Archives

National: Why over 130,000 new voting machines could lead to more distrust in U.S. elections | Steven Rosenfeld/Salon

cross America, counties and states have acquired at least 130,000 new precinct voting machines that will debut in 2020’s primaries — including areas that can sway national elections. But the machines are controversial, splitting independent experts and election activists on issues that will likely affect public trust and confidence. Those key issues concern the transparency of voting and counting votes, whether reported election results can be double-checked and what role local election boards should play after Election Day to judge voter intent on ballots during challenges and recounts. The boosters of these new voting machines, called ballot-marking devices (BMDs), say that these touch-screen computers printing completed ballots will make voting simpler and more trustworthy. They say that is especially true for infrequent voters and voters with disabilities. They also say that automating ballots will end vote-counting fights — because printing completed ballots will eliminate that jury-like process, which BMD salesmen tout.

Full Article: Why over 130,000 new voting machines could lead to more distrust in U.S. elections | Salon.com.

National: Hacking a voting machine is getting easier | Brooke Crothers/Fox News

At the world’s premier hackers convention, hacking a voter system was as easy as ever, according to media reports. A summary of the “Voting Village” event posted last week said hackers at Defcon “compromised every single machine over the 2.5-day event, many of them with trivial attacks that require no sophistication or special knowledge on the part of the attacker.” “In most cases, vulnerabilities could be exploited under election conditions surreptitiously…an attack that could compromise an entire jurisdiction could be injected in any of multiple places,” according to a full version of the report. In many cases, physical ports were unprotected, passwords were either left unset or in their default configuration and security features went unused or in some cases, were disabled, the report added. Attendees were given access to over 100 machines at the event, including direct-recording electronic voting machines, electronic poll books, Ballot Marking Devices, Optical scanners and hybrid systems. One machine, based on an old PC hardware, had no BIOS password set on the machine. The BIOS (Basic Input Out System) controls the basic functions of a PC.

Full Article: Hacking a voting machine is getting easier | Fox News.

Alaska: State buying new voting machines for 2020 | Amanda Bohman/Fairbanks Newsminer

The state of Alaska is replacing the voting machines used in Fairbanks and elsewhere starting with the August 2020 state primary election, according to state and borough elections officials. That means Tuesday’s election was the last regular election for the AccuVote machines that have been used here for the past 20 years. The new machines are ImageCast Precinct ballot counters, or ICPs. The voter experience will not change much, officials said. People will continue to vote privately in a booth and then feed their ballot into a machine that tabulates the votes. The process will take a few seconds longer because the new technology captures an image of each ballot, officials said. The city of Valdez has been using the ICP machines for a few years. The clerk said they work well. “We love it. My voters love it. I haven’t had any problems with their equipment at all,” Valdez City Clerk Sheri Pierce said. The machines are made by Dominion Voting Systems, the same company that manufactured the AccuVote machines.

Full Article: State buying new voting machines for 2020; Fairbanks affected | Local News | newsminer.com.

Arizona: Secretary of State toughens election rules for cybersecurity | Andrew Oxford/Arizona Republic

Arizona officials are considering tougher cybersecurity standards for the state’s elections ahead of 2020, according to a proposed set of protocols the Secretary of State’s Office published this week. Some of the changes come after The Arizona Republic highlighted concerns about policies included in a first draft of a manual that county officials across the state will use to administer next year’s election. Experts contacted by the newspaper pointed to provisions that did not mandate the use of encryption in some circumstances or would allow officials to re-use USB sticks when working with election systems. The Secretary of State’s Office toughened policies on both of those issues in its final draft of the election procedures manual, published this week. Digital security is just a small piece of the proposed manual, which totals more than 500 pages. But cybersecurity has drawn particular scrutiny amid concerns about meddling in American elections.

Full Article: Arizona Secretary of State toughens election rules for cybersecurity.

New York: Hacking concerns delayed vote machines: Westchester bought them anyway | Mark Lungariello/Rockland/Westchester Journal News

Westchester County lawmakers put off buying new voting machines in March over concerns they could be hacked and made to add marks on finished ballots. The county Board of Elections bought some anyway. “The local county legislature has no authority to approve the machines, so we didn’t do anything out of the ordinary,” Reggie Lafayette, Democratic elections commissioner, told The Journal News/lohud. But some lawmakers didn’t see it that way and even sought a written legal opinion from county staff attorneys on the move. The county Law Department concluded in August that the elections board acted within its authority under New York state law as a semi-autonomous entity. Legislator Nancy Barr, a Rye Brook Democrat, said the process still left a lot to be desired. “Even if it’s allowed, it’s certainly not something that generates trust between the Board of Legislators and the Board of Elections, and other departments,” she said at last Monday’s meeting of the legislature’s Budget and Appropriations Committee.

Full Article: Hacking concerns delayed vote machines: Westchester bought them anyway.

Pennsylvania: Fight over Philadelphia’s voting machines may head to court | Marc Levy/Associated Press

Former Green Party presidential candidate Jill Stein wants Pennsylvania to block Philadelphia from using new touchscreen machines the state is buying ahead of the 2020 election and threatened court action Wednesday if it doesn’t do so promptly. Stein’s demand means that she and a group of plaintiffs could take the state back to Philadelphia’s federal court, where they filed an agreement last year to settle their lawsuit over vote-counting in 2016’s election. Stein and the other plaintiffs made the request in writing to Pennsylvania’s Department of State, which oversees elections. “We must protect our vote and we must protect the authenticity of our vote,” Stein told supporters during her announcement in front of Philadelphia’s federal courthouse Wednesday. The department has 30 days under the agreement to respond. On Wednesday, it did not say whether it would decertify the machines or consider decertifying them, although a spokeswoman pointed out that it recertified the system last month after originally certifying it last year.

Full Article: Fight over Philadelphia’s voting machines may head to court.

Washington: ‘Tens of thousands’ of attempts daily to hack Washington’s election system | Dyer Oxley/MyNorthwest

Washington state’s general election is one month away and aside from making sure the process is ready to run smoothly, Secretary of State Kim Wyman has another concern on her mind — cybersecurity and election hacking. “We have attempts every day,” she told KIRO Radio. “Tens of thousands of attempts to get into our system … right now, we are just blocking all of them.” “Some (hackers) are just trying to see what they can see, ‘what can we get to and what can we play with,’” Wyman said. “And some have bigger chess moves. They are trying to undermine confidence that voters have in our system.”

Full Article: 'Tens of thousands' of attempts daily to hack Washington's election system.

West Virginia: Alleged mobile voting app hack linked to University of Michigan | Benjamin Freed/StateScoop

Federal investigators looking into an alleged hacking attempt against the mobile app that West Virginia officials used to collect ballots from overseas voters in the 2018 election are determining if the incident was the result of computer-science students at the University of Michigan testing for vulnerabilities. CNN reported Friday that the FBI is investigating “a person or people” who attempted to access the app — Voatz — as part of a cybersecurity course at University of Michigan, which is one of a handful of universities with a curriculum focused on election security. Mike Stuart, the U.S. attorney for West Virginia, revealed the investigation last Tuesday, saying that during the 2018 election cycle his office was alerted by West Virginia Secretary of State Mac Warner that there was an “attempted intrusion by an outside party” to access the Voatz app. According to state officials and the app’s developers, Voatz is designed only to grant ballot access to qualified voters who go through multiple layers of biometric identification, including facial-recognition and fingerprint scanning.

Full Article: Alleged mobile voting app hack linked to University of Michigan.

West Virginia: Hackers try to access West Virginia’s mobile voting app | GCN

Someone tried to hack into West Virginia’s blockchain-enabled mobile voting system during the 2018 election cycle. The attack happened during the pilot rollout of West Virginia’s mobile voting pilot that uses a smartphone application developed by Boston-based Voatz to enable eligible overseas voters to receive and return their ballot securely using a mobile device. The app lets military and overseas voters who qualify under the Uniformed and Overseas Citizens Act verify their identities by providing biometric proof in the form of a photo of their driver’s license, state ID or passport that is matched to a selfie. Once voters’ identities are confirmed, they receive a mobile ballot based on the one that they would receive in their local precinct. A confirmation message is sent to the voter’s smartphone when the vote is uploaded to the blockchain’s series of secure, redundant, geographically dispersed servers , which ensures the votes cannot be tampered with once they’ve been recorded.

Full Article: Hackers try to access West Virginia's mobile voting app -- GCN.

Iran: Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come | Jai Vijayan/Dark Reading

A recently detected Iranian cyberattack targeting a US presidential campaign may well be a harbinger of what’s in store for political parties and election systems in the run-up to next year’s general elections. Last Friday Microsoft disclosed it had observed significant threat activity over the past two months by Phosphorus, a threat group believed linked to the Iranian government. Phosphorus, which is also known as APT25 and Charming Kitten, made over 2,700 attempts to break into specific email accounts belonging to Microsoft customers. In many cases, Phosphorus used information about the targets — including phone numbers and secondary email addresses — to try and infiltrate their email accounts. In the end, Phosphorus attacked 241 targeted email accounts and eventually managed to compromise four of them. In a blog Friday, Microsoft corporate vice president Tom Burt described the targeted accounts as being associated with a US presidential campaign, current and former US government officials, journalists covering politics, and Iranian nationals residing outside the country. The four accounts that were actually breached, however, were not connected to the presidential campaign or to the government officials.

Full Article: Iranian Cyberattack on US Presidential Campaign ....

Russia: How Russian operatives also used Google to influence Americans in 2016 | Jeff Stone/CyberScoop

While Russian propagandists relied heavily on Facebook and Twitter to spread disinformation before the 2016 U.S. presidential election, a new congressional report elaborates on how they also used Google and YouTube to sway Americans’ public opinion in favor of Donald Trump. The Senate Intelligence Committee on Tuesday released a report detailing expansive, and ongoing, information warfare directed against American internet users. The 85-page explanation confirmed much of what was already known about Russian operations: a Kremlin-directed effort utilized an array of social media networks, with their targeted advertising capabilities, to provoke and confuse likely voters ahead of a contentious presidential election. Facebook, Instagram and Twitter were the most crucial aspects of this effort, though Russia’s Internet Research Agency also leveraged Google and its subsidiaries for its own gain. “Periodically, particularly in the context of fast breaking news, Google’s algorithm can elevate extremist content or disinformation to the top of certain searches,” the Senate report said. “Days after the 2016 presidential election, a falsified media account of President-elect Donald Trump having won the popular vote briefly ranked higher than stories that accurately reflected the U.S. popular vote result.”

Full Article: How Russian operatives also used Google to influence Americans in 2016.

West Virginia: Hacking attempt reported against West Virginia’s mobile voting app | Benjamin Freed/StateScoop

The FBI is investigating an alleged hacking attempt against the mobile app that West Virginia officials used to collect ballots from some overseas voters during the 2018 election cycle, the Justice Department announced Tuesday. Mike Stuart, the U.S. attorney for West Virginia, said that during last year’s election cycle, his office received a report from West Virginia Secretary of State Mac Warner pertaining to an “attempted intrusion by an outside party” to access the app, Voatz, which Warner’s office has heralded as the future of voting for expat U.S. citizens, especially deployed members of the military. The attempt, Stuart continued, appeared to be unsuccessful, with no actual intrusion or effect on the 144 ballots that were cast in last year’s general election. “No penetration occurred and the security protocols to protect our election process worked as designed,” Warner said at a press conference Tuesday in Charleston, the state capital. Still, Warner said, the attempted intrusion was referred to the FBI for investigation as a “deterrent” against attempts by outside actors to interfere with the state’s election process.

Full Article: Hacking attempt reported against West Virginia's mobile voting app.

National: Former officials flag disinformation as top threat to U.S. elections | Derek B. Johnson/FCW

Two top former national security officials believe that disinformation campaigns may pose a greater long-term threat to election infrastructure than cybersecurity risks. “Securing the voting apparatus … that’s hugely important, but that to me at least is one bin of the problem,” said former Director of National Intelligence James Clapper while speaking at an Oct. 2 Washington Post event. “The other bin is what I would call, for lack of a better term, intellectual security, meaning how do you get people to question what they read, see and hear on the internet? And this where the Russians exploited our divisiveness by using social media, so that part of the problem I’m not sure about.” Clapper said that when it comes to protecting voting machines and other election infrastructure, agencies like the FBI, Department of Homeland Security, National Security Agency and others have “done a lot” since 2016.

Full Article: Former officials flag disinformation as top threat to U.S. elections -- FCW.

National: US Officials Not Taking Putin Election Comments Lightly | Jeff Seldin/VoA News

U.S. security officials are not laughing at the latest comments by Russian President Vladimir Putin about the Kremlin’s attempts to interfere in U.S. elections. Putin, speaking at an economic forum in Moscow Wednesday, dismissed U.S. allegations that Russia meddled in both the 2016 U.S. presidential election and the 2018 mid-term election as “ridiculous.” “Or it would be ridiculous if it was not that sorrowful, because all we see now in the U.S. domestic politics ruins Russia-U.S. relations, and I am sure it harms the United States itself, too,” Putin said. “I’m telling you as a secret – yes, we will definitely do it (meddle in next year’s U.S. presidential election) in order to deliver you the best of fun,” Putin joked with the audience. “Just don’t tell anyone.” Despite Putin’s comments, U.S. security and intelligence officials have said, consistently, that they have seen indications Russia will try to interfere with the upcoming 2020 presidential elections.

Full Article: US Officials Not Taking Putin Election Comments Lightly | Voice of America - English.

National: US diplomats told Zelenskiy that Trump visit was dependent on Biden statement | Julian Borger and Lauren Gambino/The Guardian

US diplomats told Ukraine’s president, Volodymyr Zelenskiy, that a prestigious White House visit to meet Donald Trump was dependent on him making a public statement vowing to investigate Hunter Biden’s company, and a Ukrainian role in the 2016 elections, according to texts released on Thursday night. The texts, released by three congressional committees holding impeachment hearings, show that the diplomats made clear that any improvement in Kyiv’s relations with Washington would be dependent on Zelenskiy’s cooperation in Trump’s quest to find damaging material about son of his leading political opponent, and on the Democrats in general. In August, Zelenskiy’s government became aware, through a US press report, that military aid for its struggle with Russia, had been withheld by Trump, in an apparent effort to increase the pressure on the Ukrainian government. The texts are exchanges from July to early September between three US diplomats – Gordon Sondland, the ambassador to the European Union, Kurt Volker, the then special envoy on Ukraine, and Bill Taylor, the acting ambassador to Kyiv. Trump’s personal lawyer, Rudy Giuliani and a Zelenskiy aide, Andrey Yermak, also make brief appearances in the correspondence.

Full Article: US diplomats told Zelenskiy that Trump visit was dependent on Biden statement | US news | The Guardian.

Editorials: Democrats Must Act Now to Deter Foreign Interference in the 2020 Election | Thomas Wright/The Atlantic

Democrats face a national-security problem without parallel in the annals of American democracy. The president of the United States, Donald Trump, has made clear not only that he will remain passive in the face of foreign interference in the 2020 U.S. election—a threat his current and former directors of national intelligence have called the most serious facing the country—but also that he will actually solicit such interference if it serves his interests. We know of at least one case—when he asked President Volodymyr Zelensky of Ukraine to launch an investigation into former Vice President Joe Biden as a personal favor—but there may well be others. Parts of the U.S. government, such as the Department of Homeland Security and the FBI, as well as state authorities, are working to prevent foreign interference in American elections, but even with a Herculean effort, the country’s defenses against political warfare, especially in the cyber domain, are weak and porous. Such attacks are easy to execute, but difficult and expensive to thwart. The threat is evolving and will be different than it was in 2016. There are many targets.

Full Article: Democrats Can Stop Political Interference in 2020 - The Atlantic.

Editorials: Voting machines pose a greater threat to our elections than foreign agents | Lulu Friesdat/The Hill

As the election security conversation widens beyond Russia, to include countries like Iran and China, it’s important to examine how security flaws in our country’s voting equipment increase the vulnerability of our elections. In 2010 a university cyber team conducted a test attack on an internet voting pilot project in Washington, D.C. The team successfully picked the winner of the election remotely from its Michigan lab. Writing about the attack, computer science professor J. Alex Halderman said, “Within 36 hours of the system going live, our team had … the ability to change votes.” In follow-up testimony, Halderman offered some chilling details: “While we were in control of these systems, we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.” Security experts have long warned that short passwords provide easy targets, but hackers at DEF CON, an annual security convention, recently found U.S. election systems with no passwords at all.  How did the security bar get set so low?

Full Article: Voting machines pose a greater threat to our elections than foreign agents | TheHill.

Colorado: Secretary of State’s QR code election security measure adopted | Teresa L. Benns/Del Norte Prospector

According to a Sept. 16 news release on the Colorado Secretary of State’s (SoS) website, Secretary of State Jena Griswold announced that Colorado will stop using ballots with QR codes, a marking used to track packages and other materials pictured above. The removal of QR codes from ballots will increase the security of vote tabulation and ensure voters can accurately verify that their ballots are correctly marked. With foreign countries actively trying to exploit voting vulnerabilities, this is a first-in-the nation added security measure. Marilyn Marks, who advocates for voting integrity nationwide, came to Saguache County in 2011 to investigate the irregular county election held in 2010. During that time, she also monitored an election held in Chaffee County where the QR code question was first raised. “Chaffee ballots are identifiable by both the voter and the government,” Marks said in an Aug. 9, 2012 Center Post-Dispatch article. (QR) codes on the ballot can be traced back to the voter in what Marks says is a very sophisticated process that could not have been detected by most voters or watchers.

Full Article: Del Norte Prospector | SoS QR code election security measure adopted.

Georgia: Previously redacted Georgia election security document made public | Mark Niesse/The Atlanta Journal-Constitution

The Georgia secretary of state’s office acknowledged Thursday that a vendor had improperly redacted a purchasing document detailing security features of the state’s new $107 million voting system. The unredacted 143-page document was posted on the secretary of state’s website Thursday. The document, which explains “high level security” of the state’s new voting check-in iPads, doesn’t compromise the integrity of the system, according to the secretary of state’s office. The document was made public “in the spirit of good governance and transparency” after the secretary of state’s office was alerted about the redactions, said Deputy Secretary of State Jordan Fuchs. “Our new voting system, including new Poll Pads, are our most secure system to date,” Fuchs said. The iPads will be provided by a company called KnowInk, which is working with Dominion Voting Systems to install the new voting technology statewide before the March 24 presidential primary.

Full Article: Previously redacted Georgia election security document made public.

North Carolina: Toss-up State to Use Vulnerable Tech in 2020 | Jack Lowenstein/WhoWhatWhy

The 2020 election is expected to once again be razor-close and, in light of Russian attempts to hack the vote in 2016, making it secure is of paramount importance. That is why North Carolina’s recent decision to open the door for unverifiable barcode election technology is raising eyebrows in the election integrity community. At the end of a 30-month process, the North Carolina State Board of Elections recently approved three new voting systems to replace decades-old technology in the state. However, state election officials also did something else: With their selection, they approved the use of barcode voting technology. Election integrity advocates, cybersecurity experts, and even two members of the five-member state board have strongly objected to the use of this technology. With the 2020 presidential election on the horizon — and North Carolina expected to be in play — the decision of state officials to choose voting systems that do not leave behind a verifiable paper trail creates major concerns for election transparency advocates.

Full Article: Toss-up State to Use Vulnerable Tech in 2020 - WhoWhatWhy.