States are in need of further funding from the federal government to fully secure elections, a report published Thursday found, citing six states as examples. The report was compiled by the Brennan Center for Justice, the R Street Institute, the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security, and the Alliance for Securing Democracy. It spotlights Alabama, Arizona, Illinois, Louisiana, Oklahoma, and Pennsylvania. “Elections are the pillar of American democracy, and, as we saw in 2016 and 2018, foreign governments will continue to target them,” the authors wrote in the report. “States cannot counter these adversaries alone, nor should they have to. But at a time when free and fair elections are increasingly under attack, they can, with additional federal funding, safeguard them.” Four of the states reported that future federal funds are needed to replace “legacy” or older voting equipment that have cyber vulnerabilities, while several other states cited the need for funding to train election officials in cybersecurity.
National: Senate passes bill making hacking voting systems a federal crime | Jordain Carney/The Hill
The Senate passed legislation on Wednesday night that would make it a federal crime to hack into any voting systems used in a federal election. The bill, known as the Defending the Integrity of Voting Systems Act, passed the chamber on Wednesday night by unanimous consent, which requires the sign off of every senator. It would allow the Justice Department to pursue federal charges against anyone who hacks voting systems used in federal elections under the Computer Fraud and Abuse Act. Sen. Sheldon Whitehouse (D-R.I.), Richard Blumenthal (D-Conn.) and Lindsey Graham (R-S.C.) introduced the legislation earlier this year and it cleared the Judiciary Committee in May. “Our legislation to protect voting machines will better equip the Department of Justice to fight back against hackers that intend to interfere with our election,” Blumenthal said when the bill was introduced.
National: Top Democrat demands answers on election equipment vulnerabilities | Maggie Miller/TheHill
Sen. Ron Wyden (D-Ore.) is demanding answers from the Election Assistance Commission (EAC) as to how the federal agency plans to secure election equipment amid reports that most machines depend on software that will soon be out-of-date and vulnerable to cyber attacks. In a letter dated July 12 that was released on Monday, Wyden asked EAC Chairwoman Christy McCormick how the agency plans to address this “looming cybersecurity crisis.” “Intelligence officials have made it clear that Russian hackers targeted our elections in 2016, and that they expect similar threats in 2020,” Wyden wrote. “The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers. This is unacceptable.” The Associated Press recently reported that the majority of U.S. counties use election management systems that run on Windows 7, an outdated operating system that Microsoft will stop updating in January. The systems are responsible for programming voting machines and tallying votes. Wyden focused his questions on whether products created by Election Systems and Software (ES&S), one of the major U.S. voting equipment manufacturers, would be decertified by the EAC prior to the 2020 elections. According to EAC documentation, the equipment uses Windows 7. Wyden gave McCormick a July 26 deadline to respond to his questions.
Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines, even as the tech giant said it had tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.” The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post. Its announcement was timed to coincide with the Aspen Security Forum, an annual conference of current and former intelligence, defense and homeland security officials that kicks off Wednesday in Aspen, Colorado — co-sponsored by Microsoft and others. NBC News is a media partner of the forum. Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft’s move signals that voting systems, long a technology backwater, are finally receiving attention from the county’s leading technical minds.
National: How Julian Assange turned an embassy into a command post for election meddling | Marshall Cohen, Kay Guerrero and Arturo Torres/CNN
New documents obtained exclusively by CNN reveal that WikiLeaks founder Julian Assange received in-person deliveries, potentially of hacked materials related to the 2016 US election, during a series of suspicious meetings at the Ecuadorian Embassy in London. The documents build on the possibility, raised by special counsel Robert Mueller in his report on Russian meddling, that couriers brought hacked files to Assange at the embassy. The surveillance reports also describe how Assange turned the embassy into a command center and orchestrated a series of damaging disclosures that rocked the 2016 presidential campaign in the United States. Despite being confined to the embassy while seeking safe passage to Ecuador, Assange met with Russians and world-class hackers at critical moments, frequently for hours at a time. He also acquired powerful new computing and network hardware to facilitate data transfers just weeks before WikiLeaks received hacked materials from Russian operatives. These stunning details come from hundreds of surveillance reports compiled for the Ecuadorian government by UC Global, a private Spanish security company, and obtained by CNN. They chronicle Assange’s movements and provide an unprecedented window into his life at the embassy. They also add a new dimension to the Mueller report, which cataloged how WikiLeaks helped the Russians undermine the US election. An Ecuadorian intelligence official told CNN that the surveillance reports are authentic.
If the security of voting systems in the next election will be a function of the amount of legislation on the topic now pending in Congress, we’ve got nothing to worry about in November 2020. There is a growing pile of bills in both the House and Senate, most featuring several to dozens of cosponsors—sometimes even from both parties—accompanied by press releases with made-to-order endorsements from congressional leaders, advocacy groups and cybersecurity experts. They all call for securing U.S. elections and “protecting our democracy.” But, of course, the number of bills doesn’t matter. It’s about quality, not quantity. The things that do matter are what gets enacted into law and whether its mandates get done or get watered down. And that, as the predictable cliché goes, remains to be seen.
Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities. These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete online, over the phone or on paper. The hearing featured testimony from top officials from the Government Accountability Office (GAO), which has added the Census Bureau to its list of “high risk programs” due to cybersecurity and information technology shortfalls. “Although the Bureau has taken initial steps to address risk, additional actions are needed as these risks could adversely impact the cost, quality, schedule, and security of the enumeration,” Nick Marinos, the director of Information Technology and Cybersecurity at GAO, and Robert Goldenkoff, the director of Strategic Issues at GAO, said in their written testimony. Concerns center around the security of personal data involved in the census, and around securing systems against threats from foreign nations. The anxiety echoes some of the worry surrounding security against cyberattacks from foreign actors during the upcoming presidential election.
The nation’s chief elections officials are pleading for more money from the federal government to shore up the security of crucial voting systems before the presidential contest in 2020, even as such aid appears dead on arrival in the U.S. Senate. Interviews with 10 secretaries of state, conducted by the Hearst Television National Investigative Unit at the annual summer conference of the National Association of Secretaries of State held this year in Santa Fe, New Mexico, found unanimity across party lines. When asked whether their states needed more money for election security, one secretary after another answered in the affirmative. “Absolutely,” responded Pennsylvania Acting Secretary of State Kathy Boockvar, a Democrat. “Absolutely,” seconded Laurel Lee, Florida’s Secretary of State, a member of the Republican party. “Look, we absolutely need more money,” Democrat Alex Padilla, California’s secretary of state, said. “We can always use more money for election security,” said Mac Warner, a Republican who serves as secretary of state in Virginia. But despite the landslide of bipartisan requests, $600 million in additional funding is stuck in the Senate after passing the House last month on a nearly party-line vote.
Georgia: Unclassified DHS memo outlined threats to Georgia elections | Mark Niesse/Atlanta Journal Constitution
The potential for tampering in Georgia’s elections last fall prompted the U.S. Department of Homeland Security to warn election officials to be on guard against foreign interference. A recently released DHS memo, titled “A Georgia Perspective on Threats to the 2018 U.S. Elections,” listed concerns about hacking, misinformation spread through social media and disruptions to election infrastructure.The federal advice came as attorneys for state election officials argued in court documents that fears of hacking and vote miscounting were little more than “a theoretical possibility.”Secretary of State Brad Raffensperger’s office said Monday that cybersecurity has been an ongoing priority since well before the 2018 elections.“This memo is standard information sharing and shows what all levels of government are doing to protect our elections,” said spokeswoman Tess Hammock. “DHS prepared a similar memo for every state. There is no evidence of any successful attempts to interfere in Georgia’s elections.”The unclassified DHS document became public Wednesday when it was included as an exhibit in an ongoing lawsuit seeking to prevent the continued use of electronic voting machines. “Foreign governments may engage in cyber operations targeting the election infrastructure and political organization in Georgia and engage in influence operations that aim to interfere with the 2018 U.S. elections,” according to the Oct. 2, 2018, document prepared by the DHS Office of Intelligence & Analysis Field Operations Division for the Southeast Region. The two-page memo didn’t specify who might have attempted to tamper with Georgia’s elections, but it said their goals could have been “to disrupt political processes, sway public opinion, or to undermine certain political organizations.”
Pennsylvania: Citing election security, advocates seek to force Pennsylvania to reexamine new voting machines | Jonathan Lai/Philadelphia Inquirer
Organized by election-security advocates, 200 Pennsylvania voters filed a petition Tuesday seeking to force the Pennsylvania Department of State to reconsider its approval of a touchscreen voting machine selected by Philadelphia and other counties. Those machines, the ExpressVote XL from election mega-vendor Election Systems & Software (ES&S), have security flaws and do not comply with the state Election Code, the voters say in their petition submitted by certified mail and email Tuesday. It was signed by voters from Allegheny, Bucks, Delaware, Montgomery, Northampton, Philadelphia, and Westmoreland Counties. The law gives voters authority to trigger a new state review of previously certified electronic voting machines. The petitioners lay out a number of concerns, including the possibility of attackers’ altering votes; ballot secrecy being violated by comparing the chronological stack of ballots to poll books; poll workers inadvertently seeing voters’ choices while helping them; and lack of accessibility for voters with disabilities. They also point to requirements in the Election Code that they say the machine does not meet, such as not using colored paper to distinguish between political parties during a primary election. An ES&S spokesperson rejected those contentions, saying the ExpressVote XL protects voters’ privacy, is accessible for voters with disabilities, and does not allow manipulation of ballots after they are cast.
South Carolina: Does South Carolina’s new polling system get a vote of confidence? | Heath Ellison/The Daniel Island News
South Carolina will implement a new voting system starting January 1, 2020. The new method will be a mixture of the new and old by offering voters a touchscreen interface to make their choices, but will add “the security of a paper ballot,” according to the South Carolina State Election Commission. Voters will make their decision with the touchscreen and the new machine will print out a paper ballot. Individuals can review the ballot to assure their votes are correct, then they will enter them into the machine. Votes will be scanned and tallied when the paper is securely put in the ballot box. The paper ballots will be saved “for auditing and verification of results,” the Commission said. “I think there will be a learning curve,” said Berkeley County Voter Registration and Elections Director Adam Hammons. “I think it will continue to allow voters to access their ballot in the way that they’re used to.” Hammons added that he believes the new system will be a good change for the county.
Washington: State’s new voting system concerns county elections officials | Aaron Kunkler/Kent Reporter
County election officials are raising concerns about the new Washington state voting system ahead of the Aug. 6 primary election while state officials say they have confidence in it. The new voting system, VoteWA, is a $9.5 million program that came online last May and is meant to unify all 39 county voting systems in the state into a single entity. This will allow greater security and more easily facilitate same-day voter registration, said Washington’s Secretary of State Kim Wyman, who has advocated for the program. “I want people to know that our system is secure and that our counties are going to be ready for the August primary and the November general elections,” Wyman said. Several issues have made King County Elections officials less confident. The state shut down the old voting system on May 24 and spent several days transferring voter data to VoteWA. Following this, counties double-checked the new data with their previous voter records to ensure accuracy, which meant they were not able to register new voters in the system until June 9. In King County, this led to a backlog of 16,000 voters, said King County Elections director Julie Wise during a July 10 meeting of the county’s Regional Policy Committee. “There was a rush to get this system implemented, and it’s not ready to go,” Wise said. “I know that that’s concerning, and that it causes alarm for people, but I do want to say we are working diligently.”
Lithuania: Meet the Elves, Lithuania’s digital citizen army confronting Russian trolls | Kim Sengupta/The Independent
When the dark acts of the trolls became particularly harmful, the Elves felt they had no choice but to get together and fight back, and the fierce battle which then began has since been waged with no sign of ending. Industrial-scale spreading of disinformation; manipulating elections; undermining democratic institutions; orchestrating racial and sectarian strife have become potent weapons of modern hybrid warfare. Lithuania is along the frontline in this conflict between Russia and the west. The European Union’s Cyber Rapid Response Force has its headquarters in the country and the region, with the other Baltic states, is a focal point for Nato strategy. Thus, it is not surprising that it was in Lithuania that the citizens’ online army of the elves started five years ago to take on the Russian trolls. It now has an international force of thousands of volunteers. The vast majority of them are based down the length of Russia’s border from the Nordic states to Armenia. But there is also rising interest from countries in the west, including Britain, as the arena of the internet warriors continues to spread.
Russian opposition leaders led a rally in Moscow of about 1,000 people Sunday to protest the city election commission’s decision that will keep several opposition candidates off the ballot in a local election. The unsanctioned rally was billed as a meeting between opposition leaders and voters after the Moscow election commission rejected signatures needed to qualify the candidates for the September city parliament election. Demonstrators chanted “We are the authority here!” and “Putin is a thief.” Police made no effort to intervene until later in the evening, after the protest crowd had largely dispersed and opposition leaders called for the remaining participants to stage an overnight sit-in at the election commission. Alexei Navalny, Russia’s most prominent opposition leader, was not seen at the protest. The demonstration was led, in various stages, by opposition figures Dmitry Gudkov, Ilya Yashin and Lyubov Sobol. “We were collecting the signatures under rain and in the heat,” Gudkov said. “And you know what (the election commission) told us yesterday? They told us that our signatures are fake. Many of the people who gave me their signatures are here today. Friends, do you agree?” The crowd responded: “No!”