carries in borrowing authority to help counties pay for new machines. Hours before the bill passed the Republican-controlled Legislature last week, Republicans unveiled the borrowing provision and attached it to a hodge-podge of changes to election laws. One of those provisions eliminates the single ballot option for voters to select a straight-party ticket in elections, prompting calls from Democrats to veto it. Democrats said it came out of the blue and had never been studied by the committee. Republicans characterized the change as a bipartisan effort to encourage voters to vote for candidates, not parties. Democrats scrambled to see if Wolf had supported it and decried it as a setback to voting access and the civil rights of minorities that would effectively help down-ballot Republican candidates. It is among a couple things in the bill that Wolf said he didn’t like.

Canada: Spy Agency Says Voters Are Being Targeted By Foreign Influence Campaigns | BuzzFeed and the Toronto Star

Canada’s intelligence community has identified foreign actors attempting to directly influence the upcoming federal election campaign, a Toronto Star and BuzzFeed News investigation has learned. The Communications Security Establishment (CSE), the country’s cyber defence agency, has briefed senior political staff of one federal party about “covert and overt” attempts to influence the Oct. 21 federal election. Canada’s domestic spy agency, the Canadian Security Intelligence Service (CSIS), also said Tuesday that “threat actors” are trying to influence Canadian citizens, although the agency tied it to an attack on “democratic institutions” rather than the election specifically. The agencies would not reveal the exact nature of the attempts to influence but said the scope of “foreign interference activities can be broad,” including state-sponsored or influenced media, hacking, and traditional spy operations. “Threat actors are seeking to influence the Canadian public and interfere with Canada’s democratic institutions and processes,” wrote Tahera Mufti, a spokesperson for CSIS, in an emailed statement.

India: Supreme Court seeks Election Commission response on electronic voting machine malfunction complaint | Outlook

The Supreme Court on Tuesday asked the Election Commission to respond on a plea seeking to remove the provision which criminalizes the reporting of malfunctioning of the electronic voting machines, if proven false. A bench headed by Chief Justice Ranjan Gagoi asked the poll panel to file its reply within two weeks. The court was hearing a plea filed by advocate Sunil Ahya which has sought liberty to register complaint related with EVM malfunctioning. Ahya said that on August 14 2013, the Conduct of Elections Rules, was amended to insert a new rule 49MA to prescribe a procedure to be followed in case of a complaint realted to the EVM. Ahya told the court that Rule 49MA of the Conduct of Election Rules with Section 177 of Indian Penal Code criminalizes the reporting of malfunctioning of EVM and voter-verified paper audit trail (VVPAT), which may not be fair and just to charge a voter reporting such a complaint.

Philippines: Supreme Court junks pleas on source code review in vote counting machines | Benjamin Pulta/The Inquirer

The Supreme Court (SC) has turned down petitions, which seek to compel the Commission on Elections (Comelec) to allow groups to open and review the source code in the vote counting machines (VCMs) as provided for under Republic Act 9369 or the Election Modernization Act of 1997. In an banc decision dated April 30 and released Monday, the High Court likewise denied the motion of the petitioners — Sen. Richard Gordon, the Bagumbayan-NVP Movement Inc. and Tanggulang Demokrasya — to hold former Comelec chair Sixto Brilliantes Jr. in contempt for his failure to comply with his commitments to the Court during the May 8, 2013 oral arguments to, among others, make the source code available for review and to grant more time to the parties to comply with the requirements to do so. “In deciding that Chairman Brillantes is not liable for indirect contempt, the Court focuses solely on the undertakings that were directly promised to the Court, not those which the petitioner feels were promised,” the SC added. The High Court dismissed on the ground of “being moot and academic” while their plea to cite Brilliantes for contempt was junked for “utter lack of merit.”