National: Why is Mitch McConnell blocking election security bills? Good question. | Amber Phillips/The Washington Post

As President Trump’s own FBI director warns that Russians are planning to try to undermine American democracy in the next presidential election, Republican lawmakers led by Senate Majority Leader Mitch McConnell (Ky.) are blocking bills aimed at blocking foreign hackers from states’ voting systems. Why? Republicans have policy objections to the legislation, but it seems clear that politics is at the forefront of McConnell’s decision-making. Specifically, the politics of pleasing Trump. Trump is so sensitive to findings that Russians tried to help him win in 2016 that a Cabinet secretary was warned against briefing him on it. He’s repeatedly sided with Russian President Vladimir Putin over his own intelligence community about whether Russians interfered. He’s said he might accept foreign help in his 2020 reelection. And last month, he made light of it all when he mock-scolded Putin in front of cameras. “Don’t meddle in the election,” he said, waving a finger and wearing a smile. That puts McConnell in a tough spot: Pass legislation, which election security experts say is needed, and risk sparking the president’s ire, or block the legislation — and risk increased Russia election interference and public ridicule.

National: ‘Moscow Mitch’ Tag Enrages McConnell and Squeezes G.O.P. on Election Security | Carl Hulse/The New York Times

Senator Mitch McConnell is usually impervious to criticism, even celebrating the nasty nicknames critics bestow on him. But Mr. McConnell, the Senate majority leader, is incensed by the name “Moscow Mitch,” and even more miffed that he has been called a “Russian asset” by critics who accuse him of single-handedly blocking stronger election security measures after Russia’s interference in 2016. Democrats had been making the case for months, but it was supercharged last week by the testimony of Robert S. Mueller III, the former special counsel, who told the House Intelligence Committee that the Russians were back at it “as we sit here.” Mr. McConnell cites several reasons for his opposition — a longstanding resistance to federal control over state elections, newly enacted security improvements that were shown to have worked in the 2018 voting and his suspicion that Democrats are trying to gain partisan advantage with a host of proposals. Republican colleagues say that Mr. McConnell, a longtime foe of tougher campaign finance restrictions and disclosure requirements, is leery of even entering into legislative negotiation that could touch on fund-raising and campaign spending.

National: Election Security Needs Increased Federal Investment | Lucas Ropek/Government Technology

Foreign interference is still an ongoing threat to state and local election security and can only be guarded against through increased federal assistance, warns a recently published report.

Defending Elections, published by the Brennan Center for Justice, claims that state and local governments are on the “front line” of a “cyberwar” with foreign actors and hackers.

Ever since the 2016 Russian intrusion into the U.S. presidential election, concern over voting system integrity has been a top priority for officials at all levels of government as well as the American public. With recent news that Russia’s efforts were far more extensive than initially believed, it isn’t hard to see why states are looking to bolster their cybersecurity.

For years, one of the biggest programs to increase election security has been the Help America Vote Act (HAVA), a George W. Bush-era federal law which last year provided $380 million in federal grant funding to assist with election security for state and local governments.

States spent only around 8 percent of this funding during the 2018 elections, but are on track to spend the vast majority of it during 2020, according to The Washington Post

HAVA, which has been providing assistance since 2002, still does not do enough to satisfy the actual security needs of most states, according to the new report.

Many state and local governments have “substantial election security needs that likely will not be met absent additional federal support,” according to the report. It further concludes that these governments are “ill equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments.”

Those foreign governments may include Russia, China and Iran, according to Trump officials, who feel that a whole host of countries may attempt to inject their influence into the 2020 presidential election.

The Brennan report looks at the needs of a representative sample of states, including Alabama, Arizona, Oklahoma, Illinois, Louisiana and Pennsylvania; detailing the federal allocations they received last year, and the areas that will still need further investment.

Arizona, for example, received over $7 million in funds from the federal grant in 2018, the bulk of which went toward investing in cybersecurity, including an IT infrastructure security assessment and increased inter-agency information sharing. The funds were also used to help replace the state’s voter registration database.

However, the state ultimately needs further investment to replace its legacy voting systems, which many experts consider to be a liability due to their use of outdated software that may not receive consistent security patches.

Other states, like Oklahoma, spent millions in federal funding to upgrade their voter registration databases and security, as well as on new election system equipment and cybersecurity training. However, more funding is needed to ensure post-election audits, as well as upgrades to voting equipment and the state’s voter registration virtual private network.

For many states, like Pennsylvania, further investment is needed in basic cybersecurity assessments and trainings, which give elections staff the skills necessary to identify vulnerabilities and avoid spear-phishing campaigns.

Editorials: ‘An Attack On The Nation Needs A National Response’: Lawmakers And Election Security | Alex Schroeder/WBUR

Robert Mueller was consistent on one point during his congressional testimony last week: Russian interference in U.S. elections is one of the most serious threats to American democracy he’s seen in his long career. On Wednesday, during testimony before the House Intelligence Committee, Rep. Will Hurd, R-Texas, asked the former special counsel if he thought "this was a single attempt by the Russians to get involved in our election," or there was "evidence to suggest that they'll try to do this again?" "Oh, it wasn't a single attempt," Mueller responded. "They're doing it as we sit here. And they expect to do it during the next campaign." The very next day, the Senate Intelligence Committee released a bipartisan report saying that Russia probably attempted to infiltrate election systems in all 50 states. Also last week: Senate Majority Leader Mitch McConnell, R-Ky., blocked two election security bills that made it out of committee with bipartisan support. In other words, a moment of potential bipartisanship is becoming partisan anyway, as the 2020 election looms.

Editorials: Protecting American elections from sabotage is apparently now a partisan issue | Los Angeles Times

Securing American elections against foreign interference — including by Russian computer hackers breaking into U.S. election infrastructure — ought to be an urgent and bipartisan priority. But thanks to Majority Leader Mitch McConnell, the Senate is about to leave Washington without acting on proposals to make it harder for Russia and other foreign actors to meddle. Meanwhile, Director of National Intelligence Dan Coats, who took the threat of foreign election meddling more seriously than the president who appointed him, has announced that he is resigning. President Trump proposes to replace him with Rep. John Ratcliffe (R-Texas), a Trump loyalist who attracted attention last week when he chastised former special counsel Robert S. Mueller III for saying that he couldn’t exonerate Trump of obstruction of justice. Taken together, these developments raise a concern that Washington won’t respond appropriately to a repetition — or escalation — of what Mueller described as a “sweeping and systematic” interference by Russia in the 2016 election. Mueller told the House Intelligence Committee last week that Russia was already interfering in the 2020 election “as we sit here.”

Editorials: Why is Sen. Roy Blunt so nonchalant about cyber threats and 2020 election security? | The Kansas City Star

Remember how we went straight from “Ha ha, no reason to worry about so-called climate change,” to “Well, too late now to do anything about catastrophic climate change?” It’s still not too late to mitigate the damage, though. And let’s not let that same flawed thinking keep us from doing what we can, even at this late date, to minimize the serious threat of foreign cyber attacks ahead of next year’s election. As former Special Counsel Robert Mueller’s testimony last week reminded us, we’re in urgent need of the bipartisan election security legislation that Senate Majority Leader Mitch McConnell says he has no intention of letting go forward. Could Russia intervene in another election, Mueller was asked. “They’re doing it as we sit here,” he answered, while “many more countries” race to catch up to Russia’s ability to compromise our democracy. Should one of these other countries ever attempt an incursion on behalf of a Democrat, we’re guessing that McConnell would not be quite so “c’est la vie.”

Florida: New Senate Intelligence report suggests four Florida counties hacked by Russia | Dave Elias/NBC

It appears that Russia’s attempt to hack Florida's election system was more intense than first thought. A new Senate Intelligence report suggests that there were actually "four" Florida counties hacked instead of two that we first told you about back in April. The 61-page report details the hack attempts. It now says all 50 states were targets. Florida, which is referred to as "State 2" in the report, was a key target. The report says the feds repeatedly warned the state about potential hacks, but then-Governor Rick Scott said he knew nothing about it until he became a senator. “They got into two counties in Florida. They didn't get anything done, but they got into two counties,” Scott told NBC Meet the Press. Much of the report was redacted, and every state except Illinois was assigned a number.

Georgia: Georgia awards contract for new voting machines to Dominion | Maggie Miller/The Hill

Georgia awarded a $150 million contract to voting equipment manufacturer Dominion Voting Systems to implement a “verified paper ballot system” in the state prior to the March 2020 presidential primaries, the Georgia Secretary of State’s office announced Monday. This will involve replacing current voting machines in Georgia with machines from Dominion that print a paper ballot after the voter has made their choices to further secure the vote against outside interference.  Georgia Secretary of State Brad Raffensperger said in a statement that “elections security is my top priority,” adding that “we look forward to working with national and local elections security experts to institute best practices and continue to safeguard all aspects of physical and cyber-security in an ever-changing threat environment.”

Georgia: A federal judge will decide on replacing Georgia voting machines | Mark Niesse/The Atlanta Journal-Constitution

As Georgia election officials selected a new voting system Monday, a federal judge is wrestling with whether to immediately require paper ballots before the state’s current electronic voting machines are set to be used for the last time in this fall’s elections. U.S. District Judge Amy Totenberg will decide whether Georgia’s existing touchscreen voting system is too insecure to continue using, a decision that could affect 310 elections planned in cities and counties this fall.Starting with next year’s presidential primary election, voters will use new voting equipment that combines touchscreens and printed-out paper ballots. Secretary of State Brad Raffensperger announced Monday that Dominion Voting won the state’s $107 million contract.Totenberg said in court Friday that Georgians could be “sitting ducks” because of hacking vulnerabilities in the state’s current electronic voting system, which lacks a paper ballot that could be used for audits and recounts. She didn’t immediately issue a ruling Friday after two days of testimony from voters, election officials, computer science experts and cybersecurity contractors.But Totenberg appeared reluctant to throw out the state’s 17-year-old voting machines this close to November’s elections.She said “it might be extra challenging” to change to hand-marked paper ballots, then go through another transition to the state’s new voting system before the presidential primary election March 24.

Indiana: 1st paper audit trail for election machines OK’d | Niki Kelly/The Journal Gazette

The Indiana Election Commission recently approved the first voter-verifiable paper audit trail for electronic voting systems -- though it’s unclear when Allen County might see the mechanism. The VVPAT, as it is called by election officials, is a security measure that allows voters to independently verify their vote was correctly recorded. In Indiana, almost half the counties use direct record electronic machines. There is a paper trail in the back of the machines, but it is not visible to the voter. As a security measure, paper trails that are visible to the voter are being added to those machines. Lawmakers provided $10 million in the current budget to equip 10% of electronic voting equipment with a VVPAT. Voters will start seeing the equipment at the polls this fall, according to the Secretary of State’s office. By 2029, all voting equipment in the state will be required to have a voter verifiable paper trail.

Indiana: Paper trails for electronic voting equipment approved by Election Commission | The Statehouse File

The Indiana Election Commission on Monday approved the state’s first voter electronic voting system with a verifiable paper audit trail (VVPAT), which will allow voters to confirm that their votes have been correctly recorded. Direct record electronic machines are currently used in almost half the counties of Indiana. With these machines, there is a paper trail located in the back, but not visible to the voters. With the new security measure, voters will now be able to view the paper trails when they are added to the electronic voting equipment. “Adding VVPATs to election equipment will help boost voter confidence and allow us to implement risk limiting audits,” said Secretary of State Connie Lawson in a news release. “Together, these practices will show voters at the polls their vote is safe and secure and following up with a post-election audit will confirm their vote was counted.”

Iowa: “Virtual Iowa Caucuses” Demand Cybersecurity Attention: 2020 Election Security Can’t Wait Till 2020 | Joshua Geltzer/Just Security

The past week featured stark reminders of the importance of election security as the 2020 presidential election swiftly approaches. First, former Special Counsel Robert Mueller testified to the House Intelligence Committee that the Russian government was interfering with American democracy “as we sit here.” Next, the Senate Intelligence Committee released a detailed report on election security, reciting the extensive malign cyber activity conducted by Moscow in the lead-up to America’s 2016 presidential election and concluding that “little has been done to prevent it from happening all over again.” Press coverage of both of these warnings has emphasized—understandably—the need to harden U.S. defenses against various forms of cyber interference that Russia—and now Iran, too—appear intent on carrying out in the 2020 election. While it’s true that 2020 election security is critical, it’s important to emphasize that protecting our elections can’t wait until 2020 is upon us. That’s because, if our foreign adversaries’ goal is (as the Senate Intelligence Committee report confirmed) to undermine American confidence in our own democracy, the opportunities to do so are already unfolding. Long before Election Day arrives, the release of internal campaign emails, the distortion of public polling data, the laundering to campaigns of money that originates from impermissible sources—all of this can contribute to advancing the objectives of Russia and other hostile foreign actors intent on undermining public confidence in American elections and, ultimately, our democracy.

North Carolina: Board of Elections does a 180 on decision to delay certifying voting machines | Melissa Boughton/NC Policy Watch

The North Carolina State Board of Elections plans to move forward with certifying new voting machines ahead of the 2020 elections after a member mistakenly voted Monday night to delay the process to create stricter requirements out of concern for cyber security.The reversal of course came as a surprise to voting rights advocates and citizens who had praised Board members last night for postponing certification in the name of voter integrity. Board members had voted 3-2 for the postponement in order to adopt more stringent requirements for digital voting systems at a later meeting in mid-August (a meeting for which they would have provided 15 days’ notice to the public). However, another meeting notice sent out Tuesday by the Board stated that the group planned to consider a motion this Thursday morning to “rescind [the] decision to notice meeting to amend NC Election Systems Certification Program.” “Board Member David Black said he misunderstood the motion of Board Secretary Stella Anderson and was not aware it would stop the present certification in its tracks,” said Board Chairman Bob Cordle in an email. “He did not realize that, so he wants to set that vote aside and move ahead with certification. Some board members believe it’s not fair to try to change the requirements at this late date — more than two and a half years after the process started.”

North Carolina: Another delay on voting machines, and a move toward hand-marked ballots | Travis Fain/WRAL

North Carolina moved toward a new requirement for hand-marked ballots Monday night when a divided, but bipartisan, State Board of Elections voted to rework the rules that govern what voting machines are allowed here. The board will have to gather again in about two weeks to make the change official, and Monday's decision delayed for the third time in two months a long-awaited decision to certify new voting equipment. But activists hailed the vote as a move toward more secure elections. The time to approve new machines ahead of the 2020 elections grows short. State law requires small test runs in actual elections before new machines can be fully deployed, meaning equipment would need to be in place for the November municipal elections to be ready for the March 2020 presidential primaries. The state legislature may change that law, allowing for simulated election tests instead. It may also delay the coming decertification of touchscreen voting systems that roughly a third of North Carolina counties use now.

West Virginia: Internet Voting Experiment Criticized | Public News Service

Security experts are critical of a West Virginia experiment in Internet voting for military and overseas citizens. Last year the Secretary of State's office allowed 141 West Virginians in 31 counties to vote, using what's known as blockchain – the same distributed ledger system cryptocurrencies such as bitcoin use. In an article for Slate magazine, tech reporter Yael Grauer criticized the contractor for being secretive. Among other points, Grauer also questioned whether the use of blockchain really helped secure the voting, or if the experiment just used a fad technology as a kind of marketing. And Grauer pointed to a weak link. "Everybody who's sent email probably knows that they don't always go through,” she points out. “And after they receive it they're putting it on the blockchain, but there's no way for voters to be able to check whether what they voted on is in the blockchain the way that they voted on it."

Australia: New South Wales iVote source code released for researchers to poke around in | Asha Barbaschow/ZDNet

Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities. Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC. "We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find," Scytl Asia-Pacific GM Sam Campbell said. "The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission." In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud. Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome.

Switzerland: Cyber attack hits email users probing Russian intelligence | Sam Jones/Financial Times

One of the world’s most secure email services has been caught up in a sophisticated cyber attack aimed at investigative journalists and other experts who are probing Russian intelligence activities. Those targeted have used Swiss-based ProtonMailexternal link to share sensitive information related to their probes of Moscow’s military intelligence directorate, the GRU. Its agents have been accused of complicity in the downing of MH17 over Ukraine in 2014, and the attempted assassination of Sergei Skripal and his daughter last year in Britain. ProtonMail, which bills itself as the world’s most secure email platform, because of its cutting edge cryptography and protections against attack, became aware of the attempt to compromise its users on Wednesday. The company, founded in 2014 by a team of former scientists from the European particle research laboratory CERNexternal link, has been in touch with Swiss authorities to help shut down the web domains used to try to dupe its clients and has taken action to block phishing emails. Its own systems and servers have not been hit in any way, it emphasised.