National: Ex-CIA chief worries campaigns falling short on cybersecurity | Maggie Miller/The Hill

Democratic 2020 presidential campaigns say they are working to boost their cybersecurity, but experts worry those efforts may not be enough. Former acting CIA Director Michael Morell told The Hill he worries there is a “void” and that campaigns need outside help to fully address the issue. “There is not a lot of initial thought given to cybersecurity,” Morell said about the campaigns. Several campaigns insist they have prioritized the issue. Chris Meagher, the spokesman for South Bend, Ind., Mayor Pete Buttigieg’s campaign, told The Hill that “our campaign is committed to digital security,” noting the hiring of a full-time chief information security officer (CISO), Mick Baccio, last week. “Hiring a full-time CISO is one way we are protecting against cyberattacks,” Meagher added. A spokesperson for the presidential campaign of former Rep. Beto O’Rourke (D-Texas) told The Hill they are “actively engaged in defending our operation from disinformation and other cyberattacks.” The spokesperson emphasized that “whether it’s training staff as a part of our onboarding process, requiring staff to use complex passwords to protect mobile devices, or using secure messaging services, this campaign understands that protecting our information requires a comprehensive approach to prepare for and manage attacks.”

Editorials: Trump is holding election security hostage | Brian Klaas/The Washington Post

President Trump is holding American election security hostage in a bid to suppress votes in his reelection campaign. On Tuesday, Trump tweeted that “No debate on Election Security should go forward without first agreeing that Voter ID (Identification) must play a very strong part in any final agreement. Without Voter ID, it is all so meaningless!” In other words, he is explicitly acknowledging that he will allow known vulnerabilities in American election security infrastructure to remain as inviting targets to foreign adversaries of the United States — unless he gets his way on a long-standing Republican priority. But the evidence is clear: Foreign attacks on American democracy are an urgent, ongoing threat to national security that could result in the entire democratic process being rigged or hacked. On the other hand, voter fraud — the problem that voter ID legislation is ostensibly trying to solve — has already been solved. It’s a minuscule problem that poses virtually no threat to American elections.

Connecticut: Chief elections official says Connecticut’s electronic voting machines are ‘coming to the end of their useful life’ | Mark Pazniokas/CT Mirror

Connecticut’s current system of casting and counting votes has its roots in the chaotic presidential election of 2000. With the winner unclear for a month, it was a frightening moment in U.S. politics that led to a bipartisan consensus about the need to maintain confidence in the integrity of elections. Passage of the federal Help Americans Vote Act in 2002 established broad standards for the conduct of elections and provided funding for new hardware, leading Connecticut in 2006 to abandon its old mechanical lever voting machines for a mix of the old and new — paper ballots counted by computer-driven tabulators. “We fortunately made the right choice,” Secretary of the State Denise Merrill said Wednesday. A proposed Voter Empowerment Act now before Congress would make hybrid systems like Connecticut’s the new federal standard: Using computers to quickly count votes, while maintaining paper ballots as a check on computer hacking and other forms of cyber fraud. President Trump recently endorsed paper ballots on Twitter. But as Merrill and U.S. Sen. Richard Blumenthal made clear Wednesday at a press conference on elections security, the technical and political challenges in protecting U.S. elections are far more complex today than in the aftermath of the Florida recount in the Bush-Gore campaign of 2000. Blumenthal arrived at Merrill’s state Capitol office with his right arm in a sling. He had surgery last week for a torn rotator cuff.

Florida: Broward County elections chief says military adversary could hack US elections. ‘There are forces bigger than us.’ | Anthony Man/South Florida Sun-Sentinel

Broward Supervisor of Elections Peter Antonacci said Wednesday that a determined effort to hack elections — if it’s undertaken by the military of a significant foreign adversary — could prove successful. Antonacci said in an interview he was acknowledging the obvious reality, even though it’s something many people don’t want to recognize. “If the military organizations of our adversaries around the world decide to do something, technically they have the capability to do it,” he said. “There are forces bigger than us and people much bigger than us that may wish us wrong. If they have the intent and capacity, bad things can happen.” Antonacci said publicly offering the assessment isn’t the kind of thing that will endear him to the broad universe of people who run elections, including other county elections supervisors. “My fellow supervisors will probably drum me out of the club,” he said. “The general thing people in my business like to say is ‘Everything’s OK.’” Antonacci, who oversees elections in Florida’s second-largest county, said his job is to make sure that Broward County has as many safeguards as it can and to have systems in place that can detect if and when something happens. “What we can do as little people in that drama is make sure our system is protected as much as possible.”

Georgia: Judge Says Georgia To Use Old Electronic Voting Machines For 2019 Elections | Stephen Fowler/NPR

A federal judge has denied a request to move all of this fall’s municipal elections in Georgia away from “unsecure, unreliable and grossly outdated technology” and toward hand-marked paper ballots that are optically scanned and counted. The order from U.S. District Court Judge Amy Totenberg Thursday also requires the state to cease using its direct-recording electronic voting machines after 2019 and expresses doubts about the state’s ability to roll out its new ballot-marking device system in time for the March 24, 2020, presidential primary election. In the decision, Totenberg also directs the Georgia secretary of state’s office to develop a plan to “address errors and discrepancies in the voter registration database” and have paper copies of poll books at each voting precinct. The state must also create a contingency plan for the 2020 elections in case the new system is not completely rolled out. That includes designating several pilot jurisdictions that will use hand-marked paper ballots with optical scanners in their elections this fall. A group of election integrity advocates and Georgia voters sued the secretary of state’s office in 2017 alleging that the current DRE system is not secure and is vulnerable to hacking. Last year, Totenberg denied a similar motion for preliminary injunction that would have blocked the DREs from being used in the 2018 midterm election. The current motion sought to prevent the machines from being used this fall in several hundred local elections.

Georgia: Judge denies paper ballots in Georgia this year but requires them in 2020 | Mark Niesse/The Atlanta Journal-Constitution

A federal judge ruled Thursday that Georgia voters can cast ballots on the state’s “unsecure, unreliable and grossly outdated” electronic voting machines one last time, deciding it would be too disruptive to switch to paper ballots before this fall’s elections. But starting with next year’s presidential primary election, paper ballots will be required, according to the ruling by U.S. District Judge Amy Totenberg. Her order barred the state from using its current electronic voting machines after this year’s elections.Election officials are already planning to upgrade the state’s voting system by buying $107 million in new equipment that will use a combination of touchscreens and printed-out paper ballots to check the accuracy of election results.If the state’s new voting system isn’t completely rolled out to all 159 counties in time for the March 24 presidential primary, Totenberg ruled that voters must use paper ballots filled out by hand. “Georgia’s current voting equipment, software, election and voter databases are antiquated, seriously flawed and vulnerable to failure, breach, contamination and attack,” Totenberg wrote. Totenberg wrote it would be “unwise” to immediately discard the state’s 17-year-old voting machines, which lack paper ballots that could be used to check the accuracy of election results. She wrote that it could be “a recipe for disaster” to force resistant election officials to switch to hand-marked paper ballots this year while they’re also transitioning to the state’s new voting system. Her 153-page ruling clears the way for 386 local elections to move forward as planned this fall, including votes for the Atlanta school board, the Fulton County Commission and city councils across the state.

Kentucky: Election official says counties can’t upgrade cybersecurity because they’re ‘severely under resourced’ | Kevin Collier/CNN

A top Kentucky election official said Thursday that counties there are “severely under resourced,” affecting their abilities to provide adequate cybersecurity. “Most of us cannot compel our local election jurisdictions to update their equipment,” said Jared Dearing, executive director of the Kentucky State Board of Elections, before an Elections Assistance Commission panel in Silver Spring. The comments came a week after the annual Def Con hacking conference in Las Vegas, where the three lawmakers who attended — all Democrats — blamed Kentucky Republican Mitch McConnell, the Senate majority leader, for the Congress’ stagnation on any election security bill. At Def Con, a group of election security researchers host a Voting Village, now in its third year, where independent hackers try to break into decommissioned voting equipment. While no system can be guaranteed safe from hackers, election security experts — including ones consulted for the bipartisan Senate Intelligence Committee report on the subject — resoundingly say that machines need to be routinely updated and use paper ballots so results can be audited.

Pennsylvania: More-secure hand-marked ballots are also cheaper for Pennsylvania counties | Christopher Huffaker/Pittsburgh Post-Gazette

Election security experts told the Allegheny County Board of Elections in June that the best choice for secure elections is a voting system where most voters make their selections with a pen on paper — while those who need them have access to ballot-marking devices. A new analysis shows that for Pennsylvania counties that have already selected new systems, that is also the cheaper option. The analysis, from Citizens for Better Elections and the University of Pittsburgh Institute for Cyber Law, Policy and Security, looks at voting systems selected by 31 Pennsylvania counties, as required by a post-2016 election state lawsuit settlement. The remaining 36 counties, including Allegheny County, had yet to make the decision by Aug. 5, when the analysis was done. A voting machine search committee, composed of county employees, is expected to make a recommendation to the Allegheny County Board of Elections by the end of the summer. “Counties that selected exclusively ballot marking device configurations are spending more than two times as much as counties selecting primarily hand-marked paper ballot,” said the University of Pittsburgh’s Chris Deluzio, one of the study’s authors and also one of the experts who appeared before the Board of Elections in June.

Pennsylvania: Philladelphia’s voting-machine contract will move forward despite vendor’s failure to disclose its use of lobbyists | Jonathan Lai/Philadelphia Inquirer

Philadelphia’s acting board of elections voted Thursday to keep its current contract for new voting machines, days after the city’s legal department notified elections officials that the vendor had failed to disclose its lobbying activities. “In my opinion, the continued implementation of ES&S’s voting system … is the right decision for the city,” Judge Giovanni Campbell said at a meeting in City Hall, reading from a piece of paper. His comments, before voting to keep the contract, drew hisses and jeers of protest from dozens of people, many of whom had spoken during the meeting to urge him and the two other sitting board members to scrap the deal. “What’s the point of public comment?” one shouted. Another followed: “This is a charade!” Campbell, unmoved, stuck with his decision. “I do not believe that this process should be overturned or restarted,” he said, despite the revelation that Election Systems & Software (ES&S) had bid for the city contract without disclosing its use of lobbyists and those lobbyists’ donations, including to elections officials’ reelection campaigns. In a meeting and letter, the city solicitor told the elections board that the contract was now voidable and that ES&S is liable for a $2.9 million fine, equal to 10% of the contract. But the city’s procurement commissioner also warned in a letter that the process was far along and going smoothly, and that restarting would risk not having new voting machines in place by the April 2020 presidential primary election. On Thursday, the two judges serving on the board of elections agreed.

Editorials: Security improvements for South Carolina elections are welcome news | Charleston| Post and Courier

South Carolina’s new voting machines that leave a paper trail for audits and cannot be hacked remotely get their first workout Oct. 1 in a special election in Aiken County, and will be operable in all precincts around the state by November. But that’s not the only welcome improvement in the state’s election security. Others address training in cybersecurity for election workers and include frequent tests of the vulnerability of state systems to intrusion. These upgrades, a response to the ongoing threat posed by Russia and other foreign adversaries, are the product of a fruitful collaboration between the federal government and the states. The federal Election Assistance Commission provides an information clearinghouse for best practices and also certifies voting machines and associated hardware and software. The Department of Homeland Security keeps states up to date on the latest security threats. The states receive federal grants to help defray the added costs of enhanced security.

National: At Def Con, hackers and lawmakers came together to tackle holes in election security | Taylor Telford/The Washington Post

As Sen. Ron Wyden (D-Ore.) toured the Voting Village on Friday at Def Con, the world’s hacker conference extraordinaire, a roomful of hackers applied their skills to voting equipment in an enthusiastic effort to comply with the instructions they had been given: “Please break things.” Armed with lock-pick kits to crack into locked hardware, Ethernet cables and inquiring minds, they had come for a rare chance to interrogate the machines that conduct U.S. democracy. By laying siege to electronic poll books and ballot printers, the friendly hackers aimed to expose weaknesses that could be exploited by less friendly hands looking to interfere in elections. Wyden nodded along as Harri Hursti, the founder of Nordic Innovation Labs and one of the event’s organizers, explained that the almost all of the machines in the room were still used in elections across the United States, despite having well-known vulnerabilities that have been more or less ignored by the companies that sell them. Many had Internet connections, Hursti said, a weakness savvy attackers could abuse in several ways. Wyden shook his head in disbelief. “We need paper ballots, guys,” Wyden said. After Wyden walked away, a few hackers exchanged confused expressions before figuring out who he was. “I wasn’t expecting to see any senators here,” one said with a laugh.

Pennsylvania: Philadelphia’s new voting-machine contract in jeopardy because vendor failed to disclose use of lobbyists, campaign contributions | Andrew Seidman/Philadelphia Inquirer

Six months after Philadelphia picked a vendor for its new voting machines, the contract is suddenly in jeopardy. City Solicitor Marcel S. Pratt notified the acting board of elections Monday that Election Systems & Software (ES&S) violated the city code by failing to disclose its use of lobbyists and the lobbyists’ campaign contributions, including to the two city commissioners who selected the system. The board of elections, normally composed of the city commissioners, will meet Thursday to decide whether to move forward with the contract. ES&S will be liable for a $2.9 million fine, Pratt wrote in his letter to the board, adding that it has agreed to pay the fine if the contract proceeds. Deputy City Commissioner Nick Custodio, the board’s spokesperson, said he would not comment until after Thursday’s meeting. Pratt also included a letter from the city’s procurement commissioner, Monique Nesmith-Joyner, who appeared to urge the commissioners to continue with the contract.

National: Voting machine companies balk at taking part in hacking event | Kevin Collier/CNN

At the country’s biggest election security bonanza, the US government is happy to let hackers try to break into its equipment. The private companies that make the machines America votes on, not so much. The Def Con Voting Village, a now-annual event at the US’s largest hacking conference, gives hackers free rein to try to break into a wide variety of decommissioned election equipment, some of which is still in use today. As in the previous two years, they found a host of new flaws. The hunt for vulnerabilities in US election systems has underscored tensions between the Voting Village organizers, who argue that it’s a valuable exercise, and the manufacturers of voting equipment, who didn’t have a formal presence at the convention. Supporters of the Voting Village say it’s the best way draw attention to problems with an industry that otherwise doesn’t face much public accountability, even in the wake of Russia’s foreign interference in the 2016 election. Their work has attracted the notice of several lawmakers, who are calling for new legislation to strengthen the integrity of US elections.

National: DEF CON Voting Village: It’s About ‘Risk’ | Kelly Jackson Higgins/Dark Reading

DHS, security experts worry about nation-state or other actors waging a disruptive or other attack on the 2020 election to sow distrust of the election process. When DEF CON debuted its first-ever Voting Village in 2017, it took just minutes for researcher Carsten Schürmann to crack into a decommissioned WinVote voting system machine via WiFi and take control of the machine such that he could run malware, change votes in the database, or even shut down the machine remotely. Several other researchers were able to break into other voting machines and equipment by pulling apart the guts and finding flaws by hand that year, and then again on other machines in the 2018 event. The novelty of the live hacking of decommissioned voting machines has worn off a bit now and there weren’t many surprises – nor did the organizers expect many – at this year’s Voting Village, held at DEF CON in Las Vegas last week. But once again the event shone a white hot light on blatant security weaknesses in decommissioned voting machine equipment and systems. “DEF CON is not about proving that voting machines can be hacked. They all can be hacked and 30 years from now, those can be hacked, too. It’s about making sure we understand the risk,” Harri Hursti, Nordic Innovation Labs, one of the founders of the Voting Village, told attendees last week. Hursti as well as other security experts, government officials, and hackers at this year’s event doubled down on how best to secure the 2020 US presidential election: ensuring there’s an audit trail with paper ballots; employing so-called risk-limiting audits (manually checking paper ballots with electronic machine results); and proper security hygiene in voting equipment, systems, and applications.

National: Democrats stump for election security, blast McConnell at hacker conference | Eric Geller/Politico

Democratic lawmakers emerged from the world’s largest hacker conference this weekend with a clear message: Congress must pass legislation to mandate better U.S. election security. In panels and interviews at DEF CON in Las Vegas, where a roomful of hackers demonstrated ways to breach insecure voting machines, those lawmakers focused their fury on the man proudly blocking their bills. “Why hasn’t Congress fixed the problem? Two words: Mitch McConnell,” Sen. Ron Wyden (D-Ore.) said during a Friday keynote address to a packed and largely supportive room at DEF CON’s Voting Village. Rep. Ted Lieu (D-Calif.), one of a handful of computer scientists in Congress, told POLITICO that when it came to his biggest election security concern, “I have two words: Mitch McConnell.” The Senate majority leader has repeatedly blocked votes in the upper chamber on two House Democratic bills that would require voting machines to produce paper records, mandate post-election audits and impose security requirements on election technology companies.

National: Here’s the political bind Democrats face when talking about election security | Joseph Marks/The Washington Post

Rep. Eric Swalwell (D-Calif.) applauded the crowd of cybersecurity researchers uncovering dangerous bugs in voting machines and other election systems at a security conference here — but he’s in a bind about how to talk about election security with constituents. Swalwell, who recently ended a long-shot presidential bid, believes chances are almost nil that Republicans will join Democrats to pass legislation mandating fixes to improve election security before the 2020 contest. By continuing to bang the drum about potential security weaknesses, he worries Democrats risk inadvertently convincing citizens that the election is bound to be hacked — and that there’s no point in voting. “If we tell voters the ballot box is not secure and that we have all these vulnerabilities … if we say that over and over and over, is the result of that suppressing [the vote]?” Swalwell asked a room of researchers this weekend at the Def Con cybersecurity conference’s Voting Village, which focuses exclusively on the security of election systems. This is a predicament that will only get harder for many Democrats who are coming to grips with the idea that they may have run out of time to require states to shift to paper ballots, post-election audits and other cybersecurity best practices before the 2020 contest. Swalwell believes these fixes will happen only if there’s a Democratic president and Congress in 2021 or later — even as intelligence officials warn the 2020 election is a major target for Russia and other adversaries looking to undermine the American political system.

National: Voting Machine Security: Where We Stand Six Months Before the New Hampshire Primary | Brennan Center for Justice

In late July, the Senate Select Committee on Intelligence released its report on the Russian government’s attacks on America’s election infrastructure. While the report offered dozens of recommendations related to vast and varied election systems in the United States (from voter registration databases to election night reporting), it pointedly noted that there was an urgent need to secure the nation’s voting systems in particular. Among the two most important recommendations made were that states should (1) replace outdated and vulnerable voting systems with “at minimum… a voter-verified paper trail,” and adopt statistically sound audits. These recommendations are not new and have been consistently made by experts since long before the 2016 election. Last year, Congress provided $380 million to states to help with upgrades, but it wasn’t enough. This analysis, six months ahead of the first primary for 2020, examines the significant progress we’ve made in these two areas since 2016, and it catalogs the important and necessary work that is left to be done.

National: Why paper is considered state-of-the-art voting technology | Karan Gambhir and Jack Karsten/Brookings

On June 27, the House passed a bill that would bolster America’s high-tech voting infrastructure with a low-tech fix: paper. Introduced by Rep. Zoe Lofgren (D-CA-19), the SAFE Act requires that all voting machines involve “the use of an individual, durable, voter-verified paper ballot of the voter’s vote.” While the inclusion of paper ballots may seem like a technological step backward, the SAFE Act’s affinity for paper is not a quirk. Election security experts from Harvard, Stanford and the Brennan Center for Justice all recommend the phasing out of paperless voting, and twelve of the thirteen Democratic candidates who have declared a position on election security support mandating the use of paper ballots. Yet despite expert consensus, political activism, and availability of funding, opposition in the Republican-controlled Senate makes it unlikely that the SAFE Act or any paper ballot standard will be implemented by 2020. With no method to verify votes in the case of software or hardware failure, paperless voting machines represent a large vulnerability. Failure to act on election security risks not only a loss of trust in the next election, but in the democratic process as a whole.

National: Senate Intelligence Committee report shows how electronic voting systems are inherently vulnerable to hackers. Fred Kaplan/Slate

Just hours after Senate Republicans blocked a vote on a bill to make elections less vulnerable to cyberattacks, the Senate Intelligence Committee released a 67-page report, concluding that, leading up to the 2016 election, Russians hacked voting machines and registration rolls in all 50 states, and they are likely still doing so. The heavily redacted document, based on a two-year investigation, found no evidence that the hackers altered votes or vote tallies, though it says they could have if they’d wanted to. However, three former senior U.S. intelligence officials with backgrounds in cybersecurity told me that the absence of evidence isn’t the same as the evidence of an absence. One of them said, “I doubt very much that any changes would be detectable. Certainly, the hackers would be able to cover any tracks. The Russians aren’t stupid.” Hacking individual voting machines would be an inefficient way to throw an election. But J. Alex Halderman, a computer scientist who has tested vulnerabilities for more than a decade, testified to the Senate committee that he and his team “created attacks that can spread from machine to machine, like a computer virus, and silently change election outcomes.” They studied touch-screen and optical-scan systems, and “in every single case,” he said, “we found ways for attackers to sabotage machines and steal votes.” Another way to throw an election might be to attack systems that manage voter-registration lists, which the hackers also did in some states. Remove people from the lists—focusing on areas dominated by members of the party that the hacker wants to lose—and they won’t be able to vote.

National: Vulnerability Scanning and Tools for Election Security Description Vulnerability | Phil Goldstein/StateTech Magazine

With 2020 political campaigns in full swing, the conversion of election security has again come to the fore. How can state and county election officials help secure their voting systems ahead of the 2020 elections? Vulnerability scanning is a good place to start. Such scans are a Software as a Service function that helps discover weaknesses and allow for both authenticated and unauthenticated scans. In June, perennial swing state Florida announced a $5.1 million investment into election cybersecurity following disclosures in May that two counties in the state fell victim to a spear phishing attack by Russian hackers in 2016. How dangerous is the election security threat landscape? It’s complicated and it covers everything from outdated voting machines that may be vulnerable to hacking to the networks used to process and transfer voting totals and voter registration rolls. Vulnerability scans and assessments of election infrastructure are critical, because “from a cyber perspective, every part of the election process that involves some type of electronic device or software is vulnerable to exploitation or disruption,” as a 2018 Belfer Center for Science and International Affairs report notes.

National: US still ‘not prepared’ in event of a serious cyber attack and Congress can’t help if it happens | Iain Thomson/The Register

Despite some progress, the US is still massively underprepared for a serious cyber attack and the current administration isn’t helping matters, according to politicians visiting the DEF CON hacking conference. In an opening keynote, representatives Ted Lieu (D-CA) and James Langevin (D-IL) were joined by hackers Cris Thomas, aka Space Rogue, and Jen Ellis (Infosecjen) to discuss the current state of play in government preparedness. “No, we are not prepared,” said Lieu, one of only four trained computer scientists in Congress. “When a crisis hits, it’s too late for Congress to act. We are very weak on a federal level, nearly 20 years after Space Rogue warned us we’re still there.” Thomas testified before Congress 20 years ago about the dangers that the internet could pose if proper steps weren’t taken. At today’s conference he said there was much still to be done but that he was cautiously optimistic for the future, as long as hackers put aside their issues with legislators and worked with them. “As hackers we want things done now,” he said. “But Congress doesn’t work that way; it doesn’t work at the ‘speed of hack’. If you’re going to engage with it, you need to recognise this is an incremental journey and try not to be so absolutist.”

National: Schumer calls for $1 billion national investment in election security | David Lombardo/Times Union

Election cybersecurity has the potential to be a growth industry as federal lawmakers push a $1 billion investment in safeguarding next year’s elections. The proposed spending was highlighted Monday by U.S. Sen. Charles E. Schumer, D-N.Y., who stopped in East Greenbush for a tour of the Center for Internet Security, which helps government agencies prevent hacking of elections. The non-profit company also worked with the presidential campaigns of Donald Trump and Hillary Clinton to buttress their systems from cyber attacks in 2016. The money for cybersecurity grants is part of legislation that would also require states to collect paper ballots, set minimum cybersecurity standards, direct federal officials to craft preventative measures states can implement, and impose testing of voting system vulnerabilities. Paper ballots are already used as a safeguard for New York elections. The U.S. Constitution empowers states to administer elections, which has resulted in varying standards across the country.

National: Analysis shows 2020 votes still vulnerable to hacking | Mary Clare Jalonick/Associated Press

More than one in 10 voters could cast ballots on paperless voting machines in the 2020 general election, according to a new analysis, leaving their ballots more vulnerable to hacking. A study released by the Brennan Center for Justice at NYU School of Law on Tuesday evaluates the state of the country’s election security six months before the New Hampshire primary and concludes that much more needs to be done. While there has been significant progress by states and the federal government since Russian agents targeted U.S. state election systems ahead of the 2016 presidential election, the analysis notes that many states have not taken all of the steps needed to ensure that doesn’t happen again. The report also notes that around a third of all local election jurisdictions were using voting machines that are at least a decade old, despite recommendations they be replaced after 10 years. The Associated Press reported last month that many election systems are running on old Windows 7 software that will soon be outdated. “We should replace antiquated equipment, and paperless equipment in particular, as soon as possible,” the report recommends.

Editorials: Why Are Florida Republicans So Afraid of People Voting? | The New York Times

Coral Nichols will be eligible to vote when she’s 190. That’s assuming the 40-year-old Floridian — who served five years in prison for fraud and embezzlement, followed by nearly 10 years on probation — is able to keep up with her $100 monthly restitution payments. Jermaine Miller thought he had fully repaid the $223.80 he owed in restitution for a 2015 robbery and trespass conviction. In fact, he paid $18.20 more than that, but Florida says he still has a balance due of $1.11 because of a 4 percent surcharge on restitution payments. On top of that, Mr. Miller owes $1,221 in court costs and fines, which he doesn’t have the money to pay. Ms. Nichols and Mr. Miller are two of more than 1.4 million Floridians with criminal records who have spent the last year Ping-Ponging between hope and despair over whether they can exercise their most fundamental constitutional right — the right to vote. Last November, nearly two-thirds of the state’s voters approved Amendment 4, a ballot initiative that erased Florida’s 150-year ban on voting by people with felony convictions, except for those convicted of murder or sexual offenses. It was one of the nation’s biggest expansions of voting rights in decades. Florida, which was one of just four states that imposed a lifetime voting ban, bars a higher percentage of its citizens from voting than any other state. The state also accounts for more than one in four citizens disenfranchised nationwide. But Florida’s Republican lawmakers decided Amendment 4 was too much democracy for their taste. In June, after thousands of formerly incarcerated people — including Jermaine Miller — had registered to vote, Gov. Ron DeSantis signed a law passed on party lines that effectively reinstates the ban for most of them, and for hundreds of thousands more people who had not yet registered.

Georgia: Test results for Georgia new voting system released | Mark Niesse/The Atlanta Journal-Constitution

Georgia’s new voting system passed equipment tests by a company hired to evaluate it for the state. The certification test results, released Monday, indicated that touchscreens, election computers, ballot scanners and other machinery can handle the stresses of an election.The tests identified one issue, when a ballot scanner suffered a “memory lockup” after reading 4,500 ballots. The problem was resolved by restarting the scanner.The testing by Pro V&V evaluated the voting equipment’s functionality. It didn’t grade the security of the $107 million voting system by Denver-based Dominion Voting Systems. Starting with the presidential primary on March 24, all Georgia voters will use touchscreens attached to printers that produce paper ballots. Voters will then be able to review their ballots before inserting them into optical scanners for tabulation. Ballots will be stored for audits and recounts. Secretary of State Brad Raffensperger issued his certification that the Dominion system is reliable and accurate on Friday after receiving the Pro V&V test results.

North Carolina: Elections board to pick chair, key decision looms | Associated Press

The North Carolina elections board has a new leader ahead of a decision on what kind of voting machines are secure against efforts to alter ballots.
The state Board of Elections voted Tuesday to make nonprofit executive Damon Circosta of Raleigh its new chairman. Gov. Roy Cooper last week picked Circosta as the Democrat to replace former chairman Bob Cordle, who resigned after telling a crude joke. Circosta was politically unaffiliated last year when he was named chairman of a different version of the elections board. He now joins two other Democrats and two Republicans. The elections board later this month is expected to decide whether the next generation of voting machines should be required to furnish a paper printout so voters can read and confirm their ballots.

Pennsylvania: Under orders to replace voting machines, Pennsylvania counties wonder when they’ll see state money | Jonathan Lai/The Morning Call

As Pennsylvania county election officials replace the state’s voting machines in advance of the 2020 election — at an estimated cost of $150 million — they’re anxious for an end to a dispute between Gov. Tom Wolf and Republican lawmakers that has tied up state funding and forced counties to shoulder most of the financial burden. Wolf announced last month that he would seek $90 million for the machines. However, that prompted the threat of a lawsuit by Republicans in the Legislature, and the fate of the funding has become tied to partisan fights over the governor’s authority and significant changes to the electoral system. So 16 months after Wolf ordered the counties to replace the machines, the only funding available is $14.1 million in mostly federal dollars. No new funding has been secured. While Harrisburg bickers, county officials say they’re forced to move forward anyway, hoping for reimbursement later.

West Virginia: Cybersecurity, meddling the focus of state election officials conference | WV MetroNews

West Virginia Secretary of State Mac Warner and his office are getting local officials from all 55 counties in the state in gear for the 2020 elections. The Secretary of State’s office is hosting a 2019 Election Officials Training Conference in Lewis County this week that focuses on local officials knowing their resources, knowing cybersecurity and the threats that Russian meddling may bring. “This is time to get everyone’s head thinking elections,” Warner said on Monday’s MetroNews ‘Talkline’. “Taking care of all the security protocols, what do you do if and when something happens, and making sure everybody is current with the legislative changes. Then allow them to go back to their counties and start implementing.” Warner said the conference Tuesday, at Stonewall Resort, will feature national security and election officials for the 160 state leaders on hand to hear from.

Wisconsin: Elections Commission votes to boost election security spending | Briana Reilly/The Cap Times

The Wisconsin Elections Commission has moved to bolster local election security efforts in light of concerns that some clerks’ use of outdated computer operating systems could open up the state to cyberattacks in future election cycles. The efforts, approved unanimously by the panel on Tuesday, aim to address potential vulnerabilities across the state, where some clerks are using out-of-date computer systems or failing to install software patches and updates, according to a memo released ahead of the meeting.  Commission Chair Dean Knudson noted that while the panel has “hardened our defenses tremendously over recent years,” it’s important to continue identifying potential issues and addressing them. “This is about looking at what we can do to further strengthen our defenses,” the Republican appointee said. Commissioners Tuesday agreed to direct existing federal dollars to implement software to track the security levels of local elections officials’ computers, at a cost of up to $69,000, create a $30,000 emergency loan program to secure 25 devices that could be temporarily handed out to local clerks who aren’t able to comply with security protocols and take preliminary steps to hire a technical support position.  The action came after WEC’s election security lead Tony Bridges detailed in a memo his concerns about local clerks’ use of outdated operating systems to access the WisVote database, the statewide voter registration and election management system, including Windows XP, where security patches haven’t been supported since 2014. Meanwhile, the memo also noted others are using Windows 7 to utilize the database, and Microsoft won’t be providing free security updates for it after mid-January 2020. Not maintaining a current operating system, Bridges’ memo states, “exposes the user to tremendous risk.” He referenced a recent incident in Georgia in which hackers orchestrated a ransomware attack using Ryuk on Jackson County systems, causing officials to pay $400,000 to regain access to their information. If systems in Wisconsin are similarly attacked, the memo said, confidential information could be exposed, digital records could be destroyed, election night results may not be displayable and absentee ballot distribution and poll book printing could be impacted, among other things. 

National: Hackers Take on Darpa’s $10 Million Voting Machine | Lily Hay Newman/WIRED

For the last two years, hackers have come to the Voting Village at the DefCon security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities. But this year’s Village features a fancy new target: a prototype secure voting machine created through a $10 million project at the Defense Advanced Research Projects Agency. You know it better as Darpa, the government’s mad science wing. Announced in March, the initiative aims to develop an open source voting platform built on secure hardware. The Oregon-based verifiable systems firm Galois is designing the voting system. And Darpa wants you to know: its endgame goes way beyond securing the vote. The agency hopes to use voting machines as a model system for developing a secure hardware platform—meaning that the group is designing all the chips that go into a computer from the ground up, and isn’t using proprietary components from companies like Intel or AMD. “The goal of the program is to develop these tools to provide security against hardware vulnerabilities,” says Linton Salmon, the project’s program manager at Darpa. “Our goal is to protect against remote attacks.” Other voting machines in the Village are complete, deployed products that attendees can take apart and analyze. But the Darpa machines are prototypes, currently running on virtualized versions of the hardware platforms they will eventually use. A basic user interface is currently being provided by the secure voting firm VotingWorks.