National: Here’s an overlooked election cybersecurity danger: outdated software | Joseph Marks/The Washington Post

There’s a big hacking danger facing the 2020 election that’s so far been overlooked: software so old that companies aren’t updating it anymore. The “vast majority” of the nation’s 10,000 election jurisdictions rely on Microsoft’s Windows 7 operating system, which was introduced in 2009 and will reach the end of its technological life span in January, according to a report this weekend from the Associated Press’s Tami Abdollah. And some of those jurisdictions are relying on software that’s even older. That means those systems — which are running in numerous swing states’ election systems — won’t get automatically updated to protect against newfound computer bugs, leaving the systems far more vulnerable to hackers who exploit those bugs, Abdollah reports. The report highlights yet another way in which elections remain vulnerable to hacking despite calls for vastly improved election cybersecurity after the 2016 contest was upended by Russian hacking and disinformation operations — and amid warnings from Intelligence officials that Russia and other U.S. adversaries want to similarly compromise the 2020 contest. The vulnerable software is deployed on systems to create ballots, program voting machines, tally votes and report counts, per the AP. It also demonstrates how many election cybersecurity challenges evade easy fixes.

National: Who’s behind voting-machine makers? Money of unclear origins | Emery P. Dalesio/Associated Press

The voting-machine makers that aim to sell their systems in North Carolina are largely owned by private equity firms that don’t disclose their investors. The companies didn’t want the public to know even that much. North Carolina’s statewide elections board demanded the machine-makers’ ownership information last month after special counsel Robert Mueller’s April report into Russian efforts to sway the 2016 presidential election. Their concerns about potential foreign interference have grown since Maryland officials learned last year that a company maintaining that state’s election infrastructure did not disclose its financing by a venture fund whose largest investor is a Russian oligarch. The private-equity backers of the three voting systems vendors seeking approval to sell to county elections boards in North Carolina told The Associated Press they’re controlled by U.S. citizens. They claimed they have no ties to foreign oligarchs or other nefarious persons facing financial sanctions by Washington. But they didn’t provide information about the sources of the money they invest. And they asked the board not to share what they did disclose with the public. The elections board released the companies’ responses — as required by law — under a public records request from The AP. Election security watchdogs remain frustrated.

National: Thousands of election systems running software that will soon be outdated: report | Tal Axelrod/The Hill

The vast majority of the nation’s 10,000 election jurisdictions are using an operating system that will soon be outdated, according to an Associated Press analysis. Those jurisdictions using Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts will reach its “end of life” on Jan. 14 — meaning Microsoft will no longer provide technical support or produce “patches” to deal with vulnerabilities that hackers could possibly exploit. Microsoft told the AP in a statement Friday that it would offer continued Windows 7 security updates for a fee through 2023. The company did not immediately respond to a request for comment from The Hill. Critics told the AP that the obsolescence was an example of what happens when private companies determine the security level of election systems without federal guidelines. Vendors defended themselves, saying they’ve been making consistent improvements on security, but state officials said they were wary of federal involvement in state and local races.

National: Who Will Clean Up America’s Voter Rolls? | Mark Hemingway/RealClearPolitics

Los Angeles County has too many voters. An estimated 1.6 million, according to the latest calculations – which is roughly the population of Philadelphia. That’s the difference between the number of people on the county’s voter rolls and the actual number of voting age residents. This means that L.A. is in violation of federal law, which seeks to limit fraud by requiring basic voter list maintenance to make sure that people who have died, moved, or are otherwise ineligible to vote aren’t still on the rolls. Los Angeles County has made only minimal efforts to clean up its voter rolls for decades. It began sending notices to those 1.6 million people last month to settle a lawsuit brought by the conservative watchdog group Judicial Watch. Los Angeles County may be California’s worst offender, but 10 of the state’s 58 counties also have registration rates exceeding 100% of the voting age population. In fact, the voter registration rate for the entire state of California is 101%. And the Golden State isn’t alone. Eight states, as well as the District of Columbia, have total voter registration tallies exceeding 100%, and in total, 38 states have counties where voter registration rates exceed 100%. Another state that stands out is Kentucky, where the voter registration rate in 48 of its 120 counties exceeded 100% last year. About 15% of America’s counties where there is reliable voter data – that is, over 400 counties out of 2,800 – have voter registration rates over 100%.

Florida: Here’s (more) evidence Bill Nelson suffered from bad ballot design in 2018 | Langston Taylor/Tampa Bay Times

Evidence continues to mount that shows former U.S. Senator Bill Nelson’s race for re-election in 2018 was hampered by a ballot design quirk. Florida has already enacted a law that would standardize ballots to avoid a repeat of what happened in part of heavily-Democratic Broward County: a ballot design that made the Senate race “easy to overlook.” It was immediately clear after the Nov. 6 election that far more voters than expected were leaving the Senate box blank. Many of those voters supported other Democrats, like the losing candidate for Governor, Andrew Gillum. In a new academic paper presented Thursday at the Election Sciences, Reform, & Administration Conference, two researchers looked beyond vote totals, drilling down to the individual ballot level. What they found was this: In Broward County, voters who skipped the Senate race likely did so by accident, rather than purposely avoiding the race. Broward County ballots put voting instructions in the first column, rather than stripped across the top. That design pushed the Senate race far down the page, isolating it from other marquee contests.

Idaho: Error left tax-paying Boise residents off city voter rolls | Hayley Harding/Idaho Statesman

Blue Valley Mobile Home Park, a community of about 900 people in Boise’s far southeast corner, was annexed into the city in 2014. But when it came to city elections, Blue Valley voters were disenfranchised. A clerical error kept about 150 voters off the city voting rolls in the 2015 city election and 190 in the 2017 election, according to county Elections Director, even though property owners were paying city taxes by then. Voters in Blue Valley were added to city rolls in June, Levine said Wednesday, after Blue Valley residents realized what had happened and complained. He said officials are looking into how the problem occurred and who is responsible. One resident, Jennifer Wiley, told the Statesman that she went to her polling place to vote in the 2015 mayoral race just to be turned away. An Idaho Statesman reporter who reviewed voting rolls was unable to find a single Blue Valley address on more than a hundred pages of voting rolls for November city elections in those years — the first two elections in which Blue Valley residents should have been able to vote. Blue Valley, along with other homes near the neighborhood, is assigned to Precinct 1803 in Ada County. When Wiley got to her polling place, poll workers told her she wasn’t eligible to vote in the city election.

Illinois: Audit: State’s technology department full of waste, unequipped to deal with disaster | Jerry Nowicki/Northwest Herald

In its first two years of existence, the state’s lead technology agency was not equipped to handle technology disasters, maintained servers and computers with inadequate or nonexistent anti-virus protection, failed to implement cybersecurity controls, and did not properly document purchases or property inventory, according to areport from the Illinois Auditor General’s office.  The audit of the Illinois Department of Innovation and Technology — a state agency created in January 2016 through an executive order signed by former Republican Gov. Bruce Rauner — also found that an effort to consolidate financial, human capital and procurement functions for all state agencies will cost $150 million more than initially estimated over a six-year implementation period. The Enterprise Resource Planning System, launched during former Democratic Gov. Pat Quinn’s administration and overseen by the Illinois Department of Central Management Services before being taken over by DOIT, will cost just under $400 million by 2021, up from an initial estimate of $250 million. These findings were among 30 listed in Auditor General Frank Mautino’s report for fiscal years 2017 and 2018, the first two years of operation for the department created to “deliver best-in-class innovation and technology to client agencies.” Jennifer Schultz, a spokeswoman for DOIT, said failure to execute the requirements of the executive order was due to a number of factors, including state government dysfunction.

North Carolina: New elections loom without decision on voting machines | Travis Fain/WRAL

Voters in large swaths of North Carolina may use touchscreen voting equipment again for the 2020 presidential elections, despite the legislature voting in 2013 to phase out these machines in favor of paper ballots. Legislation to delay that for a third time in the last 6 years is pending at the General Assembly, and the state’s elections director has backed the delay as the State Board of Elections weighs what new machines to sign off on. Separate legislation is also moving through the General Assembly to require all the companies that want to sell voting machines in North Carolina to put up a $17 million bond, a change that at least one competing vendor sees as a way to discourage competition, and the current vendor says is only fair. Meanwhile the federal government is probing poll books used in Durham in the 2016 elections for evidence of foreign tampering. State elections officials are also doing a deeper dive on the three companies hoping to sell voting machines to local boards of election, probing whether any have foreign ownership. State officials asked the U.S. Department of Homeland Security to assist with that and report back on any potentially troubling ties, State Board member Stella Anderson said Friday. “I doubt (they find anything), but you never know,” Anderson said.

Canada: Federal election panel may have tough call | Jim Vibert/The Chronicle Herald

Should malign actors – foreign, domestic, or indeterminate – mess with Canada’s election this fall, a gathering of five senior federal bureaucrats will decide whether the action constitutes a threat to our otherwise “free and fair” election. If it does, they’ll let us know. There’s nothing wrong with this, unless the process is as cumbersome as the label pinned on it. In that case, the Critical Election Incident Public Protocol, or CEIPP (seep?), would alert us to election skullduggery sometime after the next Parliament is sworn in. The five members of the CEIPP panel are the clerk of the Privy Council, the prime minister’s national security and intelligence adviser, and the deputy ministers of Justice, Public Safety, and Foreign Affairs. This high-powered group will draw information from Canada’s intelligence agencies who are, we’re told, hard at work defending us from unseen malevolence, and spying on environmental activists. Actually, we weren’t told that bit about spying on environmentalists. We learned that this week after a federal court unsealed a raft of documents that showed the Canadian Security Intelligence Service traded intel about environmentalists with oil companies. That has little to do with free and fair elections, but it raises troubling questions about the power imbalance that makes a mockery of democracy itself. But I digress.

India: Revert to ballot papers, demand activists | Manan Kumar/DNA

A large number of civil rights groups including National Alliance for People’s Movement (NAPM) and Nation for Farmers (NFF) along with several political parties have decided to launch a nationwide people’s movement on August 9 to reject Electronic Voting Machines (EVMs) and bring back paper ballot in elections. “We will be starting it on the eve of Quit India movement with the slogan “EVM Bharat Chhodo, Ballot Paper Vapis Lao,” said Dr. Sunilam, convenor of NAPM. The two-day meeting participated by representatives of political parties discussed the shocking 2019 elections results that paled even the election results of 1977 when anger was at its height against the Indira Gandhi government.

Philippines: Smartmatic still wants to be part of Philippine elections | Ralf Rivas/Rappler

Technology company Smartmatic remains optimistic that it will still be the government’s pick to be the provider of vote-counting machines (VCMs) for succeeding elections, despite President Rodrigo Duterte’s view that the Commission on Elections (Comelec) must end ties with them. Machines that reject ballots, transmission delays, and over-voting which eventually led to votes not being counted were just some of the problems encountered during the May 2019 elections. The Department of Information and Communications Technology (DICT) and the Comelec hosted a technology fair on Monday, July 15, to scout for possible alternatives to Smartmatic’s system. Despite the President’s criticism, Smartmatic showed up and presented hardware such as a direct recording electronic voting machine or touchscreen.