Virginia: Georgia officials visit Virginia to review paper ballot audits | Mark Niesse/The Atlanta Journal-Constitution

Georgia election officials observed audits of paper ballots in Virginia this week to learn how to conduct similar checks for accuracy when the state installs its new voting system next year. The trip comes as the Secretary of State’s Office is crafting standards for election audits that must be in place by the November 2020 election.“Georgia has an opportunity to increase voter confidence and strengthen election security by designing effective risk-limiting audits,” said Marian Schneider, president of Verified Voting, a national election integrity organization. “After observing the audit pilots in Virginia this week, Georgia election officials are better equipped to adopt best practices and design robust post-election audits that ensure the outcome reported by tabulation machines is correct.”Elections Director Chris Harvey and Deputy General Counsel Kevin Rayburn witnessed pilot audits in the city of Manassas, Prince William County and Loudoun County on Monday and Tuesday.They learned about how Virginia elections officials store and handle ballots, take random samples for audits and examine voters’ selections. Virginia switched to paper ballots statewide in 2017.Georgia will replace its 17-year-old electronic voting machines next year with a system that produces a printed-out paper ballot.“As Georgia moves toward our new auditable paper-based system, it is important that we learn from other successful states,” said Secretary of State Brad Raffenspeger. “We’re looking forward to instituting industry best practices in order to give Georgians the most accurate voting experience to ensure voter confidence.”With Georgia’s new $107 million system, voters will pick their candidates on touchscreens that are connected to printers that create paper ballots. Voters will then be able to review their ballots before inserting them into scanners for tabulation.

National: Republicans and Democrats agree that the U.S. should strengthen election security. So why doesn’t Mitch McConnell? | Evan Crawford/The Washington Post

The Senate Intelligence Committee recently released the first volume in what will be a series of reports on Russian interference in the 2016 election. Here’s the most startling thing we learned: Russian hackers targeted election infrastructure not just in 21 or 39 states, as previously reported — but in 50 states. These efforts ranged from scanning state election websites to test for vulnerability to gaining access to the Illinois voter database and being “in a position to delete or change voter data,” according to the Senate report, though no evidence has emerged that any data was actually changed. In response, the committee made recommendations to ensure a more secure 2020 election. Election experts have long been calling for many of these actions, including increased communication between federal, state and local election officials; post-election audits; and updated voting equipment. Many of these measures were part of a bill that the House passed, the Securing America’s Federal Elections Act. But Senate Majority Leader Mitch McConnell (R-Ky.) has effectively blocked this legislation from being considered in the Senate. So where does the public stand on these issues? There’s a bipartisan consensus about election security.

National: Alex Halderman Speaks About Election Cybersecurity at CyberSec & AI Prague Conference | Avast/Security Boulevard

Alex Halderman was researching election hacking a decade before the 2016 U.S. presidential race made it front-page news. The computer science professor at the University of Michigan brought change to India’s elections, turned a U.S. voting machine into a Pac-Man arcade game, and warned Congress twice about the vulnerabilities that await 2020’s U.S. elections. Yet he is bringing a decidedly low-tech solution – a return to the backup of a “paper trail” for ballots – to one of cybersecurity’s biggest challenges when he speaks to the top minds in artificial intelligence at the CyberSec & AI Prague conference in October. Halderman has researched elections in India, Estonia, Australia, and the United States and found that – as in other areas of modern life – tech can introduce as well as address cybersecurity problems. “Countries around the world are turning to computer technology and internet-connected systems to try to make elections better, but the fact is that opens up whole new categories of risk.”

National: No Quorum At FEC Means Election Law Enforcement Is On Hold | Brian Naylor/NPR

Barring some kind of miraculous last-minute reprieve, Friday will be the last business day that the Federal Election Commission will be able to function for quite a while, leaving the enforcement of federal campaign finance laws unattended ahead of the 2020 election. The commission’s vice chairman, Matthew Petersen, announced his resignation earlier this week, to take effect at the end of the month. With Petersen gone, the FEC will be down to three members, and won’t have a quorum. In addition to collecting campaign finance data, the FEC investigates potential campaign finance violations, issues fines and gives guidance to campaigns about following election law — but not without a working quorum of at least four commissioners. “To not have the FEC able to take action right now is deeply concerning,” says Daniel Weiner, a former senior counsel at the FEC, who’s now with the Brennan Center for Justice at New York University law school. In particular, Weiner is concerned about another attempt by Russia or other actors to interfere in the 2020 election.

National: Fancy Bear Dons Plain Clothes to Try to Defeat Machine Learning | Robert Lemos/Dark Reading

An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses. The APT28 cyber-espionage group, often called “Fancy Bear” and linked to Russia, has stripped much of the malicious functionality from its initial infector, hiding it in a sea of benign code, according to an analysis published today by Cylance, a subsidiary of Blackberry. The approach shows that the group has developed greater operational sophistication, says Josh Lemos, vice president of research and intelligence at Cylance (and no relation to the author). The authors of the implant appear to be trying to hide in plain site by using well-known libraries, such as OpenSSL, and a widely used compiler, POCO C++, resulting in 99% of the more than 3 megabytes of code being classified as benign, according to Cylance’s analysis. Those steps, taken along with other newly adopted tactics, suggest the group is trying a different approach to dodge evolving defenses, Lemos says.

National: Blockchain e-voting: Backed by US candidate, hacked in Moscow | Sarah Wray/SmartCitiesWorld

The debate over blockchain-based political voting re-emerged recently as Democratic US presidential hopeful Andrew Yang backs the technology to boost voter numbers and security, while a French researcher has hacked into the blockchain-based voting system which officials plan to use next month for the 2019 Moscow City Duma election. On his campaign website, Yang states that voting should be available via mobile devices with verification through blockchain. He argues that modernising voting with decentralised ledger technology could increase security, reduce inconsistent processes between states and restore confidence in democracy. Philip Boucher, a European Policy Research Service (EPRS) policy analyst, explains the theory behind blockchain voting: “In elections, we usually have a central authority that records, checks and counts all of the votes. With blockchain, the process is decentralised so everyone can hold a copy of the full voting record on their own devices. The data is encrypted to protect the identity of individual voters. Illegitimate votes cannot be added and the historical record cannot be changed because everyone holds a copy and can check that all of the votes comply with the rules and are counted properly.” Some have even suggested that in future, blockchain votes could be encoded into ‘smart contracts’ so that the results automatically take effect “like a self-implementing manifesto”. Several countries and local authorities have explored or experimented with the idea of digital voting.

Editorials: Why November 4, 2020 could be a very bad day | Chris Cillizza/CNN

Since almost the moment Donald Trump won the White House in 2016, people have had November 3, 2020 — aka Election Day — circled on their calendars. For Trump haters, that first Tuesday in November next year is the moment when they can put an end to what they believe is a colossal mistake. For Trump backers, Election Day 2020 is their chance to prove that 2016 was no fluke — and that they want another four years of the billionaire businessman in the White House. But what if the vote on November 3, 2020 doesn’t actually settle anything? There’s been polling evidence for some time that Americans are losing faith in the ability of Americans elections to be conducted fair and squarely. In an NPR/Marist University poll conducted just before the 2018 midterm elections, almost half — 47% — of respondents said that they lacked faith that all votes cast would be counted fairly. That number was even higher among non-white voters — of whom almost 6 in 10 said it was likely not all votes would be counted. Two in 5 voters said they did not believe American elections were fair in that same poll. Other more recent data suggests there is no slackening in the doubts about fair elections. And after the events of the last three years, it’s not hard to see why there’s rising doubt among the public about fair elections.

Editorials: Trump’s hostility to election security preparedness | Elaine Kamarck/Brookings

From the very beginning of his presidency, Donald Trump has denied or downplayed Russian interference in the 2016 campaign. He has, at various times, dismissed the whole idea as a hoax, as fake news, or as an excuse by Democrats for why they lost the election. At other times, he has proclaimed his innocence vis-à-vis Russian campaign interference. From the earliest days of his presidency when he fired FBI Director James Comey in an effort to stop the investigation, he has denigrated and dismissed the entire issue. In its place he has insisted that the real problem in 2016 was not Russian interference but rather illegal voting by immigrants. The president’s beliefs have put him at odds with his own government and his own appointees, creating some awkward moments as the machinery of the federal government comes into conflict with the tweets of the chief executive. In spite of the president’s antipathy towards the effort, the gears of government managed to grind on, even in the White House. On September 12, 2018, President Trump issued Executive Order 13848 titled “Executive Order on Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election.” The order requires a post-election audit by the intelligence community, under the direction of the ODNI (Office of the Director of National Intelligence) and mechanisms to place sanctions—such as confiscation of property—on those who take actions to interfere in U.S. elections.

Georgia: Mystery of missing votes deepens as Congress investigates Georgia | Mark Niesse/The Atlanta Journal-Constitution

To find a clue about what might have gone wrong with Georgia’s election last fall, look no further than voting machine No. 3 at the Winterville Train Depot outside Athens. On machine No. 3, Republicans won every race. On each of the other six machines in that precinct, Democrats won every race.The odds of an anomaly that large are less than 1 in 1 million, according to a statistician’s analysis in court documents. The strange results would disappear if votes for Democratic and Republican candidates were flipped on machine No. 3.It just so happens that this occurred in Republican Brian Kemp’s home precinct, where he initially had a problem voting when his yellow voter access card didn’t work because a poll worker forgot to activate it. At the time, Kemp was secretary of state — Georgia’s top election official — and running for governor in a tight contest with Democrat Stacey Abrams.The suspicious results in Winterville are evidence in the ongoing mystery of whether errors with voting machines contributed to a stark drop-off in votes recorded in the race for Georgia lieutenant governor between Republican Geoff Duncan, who ended up winning, and Democrat Sarah Riggs Amico.Even though it was the second race on the ballot, fewer votes were counted for lieutenant governor than for labor commissioner, insurance commissioner and every other statewide contest lower on the ballot. Roughly 80,000 fewer votes were counted for lieutenant governor than in other down-ballot elections. The potential voting irregularities were included among 15,500 pages of documents obtained by The Atlanta Journal-Constitution that have also been turned over to the U.S. House Oversight and Reform Committee, which is looking into Georgia’s elections. The documents, provided under the Georgia Open Records Act, offer details of alleged voting irregularities but no answers.

Iowa: Fearing Hackers, D.N.C. Plans to Block Iowa’s ‘Virtual’ Caucuses | Reid J. Epstein/The New York Times

The Democratic National Committee is preparing to block Iowa Democrats’ plans to allow some caucusgoers to vote by phone next year, bowing to security concerns about the process being hacked, according to four people with knowledge of the decision. The committee’s announcement, expected to come by Friday afternoon in the form of a recommendation to the party’s Rules and Bylaws Committee, serves as a major setback to Democrats who have long hoped to expand the caucus-state electorate beyond those voters able to attend a winter-night gathering for several hours. The Iowa Democrats’ plan would have allowed voters not attending a traditional caucus to register their preference during one of six “virtual caucuses” over the phone. But D.N.C. security officials told the rules committee at a closed-door session in San Francisco last week that they had “no confidence” such a system could remain safe from hostile hackers. The D.N.C.’s leadership concluded that the technology that exists is not secure and poses too large a risk of interference from a foreign adversary, according to officials with knowledge of the deliberations. Several presidential campaigns expressed concern to top party officials that Iowa’s results could be compromised, people familiar with the discussions said Thursday.

Maryland: Maryland was never in play in 2016. The Russians targeted it anyway. | Dana Priest/The Washington Post

Russia’s Twitter campaign to influence the 2016 presidential election in Maryland began in June 2015, 17 months before Election Day, when the St. Petersburg-based Internet Research Agency opened an account it called @BaltimoreOnline and began tweeting about local news events. Its third tweet was a retweet of a WBAL-TV story about a 5-year-old boy who’d shot himself in the foot in an alley on North Mount Street, the same street where 11 blocks away Freddie Gray encountered police who loaded him into a police van for a race across the city that left him fatally injured. The tweet fit neatly into what would become a pattern for Russian activities in Maryland, a solidly Democratic state that hadn’t favored a Republican presidential candidate since 1988 and wasn’t in play in 2016. Yet, the IRA, the Russian troll factory U.S. prosecutors blame for the massive disinformation campaign during the 2016 campaign, devoted enormous attention and preparation to its Maryland campaign, all in a likely effort, experts say, to widen racial divisions and demoralize African American voters.

Mississippi: ‘It’s a hell of a big mess:’: Malfunction allows improper party crossover voting | Sarah Fowler/Jackson Clarion Ledger

Voters who cast ballots for one party in the Aug. 6 primary may have improperly voted for a different party in Tuesday’s runoff due to machine malfunctions, according to the Hinds County GOP.  Pete Perry, Hinds County Republican Party chairman, said he was first alerted to an issue at Casey Elementary precinct around 9:15 a.m. Tuesday. The school is one of the 108 precincts in Hinds County. According to a poll worker, people who voted Democratic in the primary were allowed to vote in the Republican runoff, Perry said. A spokesperson for the Hinds County Election Commission could not be reached for comment. According to Perry, the “party lock” on machines provided by Election Systems and Software is not functioning. This means voters who cast a ballot for a Democratic candidate in the primary are being erroneously allowed to vote in the Republican runoff.  Mississippi has no party registration and is an open primary state. But if voters  vote for one party in the primary, they are only allowed to vote for that same party in a runoff. For example, if a voter voted on the Democratic ticket in August, they would not be allowed to vote in Tuesday’s Republican runoff for governor. However, Perry said, “we know that’s already happened.”

Mississippi: Video captures glitching Mississippi voting machines flipping votes | Lisa Vaas/Naked Security

“It is not letting me vote for who I want to vote for,” a Mississippi voter said in a video that shows him repeatedly pushing a button on an electronic touch-screen voting machine that keeps switching his vote to another candidate. Walker said in a comment that the incident happened in Oxford, Miss., in Lafayette County. A local paper, the Clarion Ledger, reported that as of Tuesday night, there were at least three reports confirmed by state elections officials of voting machines in two counties changing voters’ selections in the state’s GOP governor primary runoff. The machines were switching voters’ selections from Bill Waller Jr.- a former Supreme Court Chief justice – to Lt. Gov. Tate Reeves. Waller’s campaign told the Clarion Ledger it also received reports of misbehaving voter machines in at least seven other counties. Waller conceded to Reeves around 9 p.m. on Tuesday night. With Reeves leading 54% to Waller’s 46%, it looks unlikely that the glitches affected the outcome. Before the malfunctioning machine was discovered in Lafayette County, the machine – reportedly a paperless AccuVote TSX from Diebold – only recorded 19 votes, according to Anna Moak, a spokeswoman for the Secretary of State’s Office. A technician was dispatched, and the machine is being replaced, she said.

Nevada: DNC to recommend scrapping Iowa, Nevada virtual caucus plans | Associated Press

The Democratic National Committee will recommend scrapping state plans to offer virtual, telephone-based caucuses in 2020 due to security concerns, sources tell The Associated Press. The final choice whether to allow virtual caucuses in Iowa and Nevada is up to the party’s powerful Rules and Bylaws Committee. But opposition from DNC’s executive and staff leadership makes it highly unlikely the committee would keep the virtual caucuses, leaving two key early voting states and the national party a short time to fashion an alternative before the February caucuses. The state parties had planned to allow some voters to cast caucus votes over the telephone in February 2020 instead of showing up at traditional caucus meetings. Iowa and Nevada created the virtual option to meet a DNC mandate that states open caucuses to more people, but two sources with knowledge of party leaders’ deliberations say there are concerns that the technology used for virtual caucuses could be subject to hacking. The sources spoke on condition of anonymity because they were not authorized to disclose internal party discussions.

Pennsylvania: Election security, transparency and millions of dollars: Questions answered as Allegheny County looks to buy new voting machines. | J. Dale Shoemaker/PublicSource

If you’ve tuned into the news at any point over the past three years, chances are you’ve heard that the Russian government meddled in the 2016 presidential election. Russian interference, “in sweeping and systematic fashion,” was a key — and much publicized — finding of Special Counsel Robert Mueller’s report to the U.S. Attorney General earlier this year. But a less prominent finding was that Russia’s meddling also targeted state and county officials in an attempt to access voter rolls and voting systems. According to Mueller, Russia successfully accessed voter rolls in Illinois and even hacked one of the companies that sells election equipment to states and counties. The potential for future attacks, particularly during the 2020 presidential election, has worried some elections experts and advocates in Allegheny County and beyond. But now, as Allegheny County and many other Pennsylvania counties are in the process of buying new voting machines, there is an opportunity to select equipment that will maintain integrity at the polls. The state government, as part of a lawsuit settlement, has directed all counties to implement a voting system with a paper trail by the 2020 primaries. By 2022, counties must have a system in place to automatically audit election results to ensure they’re accurate. At present, a search committee comprised of 10 Allegheny County employees has issued a report assessing the cost and security protocols of nine different voting systems from four companies. Some are paper based, some are computer based.

Estonia: E-voting workgroup recommends more audits and observers | ERR

Experts put forward suggestions and recommendations at the second meeting of the e-election working group on Wednesday, commissioned by minister Kert Kingo (EKRE). Over the past month, committee members have submitted 30 suggestions for improvements. At the second meeting suggested proposals were put forward in three areas. Head of the working group Raul Rikk said that firstly more resources should be made available so that several independent auditors can check the processes of e-voting. He said this would increase their credibility in Estonia and around the world. The group is also proposing that the number of people involved in conducting and supervising elections should increase and to raise the number of independent observers at election counts. Rikk said this could be done, for example, by making it obligatory for a representative from each political party to attend the election counts. Experts could also be invited to follow the process or IT students could be encouraged to write reports. These changes would help to increase the number of people in society who have received training in the electoral process and understand the structure of the system, Rikk said.

Finland: Security agencies collaborate after cyber attacks | Gerard O’Dwyer/Computer Weekly

Finland’s National Bureau of Investigations (NBI) has joined forces with the National Cyber Security Centre (NCSC) to investigate a series of significant cyber attacks against state-run public services websites in the country in August. The most serious targeted attacks left the national police service and other public websites inaccessible to users. The NBI and the NCSC now plan to work more closely with public and private organisations to increase expertise and capability to better defend Finland’s critical IT infrastructure against cyber attacks. Hackers launched a sustained denial-of-service (DoS) assault on a number of popular public websites on 21 August that caused serious disruption to server functionality, connectivity and public services. The DoS strike was latest hostile cyber assault by hackers targeting high-profile public services websites in Finland. Previously, hackers had launched attacks against the City of Lahti’s municipal computer system and the IT system managing the official online results for the Finnish parliamentary elections in April.

Italy: The Five Star digital voting platform that could threaten a government deal in Italy | Franck Iovene/AFP

If Italy’s political parties can agree on a government deal, it would still need to clear a final hurdle: the online voting platform of the Five Star Movement (M5S), which has long championed so-called ‘digital democracy’.
The platform, named after the 18th-century French philosopher Jean-Jacques Rousseau, is supposed not only to empower ordinary citizens but guarantee transparency — but it has been slammed as secretive and vulnerable to cyber attacks. Launched in 2016, it currently has some 100,000 members, M5S chief Luigi Di Maio said in July. But critics have lamented a lack of official documentation or certification from a third party to attest that this figure is correct. The M5S’s blog says the number of people registered on “Rousseau” rose from 135,000 in October 2016 to nearly 150,000 in August 2017, before dropping to 100,000 a year later. But political analysts say it cannot be seen as representative of M5S supporters, as the membership numbers are a drop in the ocean compared to the 10.7 million Italians who voted for M5S in the 2018 general election.