House members and senators emerged from two election security briefings by top Trump administration officials Wednesday with plenty of questions. “There is real interest on the part of members of Congress to know who is in charge or what are the operating procedures for the process to move forward,” said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. “And the answers were not as clear as they need to be.” Some reportedly didn’t get answers about whether President Donald Trump himself has received a comprehensive briefing. Sen. Angus King (I-Maine) told MC that while he was impressed with the 2020 preparation thus far, more needs to be done. “One of the open questions is, what is the responsibility of the intelligence community to notify a campaign if they’re being victimized by a foreign adversary?” he said. As for the administration: “Today we shared with Congress how we continue to bring the full strength, capabilities, and expertise of our departments and agencies to identity and defend against threats to the United States,” agency officials involved in the briefing said in a joint statement. “Just like our successful, whole-of-government approach to securing the 2018 elections, we will work together with our Federal, state, local and private sector partners as well as our foreign allies to protect the 2020 elections and maintain transparency with the American public about our efforts.”
National: As Feds struggle, states create their own anti-election propaganda programs | Kevin Collier/CNN
As the 2020 presidential campaign heats up, individual states are ramping up education efforts to counter the threat posed by foreign disinformation campaigns to US elections. A lack of action at the federal level has prompted many states to craft their own programs designed to counter foreign efforts to undermine American democracy and educate the next generation of voters in schools. “It harms our democratic process when disinformation is at any point fed to voters in our democratic process,” Michigan Secretary of State Jocelyn Benson told CNN. “So I do think as secretaries of state, we have a responsibility to it take to the people.” Declassified intelligence reports on Russian meddling, by design, refuse to analyze the effectiveness of American opinion. And though most of Russia’s known propaganda efforts in the 2016 election were unsophisticated — armies of trolls with often strongly partisan opinions on polarizing subjects — they were effective enough to be widely quoted in the media and cited by a number of political figures, including Texas Republican Sen. John Cornyn, Donald Trump’s then-campaign manager Kellyanne Conway, and Michael Flynn, who went on to briefly serve as Trump’s national security adviser and was later charged and pleaded guilty to lying to the FBI about conversations with Russia’s ambassador.
National: Voting Machine Makers Claim The Names Of The Entities That Own Them Are Trade Secrets | Tim Cushing/Techdirt
Recently, the North Carolina State Board of Elections asked suppliers of electronic voting machines a simple question: who owns you? (h/t Annemarie Bridy) On June 14, 2019, the State Board of Elections requested that your companies disclose any owners or shareholders with a 5% or greater interest or share in each of the vendor’s company, any subsidiary company, of the vendor, and the vendor’s parent company. This seems like very basic information — information the Board should know and should be able to pass on to the general public. After all, these are the makers of devices used by the public while electing their representatives. They should know who’s running these companies and who their majority stakeholders are. If something goes wrong (and something always does), they should know who’s ultimately responsible for the latest debacle. It’s not like the state was asking the manufacturers to cough up code and machine schematics. All it wanted to know is the people behind the company nameplates. But the responses the board received indicate voting system manufacturers believe releasing any info about their companies’ compositions will somehow compromise their market advantage. Hart Intercivic said letting the public know that the company is owned by H.I.G. Hart, LLC and Gregg L. Burt is a fact that would devalue the company if it were made public. Hart InterCivic, a corporation that derives independent actual value from this information not being generally known or readily ascertainable and makes reasonable efforts to maintain the secrecy of this information, requests that it be designated as a trade secret pursuant to G.S. § 132-1.2(1)d. and G.S. § 66-152(3).
National: Disabled voters left behind in push to amp up 2020 security, advocates say | Jordan Wilkie/The Guardian
Russian attacks on American democracy in 2016, carried out over the internet, have triggered a national debate over the use of technology in the United States’ upcoming 2020 elections. But some of the best ways to beef up the security of the voting process and fight off future cyber-attacks could have an unintended consequence: limiting access to the vote for people with disabilities. Voting on hand-marked paper ballots – which by definition can’t be hacked – combined with robust audits of how the elections were carried out and how the votes were counted is widely seen as the most secure way to run an election. Cybersecurity experts want hand-marked paper ballot systems, but disability rights advocates want voting machines to be used for all voters, as they are best for disabled access. The two groups have been butting heads over this since the Help America Vote Act (Hava) of 2002, which gave states $3.9bn to buy new voting technology and required every polling place have at least one accessible voting machine. Rather than operate parallel systems – and since it was on the federal dime – many county and state governments decided to purchase voting machines to be used by all voters – something now seen as a security weakness.
The Federal Election Commission (FEC) on Thursday approved a request from a private company to provide discounted cybersecurity services to political campaigns, saying it did not violate campaign finance rules. The decision came in response to a request from Area 1 Security, a California-based company, to offer cybersecurity services to federal political candidates and political committees at discounted rates. The FEC, which has jurisdiction over campaign finance for presidential and congressional elections, decided the arrangement did not violate campaign contribution rules because the company offers similar discounted services to nonpolitical clients as well. The decision allows the company to sell anti-phishing services to federal candidates and political committees for as little as $1,337 per year, according to the FEC. The agency wrote that “doing so would be in the ordinary course of Area 1’s business and on terms and conditions that apply to similarly situated non-political clients.”
National: Oh, lovely, a bipartisan election hack alert law bill for Mitch McConnell to feed into the shredder | Shaun Nichols/The Register
Two US lawmakers are pushing a bipartisan bill that would force the Department of Homeland Security (DHS) to alert the public of hacking attempts on election computer systems. House reps Mike Waltz (R-FL) and Stephanie Murphy (D-FL) agreed to reach across the aisle to sponsor HR 3259, the Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act). The bill, right now resting in the hands of the House Administration Committee, would require Homeland Security officials issue a notification to Congress, state governments, and local officials whenever they, or any other federal agency, “have credible evidence of an unauthorized intrusion into an election system and a basis to believe that such intrusion could have resulted in voter information being altered or otherwise affected.” It seems incredible that this wouldn’t already happen, but then we remembered we’re living in America in 2019. In addition to state and local authorities, the bill would require individual members of the public be notified when any of their personal information – such as information on voter rolls – is thought to have been pilfered by hackers.
What happens if the 2020 presidential election is very close? Polls suggest that’s a real possibility. And it’s a question that should shape the strategy of the Democratic Party, not just at the top of the ticket, but in the down-ballot races that could ultimately determine who sits in the White House. If Donald Trump wins battleground states such as Wisconsin, Arizona, and Florida, he can lose Pennsylvania and Michigan, and lose the popular vote by 5 million or more, but still win the Electoral College by a single vote, as David Wasserman of “The Cook Political Report” has noted. If a congressional district in Nebraska or Maine were to vote for a Democrat, there could be a tie. Even if the result is not that close, it is possible to imagine a nightmare scenario in multiple states like what we saw in Florida in 2000—in this case, contests about electoral votes that might have a state legislature endorsing a different set of electors than the popular-vote count mandates, or contests about popular votes and provisional ballots stretching beyond the deadline for an official electoral count. With the stakes so high, with tribal identities overcoming norms of behavior, with many legislatures in states such as Wisconsin and North Carolina having already taken extraordinary, antidemocratic steps to cling to power, it is not fanciful to imagine such situations.
Georgia: Judge: Georgia must allow inspection of election databases | Kate Brumback/Associated Press
A federal judge has ordered Georgia election officials to allow computer experts and lawyers to review the databases used to create ballots and count votes. The ruling came Tuesday in a lawsuit that challenges Georgia’s election system and seeks statewide use of hand-marked paper ballots. U.S. District Judge Amy Totenberg gave the state until Friday to turn over electronic copies of the databases to the plaintiffs’ lawyers and computer experts. The lawsuit was filed by a group of voters and the Coalition for Good Governance, an election integrity advocacy organization. It argues that the paperless touchscreen voting machines Georgia has used since 2002 are unsecure, vulnerable to hacking and unable to be audited. Lawyers for the plaintiffs have argued that they need to inspect the databases at issue because they provide the information that is loaded onto voting machines and then record the cast vote records.
Dolores Shelton brought the house down. “The younger generation came out of the womb knowing how to do this,” the longtime Chester activist and poll worker said, jabbing the air as if she were navigating a cellphone. “Some of us have been out (of the womb) a long time so you need to keep things simple. It’s hard enough to get people to come out and vote.” And what she said next brought applause, cheers and nearly a standing ovation at Tuesday afternoon’s public forum on voting machines. “We need more help. We used to work for nothing. Now when you ask someone to work the polls, the first thing they say is ‘How much does it pay?’” (Hint: not enough.) It was amazing that County Council and the election board managed to get more than 200 people – standing room only in the County Council meeting room – to come out at 4 o’clock on a weekday afternoon for a discussion of voting machines. Who knew anybody cared that much about what kind of machine the county chooses to replace our current touch screen system, especially since the ones being offered are so similar?
Last year, West Virginia did something no other U.S. state had done in a federal election before: It allowed overseas voters the option to cast absentee ballots for the midterm election via a blockchain-enabled mobile app. According to Voatz, the company West Virginia worked with, 144 individuals from 31 countries successfully submitted ballots via the app for the November election. Before that, there was a smaller pilot of the system in two West Virginia counties that May. West Virginia billed the experiment as a success and says it plans to use the technology again in 2020. Voatz has already made deals with other local governments in the U.S., most recently for Denver’s May municipal election. But how secure and accurate was the 2018 vote? It’s impossible to tell because the state and the company aren’t sharing the basic information experts say is necessary to properly evaluate whether the blockchain voting pilot was actually a resounding success. With 2020 looming, that’s troubling, given what we now know about the extent of Russian incursions into our election systems in 2016.
Europe’s cybersecurity authorities are struggling to pick their next chief of the beefed-up EU Cybersecurity Agency — and time is running out. The EU Agency for Cybersecurity, formerly known as ENISA, got more powers under the new “Cybersecurity Act,” a landmark cybersecurity regulation that came into force at the end of last month. The agency will in coming years draft certification schemes to better protect internet-connected devices, boost the security of 5G telecom networks and raise security standards for cloud providers, among other things. Current executive director Udo Helmbrecht’s second term ends in mid-October and his replacement is chosen by the management board, which includes the national EU cybersecurity authorities as well as representatives of the European Commission. But a selection procedure that should have ended last March has run into trouble.
Canada: ‘Terrible idea’: Online security experts warn against online voting in N.W.T. elections | Hilary Bird/CBC News
Security experts have a message for election officials in the Northwest Territories: don’t use online voting. Officials recently announced online voting will be used for the first time in a provincial or territorial election when residents go to the polls on Oct. 1. Voters will be able to cast their ballots online using the Montreal-based Simply Voting platform. It’s an idea that has garnered a lot of public excitement, as well as criticism. “It’s really sexy. It gets you in the papers, it gets you on CBC,” says government transparency advocate and OpenNWT founder David Wasylciw. “But there’s a lot more issues when you talk to computer security people. Every single one of them says it’s a terrible idea. Everybody who does computer work says it’s a terrible idea.” Security experts say that while hacking from foreign actors is a threat, what people in the territory should be most concerned about is ballot transparency. Wasylciw says this apparent lack of transparency can be exacerbated in a place like the N.W.T., where many ridings have only a couple hundred voters, and outcomes can come down to a few dozen votes. “[With paper elections] a candidate can scrutinize the votes and they can count them and double check them. With an online system, none of that’s even an option. All you get is a spreadsheet.” Aleksander Essex, a professor of computer science at Western University in London, Ont., who studies online voting, agrees. He says the biggest issue with the technology is there is no assurance that the recorded votes are actually what voters chose.