Voting Blogs: U.S. Elections Are Still Vulnerable to Foreign Hacking | Tim Lau/Brennan Center for Justice

Election officials warn that the time is running out for Congress to bolster security before the 2020 race. The warnings follow a recent statement from a senior U.S. intelligence official confirming that Russia, China, and Iran are attempting to manipulate public opinion ahead of the 2020 elections. And earlier this year, the Department of Homeland Security and the FBI reported that Russian hacking efforts in 2016 were more extensive than originally understood, targeting elections in all 50 states. Congress took a major step last year toward helping states boost their election security efforts by approving $380 million in grant funds through the Help America Vote Act (HAVA). States have started to put that funding to work and are expected to spend 85 percent of that money by the 2020 election, much of it on cybersecurity, updated voting equipment, and election audits, according to estimates by the Elections Assistance Commission (EAC). But despite those efforts, many election security projects at the state level remain unfunded or underfunded, as outlined in Defending Elections, a new paper authored by a bipartisan group of organizations including the Brennan Center, the Alliance for Securing Democracy, R Street Institute, and the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Defending Elections provides case studies from six states analyzing how they allocated their HAVA grants and the outstanding needs for additional election security funding. “State and local election officials need support from the federal government,” said Liz Howard, who is a counsel in the Brennan Center’s Democracy Program, was the former deputy commissioner for the Virginia Department of Elections, and co-authored the Defending Elections report. “They are on the front lines, yet many, especially those in rural localities, simply lack the resources to implement additional election security projects to further strengthen our election infrastructure.”

National: Election Assistance Commission, Hungry for Funds, Now Pays for Officials to Get to Office | Jessica Huseman/ProPublica

For years, it was how things worked at the Election Assistance Commission, the federal agency charged with helping America’s thousands of local officials run elections: If you served as one of the agency’s four commissioners, making more than $150,000 a year, you lived in and around Silver Spring, Maryland, where the agency’s office is located. The reasons were straightforward: The agency’s small staff needed daily guidance from its leadership, and its modest budget was not meant to pay for commissioners to travel from out of state. But this year, the EAC’s executive director, Brian Newby, allowed two of the four commissioners — including the agency’s chairwoman — to work outside the Washington, D.C., area and agreed to pick up the costs of their travel to and from the office. Christie McCormick and Donald Palmer, the two Republican commissioners, work most days from out of state — McCormick, the agency chairwoman, in Charlottesville, Virginia, and Palmer in a suburb of Jacksonville, Florida. Newby appears to have approved the changes on his own. Current and former employees of the agency say no formal announcement was made, and the agency’s full slate of commissioners, which includes two Democrats, does not appear to have taken a vote on the change in practice. The disclosures, contained in answers to questions the EAC provided to a congressional oversight committee, come as the agency has repeatedly claimed it is underfinanced and critics say it is not doing enough to assist election administrators around the country at a time of genuine threats to the integrity of the nation’s elections. Rep. Zoe Lofgren, the Democratic chairwoman of the House Administration Committee, which oversees the EAC, said in a letter to the commission that news of the working arrangements for McCormick and Palmer “raises concerns about how much taxpayer money is being used to accommodate travel between duty stations and agency headquarters when the agency is avowedly struggling with its current funding levels.”

National: Intel chief Coats establishes election security adviser position | Maggie Miller/The Hill

The intelligence community has crafted a position to oversee threats to election security, officials announced Friday, the latest effort to shore up security heading into the 2020 presidential elections. Director of National Intelligence (DNI) Daniel Coats has appointed Shelby Pierson to serve as the first “election threats executive” (ETE), tasking her to be the intelligence community’s “principal advisor” on election security threats. Pierson served as the crisis manager for election security for the Office of the Director of National Intelligence during the 2018 midterm elections, and has worked in the intelligence community for more than 20 years. Coats praised Pierson and said her “knowledge and experience make her the right person to lead this critical mission.” The DNI noted in a statement that “Election security is an enduring challenge and a top priority for the IC [intelligence community]. In order to build on our successful approach to the 2018 elections, the IC must properly align its resources to bring the strongest level of support to this critical issue.” Along with establishing the new position, Coats also directed all intelligence agencies that have a role in securing elections to designate a lead executive to work with the ETE to help coordinate election security efforts for the administration.

National: What six states reveal about the price of 2020 election security | Bill Theobald/The Fulcrum

States are taking steps to protect their voting systems from the sort of cyberattacks that marked the 2016 presidential election, but they lack the funds to do all that’s needed. That is the conclusion of a report released Thursday by four groups that monitor voting security or advocate for additional federal intervention to bolster cybersecurity for the political system: the Brennan Center for Justice, R Street Institute, Alliance for Securing Democracy and the University of Pittsburgh. They sampled what is happening in six states, chosen in part because hacking was attempted in several of them in the past few years. In Illinois, for example, special counsel Robert Mueller’s report found that Russian operatives hacked into the state database of registered voters and extracted some data before they were blocked. One common theme among the states is their hunger for more federal aid to replace aging voting machines. As the report points out, the states all tapped into the $380 million approved by Congress last year for election security grants to the states — but could have used far more. The House has voted to allocate another $600 million for security grants before November 2020, but the Senate has not yet begun to write the spending bill that might contain similar funding. The delay is knotted up in a much larger debate about the overall size of the federal budget for the coming year.

National: U.S. Senator Schumer asks FBI, FTC to probe Russia’s FaceApp over security concerns | Elizabeth Culliford and Kanishka Singh/Reuters

U.S. Senate minority leader Chuck Schumer called on the FBI and the Federal Trade Commission to conduct a national security and privacy investigation into FaceApp, a face-editing photo app developed in Russia, in a letter sent on Wednesday. The viral smartphone application, which has seen a new surge of popularity due to a filter that ages photos of users’ faces, requires “full and irrevocable access to their personal photos and data,” which could pose “national security and privacy risks for millions of U.S. citizens,” Schumer said in his letter to FBI Director Christopher Wray and FTC Chairman Joe Simons. The Democratic National Committee also sent out an alert to the party’s 2020 presidential candidates on Wednesday warning them against using the app, pointing to its Russian provenance. In the email, seen by Reuters and first reported by CNN, DNC security chief Bob Lord also urged Democratic presidential campaigns to delete the app immediately if they or their staff had already used it. There is no evidence that FaceApp provides user data to the Russian government.

National: Voting by Phone Is Easy. But Is It Secure? | Matt Vasilogambros/Stateline

For the first time in a presidential election, voters in two upcoming Democratic caucuses will be able to vote using their phones. The Democratic Party announced this month that Iowans and Nevadans in February will be able to opt out of the traditional caucus experience and vote using the keypads on their cellphones or landlines. Party leaders say the change will make the caucus process more inclusive, especially for members of the military and others who can’t easily caucus in person, such as people with disabilities and voters who live in remote areas. … Voting by phone is voting through the internet, either through mobile apps or the tabulating and downloading process, said Marian Schneider, president of Verified Voting, an election integrity nonprofit that advocates for a paper trail in voting. That opens the door to malicious actors, like the foreign intelligence agents who attempted to hack U.S. state and local voting systems during the last presidential race. In light of those attempts, many states are going back to paper ballots or requiring a paper trail to back up electronic systems. “Did people not get any lessons learned from 2016?” Schneider said. “It’s really an odd time to be doing this.”

National: GAO again warns of risks in 2020 census | Anoushka Deshmukh/FCW

When the Government Accountability Office labeled the 2020 census as a high-risk government program in February 2017, the Census Bureau planned to address many of its challenges by re-engineering the census infrastructure and relying on new time and money-saving applications. Now, a July 16 GAO report details three primary concerns the watchdog agency has with the Bureau’s tech-based approach: untested innovations, implementation of IT systems and cybersecurity risks. The Bureau plans to use online census forms, which it expects will not only reduce costs but also increase accessibility and efficiency. Other innovations include re-engineering field operations, using administrative records and verifying addresses in-office. While these innovations show promise, they lack proper testing, GAO said, which raises the possibility of unexpected risks. The 2020 census will rely heavily on IT systems, which also need development and in-depth testing to confirm they function properly. To ensure adequate time for these tasks, the Census Bureau revised its systems development and testing schedule in October 2018, but according to GAO, “the Bureau is at risk of not meeting near-term IT system development and testing schedule milestones for five upcoming 2020 Census operational deliveries.”

National: No. 2 U.S. intelligence official talks about how U.S. is preparing for 2020 election threats | Olivia Gazis/CBS News

The U.S. intelligence community is preparing to confront a novel set of challenges related to the upcoming 2020 presidential elections amid proliferating disinformation threats – in part by boosting the amount of information it shares publicly, according to the number two intelligence official. “We have no expectation that, in 2020, [adversaries] will stay with the approach that they had in 2018,” said Principal National Intelligence Deputy Director Sue Gordon, who serves as deputy to Director of National Intelligence Dan Coats. “So, I think we already have raised our vision.” In an interview with Intelligence Matters host and CBS News senior national security contributor Michael Morell, Gordon, a career intelligence official who spent 27 years at the CIA before being nominated to her current post by President Trump in 2017, said foreign adversaries’ efforts to interfere with the country’s election security potentially pose a near-existential threat. “I can think of no greater threat to America than actions that would make us not believe in ourselves,” she said. “That is, national interests of our adversaries using information in order to sow seeds of division … or make people believe their votes don’t count, or position tools in our infrastructure” to otherwise affect the integrity of voting processes.

National: Intrusion monitors for election security are going virtual | Benjamin Freed/StateScoop

As interest in cybersecurity swells among election officials, a small group of states has begun experimenting with a virtualized network-intrusion system that until recently had only been available in the form of a physical device. Typically, the Albert system, which is designed and distributed by the nonprofit Center for Internet Security, consists of single-unit physical servers outfitted with the organization’s open-source software that detects anomalous and malicious network activity. But five states and territories, led by Nebraska, have started using Albert sensors that run on a virtual server to detect attempted intrusions of their voter registration databases. The software-based version of the Albert system is a product of collaboration between the participating states, which have asked to remain anonymous; Election Systems & Software, which produces the voter registration system used by Nebraska and the others; and CIS, which operates the Elections Infrastructure Information Sharing and Analysis Center, the federally funded entity through which state officials, local officials and the U.S. Department of Homeland security exchange alerts about election security.

Alabama: Report says aging voting machines a concern in Alabama | Mike Cason/al.com

A report published Thursday on election security says states need more federal money to safeguard elections from outside threats. It says Alabama election officials cited a need to replace voting machines used in most counties that are more than a decade old and to establish a “cyber navigator program” to help local officials protect their systems. “Defending Elections: Federal Funding Needs for State Election Security,” attached at the end of this article, outlines how Alabama and five other states are using their shares of $380 million Congress provided to states for election security last year. Alabama’s allocation was $6.5 million, including the required 5 percent state match. The report was written by the Brennan Center for Justice; R Street; Pitt Cyber, the University of Pittsburgh Institute for Cyber Law, Policy, and Security; and the Alliance for Securing Democracy. The report said Russian hackers penetrated computer networks in two counties in Florida in 2016 by obtaining information from a software vendor. A gap opened by the same vendor might have allowed hackers to tamper with voter rolls in North Carolina, the report says. “Efforts like these undermine faith in our democratic system, and steps must be taken to prevent them from occurring again,” the report says.

Florida: 2020 election: Democrats man up for recount; GOP looks to boost voter ranks | Jennifer Jia/The Palm Beach Post

Brandon Peters, the state party’s voter protection program director, says he told Democratic activists at the state party’s Leadership Blue 2019 meeting in June that they should assume another recount will occur in 2020. Election Day in November 2020 is still more than a year away, but Florida Democrats are already lining up their poll watching, legal and — just in case — recount teams while state Republicans look to drive registrations higher. This past week, a Florida Democratic Party mass email was sent to potential volunteers calling on them to “protect the vote in Florida in 2020.” It added: “Because the GOP will stop at nothing to re-elect Donald Trump next year, it’s important for us to build our roster early.” Brandon Peters, the state party’s voter protection program director, says he told Democratic activists at the state party’s Leadership Blue 2019 meeting in June that they should assume another recount will occur in 2020. “We are going to be prepared,” Peters said. He hopes to recruit as many as 15,000 lawyers and volunteers by July of next year. Peters created a GoFundMe page in January to raise money needed to cover the costs of the effort. Fifty-two donors surpassed the post’s $2,500 goal. The funds will go toward hiring, training and equipping voter protection teams in Florida and Georgia.

Iowa: Iowa will keep voter registration system for 2020 elections | Ryan J. Foley/Associated Press

Iowa’s 14-year-old voter registration system will live to see another presidential election. The Iowa Secretary of State’s office confirmed Thursday that a long-discussed plan to replace the I-Voters database will not be completed before the 2020 elections.  Spokesman Kevin Hall said the office remains in the information-gathering phase of the project, which was formally launched more than a year ago. He said the state plans to solicit information from potential vendors soon and to later move forward with a bidding process. “This is a big project and we owe it to the voters of Iowa to build it responsibly with the future of elections and security in mind,” he said. The project is expected to cost $7 million and the office doesn’t yet have all that funding, he added. Russian hackers tried to infiltrate Iowa’s elections system in 2016 but were not successful. Current and former state officials say they have confidence in the security of the I-Voters system and that they’ve taken steps to prevent intrusions, including two-factor authentication and cybersecurity training for users in all of Iowa’s 99 counties. Built in 2005 and launched the next year, the system has been upgraded numerous times and contains data on Iowa’s roughly 2 million registered voters.

Pennsylvania: Elections experts say cybersecurity threats demand federal funding | Deb Erdley/Tribune-Review

Unfunded cybersecurity needs are leaving state and local election officials to stand on the front lines of threats from sophisticated international interests, a new report asserts. “Defending Elections,” a report from the Brennan Center for Justice, highlights growing concerns that myriad unmet security needs pose a threat to fair elections. Christopher R. Deluzio, policy director of the University of Pittsburgh Institute for Cyber Law, Policy and Security, was among five researchers who collaborated on the report. He said a close look at efforts under way in six states — Alabama, Arizona, Illinois, Louisiana, Oklahoma and Pennsylvania — underscored the challenges elections officials face, from the need to purchase new voting machines that will create a paper record, to developing systems for post-election audits, addressing emerging cyber vulnerabilities and upgrading voter registration systems. Part of the problem is the cost of underwriting new voting machines as states and counties struggle to meet the timeline to have systems with paper backups in place in time for the 2020 presidential primaries. In Pennsylvania, where voting machines are purchased at the county level, Deluzio said the $14 million federal grant that was doled out to counties will finance only about 10% to 12% of the estimated $150 million needed to replace voting machines across the state.

West Virginia: Warner Calls Cyberattack a Warning for Election Cybersecurity | Steven Allen Adams/The Intelligencer

A recent ransomware attack on government computer systems in Harrison County did not affect voter registration systems or other counties, and the West Virginia Secretary of State’s Office is preparing counties for other cyber-attacks leading to the 2020 election. Secretary of State Mac Warner was joined by his staff and county clerks from the region Wednesday at the secretary’s North Central Business Hub in Clarksburg. On June 13, county databases were victims of a ransomware attack, whereby computer services are locked out until a ransom is paid. Offices affected included the prosecuting attorney, the county assessor and the clerk’s office. Ransomware attacks can often happen when someone clicks a phishing link, which allows bad actors access to the computer system. “Everyone is susceptible to this individually, in businesses, in government, and so on,” Warner said. “It’s important to know what we’re doing in West Virginia to stay ahead of this trend and what we’re doing to train folks.” Harrison County Clerk Susan Thomas said the cyber-attack only affected the office’s online access to vital records, estate and probate documents, and tax records. The records are still available for view at the clerk’s office, though re-creating the online database could take years. The FBI and the U.S. Attorney’s Office for the Northern District of West Virginia are investigating the attack.

India: Ahead of state elections, Congress looks to amp up push for paper ballots | Aurangzeb Naqshbandi/Hindustan Times

The Congress is likely to convene a meeting of opposition parties after the budget session of Parliament ends to discuss their future course of action on the issue of Electronic Voting Machines (EVMs) that some say are susceptible to manipulation. After suffering a heavy defeat in the 2019 Lok Sabha elections, in which it managed to win only 52 seats in the 543-member House, the party has decided to escalate its demand for the restoration of ballot papers to replace electronic voting in future elections. According to a Congress functionary, a group of party leaders recently met United Progressive Alliance (UPA) chairperson Sonia Gandhi and senior Congress leader Rahul Gandhi, who has stepped down as president over the electoral rout, and asked them to push the demand in a big way. The functionary, who requested anonymity, said the party had not only received feedback from the ground but is “convinced” that “EVMs were manipulated” in the national elections, in which the Bharatiya Janata Party (BJP) won 303 seats. Past protests by opposition parties that EVMs were vulnerable to tampering have failed to convince the Election Commission (EC), which has rejected the allegations. The Supreme Court in April raised the physical counting of Electronic Voting Machines using a Voter-Verified Paper Audit Trail (EVM-VVPATs) in constituencies from one to five on a plea by opposition parties, but in May turned down a petition for an increase in random checks to at least 50% EVMs.

Japan: Internal affairs ministry to test online voting for overseas citizens | The Japan Times

The internal affairs ministry will test online voting for Japanese citizens living abroad in an effort to raise voter turnout among such people in elections. The ministry will conduct the test after Sunday’s House of Councilors election with a goal of introducing it as early as the next Upper House poll in 2022, officials said. Eligible voters will be able to enter the voting page using electronic devices by verifying their identity through registered My Number identification cards. To protect privacy, voting data will be sent encrypted to Japan, and personal information attached to the data will be deleted when votes are counted. Voting data left on voter devices will also be deleted. An expert panel set up by the ministry proposed the introduction of online voting in August last year to address low voter turnout, at around 20 percent, among Japanese citizens overseas. The low rates are believed to reflect a shorter voting period due to the need to send votes to Japan as well as the need to go to diplomatic missions where polling stations are set up.