Virginia: Georgia officials visit Virginia to review paper ballot audits | Mark Niesse/The Atlanta Journal-Constitution

Georgia election officials observed audits of paper ballots in Virginia this week to learn how to conduct similar checks for accuracy when the state installs its new voting system next year. The trip comes as the Secretary of State’s Office is crafting standards for election audits that must be in place by the November 2020 election.“Georgia has an opportunity to increase voter confidence and strengthen election security by designing effective risk-limiting audits,” said Marian Schneider, president of Verified Voting, a national election integrity organization. “After observing the audit pilots in Virginia this week, Georgia election officials are better equipped to adopt best practices and design robust post-election audits that ensure the outcome reported by tabulation machines is correct.”Elections Director Chris Harvey and Deputy General Counsel Kevin Rayburn witnessed pilot audits in the city of Manassas, Prince William County and Loudoun County on Monday and Tuesday.They learned about how Virginia elections officials store and handle ballots, take random samples for audits and examine voters’ selections. Virginia switched to paper ballots statewide in 2017.Georgia will replace its 17-year-old electronic voting machines next year with a system that produces a printed-out paper ballot.“As Georgia moves toward our new auditable paper-based system, it is important that we learn from other successful states,” said Secretary of State Brad Raffenspeger. “We’re looking forward to instituting industry best practices in order to give Georgians the most accurate voting experience to ensure voter confidence.”With Georgia’s new $107 million system, voters will pick their candidates on touchscreens that are connected to printers that create paper ballots. Voters will then be able to review their ballots before inserting them into scanners for tabulation.

National: Republicans and Democrats agree that the U.S. should strengthen election security. So why doesn’t Mitch McConnell? | Evan Crawford/The Washington Post

The Senate Intelligence Committee recently released the first volume in what will be a series of reports on Russian interference in the 2016 election. Here’s the most startling thing we learned: Russian hackers targeted election infrastructure not just in 21 or 39 states, as previously reported — but in 50 states. These efforts ranged from scanning state election websites to test for vulnerability to gaining access to the Illinois voter database and being “in a position to delete or change voter data,” according to the Senate report, though no evidence has emerged that any data was actually changed. In response, the committee made recommendations to ensure a more secure 2020 election. Election experts have long been calling for many of these actions, including increased communication between federal, state and local election officials; post-election audits; and updated voting equipment. Many of these measures were part of a bill that the House passed, the Securing America’s Federal Elections Act. But Senate Majority Leader Mitch McConnell (R-Ky.) has effectively blocked this legislation from being considered in the Senate. So where does the public stand on these issues? There’s a bipartisan consensus about election security.

National: Alex Halderman Speaks About Election Cybersecurity at CyberSec & AI Prague Conference | Avast/Security Boulevard

Alex Halderman was researching election hacking a decade before the 2016 U.S. presidential race made it front-page news. The computer science professor at the University of Michigan brought change to India’s elections, turned a U.S. voting machine into a Pac-Man arcade game, and warned Congress twice about the vulnerabilities that await 2020’s U.S. elections. Yet he is bringing a decidedly low-tech solution – a return to the backup of a “paper trail” for ballots – to one of cybersecurity’s biggest challenges when he speaks to the top minds in artificial intelligence at the CyberSec & AI Prague conference in October. Halderman has researched elections in India, Estonia, Australia, and the United States and found that – as in other areas of modern life – tech can introduce as well as address cybersecurity problems. “Countries around the world are turning to computer technology and internet-connected systems to try to make elections better, but the fact is that opens up whole new categories of risk.”

National: No Quorum At FEC Means Election Law Enforcement Is On Hold | Brian Naylor/NPR

Barring some kind of miraculous last-minute reprieve, Friday will be the last business day that the Federal Election Commission will be able to function for quite a while, leaving the enforcement of federal campaign finance laws unattended ahead of the 2020 election. The commission’s vice chairman, Matthew Petersen, announced his resignation earlier this week, to take effect at the end of the month. With Petersen gone, the FEC will be down to three members, and won’t have a quorum. In addition to collecting campaign finance data, the FEC investigates potential campaign finance violations, issues fines and gives guidance to campaigns about following election law — but not without a working quorum of at least four commissioners. “To not have the FEC able to take action right now is deeply concerning,” says Daniel Weiner, a former senior counsel at the FEC, who’s now with the Brennan Center for Justice at New York University law school. In particular, Weiner is concerned about another attempt by Russia or other actors to interfere in the 2020 election.

National: Fancy Bear Dons Plain Clothes to Try to Defeat Machine Learning | Robert Lemos/Dark Reading

An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses. The APT28 cyber-espionage group, often called “Fancy Bear” and linked to Russia, has stripped much of the malicious functionality from its initial infector, hiding it in a sea of benign code, according to an analysis published today by Cylance, a subsidiary of Blackberry. The approach shows that the group has developed greater operational sophistication, says Josh Lemos, vice president of research and intelligence at Cylance (and no relation to the author). The authors of the implant appear to be trying to hide in plain site by using well-known libraries, such as OpenSSL, and a widely used compiler, POCO C++, resulting in 99% of the more than 3 megabytes of code being classified as benign, according to Cylance’s analysis. Those steps, taken along with other newly adopted tactics, suggest the group is trying a different approach to dodge evolving defenses, Lemos says.

National: Blockchain e-voting: Backed by US candidate, hacked in Moscow | Sarah Wray/SmartCitiesWorld

The debate over blockchain-based political voting re-emerged recently as Democratic US presidential hopeful Andrew Yang backs the technology to boost voter numbers and security, while a French researcher has hacked into the blockchain-based voting system which officials plan to use next month for the 2019 Moscow City Duma election. On his campaign website, Yang states that voting should be available via mobile devices with verification through blockchain. He argues that modernising voting with decentralised ledger technology could increase security, reduce inconsistent processes between states and restore confidence in democracy. Philip Boucher, a European Policy Research Service (EPRS) policy analyst, explains the theory behind blockchain voting: “In elections, we usually have a central authority that records, checks and counts all of the votes. With blockchain, the process is decentralised so everyone can hold a copy of the full voting record on their own devices. The data is encrypted to protect the identity of individual voters. Illegitimate votes cannot be added and the historical record cannot be changed because everyone holds a copy and can check that all of the votes comply with the rules and are counted properly.” Some have even suggested that in future, blockchain votes could be encoded into ‘smart contracts’ so that the results automatically take effect “like a self-implementing manifesto”. Several countries and local authorities have explored or experimented with the idea of digital voting.

Editorials: Why November 4, 2020 could be a very bad day | Chris Cillizza/CNN

Since almost the moment Donald Trump won the White House in 2016, people have had November 3, 2020 — aka Election Day — circled on their calendars. For Trump haters, that first Tuesday in November next year is the moment when they can put an end to what they believe is a colossal mistake. For Trump backers, Election Day 2020 is their chance to prove that 2016 was no fluke — and that they want another four years of the billionaire businessman in the White House. But what if the vote on November 3, 2020 doesn’t actually settle anything? There’s been polling evidence for some time that Americans are losing faith in the ability of Americans elections to be conducted fair and squarely. In an NPR/Marist University poll conducted just before the 2018 midterm elections, almost half — 47% — of respondents said that they lacked faith that all votes cast would be counted fairly. That number was even higher among non-white voters — of whom almost 6 in 10 said it was likely not all votes would be counted. Two in 5 voters said they did not believe American elections were fair in that same poll. Other more recent data suggests there is no slackening in the doubts about fair elections. And after the events of the last three years, it’s not hard to see why there’s rising doubt among the public about fair elections.

Editorials: Trump’s hostility to election security preparedness | Elaine Kamarck/Brookings

From the very beginning of his presidency, Donald Trump has denied or downplayed Russian interference in the 2016 campaign. He has, at various times, dismissed the whole idea as a hoax, as fake news, or as an excuse by Democrats for why they lost the election. At other times, he has proclaimed his innocence vis-à-vis Russian campaign interference. From the earliest days of his presidency when he fired FBI Director James Comey in an effort to stop the investigation, he has denigrated and dismissed the entire issue. In its place he has insisted that the real problem in 2016 was not Russian interference but rather illegal voting by immigrants. The president’s beliefs have put him at odds with his own government and his own appointees, creating some awkward moments as the machinery of the federal government comes into conflict with the tweets of the chief executive. In spite of the president’s antipathy towards the effort, the gears of government managed to grind on, even in the White House. On September 12, 2018, President Trump issued Executive Order 13848 titled “Executive Order on Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election.” The order requires a post-election audit by the intelligence community, under the direction of the ODNI (Office of the Director of National Intelligence) and mechanisms to place sanctions—such as confiscation of property—on those who take actions to interfere in U.S. elections.

Georgia: Mystery of missing votes deepens as Congress investigates Georgia | Mark Niesse/The Atlanta Journal-Constitution

To find a clue about what might have gone wrong with Georgia’s election last fall, look no further than voting machine No. 3 at the Winterville Train Depot outside Athens. On machine No. 3, Republicans won every race. On each of the other six machines in that precinct, Democrats won every race.The odds of an anomaly that large are less than 1 in 1 million, according to a statistician’s analysis in court documents. The strange results would disappear if votes for Democratic and Republican candidates were flipped on machine No. 3.It just so happens that this occurred in Republican Brian Kemp’s home precinct, where he initially had a problem voting when his yellow voter access card didn’t work because a poll worker forgot to activate it. At the time, Kemp was secretary of state — Georgia’s top election official — and running for governor in a tight contest with Democrat Stacey Abrams.The suspicious results in Winterville are evidence in the ongoing mystery of whether errors with voting machines contributed to a stark drop-off in votes recorded in the race for Georgia lieutenant governor between Republican Geoff Duncan, who ended up winning, and Democrat Sarah Riggs Amico.Even though it was the second race on the ballot, fewer votes were counted for lieutenant governor than for labor commissioner, insurance commissioner and every other statewide contest lower on the ballot. Roughly 80,000 fewer votes were counted for lieutenant governor than in other down-ballot elections. The potential voting irregularities were included among 15,500 pages of documents obtained by The Atlanta Journal-Constitution that have also been turned over to the U.S. House Oversight and Reform Committee, which is looking into Georgia’s elections. The documents, provided under the Georgia Open Records Act, offer details of alleged voting irregularities but no answers.

Iowa: Fearing Hackers, D.N.C. Plans to Block Iowa’s ‘Virtual’ Caucuses | Reid J. Epstein/The New York Times

The Democratic National Committee is preparing to block Iowa Democrats’ plans to allow some caucusgoers to vote by phone next year, bowing to security concerns about the process being hacked, according to four people with knowledge of the decision. The committee’s announcement, expected to come by Friday afternoon in the form of a recommendation to the party’s Rules and Bylaws Committee, serves as a major setback to Democrats who have long hoped to expand the caucus-state electorate beyond those voters able to attend a winter-night gathering for several hours. The Iowa Democrats’ plan would have allowed voters not attending a traditional caucus to register their preference during one of six “virtual caucuses” over the phone. But D.N.C. security officials told the rules committee at a closed-door session in San Francisco last week that they had “no confidence” such a system could remain safe from hostile hackers. The D.N.C.’s leadership concluded that the technology that exists is not secure and poses too large a risk of interference from a foreign adversary, according to officials with knowledge of the deliberations. Several presidential campaigns expressed concern to top party officials that Iowa’s results could be compromised, people familiar with the discussions said Thursday.

Maryland: Maryland was never in play in 2016. The Russians targeted it anyway. | Dana Priest/The Washington Post

Russia’s Twitter campaign to influence the 2016 presidential election in Maryland began in June 2015, 17 months before Election Day, when the St. Petersburg-based Internet Research Agency opened an account it called @BaltimoreOnline and began tweeting about local news events. Its third tweet was a retweet of a WBAL-TV story about a 5-year-old boy who’d shot himself in the foot in an alley on North Mount Street, the same street where 11 blocks away Freddie Gray encountered police who loaded him into a police van for a race across the city that left him fatally injured. The tweet fit neatly into what would become a pattern for Russian activities in Maryland, a solidly Democratic state that hadn’t favored a Republican presidential candidate since 1988 and wasn’t in play in 2016. Yet, the IRA, the Russian troll factory U.S. prosecutors blame for the massive disinformation campaign during the 2016 campaign, devoted enormous attention and preparation to its Maryland campaign, all in a likely effort, experts say, to widen racial divisions and demoralize African American voters.

Mississippi: ‘It’s a hell of a big mess:’: Malfunction allows improper party crossover voting | Sarah Fowler/Jackson Clarion Ledger

Voters who cast ballots for one party in the Aug. 6 primary may have improperly voted for a different party in Tuesday’s runoff due to machine malfunctions, according to the Hinds County GOP.  Pete Perry, Hinds County Republican Party chairman, said he was first alerted to an issue at Casey Elementary precinct around 9:15 a.m. Tuesday. The school is one of the 108 precincts in Hinds County. According to a poll worker, people who voted Democratic in the primary were allowed to vote in the Republican runoff, Perry said. A spokesperson for the Hinds County Election Commission could not be reached for comment. According to Perry, the “party lock” on machines provided by Election Systems and Software is not functioning. This means voters who cast a ballot for a Democratic candidate in the primary are being erroneously allowed to vote in the Republican runoff.  Mississippi has no party registration and is an open primary state. But if voters  vote for one party in the primary, they are only allowed to vote for that same party in a runoff. For example, if a voter voted on the Democratic ticket in August, they would not be allowed to vote in Tuesday’s Republican runoff for governor. However, Perry said, “we know that’s already happened.”

Mississippi: Video captures glitching Mississippi voting machines flipping votes | Lisa Vaas/Naked Security

“It is not letting me vote for who I want to vote for,” a Mississippi voter said in a video that shows him repeatedly pushing a button on an electronic touch-screen voting machine that keeps switching his vote to another candidate. Walker said in a comment that the incident happened in Oxford, Miss., in Lafayette County. A local paper, the Clarion Ledger, reported that as of Tuesday night, there were at least three reports confirmed by state elections officials of voting machines in two counties changing voters’ selections in the state’s GOP governor primary runoff. The machines were switching voters’ selections from Bill Waller Jr.- a former Supreme Court Chief justice – to Lt. Gov. Tate Reeves. Waller’s campaign told the Clarion Ledger it also received reports of misbehaving voter machines in at least seven other counties. Waller conceded to Reeves around 9 p.m. on Tuesday night. With Reeves leading 54% to Waller’s 46%, it looks unlikely that the glitches affected the outcome. Before the malfunctioning machine was discovered in Lafayette County, the machine – reportedly a paperless AccuVote TSX from Diebold – only recorded 19 votes, according to Anna Moak, a spokeswoman for the Secretary of State’s Office. A technician was dispatched, and the machine is being replaced, she said.

Nevada: DNC to recommend scrapping Iowa, Nevada virtual caucus plans | Associated Press

The Democratic National Committee will recommend scrapping state plans to offer virtual, telephone-based caucuses in 2020 due to security concerns, sources tell The Associated Press. The final choice whether to allow virtual caucuses in Iowa and Nevada is up to the party’s powerful Rules and Bylaws Committee. But opposition from DNC’s executive and staff leadership makes it highly unlikely the committee would keep the virtual caucuses, leaving two key early voting states and the national party a short time to fashion an alternative before the February caucuses. The state parties had planned to allow some voters to cast caucus votes over the telephone in February 2020 instead of showing up at traditional caucus meetings. Iowa and Nevada created the virtual option to meet a DNC mandate that states open caucuses to more people, but two sources with knowledge of party leaders’ deliberations say there are concerns that the technology used for virtual caucuses could be subject to hacking. The sources spoke on condition of anonymity because they were not authorized to disclose internal party discussions.

Pennsylvania: Election security, transparency and millions of dollars: Questions answered as Allegheny County looks to buy new voting machines. | J. Dale Shoemaker/PublicSource

If you’ve tuned into the news at any point over the past three years, chances are you’ve heard that the Russian government meddled in the 2016 presidential election. Russian interference, “in sweeping and systematic fashion,” was a key — and much publicized — finding of Special Counsel Robert Mueller’s report to the U.S. Attorney General earlier this year. But a less prominent finding was that Russia’s meddling also targeted state and county officials in an attempt to access voter rolls and voting systems. According to Mueller, Russia successfully accessed voter rolls in Illinois and even hacked one of the companies that sells election equipment to states and counties. The potential for future attacks, particularly during the 2020 presidential election, has worried some elections experts and advocates in Allegheny County and beyond. But now, as Allegheny County and many other Pennsylvania counties are in the process of buying new voting machines, there is an opportunity to select equipment that will maintain integrity at the polls. The state government, as part of a lawsuit settlement, has directed all counties to implement a voting system with a paper trail by the 2020 primaries. By 2022, counties must have a system in place to automatically audit election results to ensure they’re accurate. At present, a search committee comprised of 10 Allegheny County employees has issued a report assessing the cost and security protocols of nine different voting systems from four companies. Some are paper based, some are computer based.

Estonia: E-voting workgroup recommends more audits and observers | ERR

Experts put forward suggestions and recommendations at the second meeting of the e-election working group on Wednesday, commissioned by minister Kert Kingo (EKRE). Over the past month, committee members have submitted 30 suggestions for improvements. At the second meeting suggested proposals were put forward in three areas. Head of the working group Raul Rikk said that firstly more resources should be made available so that several independent auditors can check the processes of e-voting. He said this would increase their credibility in Estonia and around the world. The group is also proposing that the number of people involved in conducting and supervising elections should increase and to raise the number of independent observers at election counts. Rikk said this could be done, for example, by making it obligatory for a representative from each political party to attend the election counts. Experts could also be invited to follow the process or IT students could be encouraged to write reports. These changes would help to increase the number of people in society who have received training in the electoral process and understand the structure of the system, Rikk said.

Finland: Security agencies collaborate after cyber attacks | Gerard O’Dwyer/Computer Weekly

Finland’s National Bureau of Investigations (NBI) has joined forces with the National Cyber Security Centre (NCSC) to investigate a series of significant cyber attacks against state-run public services websites in the country in August. The most serious targeted attacks left the national police service and other public websites inaccessible to users. The NBI and the NCSC now plan to work more closely with public and private organisations to increase expertise and capability to better defend Finland’s critical IT infrastructure against cyber attacks. Hackers launched a sustained denial-of-service (DoS) assault on a number of popular public websites on 21 August that caused serious disruption to server functionality, connectivity and public services. The DoS strike was latest hostile cyber assault by hackers targeting high-profile public services websites in Finland. Previously, hackers had launched attacks against the City of Lahti’s municipal computer system and the IT system managing the official online results for the Finnish parliamentary elections in April.

Italy: The Five Star digital voting platform that could threaten a government deal in Italy | Franck Iovene/AFP

If Italy’s political parties can agree on a government deal, it would still need to clear a final hurdle: the online voting platform of the Five Star Movement (M5S), which has long championed so-called ‘digital democracy’.
The platform, named after the 18th-century French philosopher Jean-Jacques Rousseau, is supposed not only to empower ordinary citizens but guarantee transparency — but it has been slammed as secretive and vulnerable to cyber attacks. Launched in 2016, it currently has some 100,000 members, M5S chief Luigi Di Maio said in July. But critics have lamented a lack of official documentation or certification from a third party to attest that this figure is correct. The M5S’s blog says the number of people registered on “Rousseau” rose from 135,000 in October 2016 to nearly 150,000 in August 2017, before dropping to 100,000 a year later. But political analysts say it cannot be seen as representative of M5S supporters, as the membership numbers are a drop in the ocean compared to the 10.7 million Italians who voted for M5S in the 2018 general election.

National: FEC vice chairman resigns, leaving agency unable to vote | Maggie Miller/The Hill

The vice chairman of the Federal Election Commission (FEC) submitted his resignation letter to President Trump on Monday, leaving the agency without the necessary number of commissioners to vote on proposed actions. Matthew Petersen, a Republican who has served as a commissioner since 2008, wrote that he will formally step down on Aug. 31. “Throughout my service, I have faithfully discharged my duty to enforce the law in a manner that respects free speech rights, while also fairly interpreting the relevant statutes and regulations and providing meaningful notice to those subject to FEC jurisdiction,” Petersen wrote. “I am honored to have served the American people in this capacity and to have fulfilled the oath taken 11 years ago.” A spokesperson for the FEC confirmed Petersen’s resignation, declining to comment further. His departure leaves the agency with only three of the four members required to vote on proposed actions.

National: As Russia Eyes 2020, America’s Election Watchdog Is Out of Commission | Nicole Goodkind/Newsweek

The Federal Election Commission, an independent agency that enforces all campaign finance law and ensures the integrity of political campaigns, lost its vice chairman Monday evening, essentially rendering the agency useless. In order to take any official enforcement or regulatory action, the agency is required to have a quorum of four members on its board, but the resignation of Matthew Petersen, effective this week, leaves the commission with only three members, all of whom are still working even though their six-year terms of service have all expired. There were already three vacancies before this week’s kerfuffle. The FEC issued about $33.6 million in fines between 1999 and 2008, but over the last 10 years that dropped to $11.4 million. Yet, election security has become an increasingly important issue. Just last month, former special counsel Robert Mueller ominously warned Congress that Russia had lofty plans to interfere in the next election. “They’re doing it as we sit here and they expect to do it during the next campaign,” he said.

National: Ransomware threat raises National Guard’s role in state cybersecurity | Benjamin Freed/StateScoop

National Guard units already play a large role in state governments’ cybersecurity activities, such as protecting election systems, but the threat of ransomware to cripple a state or city organization is a growing concern for uniformed personnel, the top military official overseeing the National Guard across the United States said. While Americans are long used to seeing guardsmen and women roll into to disaster-stricken areas after a hurricane or wildfire, deployments following cyberattacks are increasingly common, Air Force Gen. Joseph Lengyel said Friday on a conference call with reporters, likening the recent ransomware incidents in Texas and Louisiana to a “cyber storm,” though not quite a “cyber hurricane.” “We’re seeing the whole of the first responder networks come to assist and mitigate the damage and get everything back up and running, and the National Guard is part of that response,” he said.

National: U.S. officials fear ransomware attack against 2020 election | Christopher Bing/Reuters

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. “We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet. The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta. “Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

National: Federal officials working with states to protect elections | Andrew Selsky/Associated Press

Huddled in small groups in a remote town in Oregon, county and state elections officials tried to overcome hacking attempts, power failures and other problems as election day approached and finally arrived. It was a tabletop exercise, held as federal officials work to bolster defenses against interference in the 2020 elections, with states being a main line of defense against attempts by Russia or others to disrupt the elections. Officials from the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency traveled to La Grande, a town located in ranching country in northeast Oregon, for Wednesday’s exercise with county and state officials. During the event held on the campus of Eastern Oregon University, the officials had to work through various scenarios, like official websites being hacked, disinformation being spread on social media and electrical power and communications going down, Oregon Elections Director Stephen Trout said in a telephone interview. Disinformation involves deliberately spreading falsehoods and rumors, while misinformation — another election security threat that experts point to — entails simply disseminating incorrect or misleading information.

Editorials: Prediction: 2020 election is set to be hacked, if we don’t act fast | Adam K. Levin/The Hill

Since 1993, hackers have traveled to Las Vegas from around the world to demonstrate their skills at DefCon’s annual convention, and every year new horrors of cyber-insecurity are revealed as they wield their craft. Last year, for example, an eleven-year-old boy changed the election results on a replica of the Florida state election website in under ten minutes. This year was no exception. Participants revealed all sorts of clever attacks and pathetic vulnerabilities. One hack allowed a convention attendee to commandeer control of an iPhone with a non-Apple-issue charging cord, one that is identical to the Apple version. Another group figured out how to use a Netflix account to steal banking information. But for our purposes, let’s focus on election security because without it democracy is imperiled. And if you think about it, what are the odds of something like DefCon being permitted in the People’s Republic of China? Speaking of China (or Russia or North Korea or Iran or…) will the 2020 election be hacked? In a word: Yes.

National: Groups push lawmakers for hearings on voting machine security | Maggie Miller/The Hill

Voting rights and election security groups on Monday urged two House and Senate committees to hold hearings on the security of voting machines. The groups, which include the National Election Defense Coalition, Electronic Privacy Information Center, R Street Institute and Public Citizen, asked the House Administration Committee and the Senate Rules and Administration Committee in a letter to schedule election security hearings that include testimony from voting machine vendors and election security experts. “The security of our nation’s elections is acutely dependent on the vendors that supply our computerized voting systems,” the groups wrote. “The voting system vendors have operated with little oversight and no regulation for decades.” “Given the gravity and urgency of this issue, we write to you to urge the committees to hold a hearing on election system security featuring sworn testimony from officers of the voting system vendors to shed more light on their practices which directly impact the security of the nation,” they added. The groups cited reports in recent months that certain voting systems rely on outdated Windows 7 operating systems, that one major election machine vendor installed remote access software on its election systems and concerns about a lack of transparency from voting machine vendors.

Florida: Election security audit complete but details unclear | Mike Vasilinda/WIXT

A security audit of all 67 Florida counties ordered by Gov. Ron DeSantis has been completed, but once a report is published, it’s not going to advertise what problems were found.  “The secretary, basically, reported to us they had visited all 67 counties already,” said Okaloosa County Supervisor of Elections Paul Lux, who is the former president of the Florida State Association of Supervisors of Elections. “And they are in the process of producing a remediation report and we’ll go from there.” Lux added he was not aware of how much remediation has been ordered. DeSantis ordered the security audit in May after Special Counsel Robert Mueller’s report said Russians successfully hacked two Florida counties in 2016. “There was no manipulation. It didn’t have any effect,” DeSantis said in May. But he said the FBI would not let him name the counties, partly because the FBI said it would help the hackers learn how they were detected.

Iowa: Secretary of State raises concerns of cyber threats to elections | Rod Boshart/The Courier

Iowa Secretary of State Paul Pate on Wednesday likened the ongoing struggle against forces trying to hack the state’s election network to a “war.” “It’s a war for public opinion, and it’s a war, if you will, for minds rather than a physical one,” Pate said in pointing to efforts by Russians, North Koreans, Chinese and others trying to disrupt the U.S. election process and weaken the American public’s trust. “Their manipulation of the social media, their manipulation of certain types of probes that they’re doing is to try to create doubt, to make Americans question their elections process,” Pate told reporters. “So, yes, I consider that a war. I consider it something we need to push back and not tolerate.” Pate raised concerns about challenges to Iowa’s election process during a breakfast meeting with members of the Westside Conservative Club. He also shared his worries that any snafu in the upcoming 2020 Democratic “virtual” caucuses could have a “devastating” impact and jeopardize Iowa’s starting position in the presidential selection process every four years.

Florida: Russian hackers likely to target Florida again in 2020 election, experts warn | Peter Stone/The Guardian

Florida’s record as a vital swing state made it a target for meddling in the 2016 election when Russians breached two county voting systems and a software vendor and now concerns are being raised about voting security in the state for the 2020 ballot, say election and cyber security experts, federal reports and Democrats. With FBI director Christopher Wray and other intelligence officials predicting more Russian and possibly other foreign interference in the next elections, experts say Florida is again a likely target for Russian hackers, or others bent on disrupting voting, which potentially could alter tallies and create other problems. “Obviously, Florida will be a critical state in 2020 and Florida election officials should assume they will be targeted again,” said Larry Norden, who runs the election reform program at the Brennan Center for Justice. Election security experts are concerned about several potential problem areas, including software that stores sensitive voter registration data, the short timetable for any post-election audits and Florida’s history of voting snafus. Some of Florida’s election problems in 2016 were highlighted in April by special counsel Robert Mueller’s report about Russian interference and in a July Senate intelligence committee study on Russian meddling and election security issues nationwide.

Montana: ExpressVote Voting Machines Could Debut In Montana This November | MTPR

The Montana Secretary of State’s office plans to sign-off on a new touchscreen voting system designed for voters with disabilities that could be used at county polling sites as early as this November. The ExpressVote system resembles a touchscreen desktop computer or ATM. Voters insert a ballot, scroll through pages of candidates or initiatives and make their picks, and then hit print. The system includes audio, visual, and other aids designed to help individuals with disabilities vote. A separate machine does the vote counting. The Secretary of State’s Office and system developer ES&S ran demonstrations of the device Monday in the state Capitol ahead of an official certification event scheduled Tuesday. Staff with the Secretary’s office say the ExpressVote system is replacing an outdated device from the early 2000s that was also designed for people with disabilities. The state is using $750,000 of a $3 million federal grant to buy the equipment, with counties chipping in matching funds if they want to take part in the upgrade.

North Carolina: State certifies barcode ballot voting systems despite security concerns | Jordan Wilkie/Carolina Public Press

Amid threats of litigation from all sides, the North Carolina State Board of Elections voted 3-2 Friday afternoon to certify a voting system that experts say is insecure, voting rights groups advocated against and many public comments opposed.Chairman Damon Circosta, a Democrat, in his first meeting after being appointed by Gov. Roy Cooper, voted against a motion to make voting system certification requirements more stringent. The board’s two Republican members, David Black and Kenneth Raymond, voted with Circosta.The new certification requirements, proposed by Dr. Stella Anderson and supported by fellow Democrat Jeff Carmon III, would have precluded one voting-machine vendor, Election Systems and Software (ES&S), from having its system certified.The room for Friday’s meeting was packed with voters and advocates from civil rights and voting rights organizations, such as Democracy NC, which seeks to improve voter turnout in elections.“This is disappointing,” Democracy NC executive director Tomas Lopez said. “But the decision on what ultimately gets purchased is with the counties, and with the county boards of elections in particular.” Two counties, Davie and Transylvania, submitted letters to the board asking that existing certification requirements not be changed. Both counties use voting-machine-for-all systems, using old technology that the state will decertify on Dec. 1.