View the statement here: Verified Voting Statement on Election Reform Package Marian K. Schneider: “This funding ensures the smooth transition to secure and verifiable voting systems.” “Verified Voting is pleased with the Pennsylvania General Assembly and Gov. Tom Wolf’s commitment to an election reform package that includes funding for counties to help pay for the…
Election security is a complex challenge. One essential step, however, is so simple it can be carried out with a pen and paper. Pennsylvania officials have announced that Philadelphia and Mercer County will conduct a post-election pilot next month of what’s called a risk-limiting audit. The procedure is new to most of the country, but 12 states are experimenting with it — because it’s that much of a no-brainer. Currently, 17 states are not required by law to verify the accuracy of their vote tallies at all. Those that are mostly do so the “traditional” way, which in this case means the wrong way. The process auditors typically use — manually recounting votes in a predetermined percentage of precincts — tells officials whether a particular machine or group of machines is working, but it doesn’t actually answer the essential question: Did the declared winner actually win? Risk-limiting audits instead do what any mathematician . They hand-count a statistically meaningful sample of all votes to determine whether the original tally was correct. The required sample increases as the margin of victory narrows. It’s easy, and it’s time-consuming only in the tightest elections, or when something actually has been tampered with. Of course, that’s when it’s most worth investing the time. So why isn’t everyone doing it?
In the glare of the hotly contested 2018 elections, things did not go ideally for ES&S, the nation’s largest manufacturer of voting technology. In Georgia, where the race for governor had drawn national interest amid concerns about election integrity, ES&S-owned technology was in use when more than 150,000 voters inexplicably did not cast a vote for lieutenant governor. In part because the aged ES&S-managed machines did not produce paper backups, it wasn’t clear whether mechanical or human errors were to blame. Litigation surrounding the vote endures to this day. In Indiana, ES&S’ systems were plagued by mishaps at the local level. In Johnson County, for instance, the company’s brand-new machines faltered in ways that made it difficult to know whether some people had voted more than once. “ES&S misjudged the need for appropriate resources to serve Johnson County on Election Day 2018,” a report issued by state election officials later concluded. Johnson County subsequently terminated its contract with ES&S and, this September, paid more than $1.5 million to purchase an entirely new set of equipment. The uneven performance by ES&S in 2018, however, did little to dent its position as one of the most popular and powerful voting technology companies in the U.S. Any number of prior controversies hadn’t either.
The U.S. government’s actions to disrupt Russia’s attempted cyber incursions into the 2018 midterm elections took place in part in a newly constructed Joint Operations Center (JOC) on the National Security Agency’s expanding Fort Meade campus in Maryland. Efforts to protect the 2020 elections are expected to follow a similar drill. Located in the middle of the Cyber Integration Center — a 380,000 square foot, $520 million building whose construction was completed last September — the JOC links two adjoining facilities where NSA and U.S. Cyber Command personnel reside. A massive floor dotted by pods of desks and dominated by three curved, 20-foot-tall screens, the JOC is run by roughly 200 civilian and military officials who work 12-hour, rotating shifts — 24 hours a day, seven days a week, 365 days a year. “One of the first activities that were run out of here was NSA and U.S. Cyber Command support to the 2018 elections,” said Colonel Stephen Landry, a senior officer in the NSA’s recently launched Cybersecurity Directorate. That included support, he said, to the Russia Small Group, an election security task force comprising NSA and Cyber Command officials that was created last year by General Paul Nakasone, who heads both agencies. The Russia Small Group was instrumental in carrying out an offensive cyber operation that took the Internet Research Agency, a Kremlin-linked troll farm known to have waged an influence campaign in 2016, offline ahead of the November midterms. Nakasone has since publicly touted the success of the group, made it a permanent fixture, and said its approach in 2018 would serve as a model for 2020. (Its members are scattered throughout NSA and Cyber Command, not physically concentrated in the JOC.)
s the nation’s elections clearinghouse faces tight funding and criticism from advocacy groups on its new voting guidelines, the agency is losing its top two officials. Election Assistance Commission commissioners voted in early September to not reappoint Executive Director Brian Newby and General Counsel Cliff Tatum, Politico reported. Under the previous succession plan, the chief operating officer would assume the role of acting executive director; however, that position has been vacant since 2015. Commission Chief Information and Security Officer Mona Harrington will assume the role of acting executive director on Wednesday, under the new plan, as the agency starts the search process for a permanent leader. “The [Election Assistance Commission] is charged with providing top quality resources that support accurate, secure and accessible elections for all eligible voters,” the EAC commissioners said in a press release regarding the vacancies. “We are lock-step in our commitment to fulfilling that mandate.”
Senate Republicans blocked three election security bills on Wednesday, marking the second time in as many days they’ve stymied legislation. Sens. Mark Warner (D-Va.), Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.) asked for unanimous consent to pass three election-related bills. But they were blocked by Sen. Marsha Blackburn (R-Tenn.), who noted that the unsuccessful attempt was the latest by Democrats to pass election security bills in the Senate ahead of 2020. “You know, it’s not a good sign if you’re doing the same thing over and over and expecting a different result,” Blackburn said. Under Senate rules, any one senator can ask to vote on or pass a bill. But because it requires unanimous support, any one senator can also block their requests. Election security has become a point of contention during the Trump era. House Democrats have passed several election-related bills, including a sweeping ethics and election reform measure, but they’ve hit a wall in the GOP-controlled Senate.
Three companies control the fate of United States elections. Election Systems & Software, Dominion Voting Systems, and Hart InterCivic dominate 92% of the voting machine market, standing to make bank as states rush to update their systems before the looming 2020 election. In 2016, counties in 16 states used paperless equipment without backup records. The Department of Homeland Security later notified six of those states that hackers targeted their systems. There’s now widespread recognition that paperless machines are the least secure. Some state governments control voting methods, others delegate the decision to local authority, but in most of those states, officials are moving to purchase new machines. “The transition is still happening, but I’m hopeful every battleground state will have a paper backup of every vote,” said Lawrence Norden, director of the Election Reform Program at the NYU Brennan Center For Justice. Norden predicts 90% of votes will have paper backups in 2020.
In the 1,006 days since Donald Trump became president, his administration has shown little vigilance when it comes to its own security, and a new internal memo suggests the White House is working to weaken its own cybersecurity safeguards. Axios has published a memo written by the White House computer network defense branch chief Dimitrios Vastakis that warns “the White House is posturing itself to be electronically compromised once again.” The White House did not immediately respond to a Gizmodo request for comment. Vastakis submitted the memo as a letter of resignation last Thursday. As Axios reports, the letter comes after at least twelve top officials were dismissed or resigned from a cybersecurity team that protected the White House from security threats from Russia and other entities. This team—the Office of the Chief Information Security Officer (OCISO)—was built after the Obama administration was attacked by Russian hackers in 2014. As the memo states, the OCISO “was established to take on the responsibility of securing the Presidential Information Technology Community (PITC) network.” Since then, the team has “significantly matured the security posture of PITC and no major compromise has occurred,” according to the memo.
One of the National Security Agency’s newly minted Cybersecurity Directorate’s goals is to quickly share information on adversarial threats with the private sector — but the process for doing that needs to be refined, the directorate’s leader said Thursday. “The process in place today is where we know we need to do some work,” Anne Neuberger said while speaking at CyberTalks, produced by CyberScoop. “When we find indications of a threat, we see planning to execute a particular operation, or we see the operation being executed. [But] because we learn about it in a classified way, we treat it as classified.” Part of the difficulty the NSA faces is that adversaries often run operations and then discard their compromised infrastructure, making a protracted declassification process nearly useless since “indicators of compromise pretty much they have a ticking time clock for how useful they are,” Neuberger said. The new directorate, which started operations earlier this month, is measuring success by examining how well it is able to prevent attacks moving forward.
Worried about internet trolls and foreign powers spreading false news, census officials are preparing to battle misinformation campaigns for the first time in the count’s 230-year history. The stakes are huge. Who participates in the 2020 census count could influence how U.S. congressional seats and billions of federal tax dollars to educate children, help low-income families and pave new roads are divvied up. “It’s a fine target,” former U.S. Census Bureau director John Thompson said of the form, which is sent every decade to households in America to count the population. “If you want to disrupt a democracy, you can certainly go about it by disrupting a census.” Already, false and inaccurate social media posts about the census have begun to appear online, where they have been viewed thousands of times. Foremost on everyone’s mind are the misinformation wars waged during the last presidential election to confuse U.S. voters. Fake posts about the census began popping up days after the U.S. Supreme Court ruled in June that the Trump administration could not ask about citizenship status on the 2020 census: Conservative bloggers, Twitter users and pundits falsely blamed former President Barack Obama for scrubbing the question from the form in 2010. In fact, the main census form hasn’t included a citizenship question since 1950, and the bureau’s own analysis found it would discourage people from participating, possibly skewing results.
Verified Voting staff joined the Voting Village at the 27th annual DEFCON conference in Las Vegas in August. DEFCON brings security professionals, journalists, lawyers, researchers, and – of course – hackers under one roof at the world’s largest annual hacking convention. Since its launch in 2017, the Voting Village has served as an “open forum…
If the FBI discovers that foreign hackers have infiltrated the networks of your county election office, you may not find out about it until after voting is over. And your governor and other state officials may be kept in the dark, too. There’s no federal law compelling state and local governments to share information when an electoral system is hacked. And a federal policy keeps details secret by shielding the identity of all cyber victims regardless of whether election systems are involved. Election officials are in a difficult spot: If someone else’s voting system is targeted, they want to know exactly what happened so they can protect their own system. Yet when their own systems are targeted, they may be cautious about disclosing details. They must balance the need for openness with worries over undermining any criminal investigation. And they want to avoid chaos or confusion, the kind of disruption that hackers want. The secrecy surrounding foreign hacks is not a hypothetical issue. The public still doesn’t know which Florida counties were breached by Russian agents in the 2016 election. Rick Scott, Florida’s governor in 2016 and now a U.S. senator, was not told at the time and didn’t learn most of the details until this year. And the threat to electoral systems is real. Federal officials believe Russian agents in 2016 searched for vulnerabilities within election systems in all 50 states. And the nation’s intelligence chiefs warn that Russia and other nations remain interested in interfering in U.S. elections.
Ohio Gov. Mike DeWine (R) on Friday signed into law legislation that will increase cyber protections for election systems and enhance the overall cybersecurity posture of the state. The legislation, which had bipartisan support, requires post-election audits by county boards of elections to ensure the accuracy of the vote count, while also creating a “civilian cyber security reserve” that can be called into duty to protect state and local government entities against cyberattacks, including those involving elections and those against critical infrastructure The bill gives the Ohio secretary of state a seat on the Ohio Homeland Security Advisory Council and creates a chief information security officer position within the secretary of state’s office to increase attention on election security issues. Ohio Secretary of State Frank LaRose (R), the top election official in the state, said in a statement on Friday that the legislation will give local officials “the support they need” to combat foreign cyber threats. “Imagine looking out the window and seeing foreign paratroopers parachuting into your town,” LaRose said. “We wouldn’t tell a community, ‘you’re on your own – your sheriff department can fight off that threat.’ Well likewise, in the online world, we can now respond with Ohio’s best cyber warriors so these counties and cities have the support they need.”
Chuck Anderson, the outgoing Westmoreland County commissioner, said he wanted to ensure county residents had the best voting system available before he leaves office in December. The $7.1 million touch screen/scanner system he and fellow Commissioners Ted Kopas and Gina Cerilli approved this month will cost $30 per voter — or nearly triple the $11 per voter Allegheny County paid for a new paper ballot/scanner voting system. Total cost for that system was $10.5 million. The price per voter is based on the number of registered voters. In Allegheny County, there are 952,685 registered voters. In Westmoreland, there are 235,970 voters. “The people from Westmoreland County expect to have the very best, and this is the best solution to the problem,” Anderson said. Experts who follow elections and cybersecurity say that’s not true. They maintain touch screen/scanner systems, such as the ES&S product Westmoreland County officials bought, are both more costly and less secure than systems that rely on paper ballots and scanners. Christopher Deluzio, policy director for the University of Pittsburgh Institute for Cyber Law and Security, has studied the issue for the past two years. An ongoing study that looked at what counties paid for voting systems found the average cost in places that bought touch screen/scanner systems was just more than $24 per voter, compared to about $12 per voter for those who bought paper ballot/scanner systems.
Secretary of State Nellie Gorbea told her audience on Friday how during the March 2016 presidential primary she was accused on election-related websites of rigging the election in favor of Hillary Clinton to the detriment of Bernie Sanders and closing down polling sites. “A year later it was determined that Bernie bots of the Russian Internet Research Agency were at work,” Gorbea said. “If your head is spinning, believe me, everyone’s head is spinning.” Gorbea was addressing more than 140 election officials and information technology experts who gathered for a five-hour Cybersecurity Summit at Salve Regina University’s Pell Center in Newport. Media were allowed to listen for 1 ½ hours, but then cleared out before speakers like Noah Praetz, a senior election security advisor with the U.S. Department of Homeland Security, and Jessica Cone, a specialist with the U.S. Elections Infrastructure — Information Sharing and Analysis Center, made their presentations. “We don’t want to give away our game plan,” Gorbea said.
This November, Texas voters may be less surprised by what’s on their ballots than by what their ballots look like. Dozens of counties across the state—including Collin, Dallas, and Tarrant—are rolling out brand-new, “hybrid” voting systems that combine paper-based and electronic balloting. With hybrid systems, voters use an electronic touch screen to mark paper ballots, which are then counted using a separate tabulating machine. Voters can confirm their selections on paper before scanning their ballots for electronic counting, and election officials have a paper record to use for audits and recounts. Electronic ballot-marking eliminates stray marks and over-votes (marking more than one choice in a race) that can make it difficult or impossible to interpret a voter’s intent. The systems include multiple security features and are not connected to the internet. “Russia cannot tie into this voting equipment,” Collin County Elections Administrator Bruce Sherbet said at a training class for election workers last week, adding that the rollout has been very smooth during early voting.
The National Cyber Security Advisor, Dr Albert Antwi-Boasiako has called on the Electoral Commission to put robust cyber security measures in place to protect its system from hacking. Given the reported cases of hacking of electoral systems in other countries during elections, there was the need for the EC to put measures in place to protect the Commission of cyber attack. Dr Antwi-Boasiako made the call in an interview with the Ghanaian Times after a high-level discussion on election and cyber security to close the 2019 National Cyber Security Awareness Month. The one-week programme, attended by participants and ministers from some West African countries was on the theme “Demonstrating Ghana’s cyber security readiness.” It was organised by the Ministry of Communications and National Cyber Security Centre to create awareness on cyber security issues and attacks and the impact of the menace on the economy, corporate bodies and individuals.
Recent reports that a number of electronic voting machines (EVMs) were missing from the Electoral Commission of Namibia (ECN) have sparked massive public criticism, with some people questioning the integrity of the election body in the run-up to next month’s presidential and National Assembly elections. Some political commentators and legal experts have accused the electoral commission of concealing information regarding the disappearance of the EVMs, while others called for the arrest of people responsible for the missing EVMs. The Namibian reported last week that the Namibian Police were investigating a case involving the disappearance of three EVMs from the ECN. The ECN issued a statement on Sunday, explaining that the missing EVMs were rented out to the ruling Swapo Party to conduct an internal election for the party’s Elders’ Council in 2017. The commission, however, remains tight-lipped about the issue, saying it could not publicly pronounce itself on the matter due to “concerns of compromising the investigation process, as the police are working to trace the EVMs that had gone missing.”
American intelligence is warning of a concerted effort overseen by Russian president Vladimir Putin to swing next year’s presidential election in favor of Donald Trump. Reports prepared by the National Security Agency and the Central Intelligence Agency are unequivocal, detailing a two-pronged Russian strategy: sow dissension inside America by manipulating social media and attack the voting process itself. There is also concern that a new front could be opened in this battle by the use of deepfakes, videos generated using artificial intelligence that recreate the image and voice of anyone, who can be made to say and do anything. The leading Democratic candidate, for example, could be seen to suggest pardoning Patrick Crusius, the man who killed 22 people in El Paso in August. Such fake videos are both easy to make and difficult to detect, and they could undermine any candidate. Already in the Democratic primaries, trolls have been hard at work influencing the conversation. One fake meme that proved popular, for example, declared that every Democratic candidate had changed his or her name. ‘Democrats are so fraudulent and corrupt that they don’t even use their real names with the American people,’ claimed the meme, which said Cory Booker’s real name is Tony Booger and Bernie Sanders’s is Bernard Gutman.
Elections in the UK are more likely to bring to mind visions of kindly pensioners in church halls ticking names off lists than shadowy hacking groups attempting to subvert democracy. But hackers, with terrifying powers to spread fake news on a massive scale, are fast becoming a reality of British politics. Last year, ahead of the local elections, the National Cyber Security Centre (NCSC), a division of spy agency GCHQ, published a starkly worded report for local authorities which warned of “insider activity” that could attempt to “manipulate or compromise electoral information or processes for financial gain [or] ideological reasons.” The report urged local authorities to make regular backups of the electoral roll and to keep these backups in secure facilities to make it more difficult for hackers to access them. Ask spies and security experts about the digital threat to elections and you’ll encounter the curious lexicon of intelligence agencies. Hackers are known as “threat actors” who engage in either overt or covert influence campaigns. And when hackers manage to break into a computer network, they typically create an “implant” which allows them to return or to funnel data out without anyone noticing. A series of government departments have found themselves at the frontline of the battle to keep elections secure. In recent months, committee hearings in the Houses of Parliament and briefings by spy agencies have outlined how the government keeps elections safe.
Democrats are renewing their calls for Senate action on election security measures following the release of a Senate Intelligence Committee report that found the Kremlin directed Russian efforts to interfere in the 2016 presidential election. The party has repeatedly gone after Senate Majority Leader Mitch McConnell (R-Ky.) for imposing obstacles to action on election security, a point underscored once again in the wake of the bipartisan Intelligence report. McConnell was “blocking a full-throated U.S. response” by stopping various election security bills from being brought up in the Senate and burying them “in his legislative graveyard,” Senate Minority Leader Charles Schumer (D-N.Y.) charged in a statement. Sen. Michael Bennet (D-Colo.), a member of the Senate Intelligence Committee and a 2020 presidential candidate, called on McConnell to allow votes on election security legislation.
Moire than three years after media reports disclosed hackers were interfering in the 2016 U.S. presidential race to influence voters, most of the country’s candidates in the 2020 presidential election are struggling with cybersecurity issues, according to a nonpartisan group focused on internet standards. A majority of the 23 candidates in the race for the White House failed to meet the privacy and security standards set by the Internet Society’s Online Trust Alliance (OTA), according to the group’s audit released this week. The findings are the latest to show the increasing pressure countries are facing to preserve online security during elections, as well as in their industries and infrastructure. The research by the OTA examined how well the 23 Democratic, Republican and Independent candidates are handling online security challenges in their campaigns. Just seven of the 23 politicians scored 80% or higher in campaign cybersecurity, meaning researchers found no failures in the three areas examined: privacy, website security and consumer protection. Weaknesses ensuring the data privacy of users accessing the candidate’s online platforms raised the most red flags, researchers found.
Russia’s interference in the 2016 U.S. election has generally been seen as two separate, unrelated tracks: hacking Democratic emails and sending provocative tweets. But a new study suggests the tactics were likely intertwined. On the eve of the release of hacked Clinton campaign emails, Russian-linked trolls retweeted messages from thousands of accounts on both extremes of the American ideological spectrum. Those retweets increased the odds selected Twitter users would be online and able to express outrage when the next day on Oct. 7, details such as the revelation that Clinton may have had early access to a primary debate question were released. Those retweets also brought those lesser-known users a wider audience, encouraging them to tweet more, and ultimately helping polarize American public debate.
A voting system which uses Radio Frequency Identification (RFID) technology to store electronic votes has been under scrutiny after election experts questioned its capacity to safeguard the integrity of election data. Though the voting system had been tested in a few Argentine jurisdictions, academics from around the world had not had a real chance to analyze it in detail until authorities from the Democratic Republic of Congo decided to use a similar system for the long-delayed elections of December, 2018. The decision to automate the controversial elections using an untested system drew criticism from U.S. diplomats. According to experts from The Sentry, it is possible to manipulate the information the RFID chip contains, since the use of this unique identifier technology and radio communications give off signals that can be easily detected at distances greater than expected. Experts recommend election officials to refrain from implementing this type of technology. RFID technology is well known for its usefulness in tracking inventories, but its use extends to other industries, from bookstores and apparel to health and transportation. The main benefit of having RFIDs is that it allows quick communication with remote sensors. Nonetheless, however useful RFID may be for certain industries, elections are an entirely different ballgame. The capacity to allow remote sensors to read the information it contains opens the door for bad actors to hack the votes.
The first Georgia voters to test the state’s new voting machines cast their ballots Monday, with some voters in Paulding County praising the addition of a paper ballot and others saying the voting equipment was more cumbersome than what they’re accustomed to using. Election officials rolled out the new voting system in six counties for local elections as in-person early voting began Monday. The $107 million system, which combines touchscreens and computer-printed paper ballots, will be used by all voters statewide on March 24 for the presidential primary. A few minor problems surfaced when polls opened in Paulding, located about 35 miles west of Atlanta.
“Green Party’s Jill Stein threatens legal challenge to Philly’s new, $29M voting machines.” At first glance, this may sound like a headline from the 2016 election. In fact, it’s a headline from October 2, 2019. Readers of this blog likely remember that Stein settled a lawsuit with Pennsylvania stemming from a state recount of the 2016 election. Why this is still in the news? Let’s run through Pennsylvania’s recent history of voting machine troubles. In 2016, Pennsylvania was one of fourteen states to use paperless voting machines as the primary polling place equipment in some counties and towns. During the Democratic primary, some counties encountered unusual voting procedures with their electronic voting machines. Three counties did not include a U.S. Senate candidate because the counties did not have enough time to add his name to the ballot after the state supreme court reversed a lower court decision to keep the candidate off the ballot after his petitions were challenged. The counties were unable to add his name because three weeks before the election it was “impossible” to update the information on the machines. To remedy this, voters in one county completed all primary votes except their U.S. Senate vote on an electronic machine – and submitted their Senate vote by a paper ballot; in another county voters had to separately write in the candidate’s name. While this was an unusual instance involving an essentially unknown candidate, you can imagine a scenario where a voting machine may need to be updated close to an election due to an emergency or court order – and the fact that there is no good way to address that issue is disconcerting.
The FBI is investigating an attempted intrusion of the Voatz mobile voting system during West Virginia’s 2018 midterm elections, officials announced last week, throwing a spotlight onto an experimental app that Utah County used for the first time in this year’s primary elections. Mike Stuart, U.S. attorney for the Southern District of West Virginia, said in a statement that there was “no intrusion and the integrity of votes and the election system was not compromised.” Stuart also said that the FBI investigation into the attempt is ongoing and that it’s still not determined whether any federal laws were violated. Voatz is a new technology allowing overseas voters, like missionaries and U.S. military personnel, an alternative to email or traditional mail-in voting, which have long sparked concerns over security and anonymity risks. It’s an app that uses blockchain technology, a sort of public digital ledger, to encrypt and secure votes.
Rozan Mitchell would like to clear up one thing: Yes, her office really does look at every signature on returned mail-in ballots and compare them against the signatures on voter registration forms. “People say, ‘Well, you only do a sampling.’ Nope,” Mitchell said, sitting in the Provo headquarters of the Utah County elections office in early September. She is the county’s elections director and, as she’s making clear, she takes that responsibility seriously. “We check the signature on every single one of those ballots that comes through here.” That’s how the county discovers instances where, say, a parent has voted for a missionary serving abroad, or a spouse has voted for someone away on business. “I think people don’t realize the great lengths we go to to do things like that,” Mitchell said. Supervising elections, a function of county clerks and their staff, is a process very much driven by local entities: states, counties and municipalities. The federal government has laws mandating equal access to the ballot box, but it’s up to local governments to decide how to achieve that goal.
A week ago, Washington Secretary of State Kim Wyman told KIRO Radio that the state’s election system routinely faces faces tens of thousands of hacking attempts daily. But how exactly is Washington’s system designed to fight those attacks? Wyman stopped in again to detail the various measures in place. “The biggest thing is we moved to the VoteWA system, and so this has enabled us not only to build a stronger firewall, more robust security, and monitoring systems around it, but now … any user that gets into our system, they have to be pre-approved,” Wyman told KIRO Radio’s Dave Ross. VoteWA is system that was first enacted for August’s primary election, featuring a handful of new security measures to ensure results aren’t altered, hacked, or tampered with in any way. Results from each of the state’s 39 counties are tabulated from paper ballots, and then transferred to an air-gapped machine (i.e. a computer not connected to the internet). The results are then transferred to a flash drive, which is plugged into an internet-enabled computer to transmit the final results.
During the 2018 midterm elections, somebody tried to hack Voatz, the blockchain-based voting system used by West Virginia. The attack was unsuccessful, but is under investigation by the FBI, said Andrew Warner, West Virginia’s secretary of state in an Oct. 1 press conference. “In last year’s election, we detected activity that may have been an attempt to penetrate West Virginia’s mobile voting process,” said Warner. “No penetration occurred and the security protocols to protect our election process worked as designed. The IP addresses from which the attempts were made have been turned over to the FBI for investigation. The investigation will determine if crimes were committed.” The hacking attempt may have stemmed from an election security class at the University of Michigan, CNN reported Friday (Oct. 4). Last November, 144 West Virginian voters—including active members of the US military serving overseas—used Boston-based Voatz, a blockchain-enabled smartphone application, to cast their ballots for the Senate and House of Representatives as well as for state and local offices. That’s a small number, but could be consequential, especially in close races. Four seats in West Virginia’s House of Delegates were decided by less than 150 votes.