Pennsylvania: How Pennsylvania’s election security lawsuit settlement led to the last minute challenge of the state’s top-selling touchscreen voting machine | Emily Previti/PA Post

Three Pennsylvania counties could end up scrambling to replace brand new voting machines before the 2020 election – a situation stemming largely from the loose terms of the 2018 legal settlement that mandates new voting machines across the state. Plaintiffs led by former Green Party presidential candidate Jill Stein say one system in particular never should have been certified in the first place and are asking a federal judge to force the state to decertify it. The ExpressVote XL doesn’t meet the agreement’s requirements for paper-based systems that produce auditable results and let voters verify ballots before they are cast, they claim. The Stein plaintiffs made their move about a month ahead of the year-end deadline for Pennsylvania counties to buy new machines, and well after most counties already spent or committed more than $150 million to buy machines certified by the Pennsylvania Department of State. It also comes amid Northampton County’s investigation into why the XL tabulated results incorrectly in some races in the Nov. 5 general election. Philadelphia debuted the machines that day, too, with comparatively minor issues. Stein spokesman Dave Schwab says they’re acting at this juncture, in part, because the settlement requires the parties to attempt to resolve any differences among themselves before seeking court intervention.

Full Article: How Pa.’s election security lawsuit settlement led to the last minute challenge of the state’s top-selling touchscreen voting machine | PA Post.

National: Several election security provisions are in the massive defense bill | Andrew Eversden/The Fifth Domain

The National Defense Authorization Act released Dec. 9 contains several provisions aimed at securing U.S. election infrastructure months before presidential primary season is in full-swing. The provisions in the compromised conference report mandate a broad range of election-related steps, from an assessment of foreign intelligence threats to U.S. elections to allowing top state election officials to receive Top Secret security clearances. The security clearance language is good news for the information-sharing relationship between the the federal government and state election officials, who don’t have proper clearance to view high-level intelligence related to election infrastructure cyberthreats. Throughout the 2016 election, the Department of Homeland Security and the FBI had a fraught information-sharing relationship with the states. In the years since, top federal election officials have consistently said information sharing needed to be improved, and while officials say it has been, the clearance problem was still a hindrance.

Full Article: Several election security provisions are in the massive defense bill.

National: RNC, DNC bank on Duo authentication ahead 2020 election | Shannon Vavra/CyberScoop

The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other user accounts, both personal and professional, too, according to Mike Gilding, the deputy director of information technology at the RNC. The approach reflects the urgency with which both major political U.S. parties must adopt even basic cybersecurity measures after Russian hackers accessed email accounts belonging to key members of the Democratic National Committee in 2016. Another similar attack against either party could disrupt what is shaping up to be a particularly contentious U.S. election season, as impeachment proceedings against the president move forward. The DNC and RNC have a lot to safeguard, including polling data, candidate research, campaign funding, and election strategies.

Full Article: RNC, DNC bank on Duo authentication ahead 2020 election.

National: Russia’s efforts to target U.K. elections a stark warning for 2020 | Joseph Marks/The Washington Post

An alleged Russian influence campaign to undermine this week’s British elections shows how tough it will be to keep foreign influence out of the 2020 U.S. contest. Russian-backed accounts on Reddit actively worked to boost the trove of documents appearing to detail key U.S.-U.K. trade negotiations that have been gaining traction over the internet for months, the social sharing site revealed Saturday. It’s not clear whether the documents were leaked or hacked, but Britain’s opposition Labour Party, has been using the seemingly genuine documents to slam the ruling conservative party for considering giving U.S. companies far more influence over Britain’s popular state-run National Health Service as part of a post-Brexit trade deal. It’s yet another example of Russia’s powerful digital army allegedly seeking to influence the outcome of a Western election — and it offers a stark reminder of how influence operations can be highly effective even before they’re identified. This dramatically undermines government and industry efforts to blunt their power or hold off their spread.

Full Article: The Cybersecurity 202: Russia's efforts to target U.K. elections a stark warning for 2020 - The Washington Post.

National: Multistate voter database suspended in lawsuit settlement | Roxana Hegeman/Associated Press

A much-criticized database that checks whether voters are registered in multiple states has been suspended “for the foreseeable future” until security safeguards are put in place as part of a settlement of a federal lawsuit, a civil rights group said Tuesday. The Interstate Crosscheck program was the subject a class-action lawsuit by the American Civil Liberties Union of Kansas on behalf of 945 voters whose partial Social Security numbers were exposed by Florida officials through an open records request. Kansas has operated the multistate program since 2005, although the program hasn’t been used since 2017 when a Homeland Security audit discovered security vulnerabilities. The settlement includes a list of safeguards the state has agreed to implement to protect voter’s personal information before the program can resume, the ACLU said in a news release.

Full Article: Multistate voter database suspended in lawsuit settlement.

Editorials: Election security: Oversight of vendors is lacking | Pittsburgh Post-Gazette

Well-documented Russian meddling in U.S. elections demands keen concern for the protection of election integrity. This concern should rise to the level of immediate action in light of a new report verifying the lack of federal oversight of the private companies that make voting equipment. The Brennan Center for Justice, which is based at New York University School of Law, reported that three companies provide more than 80% of the voting systems in the U.S., yet they lack meaningful oversight, leaving the electoral process vulnerable to attack. A cyberattack against any of these companies could have deep consequences for elections across the country. Other systems that are essential for free and fair elections, such as voter registration databases and electronic pollbooks, also are supplied and serviced by private companies. Yet these vendors, unlike those in other sectors that the federal government has designated as critical infrastructure, receive little or no federal review, the Brennan Center found. Oversight is needed. Federal standards must be set. Congress should establish a framework for certification of election vendors.

Full Article: Election security: Oversight of vendors is lacking | Pittsburgh Post-Gazette.

Kentucky: Officials Say Online Voting Not Coming Soon | Jacob Mulliken/Government Technology

The discussion about a digitized polling system has election officials and experts throughout the nation stepping up to avoid a potentially crippling move for the American electoral system, said Kentucky Secretary of State-elect Michael Adams. “I think concerns, especially surrounding hacking, are well-founded right now,” he said. “People want to confirm that their vote can’t be hacked and that the machine tallies the votes offline and that they are collected and processed, offline. The most secure elections are cast in person because there are checks and balances requiring some sort of identification and oversight. When you see fraud, and we have it, it most often happens outside of the purview of election officials. “An online method system out west may work where there is less history of election fraud, but not in places like Kentucky where fraud is still endemic. Internet voting in Kentucky is not anywhere near ready for primetime.”

Full Article: Kentucky Officials Say Online Voting Not Coming Soon.

Pennsylvania: What went wrong with Northampton County’s voting machines? The analysis is done. | Kurt Bresswein/Lehigh Valley Live

Election night, Nov. 5, came and went in Northampton County without any word on who had won and who had lost. County elections officials had to count ballots through the night, after apparent problems with electronic tabulation on the new Election Systems & Software (ES&S) ExpressVote XL machines in use for the first time. ES&S has now completed its analysis into what went wrong, and the results are set for release during a news conference Thursday afternoon at the county courthouse in Easton, county officials said Tuesday. County Executive Lamont McClure and Adam Carbullido, senior vice president of product development at Omaha-Nebraska-based ES&S, are scheduled to discuss the analysis. McClure’s administration and a representative of ES&S declined to detail any of the findings in advance of Thursday. “A team of experts from ES&S began examining Northampton County voting machines on Dec. 5 after the court-ordered impoundment was lifted,” ES&S said in a statement Tuesday. “During this examination, ES&S applied to Northampton machines the work it conducted at its main facility over the last several weeks to replicate and correct the human errors that caused the Northampton issues. After having the opportunity to review the machines in person, we look forward to sharing our diagnoses on the Election Day issues during Thursday’s meeting.”

Full Article: What went wrong with Northampton County’s voting machines? The analysis is done. -

Pennsylvania: State warns Dauphin County over defying voting machine edict | Marc Levy/Associated Press

A Pennsylvania county is being told it would lose out on millions of dollars in aid and almost certainly be sued by the state if it refuses to take action to buy new voting machines before Dec. 31, county officials said Monday. Dauphin County Commissioner Mike Pries said that was the message delivered to him during a meeting with Gov. Tom Wolf’s top elections officials last week, a message strong enough to change his mind. “Certainly the message from the state has been received loud and clear,” Pries said. In addition to the threat of a state lawsuit, Dauphin County would be unable to share in state and federal aid to help with a purchase that could exceed $5 million, county officials said. That aid could account for roughly 70% of each county’s tab. As a result, Pries said he has decided to vote to buy new voting machines, seeing it as the best option for the county’s residents and taxpayers. It is just a question of settling on which machine to buy, he said. A spokeswoman for Wolf’s Department of State declined comment Monday. Dauphin County’s other two commissioners have yet to meet with Department of State officials.

Full Article: Pennsylvania warns Dauphin County over defying voting machine edict |

Rhode Island: Elections board discusses voter-system security | Katherine Gregg/Providence Journal

Voting by email. Upgrading the modems used to transmit election-day vote tallies.  Unmasking the donors hiding behind names like “The Coalition to Make Our Voices Heard” who pour money into campaigns. On a day Russian interference in past U.S. elections again made news, Rhode Island election officials waded into this quagmire without making any final decisions on what to do next. For example, they briefly weighed the pros and cons of allowing overseas voters — such as members of the military — to cast their R.I. election ballots from afar by email. The idea was shelved — at least for now — pending more study, after one member after another of the state Board of Elections voiced concern about the security of ballots cast in this fashion, despite assurances the ballots would be sent to a dedicated “address.” “I think we need to look very carefully at the security issues,” said the vice chairman, Stephen P. Erickson. It was unclear who authored the email-voting proposal that appeared on the board’s agenda, alongside a proposal to upgrade from 3G to 4G the modems the state uses on election-day to transmit results to state Board of Elections headquarters. That proposal too was put on hold — until next week — amid warnings from Brian Tardiff, the information security officer for the state’s Division of Information Technology, that making public all of the findings of a cybersecurity analysis of Rhode Island’s election system could put the system at risk.

Full Article: Elections board discusses voter-system security - News - - Providence, RI.

Texas: Ahead Of 2020, Voting Group Warns Most County Election Websites In Texas Are Not Secure | Ashley Lopez/KUT

Almost 80 percent of county election websites in Texas are not secure ahead of the 2020 presidential primary, according to a report from the League of Women Voters of Texas. Before every major election, the nonpartisan voting group says, it looks through the state’s 254 county election websites to make sure they have the information they are legally required to have, that the information is easy to find and that it’s easy to read. League of Women Voters of Texas President Grace Chimene said as the group conducted this review, it found a glaring issue. “One of things that stood out to us is that there is a definite problem with website security,” she said. “I was really surprised. I was totally shocked that this is a problem.” In particular, Chimene said, 201 of the 254 sites don’t have https in their URLs, signaling the website is secure. “This is just the most simple thing to fix and it hasn’t been fixed,” she said.

Full Article: Ahead Of 2020, Voting Group Warns Most County Election Websites In Texas Are Not Secure | KUT.

New Zealand: Much awaited report on combatting foreign interference in elections delivered | Charlie Dreaver/Radio New Zealand

Parliament’s Justice Select Committee has released its results of its inquiry into the 2017 General and 2016 Local elections. The report covers a number of areas including allowing spy agencies to vet potential political candidates. Ahead of the 2017 general election the GCSB and the SIS drew up a protocol for managing foreign and cyber-security threats but they didn’t need to use it. But the Justice Select Committee said that was no reason to be complacent. It’s suggesting intelligence agencies should give advice about a particular candidate if the party asks for it. It wanted the agencies to be giving more advice in general about possible foreign interference. The committee’s deputy chairperson, National MP Nick Smith, pointed to the risks of what’s called “astroturfing” on social media.

Full Article: Much awaited report on combatting foreign interference in elections delivered | RNZ News.

Nigeria: National Electoral Commission says electronic voting not yet feasible | Eric Ikhilae/The Nation Newspaper

The National Electoral Commission (INEC) has said electronic voting systems could only be introduced into the nation’s electoral process when the nation was sure of the appropriate technologies, provide infrastructure, to address cyber security, among other challenges. According to INEC Chairman, Prof Mahmood Yakubu, the country was not there yet. He was however confident that his agency could achieve electronic collation of results (e-collation) and electronic transmission of results (e-transmission) during the next election circle in 2023. Mahmood spoke in Abuja on Monday at the Nigeria Civil Society Situation Room (NCSSR) stakeholders’ forum on elections. NCSSR is a coalition of civil society organisations, led by Clement Nwankwo, the Executive Director, Policy and Legal Advocacy Centre (PLAC). The INEC Chairmen, Deputy Senate President, Snetor Ovie Omo-Agege and the Minister of Justice and Attorney General of the Federation (AGF), Abubakar Malami were unanimous on the need to review the nation’s Electoral Act before the next election season and particularly, the importance of creating the much-requested Electoral Offences Commission.

Full Article: Just in: E-voting not yet feasible - INEC - The Nation Newspaper.

United Kingdom: Britain’s Spies Probe Russian Election Meddling | Jamie Dettmer/VoA News

Britain’s cybersecurity agency is investigating whether state-sponsored Russian hackers were behind the leaks of British government documents used by opposition politicians to embarrass Boris Johnson’s ruling Conservative Party ahead of Thursday’s general election. The official probe into the origin of the leaked material — which included documents detailing discussions between British and U.S. negotiators on a possible post-Brexit transatlantic trade deal — comes days after the social media site Reddit announced it had blocked 61 accounts linked to the dissemination of the documents after investigating suspect activity bearing similarities to previous Russian online influence operations. The leaked documents were used by Jeremy Corbyn, leader of Britain’s main opposition Labour Party, as “evidence” that the Conservatives might include the country’s public health service in any future trade deal with the United States — a claim firmly denied by British Prime Minister Johnson. Corbyn, other Labour leaders, as well as Scottish nationalists, have contended that the Conservatives will “sell off” the National Health Service to American companies in order to secure a trade deal.

Full Article: Britain's Spies Probe Russian Election Meddling | Voice of America - English.

United Kingdom: Poll Hacks: How Cybercriminals Aim To Disrupt Elections | David Warburton/Information Security Buzz

The UK general election is almost upon us, and it is already turning into one of the most divisive and analysed political events in the country’s history. Discourse and debate are reaching fever pitch, from parliamentary benches and constituency doorsteps, to every conceivable media platform in play. It is no surprise then that an air of online volatility persists more than usual. At this moment in time, every new election is likely the most tech-enabled and at risk addled yet. Labour was most recently under the cybersecurity cosh, enduring what it termed as “sophisticated and large-scale” attempt to knock out its digital systems earlier in the month (it turned out to be a set of distributed denial-of-service (DDoS) attacks). Just the other day, Labour candidate Ben Bradshaw also claimed to be a victim of a suspected cyber-attack when he received an email with sophisticated malware attachments. These are politically unprecedented times and the UK’s National Cyber Security Centre knows it. Last year, the government-backed organisation issued a direct warning ahead of local elections, citing potential “insider activity” attempting to “manipulate or compromise electoral information.” Similar warnings are in place for 2019. There are many ways to knock an election off course. Below are some of the main existing and emerging cyber threats to bear in mind as we head to the polls this week.  It is, however, worth noting that variations of these methods are possible throughout the year as hackers opportunistically hijack political developments in real-time.

Full Article: Poll Hacks: How Cybercriminals Aim To Disrupt Elections | Information Security Buzz.

North Carolina: Bait and switch by ES&S in North Carolina? | Jordan Wilkie/Carolina Public Press

A voting system certified and tested earlier this year for use in North Carolina’s March 2020 primaries won’t be available, according to manufacturer Elections Systems and Software, so the company’s lobbyists have suggested the state quickly approve one of its other systems instead. While the N.C. Board of Elections director has recommended going along with the vendor on the substitution, others see the move as a deceptive bait and switch. One Board of Elections member, Stella Anderson, has objected to the situation, thereby forcing the board to convene a special meeting on the issue. She and others have questioned the integrity of the company and suggested both ES&S and board staff have used language that understates the significance of the difference between the two systems and misrepresents federal government requirements for approving such modifications to voting systems. ES&S has been trying to get its EVS voting system certified in North Carolina since 2017. Litigation between the Republican legislature and the Democratic governor, the 9th Congressional District ballot fraud scandal in 2018, and the resignation of the former Board of Elections chairman delayed certification of the new system until the 11th hour.

Full Article: Bait and switch by maker of voting system for NC?.

National: Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing | Byron Tau and Dustin Volz/Wall Street Journal

Two top government officials with broad cybersecurity and election-integrity portfolios have announced they are stepping down this month, a loss of expertise in a critical area less than a year before the 2020 presidential election. Amy Hess, the executive assistant director of the Criminal, Cyber, Response, and Services Branch of the Federal Bureau of Investigation will depart for a job as the chief of public services in Louisville, Ky. Jeanette Manfra, the most senior official dedicated exclusively to cybersecurity at the Department of Homeland Security, will leave her post at year’s end for a job in the private sector. Both women have announced their departure in recent weeks. Senior U.S. intelligence officials have warned the elections are likely to be targeted online by Russia and other foreign adversaries following Moscow’s success in disrupting the 2016 race. The FBI and DHS are two of the primary agencies responsible for combating foreign influence operations online, along with intelligence agencies including the National Security Agency. The FBI established a Foreign Influence Task Force in 2017 and has made investments to deepen its cybersecurity capabilities. DHS is the lead federal partner for state and local election officials with a focus on safeguarding voting systems from hackers.

Full Article: Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing - WSJ.

Editorials: This is our last chance to ensure the 2020 election is not rigged | Myrna Pérez/The Guardian

On Friday the House of Representatives showed the country that it will not tolerate racial discrimination at the polls. It passed the Voting Rights Advancement Act, a bill that would restore the 1965 Voting Rights Act to its full strength. Our country needs that reform and others to make the 2020 election free and fair for all. Since its founding, America has moved slowly towards granting suffrage to more and more Americans, bringing more people into the electoral process. The Voting Rights Act of 1965 has been instrumental to that progress. But in 2013 the supreme court dramatically weakened that law. In Shelby county v Holder, the court disabled the act’s provision that required states and localities with histories of racial discrimination in voting to “pre-clear” new voting regulations. The pre-clearance system had allowed federal authorities to vet proposed voting rules for racial discrimination before they could cause injury. From 1965 right up until the Shelby decision, this safeguard blocked many restrictions that would have made it more difficult for black and brown people to participate and vote.

Full Article: The supreme court gutted the most powerful law for fair 2020 elections. Can Democrats revive it? | Myrna Pérez | US news | The Guardian.

Georgia: Groups Claim New Voting Machines Will Cost Counties Millions Extra, Georgia Secretary Of State’s Office Disagrees | Emil Moffat and Emma Hurt/WABE

A new study warns that Georgia’s new voting system could cost counties more than $80 million over the next ten years. The study was compiled by three groups: Fair Fight Action, a group founded by former Democratic gubernatorial candidate Stacey Abrams; The National Election Defense Coalition, which declares itself bi-partisan; and Freedom Works, a conservative group. That cost estimate, for some counties, includes the purchase of additional voting machines for this coming election to meet requirements under a new law that passed this year. The law, House Bill 316, mandates that each precinct has one voting station for every 250 registered voters. The estimates for the additional machines gathered in the study varied from hundreds, such as in Fulton County, to no additional machines, such as in DeKalb County. The state of Georgia agreed to a $107 million contract with Dominion Voting Systems in July. The groups who compiled the election cost study argue that the terms of the contract don’t cover warranty and licensing costs in the future, as well as printing costs like paper and toner, leaving the counties to foot the bill.

Full Article: Groups Claim New Voting Machines Will Cost Counties Millions Extra, Georgia Secretary Of State's Office Disagrees | 90.1 FM WABE.

Ohio: Deadline looming for Ohio’s county elections boards to complete new state security requirements for 2020 | Andrew J. Tobias/Cleveland Plain Dealer

While Ohio’s 88 county boards of elections are at various stages of completing a mandatory pre-election security check-list, Ohio Secretary of State Frank LaRose said Friday that he’s confident Ohio will have a secure 2020 election. During a security briefing in Columbus on Friday, LaRose, a Republican, urged local elections officials to get working on the security directive his office issued last June. Counties are required, among other things, to install a device that can automatically detect hacking attempts, and to conduct criminal background checks on elections workers who hold sensitive jobs. LaRose’s office, which oversees state elections, set a Jan. 31 deadline to get everything done. LaRose’s office emphasized that 52 of Ohio’s 88 counties are at least half done completing the security check-list. But that means 36 aren’t. And a handful are far behind, LaRose said. Only 13 counties have installed the devices that detect hacking attempts. LaRose drew chuckles and whispering from local elections officials when he said the current period — after last November’s election and before the Dec. 17 filing deadline for the March primary election — could be a slower time where elections board can get caught up.

Full Article: Deadline looming for Ohio’s county elections boards to complete new state security requirements for 2020 -