North Dakota: New election equipment going out to counties | Jack Dura/Bismarck Tribune

Burleigh County has received new election equipment being distributed to North Dakota counties over the next few weeks by state election officials. Auditor/Treasurer Kevin Glatt said the county on Monday received 50 ballot scanners, 50 accessibility devices for voters who may have difficulty marking ballots and one central scanner for tabulating absentee ballots. The equipment vendor is now testing the devices after delivery before formal training in September.  "We're excited that we have them," Glatt said. Morton County Auditor Dawn Rhone said she expects the new machines, including 18 ballot scanners, this week, likely on Thursday after the old machines are taken away Wednesday from the courthouse in Mandan. The secretary of state's office in 2015 pressed the Legislature for new election equipment, but funding priorities didn't favor the request, especially during deep budget cuts in 2017.

Rhode Island: Protecting elections in Rhode Island | Providence Journal

Secretary of State Nellie Gorbea’s most important job is to make sure Rhode Island elections are on the up-and-up. Unfortunately, she has unilaterally blocked the public from obtaining information that was previously available in digital form to check on the accuracy of the voter lists she maintains. (In this year’s session, the legislature balked at Ms. Gorbea’s attempt to deny the public such information by law.) And now it turns out that she bought voting machines that could be liable to hacking. The issue came to light recently through a Vice.com investigation, which found that, for a period of time, Rhode Island’s elections system was connected to the internet. The public had been assured the machines were walled off from potential hacking. Researchers were able to find online the reporting system for results from the entire state. Not good. The problem is striking a balance between quick reporting of results — which in itself helps protect our elections from fraud — and making sure machines are free from tampering. Modems in the voting machines Ms. Gorbea bought transmit election results quickly to the state Board of Elections after the polls close.

International: Governments risk cyber attacks if they continue to demand encryption backdoors | Sara Barker/Security Brief

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals. With election time looming, backdoors are perfect targets for cyber attackers who look to target election infrastructure. It was only last year with ‘Five Eyes’ nations (United States, Canada, United Kingdom, Australia, and New Zealand) were lobbying for technology providers to build backdoors into their solutions. According to 384 IT professionals polled at Black Hat USA 2019, 74% believe that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. Furthermore, many professionals believe that backdoors won’t make countries any safer – 72% believe laws that allow governments to access encrypted personal data will not make countries safer from terrorists.

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Canada: Cyber-risk ramps up during elections | Allan Bonner and Brennen Schmidt/Winnipeg Free Press

It’s almost federal election time — that means many Canadian voters will be trying to guess whether political parties will do what they say they will if elected. That’s a difficult guess. But what about judging a political party’s credibility on a policy issue by seeing whether it practises what it preaches? Here’s an easy example: cybersecurity is in the news. It’s in the budget, too. A while ago, the federal government devoted hundreds of millions of dollars to the threat. And every day there’s news from the U.S. about past and present meddling in the political process. There are also serious worries about future elections, and even the need for paper ballots to ensure the meddling isn’t in cyberspace or a cloud somewhere. Fans of detective novels and movies enjoy the denouement at the end when the culprit is exposed.

Russia: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken | Sugandha Lahoti/Security Boulevard

Russia is looking forward to its September 2019 elections for the representatives at the Parliament of the city (the Moscow City Douma). For the first time ever, Russia will use Internet voting in its elections. The internet-based system will use blockchain developed in-house by the Moscow Department of Information Technology. Since the news broke out, security experts have been quite skeptical about the overall applicability of blockchain to elections. Recently, a French security researcher Pierrick Gaudry has found a critical vulnerability in the encryption scheme used in the coding of the voting system. The scheme used was the ElGamal encryption, which is an asymmetric key encryption algorithm for public-key cryptography. Gaudry revealed that it can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. The main problem, Gaudry says is in the choice of three cyclic groups of generators. These generators are multiplicative groups of finite fields of prime orders each of them being Sophie Germain primes. These prime fields are all less than 256-bit long and the 256×3 private key length is too little to guarantee strong security. Discrete logarithms in such a small setting can be computed in a matter of minutes, thus revealing the secret keys, and subsequently easily decrypting the encrypted data. Gaudry also showed that the implemented version of ElGamal worked in groups of even order, which means that it leaked a bit of the message. What an attacker can do with these encryption keys is currently unknown, since the voting system’s protocols weren’t yet available in English, so Gaudry couldn’t investigate further.

Verified Voting Blog: Verified Voting’s Policy on DREs and BMDs

Download VerifiedVoting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices

On November 21, 2019 we revised Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices to remove a reference to parallel testing on page 8 of the original document.

Although the concept of parallel testing has been discussed for more than a decade, we recognize that few if any jurisdictions have actually used it and its utility for detecting any problems with elections has not been demonstrated. Consequently, we are removing the reference.

To see the originally published version, click here.

Today, Verified Voting published its policy statement on Direct Recording Electronic voting systems and Ballot Marking Devices. We published this statement because many jurisdictions either have replaced or are in the process of replacing older vulnerable systems.  In striking contrast to the last time states replaced voting systems after the passage of the Help America Vote Act in 2002, this time the consensus is that voting systems must have a paper record.

But it’s not enough for a voting system to “check the box” on paper – to print paper records that voters may not even notice or examine. To be trustworthy, elections need to be based on voter-marked paper ballots. Whether these ballots are marked by hand or by device, for them to be considered voter-marked, voters should know what they say!

National: DHS cyber agency to prioritize election security, Chinese threats | Maggie Miller/The Hill

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) plans to prioritize election security, cybersecurity at federal agencies, and the “persistent threat” posed by China, among its many goals. The agency laid out its key priorities in a new “strategic intent” document released on Thursday, which CISA Director Christopher Krebs described in the introduction as the “keystone” for the agency. Among Krebs’s operational priorities is addressing Chinese threats to U.S. supply chains and to the rollout of 5G networks, bolstering election security efforts at the state and local level, and protecting the cybersecurity of industrial control systems. Other priorities are protecting federal networks against cyber attacks, such as ransomware incidents that have increasingly spread across the country, and defending “soft targets” and crowded venues from physical threats. CISA is the primary agency responsible for assisting state and local governments with securing elections, replacing the former National Protection and Programs Directorate in a law that took effect last year.

National: Internet-Connected Election Systems Found in 10 U.S. States | Scott Ikeda/CPO Magazine

There has been much talk in the media about interference in United States presidential elections, but most of it has centered around the use of media and disinformation to influence votes. There is a widespread assumption that the voting machines themselves are safe from hacking; though many are electronic, these election systems are not supposed to be connected to the internet. A new report from Vice’s Motherboard indicates that these systems are not nearly as secure as anyone thought they were, including election officials. Researchers told Motherboard that a particular type of election system that is only supposed to connect to the internet for several minutes to transfer votes has been found to sometimes stay connected for months, and in some cases these machines were constantly connected and were exposed for at least a year. The election systems found to be vulnerable are made by a specific manufacturer: Election Systems & Software (ESS). ESS is the largest voting systems company in the country, with at least 260,000 machines in place in 21 states including in some swing states. Security researchers found backend systems that were connected to the internet when they were not supposed to be, distributed across a number of states including the key “battleground” centers of Florida, Michigan and Wisconsin.

National: IT Security Pros: Encryption Backdoors Would Be Election Hacking Risk | Phil Muncaster/Infosecurity Magazine

The IT security community overwhelmingly believes that government-mandated encryption backdoors will put countries at a greater risk of election hacking, according to new Venafi research. The security vendor polled over 380 security professionals at Black Hat USA 2019 in Las Vegas earlier this month, following recent comments by attorney general, William Barr. Like his predecessors, Barr last month claimed that strong data encryption in tech products is effectively creating a “law-free zone” exploited by terrorists and criminals as it “seriously degrades” the ability of law enforcement to detect and prevent crimes. Also like many others, he argued that government-mandated backdoor access “can and must be done,” claiming that if they only tried hard enough, tech firms could find a solution which could enable lawful access to data without undermining security for all users. This argument has been repeatedly shot down, not only by the tech firms themselves, but also world-renowned cryptography experts. Last year they backed senator Ron Wyden’s demands that the FBI explain the technical basis for its repeated claims that encryption backdoors can be engineered without impacting user security.

National: Election Security Lessons from DEFCON 27 | Ciara Torres-Spelliscy/Brennan Center for Justice

Given the extent of foreign interference in the 2016 election, every American should be concerned about election security in 2020. But what can computer hackers teach us about it? To find out, I went to Las Vegas earlier this month to attend DEFCON 27, the largest annual hacking conference in the United States, knowing this was probably my last chance to see a legal election hacking. Voting machines are protected from reverse engineering under the Digital Millennium Copyright Act. But the Library of Congress, which has certain authorities under the law, set a three-year window to allow third parties access to voting machines to test their security. Barring an extension by the Library of Congress, 2019 is the third and last year these hacks are legal. DEFCON is a huge event, and I saw fellow conference-goers all over Las Vegas with their distinctive glowing badges. I was only interested in the DEFCON Voting Village, which included a large assortment of voting equipment for participants to test, hack, and break.

National: Democrats call for a Senate vote on elections reform package | Jennifer McDermott/Associated Press

Democratic congressmen held an event Thursday in Rhode Island to try to pressure Republican Senate Majority Leader Mitch McConnell into allowing a vote on a comprehensive elections and ethics reform package. Maryland Democratic Rep. John Sarbanes, who is the bill’s main author, met with Rhode Island Rep. David Cicilline and Sen. Sheldon Whitehouse in North Providence. The influence of big money in politics is impeding efforts to address climate change, gun violence and prescription drug costs, they said. Activists working on those issues attended the event. “This isn’t just some theory, like wouldn’t it be good to reform government because good government is an abstract idea,” Cicilline said. “It has a direct effect on people’s lives. The corrupting influence of money and its impact on public policy is hurting the American people.”

National: Microsoft ElectionGuard aims to fix America’s broken voting | Mark Wilson/Fast Company

Voting is broken. From the hanging chad debacle of 2000 to the 2018 midterms when decade-old touchscreen computers cast the wrong votes, to long lines outside polling places, our democratic right to elect our own officials is constantly at odds with unreliable equipment and balloting policies that vary from one district to the next. And this is all not to mention that voting machines are absurdly hackable. It’s enough to make people not want to vote at all. But what if you could vote however you wanted to vote? Which could mean at home or, if you’re a person with a disability, with the assistance of specialized hardware? What if you could go online later and ensure your vote was your vote, and that it counted? What if you could write your own piece of software to do a recount of, or audit, your small town’s mayoral election instantly? That’s the vision of ElectionGuard, a new project by Microsoft, which debuted this summer at the Aspen Security Forum. ElectionGuard is an open code standard, that anyone can audit, freely use, and plug into, to create secure digital voting machines that remove many of the barriers of voting. Microsoft teamed up with Tucker Viemeister, a renowned industrial designer who spent years at prestigious firms including Frog, Smart Design, and Rockwell Group designing devices like hair dryers and coffee makers, to build something of a concept car for the future of voting—mostly out of off-the-shelf parts.

Georgia: Voters raise concerns about new voting system to state board | Mark Niesse/The Atlanta Journal-Constitution

Voters told Georgia’s election board Wednesday they’re deeply worried about the security and accuracy of the state’s new voting system and they urged the board to enact strong rules that ensure vote counts are correct. The Secretary of State’s office announced it has started creating standards for recounts, audits and security of paper ballots that will be printed out by voting machines, which are scheduled to be used by Georgia voters statewide during the March 24 presidential primary.The 10 voters who spoke to the State Election Board, which is responsible for making election rules and investigating violations, said they distrust the $107 million voting system that Georgia bought from Denver-based Dominion this month. They doubted that computer-printed ballots will safeguard elections.“If a voter cannot recall every race and choice, she cannot identify whether the machine printout accurately reflects her intentions, or instead added, dropped or changed one of her choices,” said Rhonda Martin, a Fulton County voter. “No valid audit can be conducted on the basis of unverifiable source documents.”

North Carolina: Election officials closely watching state vote on voting systems Friday as 2019, 2020 races loom | Emily Featherston/WECT

Along with everything else it takes to prepare for the upcoming 2019 municipal elections, and the 2020 primaries close on their heels, election officials in southeastern North Carolina are also waiting to see what kind of equipment they will be able to use. On Friday, the North Carolina State Board of Elections is expected to finally make a decision that will dictate what machines voters use to cast a ballot. Most of the attention has been focused on the state’s move away from touchscreen equipment that only generates an electronic ballot, as counties across North Carolina wait to see what equipment will be approved for them to buy. New Hanover County is also waiting for the state’s stamp of approval for the replacement of its outdated voting equipment. New Hanover County last purchased ballot tabulators in 2006, explained county board of elections director Rae Hunter-Havens. Those machines typically have a lifespan of just 10 years — and they are starting to show their age. "We’ve exceeded that end-of-life projection,” Hunter-Havens said, and that means increasing mechanical issues.

Rhode Island: Security expert offers solution to prevent hacking of election computers in Rhode Island next year | Edward Fitzpatrick/The Boston Globe

A computer security expert is proposing a solution that would let the state Board of Elections bolster its cybersecurity on Election Day without having to rip out modems that make the state’s election system vulnerable to cyberattacks. On Aug. 2, the Board of Elections asked Tony Adams, an information security professional who lives in Providence, to write a memo suggesting ways to reduce the risk of hacking on election night, when modems are used to quickly report unofficial results. In an Aug. 14 memo, Adams suggests having the modems report unofficial results to computers that are separate from the state’s core election computer system, which configures ballots and tabulates official results. That way, if hackers did penetrate the system on election night, they couldn’t change the official results or hold the whole system hostage with ransomware, for example, he said. “This idea is so elegant you have to ask: Why didn’t I think of that?” Board of Elections Vice Chairman Stephen P. Erickson said this week. “Because you don’t have to spend a lot of money, it’s relatively simple to implement, and it will substantially increase the level of security -- and the perceived security, which is important.”

Texas: Palo Pinto County to Block State Network Access for Security | David May/Mineral Wells Index

If state officials want to perform a security or other audits of the local elections office, they may have to come to Palo Pinto to do it. Joey Fenley, head of Palo Pinto County’s Information Technology department, said allowing remote access to the county’s network through an offsite connection – such as software using a virtual private network – puts the county’s network at risk of receiving a virus or, worse, ransomware. He said it is a breach of the county’s network security protocols. Fenley questions why the state would perform a network security audit using an insecure method. “It’s done by a third party and you don’t know who they are,” Fenley told the Index.

International: Intel, IBM, Google, Microsoft & others join new security-focused industry group | Catalin Cimpanu/ZDNet

Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. Named the Confidential Computing Consortium, this industry group's goals will be to come up with strategies and tools to accelerate the adoption of "confidential computing." By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer's memory while it's being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants. The easiest way of supporting confidential computing practices is through the use of trusted execution environments (TEEs), also known as enclaves. These are hardware and/or software-enforced private regions of a computer's CPU memory where only certain apps can write and read data.

Argentina: Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares | Eugenia Lostri/Lawfare

On Monday, Aug. 12, hackers leaked 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well, and used not only to share links to the stolen information but also to spread fake news about a nonexistent British attack on Argentine ships. An operation combining the hacking of law enforcement agencies, an attempt to spread misinformation through social media and the leaking of large amounts of sensitive data on the “Deep Web” would seem to check all the boxes for a major news story. But you most likely have not heard about any of this.

India: VVPAT-auditing data and credibility of electronic voting machines | Atanu Biswas/The Tribune

Even as some top politicians are raising doubts and have made references to the alleged manipulation of EVMs (electronic voting machines), millions of voters in the country are getting confused. Common people don’t understand the mechanism of a complicated machine like the EVM. Rather, they depend on the institutions and/or their leaders to frame their opinions. However, there was a VVPAT-auditing of the EVMs — five per Assembly constituency of the country — as directed by the Supreme Court. One obvious, yet important, question is how the opinion on EVMs will be reframed with the VVPAT-auditing data. A voter verifiable paper audit trail (VVPAT) slip is nothing but a machine-generated ballot paper, verified by the voter himself/herself. And if the VVPAT counts are further tallied with the corresponding EVM counts, that would give a double-check. The objective of tallying VVPAT counts with the corresponding EVM counts is to check whether the EVMs are tampered with or not. If there is no mismatch for a machine, one can safely conclude that there is no tampering in that EVM, at least.

Russia: Prominent journalist Alexey Venediktov has accused ‘Meduza’ of cheating to prove Moscow’s online voting system is hackable. He’s wrong. | Mikhail Zelenskiy/Meduza

This September’s elections for the Moscow City Duma have already gained renown for inspiring regular mass protests, but they are also remarkable for another reason: In three of the Russian capital’s districts, voters will be able to use an online system to select their new representatives. Moscow’s Information Technology Department held intrusion tests on GitHub in late July to verify the integrity of the system: Officials gave programmers several opportunities to attempt to decrypt mock voting data, and each round of data was subsequently published so that it could be compared to the results of those hacking attempts. On August 16, Meduza reported on French cryptographer Pierrick Gaudry’s successful attempt to break through the system’s encryption. To confirm that the encryption keys used in the system are too weak, we also implemented Gaudry’s program ourselves. City Hall officials responded to the successful hackings by refusing to post its private keys and data, thereby preventing outsiders from confirming that the system had indeed been hacked. Instead, Ekho Moskvy Editor-in-Chief Alexey Venediktov, who is also leading the citizens’ board responsible for the elections, accused Meduza of abusing the testing process. Here’s why he’s wrong.

Switzerland: Swiss post rolls out more secure version of e-voting platform | SWI

The publicly-owned company Swiss Post, which had abandoned its electronic voting system in July over security concerns, has developed a new version. "We have already proposed a solution" to cantons, said general manager Roberto Cirillo in an interview published by the La Liberté newspaper on Friday. According to Cirillo, the company is in the process of defining the rules for testing the new system with cantons. He stressed that the new version will "contain universal verifiability". At the beginning of July, Swiss Post abandoned its electronic voting system, which means it now cannot be used for the October federal parliamentary elections. The decision was made after subjecting the e-voting system to an intrusion test by thousands of hackers last spring. According to Swiss Post, they were unable to penetrate the electronic ballot box, but found serious errors in the source code, which had to be corrected. The cantons of Neuchâtel, Fribourg, Thurgau and Basel City had adopted this e-voting system, which only offered individual verifiability. Three of them already plan to demand compensation from Swiss Post for failure to deliver.

California: Sweeping change is coming for Los Angeles County voters. If things go wrong, he’ll get the blame | Matt Stiles/Los Angeles Times

Long before Dean Logan was the elections chief for the most populous county in California, he was an administrator for the most populous county in Washington state — and he was dealing with a crisis. It was the fall of 2004, four years after the contested Bush-versus-Gore presidential election, and voters had just produced one of the closest gubernatorial contests in American history. Fewer than 300 votes separated the candidates. Then things got worse. Logan realized that his staff had misfiled a batch of uncounted mail-in ballots — enough to sway the election. Under pressure, Logan insisted that the ballots be counted, making him a target of critics, including the state’s Republican Party chairman who insisted that the election was being “stolen.” A judge eventually validated Logan’s decision. Fifteen years later, the experience still haunts him. But it has informed and inspired his years-long personal quest to overhaul the way elections are conducted in Los Angeles County. Starting next year, some 5.2 million residents — a figure that eclipses the number of registered voters in most states — will change the way they cast ballots. If the process goes awry — either in the earlier-than-normal presidential primary in March or in the crucial November general election, in which President Trump will probably be on the ballot — blame could fall on Logan yet again.

National: State Election Infrastructure Is Still Vulnerable, Report Finds | by Phil Goldstein/StateTech Magazine

The 2020 presidential election is more than 14 months away, but some experts are warning that state governments face an uphill battle in defending election infrastructure from cyberattacks. According to a recent report, “Defending Elections: Federal Funding Needs for State Election Security,” many election security projects at the state level are either unfunded or underfunded. The report calls on the federal government to provide more funding for state-level election security measures ahead of next year’s election. “In administering our elections, states face security challenges of unprecedented magnitude,” the report concludes. “They are, in many cases, ill-equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments. States should not be expected to defend against such attacks alone. Our federal government should work to provide the states with the resources they need to harden their infrastructure against cybersecurity threats.” The paper was authored by a bipartisan group of organizations including the Brennan Center for Justice, the Alliance for Securing Democracy, the R Street Institute and the University of Pittsburgh Institute for Cyber Law, Policy, and Security.

National: 2020 election security to face same vulnerabilities as in 2016 | Michael Heller/TechTarget

For the third year running, the Voting Village at DEF CON shined a light on election security and one thing was made clear: no one agrees on what to expect in 2020. In opening remarks at DEF CON, founders Harri Hursti, Matt Blaze and Jake Braun laid out the long road the Voting Village has traveled to raise awareness of election security issues. Blaze, who serves as the McDevitt Chair of Computer Science and Law at Georgetown University, pointed out the troubles began with the Help America Vote Act (HAVA), which passed in 2002 as an effort to modernize and improve election administration. "They didn't understand as much at the time as we do now about building voting machines and almost everything produced to comply with the Help America Vote Act has terrible vulnerabilities associated with it," Blaze said. "That's partly because we've taken these systems that weren't dependent on software before and made them dependent on software. And, as everybody here in Las Vegas can tell you, software is utterly terrible. So we essentially took a problem that was hard and we added software to it." A new initiative at this year's Voting Village was to connect security researchers and hackers directly to election officials to provide pro bono work to help secure the 2020 election. Braun, an executive director for the University of Chicago Harris School of Public Policy's Cyber Policy Initiative, noted the past work of the Voting Village had been corroborated. "The Mueller report reinforced a lot of what we identified last year, like you can hack a website with a SQL injection and get into a voter registration database, which is exactly what Mueller said the Russians did in 2016," Braun said. "And frankly, they didn't even go as far as we said was possible [in last year's election.]"

National: Civilians, military abroad may find it more expensive to vote | Bill Theobald/The Fulcrum

Election officials are growing increasingly concerned that the Trump administration's trade war with China could make it more difficult and expensive for overseas voters — including those in the military — to cast ballots in the 2019 and 2020 local, state and federal elections. The issue is the pending withdrawal in October by the U.S. from the Universal Postal Union, a group of 192 nations that has governed international postal service and rates for 145 years. Last October, the U.S. gave the required one-year notice stating it would leave the UPU unless changes were made to the discounted fees that China pays for shipping small packages to the United States. The subsidized fees — established years ago to help poor, developing countries — place American businesses at a disadvantage and don't cover costs incurred by the U.S. Postal Service. With the U.S.-imposed deadline for withdrawal or new rates fast approaching, states officials are running out of time to prepare for overseas mail-in voting. Last week, Kentucky elections director Jared Dearing pleaded for help from the Election Assistance Commission — for himself and his peers in other states. The deadline for his state and most others to send out absentee ballots for the fall elections, Dearing said, falls a few days before a Sept. 24-25 UPU meeting in Geneva, Switzerland, to discuss the U.S. proposal to revise the rate system. That makes it difficult to provide voters with guidance about how to return their ballots. If the United States ends up withdrawing from the UPU, overseas citizens may not be able to return their ballots using regular mail service and could have to pay upward of $60 to use one of the commercial shipping services, Dearing said.

National: Republicans use McConnell allies to try and force his hand on election security | Lesley Clark/McClatchy

A conservative group is increasing pressure on Senate Majority Leader Mitch McConnell to put election security legislation up for a vote in the Senate by airing ads that target the Kentucky Republican and four other Republican senators in their home states. Republicans for the Rule of Law is unveiling new spots that urge Sens. Marco Rubio, R-Florida, Roy Blunt, R-Missouri, Lindsey Graham, R-South Carolina, and James Lankford, R-Oklahoma, to push McConnell for a vote, urging them “don’t let Mitch McConnell stand in your way.” The group is also re-airing a 60-second ad that calls on McConnell to act. The 30-second spots will air nearly daily on Fox & Friends starting Wednesday. They’ll also run on Fox News Sunday and NBC’s Meet the Press in the senators’ home cities on Sunday as part of a $400,000 ad buy that includes digital ads. The ads note the senators’ support for election security legislation. “McConnell and all Republican Senators have no greater responsibility than protecting our elections from foreign enemies like Russia and Iran,” said Republicans for the Rule of Law legal advisor and spokesman Chris Truax.

Editorials: The malware election: Returning to paper ballots only way to prevent hacking | Lulu Friesdat/The Hill

The key takeaway of special counsel Robert S. Mueller’s report on Russian interference in the 2016 election was that “There were multiple, systematic efforts to interfere in our election … and that allegation deserves the attention of every American.” But with so much attention on what happened in 2016, we have lost much of the time available to protect the 2020 election. This was immediately apparent recently at DEF CON, one of the largest hacker conventions on the planet. The conference, where tens of thousands of hackers descend on the pseudo-glamourous “pleasure pit” that is Las Vegas, includes the Voting Village, a pop-up research lab with an array of U.S. voting equipment available for security researchers to compromise. They were terrifyingly successful. High school hackers and security professionals united to take control of almost every voting system in the room, most of it currently in use around the U.S. They found systems with no passwords, no encryption, and operating systems so old that young hackers often had no previous experience with them. That did not prevent them from completely dominating the machines. They accessed USB, compact flash and ethernet ports that were glaringly unprotected, and then proceeded to play video games and run pink cat graphics across the screens of ballot-marking devices and voter registration database systems.

California: New Los Angeles County voting system highlights trade offs between security and accessibility | Joseph Marks/The Washington Post

Starting in 2020, Los Angeles County’s 5.2 million voters will cast their ballots on new machines that the county had custom built over a decade to be highly accessible to citizens with all manner of disabilities and who speak 13 different languages. The new machines mark the biggest challenge in years to the highly consolidated voting machine industry in the United States in which just three companies control more than 90 percent of the market. The dominant players have faced withering criticism from security advocates and lawmakers since the 2016 election for being too slow to adapt to election hacking threats from Russia and other adversaries and not transparent enough about their security. The plan is for the machines to be piloted at some voting locations during local elections in November and then to be used by all voters for the first time in the March 3, 2020 primaries. The challenge is even bigger because Los Angeles plans to make the computer code its machines are running on freely available to be used or modified by other voting jurisdictions who similarly want to go it alone. But the new systems are also likely to add fire to a battle between cybersecurity hawks and advocates for voters with disabilities that’s already playing out in Congress and among state election boards.

Georgia: Voters challenge legality of new election system | Kate Brumback/Associated Press

Georgia voters who want hand-marked paper ballots are challenging the new election system state officials are rushing to implement in time for next year's presidential primaries, saying the new touchscreen machines remain vulnerable and their results unverifiable, even though they produce paper records. Secretary of State Brad Raffensperger announced the state's purchase of a $106 million election system from Denver-based Dominion Voting Systems last month, with plans to replace the outdated election management system and paperless touchscreen voting machines in use since 2002. He then certified the new system on Aug. 9, and said it will be in place in time for the March 24 primaries. The voters' petition, seeking a withdrawal of the certification and a re-examination of the Dominion system, was submitted Monday to Raffensperger's office. It says the system doesn't meet Georgia's voting system certification requirements and doesn't comply with the state election code. Georgia law allows voters to request that the secretary of state "reexamine any such device previously examined and approved by him or her" as long as at least 10 voters sign onto the request. The petition submitted Monday includes signatures of more than 1,450 registered voters from 100 counties, including some elected officials, and was filed by voting integrity advocates and the state Libertarian Party. Additionally, some of the plaintiffs in a lawsuit challenging the state's outdated voting system filed an amended complaint on Friday asking U.S. District Judge Amy Totenberg to prohibit the state from using the new Dominion system, calling it "illegal and unreliable."