National: Intrusion monitors for election security are going virtual | Benjamin Freed/StateScoop

As interest in cybersecurity swells among election officials, a small group of states has begun experimenting with a virtualized network-intrusion system that until recently had only been available in the form of a physical device. Typically, the Albert system, which is designed and distributed by the nonprofit Center for Internet Security, consists of single-unit physical servers outfitted with the organization’s open-source software that detects anomalous and malicious network activity. But five states and territories, led by Nebraska, have started using Albert sensors that run on a virtual server to detect attempted intrusions of their voter registration databases. The software-based version of the Albert system is a product of collaboration between the participating states, which have asked to remain anonymous; Election Systems & Software, which produces the voter registration system used by Nebraska and the others; and CIS, which operates the Elections Infrastructure Information Sharing and Analysis Center, the federally funded entity through which state officials, local officials and the U.S. Department of Homeland security exchange alerts about election security.

Alabama: Report says aging voting machines a concern in Alabama | Mike Cason/al.com

A report published Thursday on election security says states need more federal money to safeguard elections from outside threats. It says Alabama election officials cited a need to replace voting machines used in most counties that are more than a decade old and to establish a “cyber navigator program” to help local officials protect their systems. “Defending Elections: Federal Funding Needs for State Election Security,” attached at the end of this article, outlines how Alabama and five other states are using their shares of $380 million Congress provided to states for election security last year. Alabama’s allocation was $6.5 million, including the required 5 percent state match. The report was written by the Brennan Center for Justice; R Street; Pitt Cyber, the University of Pittsburgh Institute for Cyber Law, Policy, and Security; and the Alliance for Securing Democracy. The report said Russian hackers penetrated computer networks in two counties in Florida in 2016 by obtaining information from a software vendor. A gap opened by the same vendor might have allowed hackers to tamper with voter rolls in North Carolina, the report says. “Efforts like these undermine faith in our democratic system, and steps must be taken to prevent them from occurring again,” the report says.

Florida: 2020 election: Democrats man up for recount; GOP looks to boost voter ranks | Jennifer Jia/The Palm Beach Post

Brandon Peters, the state party’s voter protection program director, says he told Democratic activists at the state party’s Leadership Blue 2019 meeting in June that they should assume another recount will occur in 2020. Election Day in November 2020 is still more than a year away, but Florida Democrats are already lining up their poll watching, legal and — just in case — recount teams while state Republicans look to drive registrations higher. This past week, a Florida Democratic Party mass email was sent to potential volunteers calling on them to “protect the vote in Florida in 2020.” It added: “Because the GOP will stop at nothing to re-elect Donald Trump next year, it’s important for us to build our roster early.” Brandon Peters, the state party’s voter protection program director, says he told Democratic activists at the state party’s Leadership Blue 2019 meeting in June that they should assume another recount will occur in 2020. “We are going to be prepared,” Peters said. He hopes to recruit as many as 15,000 lawyers and volunteers by July of next year. Peters created a GoFundMe page in January to raise money needed to cover the costs of the effort. Fifty-two donors surpassed the post’s $2,500 goal. The funds will go toward hiring, training and equipping voter protection teams in Florida and Georgia.

Iowa: Iowa will keep voter registration system for 2020 elections | Ryan J. Foley/Associated Press

Iowa’s 14-year-old voter registration system will live to see another presidential election. The Iowa Secretary of State’s office confirmed Thursday that a long-discussed plan to replace the I-Voters database will not be completed before the 2020 elections.  Spokesman Kevin Hall said the office remains in the information-gathering phase of the project, which was formally launched more than a year ago. He said the state plans to solicit information from potential vendors soon and to later move forward with a bidding process. “This is a big project and we owe it to the voters of Iowa to build it responsibly with the future of elections and security in mind,” he said. The project is expected to cost $7 million and the office doesn’t yet have all that funding, he added. Russian hackers tried to infiltrate Iowa’s elections system in 2016 but were not successful. Current and former state officials say they have confidence in the security of the I-Voters system and that they’ve taken steps to prevent intrusions, including two-factor authentication and cybersecurity training for users in all of Iowa’s 99 counties. Built in 2005 and launched the next year, the system has been upgraded numerous times and contains data on Iowa’s roughly 2 million registered voters.

Pennsylvania: Elections experts say cybersecurity threats demand federal funding | Deb Erdley/Tribune-Review

Unfunded cybersecurity needs are leaving state and local election officials to stand on the front lines of threats from sophisticated international interests, a new report asserts. “Defending Elections,” a report from the Brennan Center for Justice, highlights growing concerns that myriad unmet security needs pose a threat to fair elections. Christopher R. Deluzio, policy director of the University of Pittsburgh Institute for Cyber Law, Policy and Security, was among five researchers who collaborated on the report. He said a close look at efforts under way in six states — Alabama, Arizona, Illinois, Louisiana, Oklahoma and Pennsylvania — underscored the challenges elections officials face, from the need to purchase new voting machines that will create a paper record, to developing systems for post-election audits, addressing emerging cyber vulnerabilities and upgrading voter registration systems. Part of the problem is the cost of underwriting new voting machines as states and counties struggle to meet the timeline to have systems with paper backups in place in time for the 2020 presidential primaries. In Pennsylvania, where voting machines are purchased at the county level, Deluzio said the $14 million federal grant that was doled out to counties will finance only about 10% to 12% of the estimated $150 million needed to replace voting machines across the state.

West Virginia: Warner Calls Cyberattack a Warning for Election Cybersecurity | Steven Allen Adams/The Intelligencer

A recent ransomware attack on government computer systems in Harrison County did not affect voter registration systems or other counties, and the West Virginia Secretary of State’s Office is preparing counties for other cyber-attacks leading to the 2020 election. Secretary of State Mac Warner was joined by his staff and county clerks from the region Wednesday at the secretary’s North Central Business Hub in Clarksburg. On June 13, county databases were victims of a ransomware attack, whereby computer services are locked out until a ransom is paid. Offices affected included the prosecuting attorney, the county assessor and the clerk’s office. Ransomware attacks can often happen when someone clicks a phishing link, which allows bad actors access to the computer system. “Everyone is susceptible to this individually, in businesses, in government, and so on,” Warner said. “It’s important to know what we’re doing in West Virginia to stay ahead of this trend and what we’re doing to train folks.” Harrison County Clerk Susan Thomas said the cyber-attack only affected the office’s online access to vital records, estate and probate documents, and tax records. The records are still available for view at the clerk’s office, though re-creating the online database could take years. The FBI and the U.S. Attorney’s Office for the Northern District of West Virginia are investigating the attack.

India: Ahead of state elections, Congress looks to amp up push for paper ballots | Aurangzeb Naqshbandi/Hindustan Times

The Congress is likely to convene a meeting of opposition parties after the budget session of Parliament ends to discuss their future course of action on the issue of Electronic Voting Machines (EVMs) that some say are susceptible to manipulation. After suffering a heavy defeat in the 2019 Lok Sabha elections, in which it managed to win only 52 seats in the 543-member House, the party has decided to escalate its demand for the restoration of ballot papers to replace electronic voting in future elections. According to a Congress functionary, a group of party leaders recently met United Progressive Alliance (UPA) chairperson Sonia Gandhi and senior Congress leader Rahul Gandhi, who has stepped down as president over the electoral rout, and asked them to push the demand in a big way. The functionary, who requested anonymity, said the party had not only received feedback from the ground but is “convinced” that “EVMs were manipulated” in the national elections, in which the Bharatiya Janata Party (BJP) won 303 seats. Past protests by opposition parties that EVMs were vulnerable to tampering have failed to convince the Election Commission (EC), which has rejected the allegations. The Supreme Court in April raised the physical counting of Electronic Voting Machines using a Voter-Verified Paper Audit Trail (EVM-VVPATs) in constituencies from one to five on a plea by opposition parties, but in May turned down a petition for an increase in random checks to at least 50% EVMs.

Japan: Internal affairs ministry to test online voting for overseas citizens | The Japan Times

The internal affairs ministry will test online voting for Japanese citizens living abroad in an effort to raise voter turnout among such people in elections. The ministry will conduct the test after Sunday’s House of Councilors election with a goal of introducing it as early as the next Upper House poll in 2022, officials said. Eligible voters will be able to enter the voting page using electronic devices by verifying their identity through registered My Number identification cards. To protect privacy, voting data will be sent encrypted to Japan, and personal information attached to the data will be deleted when votes are counted. Voting data left on voter devices will also be deleted. An expert panel set up by the ministry proposed the introduction of online voting in August last year to address low voter turnout, at around 20 percent, among Japanese citizens overseas. The low rates are believed to reflect a shorter voting period due to the need to send votes to Japan as well as the need to go to diplomatic missions where polling stations are set up.

National: States need more federal funds to secure elections: report | Maggie Miller/The Hill

States are in need of further funding from the federal government to fully secure elections, a report published Thursday found, citing six states as examples. The report was compiled by the Brennan Center for Justice, the R Street Institute, the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security, and the Alliance for Securing Democracy. It spotlights Alabama, Arizona, Illinois, Louisiana, Oklahoma, and Pennsylvania. “Elections are the pillar of American democracy, and, as we saw in 2016 and 2018, foreign governments will continue to target them,” the authors wrote in the report. “States cannot counter these adversaries alone, nor should they have to. But at a time when free and fair elections are increasingly under attack, they can, with additional federal funding, safeguard them.” Four of the states reported that future federal funds are needed to replace “legacy” or older voting equipment that have cyber vulnerabilities, while several other states cited the need for funding to train election officials in cybersecurity.

National: Senate passes bill making hacking voting systems a federal crime | Jordain Carney/The Hill

The Senate passed legislation on Wednesday night that would make it a federal crime to hack into any voting systems used in a federal election. The bill, known as the Defending the Integrity of Voting Systems Act, passed the chamber on Wednesday night by unanimous consent, which requires the sign off of every senator. It would allow the Justice Department to pursue federal charges against anyone who hacks voting systems used in federal elections under the Computer Fraud and Abuse Act. Sen. Sheldon Whitehouse (D-R.I.), Richard Blumenthal (D-Conn.) and Lindsey Graham (R-S.C.) introduced the legislation earlier this year and it cleared the Judiciary Committee in May. “Our legislation to protect voting machines will better equip the Department of Justice to fight back against hackers that intend to interfere with our election,” Blumenthal said when the bill was introduced.

National: Top Democrat demands answers on election equipment vulnerabilities | Maggie Miller/TheHill

Sen. Ron Wyden (D-Ore.) is demanding answers from the Election Assistance Commission (EAC) as to how the federal agency plans to secure election equipment amid reports that most machines depend on software that will soon be out-of-date and vulnerable to cyber attacks. In a letter dated July 12 that was released on Monday, Wyden asked EAC Chairwoman Christy McCormick how the agency plans to address this “looming cybersecurity crisis.” “Intelligence officials have made it clear that Russian hackers targeted our elections in 2016, and that they expect similar threats in 2020,” Wyden wrote. “The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers. This is unacceptable.” The Associated Press recently reported that the majority of U.S. counties use election management systems that run on Windows 7, an outdated operating system that Microsoft will stop updating in January. The systems are responsible for programming voting machines and tallying votes. Wyden focused his questions on whether products created by Election Systems and Software (ES&S), one of the major U.S. voting equipment manufacturers, would be decertified by the EAC prior to the 2020 elections. According to EAC documentation, the equipment uses Windows 7. Wyden gave McCormick a July 26 deadline to respond to his questions.

National: Microsoft will give away software to guard U.S. voting machines | Ken Dilanian/NBC

Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines, even as the tech giant said it had tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.” The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post. Its announcement was timed to coincide with the Aspen Security Forum, an annual conference of current and former intelligence, defense and homeland security officials that kicks off Wednesday in Aspen, Colorado — co-sponsored by Microsoft and others. NBC News is a media partner of the forum. Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft’s move signals that voting systems, long a technology backwater, are finally receiving attention from the county’s leading technical minds.

National: How Julian Assange turned an embassy into a command post for election meddling | Marshall Cohen, Kay Guerrero and Arturo Torres/CNN

New documents obtained exclusively by CNN reveal that WikiLeaks founder Julian Assange received in-person deliveries, potentially of hacked materials related to the 2016 US election, during a series of suspicious meetings at the Ecuadorian Embassy in London. The documents build on the possibility, raised by special counsel Robert Mueller in his report on Russian meddling, that couriers brought hacked files to Assange at the embassy. The surveillance reports also describe how Assange turned the embassy into a command center and orchestrated a series of damaging disclosures that rocked the 2016 presidential campaign in the United States. Despite being confined to the embassy while seeking safe passage to Ecuador, Assange met with Russians and world-class hackers at critical moments, frequently for hours at a time. He also acquired powerful new computing and network hardware to facilitate data transfers just weeks before WikiLeaks received hacked materials from Russian operatives. These stunning details come from hundreds of surveillance reports compiled for the Ecuadorian government by UC Global, a private Spanish security company, and obtained by CNN. They chronicle Assange’s movements and provide an unprecedented window into his life at the embassy. They also add a new dimension to the Mueller report, which cataloged how WikiLeaks helped the Russians undermine the US election. An Ecuadorian intelligence official told CNN that the surveillance reports are authentic.

National: Multiple Bills Seek To Secure Elections: Will They Do It? | Taylor Armerding/Forbes

If the security of voting systems in the next election will be a function of the amount of legislation on the topic now pending in Congress, we’ve got nothing to worry about in November 2020. There is a growing pile of bills in both the House and Senate, most featuring several to dozens of cosponsors—sometimes even from both parties—accompanied by press releases with made-to-order endorsements from congressional leaders, advocacy groups and cybersecurity experts. They all call for securing U.S. elections and “protecting our democracy.” But, of course, the number of bills doesn’t matter. It’s about quality, not quantity. The things that do matter are what gets enacted into law and whether its mandates get done or get watered down. And that, as the predictable cliché goes, remains to be seen.

National: Alarm sounds over census cybersecurity concerns | Maggie Miller/The Hill

Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities. These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete online, over the phone or on paper. The hearing featured testimony from top officials from the Government Accountability Office (GAO), which has added the Census Bureau to its list of “high risk programs” due to cybersecurity and information technology shortfalls.  “Although the Bureau has taken initial steps to address risk, additional actions are needed as these risks could adversely impact the cost, quality, schedule, and security of the enumeration,” Nick Marinos, the director of Information Technology and Cybersecurity at GAO, and Robert Goldenkoff, the director of Strategic Issues at GAO, said in their written testimony. Concerns center around the security of personal data involved in the census, and around securing systems against threats from foreign nations. The anxiety echoes some of the worry surrounding security against cyberattacks from foreign actors during the upcoming presidential election.

National: Secretaries of state plead for more money for election security | Mark Albert/KOCO

The nation’s chief elections officials are pleading for more money from the federal government to shore up the security of crucial voting systems before the presidential contest in 2020, even as such aid appears dead on arrival in the U.S. Senate. Interviews with 10 secretaries of state, conducted by the Hearst Television National Investigative Unit at the annual summer conference of the National Association of Secretaries of State held this year in Santa Fe, New Mexico, found unanimity across party lines. When asked whether their states needed more money for election security, one secretary after another answered in the affirmative. “Absolutely,” responded Pennsylvania Acting Secretary of State Kathy Boockvar, a Democrat. “Absolutely,” seconded Laurel Lee, Florida’s Secretary of State, a member of the Republican party. “Look, we absolutely need more money,” Democrat Alex Padilla, California’s secretary of state, said. “We can always use more money for election security,” said Mac Warner, a Republican who serves as secretary of state in Virginia. But despite the landslide of bipartisan requests, $600 million in additional funding is stuck in the Senate after passing the House last month on a nearly party-line vote.

Georgia: Unclassified DHS memo outlined threats to Georgia elections | Mark Niesse/Atlanta Journal Constitution

The potential for tampering in Georgia’s elections last fall prompted the U.S. Department of Homeland Security to warn election officials to be on guard against foreign interference. A recently released DHS memo, titled “A Georgia Perspective on Threats to the 2018 U.S. Elections,” listed concerns about hacking, misinformation spread through social media and disruptions to election infrastructure.The federal advice came as attorneys for state election officials argued in court documents that fears of hacking and vote miscounting were little more than “a theoretical possibility.”Secretary of State Brad Raffensperger’s office said Monday that cybersecurity has been an ongoing priority since well before the 2018 elections.“This memo is standard information sharing and shows what all levels of government are doing to protect our elections,” said spokeswoman Tess Hammock. “DHS prepared a similar memo for every state. There is no evidence of any successful attempts to interfere in Georgia’s elections.”The unclassified DHS document became public Wednesday when it was included as an exhibit in an ongoing lawsuit seeking to prevent the continued use of electronic voting machines. “Foreign governments may engage in cyber operations targeting the election infrastructure and political organization in Georgia and engage in influence operations that aim to interfere with the 2018 U.S. elections,” according to the Oct. 2, 2018, document prepared by the DHS Office of Intelligence & Analysis Field Operations Division for the Southeast Region. The two-page memo didn’t specify who might have attempted to tamper with Georgia’s elections, but it said their goals could have been “to disrupt political processes, sway public opinion, or to undermine certain political organizations.”

Pennsylvania: Citing election security, advocates seek to force Pennsylvania to reexamine new voting machines | Jonathan Lai/Philadelphia Inquirer

Organized by election-security advocates, 200 Pennsylvania voters filed a petition Tuesday seeking to force the Pennsylvania Department of State to reconsider its approval of a touchscreen voting machine selected by Philadelphia and other counties. Those machines, the ExpressVote XL from election mega-vendor Election Systems & Software (ES&S), have security flaws and do not comply with the state Election Code, the voters say in their petition submitted by certified mail and email Tuesday. It was signed by voters from Allegheny, Bucks, Delaware, Montgomery, Northampton, Philadelphia, and Westmoreland Counties. The law gives voters authority to trigger a new state review of previously certified electronic voting machines. The petitioners lay out a number of concerns, including the possibility of attackers’ altering votes; ballot secrecy being violated by comparing the chronological stack of ballots to poll books; poll workers inadvertently seeing voters’ choices while helping them; and lack of accessibility for voters with disabilities. They also point to requirements in the Election Code that they say the machine does not meet, such as not using colored paper to distinguish between political parties during a primary election. An ES&S spokesperson rejected those contentions, saying the ExpressVote XL protects voters’ privacy, is accessible for voters with disabilities, and does not allow manipulation of ballots after they are cast.

South Carolina: Does South Carolina’s new polling system get a vote of confidence? | Heath Ellison/The Daniel Island News

South Carolina will implement a new voting system starting January 1, 2020. The new method will be a mixture of the new and old by offering voters a touchscreen interface to make their choices, but will add “the security of a paper ballot,” according to the South Carolina State Election Commission. Voters will make their decision with the touchscreen and the new machine will print out a paper ballot. Individuals can review the ballot to assure their votes are correct, then they will enter them into the machine. Votes will be scanned and tallied when the paper is securely put in the ballot box. The paper ballots will be saved “for auditing and verification of results,” the Commission said. “I think there will be a learning curve,” said Berkeley County Voter Registration and Elections Director Adam Hammons. “I think it will continue to allow voters to access their ballot in the way that they’re used to.” Hammons added that he believes the new system will be a good change for the county.

Washington: State’s new voting system concerns county elections officials | Aaron Kunkler/Kent Reporter

County election officials are raising concerns about the new Washington state voting system ahead of the Aug. 6 primary election while state officials say they have confidence in it. The new voting system, VoteWA, is a $9.5 million program that came online last May and is meant to unify all 39 county voting systems in the state into a single entity. This will allow greater security and more easily facilitate same-day voter registration, said Washington’s Secretary of State Kim Wyman, who has advocated for the program. “I want people to know that our system is secure and that our counties are going to be ready for the August primary and the November general elections,” Wyman said. Several issues have made King County Elections officials less confident. The state shut down the old voting system on May 24 and spent several days transferring voter data to VoteWA. Following this, counties double-checked the new data with their previous voter records to ensure accuracy, which meant they were not able to register new voters in the system until June 9. In King County, this led to a backlog of 16,000 voters, said King County Elections director Julie Wise during a July 10 meeting of the county’s Regional Policy Committee. “There was a rush to get this system implemented, and it’s not ready to go,” Wise said. “I know that that’s concerning, and that it causes alarm for people, but I do want to say we are working diligently.”

Lithuania: Meet the Elves, Lithuania’s digital citizen army confronting Russian trolls | Kim Sengupta/The Independent

When the dark acts of the trolls became particularly harmful, the Elves felt they had no choice but to get together and fight back, and the fierce battle which then began has since been waged with no sign of ending. Industrial-scale spreading of disinformation; manipulating elections; undermining democratic institutions; orchestrating racial and sectarian strife have become potent weapons of modern hybrid warfare. Lithuania is along the frontline in this conflict between Russia and the west. The European Union’s Cyber Rapid Response Force has its headquarters in the country and the region, with the other Baltic states, is a focal point for Nato strategy. Thus, it is not surprising that it was in Lithuania that the citizens’ online army of the elves started five years ago to take on the Russian trolls. It now has an international force of thousands of volunteers. The vast majority of them are based down the length of Russia’s border from the Nordic states to Armenia. But there is also rising interest from countries in the west, including Britain, as the arena of the internet warriors continues to spread.

Russia: Moscow Protesters Call Local Elections Rigged | Associated Press

Russian opposition leaders led a rally in Moscow of about 1,000 people Sunday to protest the city election commission’s decision that will keep several opposition candidates off the ballot in a local election. The unsanctioned rally was billed as a meeting between opposition leaders and voters after the Moscow election commission rejected signatures needed to qualify the candidates for the September city parliament election. Demonstrators chanted “We are the authority here!” and “Putin is a thief.” Police made no effort to intervene until later in the evening, after the protest crowd had largely dispersed and opposition leaders called for the remaining participants to stage an overnight sit-in at the election commission. Alexei Navalny, Russia’s most prominent opposition leader, was not seen at the protest. The demonstration was led, in various stages, by opposition figures Dmitry Gudkov, Ilya Yashin and Lyubov Sobol. “We were collecting the signatures under rain and in the heat,” Gudkov said. “And you know what (the election commission) told us yesterday? They told us that our signatures are fake. Many of the people who gave me their signatures are here today. Friends, do you agree?” The crowd responded: “No!”

National: Here’s an overlooked election cybersecurity danger: outdated software | Joseph Marks/The Washington Post

There’s a big hacking danger facing the 2020 election that’s so far been overlooked: software so old that companies aren’t updating it anymore. The “vast majority” of the nation’s 10,000 election jurisdictions rely on Microsoft’s Windows 7 operating system, which was introduced in 2009 and will reach the end of its technological life span in January, according to a report this weekend from the Associated Press’s Tami Abdollah. And some of those jurisdictions are relying on software that’s even older. That means those systems — which are running in numerous swing states’ election systems — won’t get automatically updated to protect against newfound computer bugs, leaving the systems far more vulnerable to hackers who exploit those bugs, Abdollah reports. The report highlights yet another way in which elections remain vulnerable to hacking despite calls for vastly improved election cybersecurity after the 2016 contest was upended by Russian hacking and disinformation operations — and amid warnings from Intelligence officials that Russia and other U.S. adversaries want to similarly compromise the 2020 contest. The vulnerable software is deployed on systems to create ballots, program voting machines, tally votes and report counts, per the AP. It also demonstrates how many election cybersecurity challenges evade easy fixes.

National: Who’s behind voting-machine makers? Money of unclear origins | Emery P. Dalesio/Associated Press

The voting-machine makers that aim to sell their systems in North Carolina are largely owned by private equity firms that don’t disclose their investors. The companies didn’t want the public to know even that much. North Carolina’s statewide elections board demanded the machine-makers’ ownership information last month after special counsel Robert Mueller’s April report into Russian efforts to sway the 2016 presidential election. Their concerns about potential foreign interference have grown since Maryland officials learned last year that a company maintaining that state’s election infrastructure did not disclose its financing by a venture fund whose largest investor is a Russian oligarch. The private-equity backers of the three voting systems vendors seeking approval to sell to county elections boards in North Carolina told The Associated Press they’re controlled by U.S. citizens. They claimed they have no ties to foreign oligarchs or other nefarious persons facing financial sanctions by Washington. But they didn’t provide information about the sources of the money they invest. And they asked the board not to share what they did disclose with the public. The elections board released the companies’ responses — as required by law — under a public records request from The AP. Election security watchdogs remain frustrated.

National: Thousands of election systems running software that will soon be outdated: report | Tal Axelrod/The Hill

The vast majority of the nation’s 10,000 election jurisdictions are using an operating system that will soon be outdated, according to an Associated Press analysis. Those jurisdictions using Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts will reach its “end of life” on Jan. 14 — meaning Microsoft will no longer provide technical support or produce “patches” to deal with vulnerabilities that hackers could possibly exploit. Microsoft told the AP in a statement Friday that it would offer continued Windows 7 security updates for a fee through 2023. The company did not immediately respond to a request for comment from The Hill. Critics told the AP that the obsolescence was an example of what happens when private companies determine the security level of election systems without federal guidelines. Vendors defended themselves, saying they’ve been making consistent improvements on security, but state officials said they were wary of federal involvement in state and local races.

National: Who Will Clean Up America’s Voter Rolls? | Mark Hemingway/RealClearPolitics

Los Angeles County has too many voters. An estimated 1.6 million, according to the latest calculations – which is roughly the population of Philadelphia. That’s the difference between the number of people on the county’s voter rolls and the actual number of voting age residents. This means that L.A. is in violation of federal law, which seeks to limit fraud by requiring basic voter list maintenance to make sure that people who have died, moved, or are otherwise ineligible to vote aren’t still on the rolls. Los Angeles County has made only minimal efforts to clean up its voter rolls for decades. It began sending notices to those 1.6 million people last month to settle a lawsuit brought by the conservative watchdog group Judicial Watch. Los Angeles County may be California’s worst offender, but 10 of the state’s 58 counties also have registration rates exceeding 100% of the voting age population. In fact, the voter registration rate for the entire state of California is 101%. And the Golden State isn’t alone. Eight states, as well as the District of Columbia, have total voter registration tallies exceeding 100%, and in total, 38 states have counties where voter registration rates exceed 100%. Another state that stands out is Kentucky, where the voter registration rate in 48 of its 120 counties exceeded 100% last year. About 15% of America’s counties where there is reliable voter data – that is, over 400 counties out of 2,800 – have voter registration rates over 100%.

Florida: Here’s (more) evidence Bill Nelson suffered from bad ballot design in 2018 | Langston Taylor/Tampa Bay Times

Evidence continues to mount that shows former U.S. Senator Bill Nelson’s race for re-election in 2018 was hampered by a ballot design quirk. Florida has already enacted a law that would standardize ballots to avoid a repeat of what happened in part of heavily-Democratic Broward County: a ballot design that made the Senate race “easy to overlook.” It was immediately clear after the Nov. 6 election that far more voters than expected were leaving the Senate box blank. Many of those voters supported other Democrats, like the losing candidate for Governor, Andrew Gillum. In a new academic paper presented Thursday at the Election Sciences, Reform, & Administration Conference, two researchers looked beyond vote totals, drilling down to the individual ballot level. What they found was this: In Broward County, voters who skipped the Senate race likely did so by accident, rather than purposely avoiding the race. Broward County ballots put voting instructions in the first column, rather than stripped across the top. That design pushed the Senate race far down the page, isolating it from other marquee contests.

Idaho: Error left tax-paying Boise residents off city voter rolls | Hayley Harding/Idaho Statesman

Blue Valley Mobile Home Park, a community of about 900 people in Boise’s far southeast corner, was annexed into the city in 2014. But when it came to city elections, Blue Valley voters were disenfranchised. A clerical error kept about 150 voters off the city voting rolls in the 2015 city election and 190 in the 2017 election, according to county Elections Director, even though property owners were paying city taxes by then. Voters in Blue Valley were added to city rolls in June, Levine said Wednesday, after Blue Valley residents realized what had happened and complained. He said officials are looking into how the problem occurred and who is responsible. One resident, Jennifer Wiley, told the Statesman that she went to her polling place to vote in the 2015 mayoral race just to be turned away. An Idaho Statesman reporter who reviewed voting rolls was unable to find a single Blue Valley address on more than a hundred pages of voting rolls for November city elections in those years — the first two elections in which Blue Valley residents should have been able to vote. Blue Valley, along with other homes near the neighborhood, is assigned to Precinct 1803 in Ada County. When Wiley got to her polling place, poll workers told her she wasn’t eligible to vote in the city election.

Illinois: Audit: State’s technology department full of waste, unequipped to deal with disaster | Jerry Nowicki/Northwest Herald

In its first two years of existence, the state’s lead technology agency was not equipped to handle technology disasters, maintained servers and computers with inadequate or nonexistent anti-virus protection, failed to implement cybersecurity controls, and did not properly document purchases or property inventory, according to areport from the Illinois Auditor General’s office.  The audit of the Illinois Department of Innovation and Technology — a state agency created in January 2016 through an executive order signed by former Republican Gov. Bruce Rauner — also found that an effort to consolidate financial, human capital and procurement functions for all state agencies will cost $150 million more than initially estimated over a six-year implementation period. The Enterprise Resource Planning System, launched during former Democratic Gov. Pat Quinn’s administration and overseen by the Illinois Department of Central Management Services before being taken over by DOIT, will cost just under $400 million by 2021, up from an initial estimate of $250 million. These findings were among 30 listed in Auditor General Frank Mautino’s report for fiscal years 2017 and 2018, the first two years of operation for the department created to “deliver best-in-class innovation and technology to client agencies.” Jennifer Schultz, a spokeswoman for DOIT, said failure to execute the requirements of the executive order was due to a number of factors, including state government dysfunction.