Pennsylvania: Northampton County election fiasco with new voting machines happened because they were set up incorrectly | Jonathan Lai/Philadelphia Inquirer

When votes were tallied last month using new voting machines in Northampton County, it was quickly obvious that something had gone wrong. The numbers were so clearly inaccurate that a judge ordered the machines impounded. Scanners were brought in to help count ballots, and voters questioned the integrity of the machines and the security of the election. The fiasco heightened concerns about the 2020 presidential election in Pennsylvania as the state looks to implement new voting machines in all 67 counties before the April primary. It turns out the machines had been set up improperly, county officials and the voting machine vendor said Thursday, a week after they began an investigation. The machines weren’t prepared to read the results of the specific ballot design used in Northampton County, and dozens of machines had touchscreens that weren’t properly calibrated. Adam Carbullido, an executive at Election Systems & Software, the Omaha, Neb.-based vendor of the ExpressVote XL machines used in Northampton County, said in a statement that the company “takes full accountability” for the mistakes and is reconfiguring the county’s machines.

National: GOP Senator Blocks Bipartisan Election Security Bill, claims protecting election security is an ‘attack’ on Trump | Emily Singer/The American Independent

Sen. Mike Crapo (R-ID) blocked a bipartisan bill aimed at protecting elections, saying it's 'designed more to attack the Trump administration.'A bipartisan bill to protect American elections from foreign interference was once again blocked on Tuesday, this time by a Republican senator who claimed that the legislation was an "attack" on Donald Trump. "The mechanisms in this bill have been designed more to attack the Trump administration and Republicans than to attack the Russians and those who would attack our country and our elections," Sen. Mike Crapo (R-ID) said of the Defending Elections from Threats by Establishing Redlines Act. The DETER Act — introduced by Sens. Chris Van Hollen (D-MD) and Marco Rubio (R-FL) — directs the head of the U.S. intelligence community to expose any foreign interference in federal elections and sanction the countries that were determined to have interfered. The bill is a response to Russia's hacking and disinformation campaign in the 2016 election.

National: Secretaries of State Unite to Fight Election Misinformation | Jessica Mulholland/Government Technology

There’s no question — the U.S. election system is vulnerable. In fact, it’s even more vulnerable than originally reported following the 2016 election. Government executives at all levels know, and they’re working on the problem, focusing on cybersecurity, inter-agency communication, paper trails and  audits. And the National Association of Secretaries of State (NASS) is working another angle: In mid-November, it launched  #TrustedInfo2020, an education campaign that aims to fight election misinformation by encouraging citizens to“to look to their state and local election officials as the trusted sources for election information,” according to the press release. The nation's secretaries of state, 40 of whom serve as their state’s chief election official, will guide voters directly to election officials’ websites and verified social media pages to ensure they get accurate election information. In a NASS-led Twitter chat held Dec. 12, secretaries of state from California to West Virginia — along with various groups and associations — discussed the initiative and how likely it is to make an impact.

California: Hundreds of California voters are being registered with the wrong party. Is DMV to blame? | Bryan Anderson/The Fresno Bee

At least 600 Californians, including lifelong Republicans and Democrats, have had their voter registration unexpectedly changed, and several county elections officials are pinning much of the blame on the state’s Department of Motor Vehicles. Among those affected: the daughter of the California Senate’s GOP leader. “I was like, ‘Kristin did you register as no party preference?’” asked Sen. Shannon Grove, R-Bakersfield. “She said, ‘No, I’m a Republican.’” Grove’s daughter had recently visited the Department of Motor Vehicles to change her address. Shortly thereafter, Sacramento County sent her a postcard informing her she is now registered as a “No Party Preference” voter ahead of California’s March 3, 2020 presidential primary. Grove stumbled across the notice earlier this week at her daughter’s Sacramento home, and worries that hundreds more could soon experience a similar unwanted surprise. Elections officials across the state are linking many of the reported complaints to the state’s new Motor Voter program, which launched ahead of the 2018 midterms to automatically register eligible voters when they visit the DMV. The 2015 law was designed to help boost participation, but a rushed launch prompted 105,000 registration errors to occur following its roll-out.

Verified Voting Blog: Verified Voting staff and partners comment on California’s proposed risk-limiting audit regulations

Verified Voting Director of Science and Technology Policy Mark Lindeman and Senior Advisor Pamela Smith collaborated with the California Voter Foundation and other partners in submitting a public comment letter responding to California’s proposed risk-limiting audit regulations. Visit the California Secretary of State’s website to view the proposed regulations. Download the Letter (pdf)

Dear Secretary Padilla:

We write in response to your recent request for public comment on proposed regulations that would impact the procedures used by election officials to conduct risk-limiting audits.[1. Proposed Regulatory Action: Risk-Limiting Audits, Title 2, Division 7, Chapter 2 of California Code of Regulations. (proposed October 25, 2019) (hereinafter “proposed regulations”).]

Thank you for your office’s efforts in developing the proposed regulations. As most of us are members of the workgroup that your office convened earlier this year, we appreciate the amount of work that went into developing these proposed regulations. We especially applaud the inclusion of the provisions regarding chain of custody, certification of contest results and reporting of audit results, public education, and the requirement for posted written audit procedures.[2. Id.]

We do, however, urge four modifications to the regulations. First, the regulations appear to conflict with California law which requires that when a county conducts a risk-limiting audit in place of the one percent manual tally, it must do so for each and every contest; as we discuss below, the language of the proposed regulations only requires RLAs for three contests and establishes a new auditing procedure not found in the statute. Second, we recommend that the final regulations require the Secretary to disclose the source code of the RLA software tool. Third, we urge the Secretary to ensure in the regulations that cast vote records be made publicly available online sufficient to allow the public to verify that the RLA is being conducted appropriately. Finally, we recommend that the Secretary clarify how partial RLAs will work.

Hawaii: Is Hawaii Prepared To Vote By Mail? | Sandy Ma/Honolulu Civil Beat

Vote-by-mail is coming to Hawaii in 2020, due to a law passed by the 2019 Hawaii State Legislature. Hawaii’s registered voters will no longer be voting at traditional polling places, such as schools and community centers on primary and election days. Ballots will be automatically mailed to all registered voters starting with the 2020 elections. This means no more standing in lines with family, friends, and neighbors, talking story before voting. Instead, we’ll talk story at Longs, Zippy’s, or the kitchen table, just like it should be! To some this will be a major adjustment, but to others, who are registered permanent absentee voters, this will be nothing new. Is Hawaii adequately prepared to make the transition to all mail-in voting? Proper implementation through public education and sufficient number of voter service centers will determine vote-by-mail’s success. People must be informed of how vote-by-mail will be altering how citizens will vote. All polling locations throughout the state are eliminated. Instead, there will be VSCs — eight total statewide. There were approximately 235 polling locations during the 2018 elections, but there will only be eight VSCs opened for the 2020 elections.

Indiana: State voting security seen as lax | Niki Kelly/The Journal Gazette

More than 50 Hoosiers attended the event put on by Common Cause Indiana that included a national look at election security as well as a detailed review of Indiana. The lack of an audit and paper trail has a tangible effect on whether voters trust the system, Dr. Greg Shufeldt – assistant professor of political science at Butler University – told the group. He noted states have taken divergent paths – some making voting easier and more accessible while others have cracked down on alleged voter fraud. A look at two different electoral integrity studies shows Indiana in the middle or slightly below the middle of the states. And Shufeldt said the primary thing that makes Indiana vulnerable is its use of direct record electronic machines. Election lawyer William Groth explained that 58 counties – including Allen – have these machines. They record votes directly into the machine with no paper ballot or trail generated. There is no way for a voter to confirm the machine accurately recorded their intent, and it is more difficult to do recounts.

Editorials: North Carolina elections board made elections less secure | David Levine/The Fayetteville Observer

Using a barcode ballot system makes it harder to audit election results — an essential election security feature for confirming the outcomes of the election. This past August, the N.C. State Board of Elections made a decision to enable large numbers of North Carolina voters to vote on Ballot Marking Devices (BMDs), which could have made the state’s elections less secure and more vulnerable to malicious foreign actors heading into the 2020 presidential elections. Last month, the vendor for these Ballot Marking Devices told a Board of Elections attorney that they had only one-sixth of the equipment needed to match demand for the 2020 elections under the current certification. To remedy the shortage, the vendor requested that the state certify an updated version of its voting systems through an administrative process that only applies to equipment that do not "substantially alter the voting system," rather than go through an entire certification process which might not conclude before the 2020 election cycle.

Pennsylvania: Lawsuit seeks to force Pennsylvania to scrap these electronic voting machines over hacking fears | Joseph Marks/The Washington Post

Election security advocacy groups are suing the state of Pennsylvania today to stop some counties from using controversial voting machines they say are vulnerable to hacking by Russia and other adversaries in 2020. The suit, shared exclusively with The Cybersecurity 202, comes just weeks after these particular machines had technical issues and went haywire and called the wrong winner in a county judge's race in November. The groups say hackers could do far worse to these electronic machines if they tried.  Concerns about hacking are supersized in Pennsylvania — a battleground state that could be vital to determining the next president. The ExpressVote XL machines, designed by Election Systems & Software, are being used in three counties that account for about 17 percent of the state’s registered voters, including Philadelphia County, the largest in the state. That's more than enough to tip a close election.

Pennsylvania: Administration defends voting machines blamed in undercount | Marc Levy/Associated Press

Gov. Tom Wolf’s administration asked a federal court Thursday to reject a challenge to its certification of voting machines bought by Philadelphia and two other Pennsylvania counties, while the machine’s maker accepted responsibility for problems that led to badly undercounted returns in a judicial race last month. In a federal court filing, Wolf’s administration said the plaintiffs, former Green Party presidential candidate Jill Stein and several supporters, knew Pennsylvania was about to certify the ExpressVote XL touchscreen system when the sides settled the election-security lawsuit. “Many months had passed” before the plaintiffs objected to the certification of the machines, made by Omaha, Nebraska-based Election Systems & Software, lawyers for the Wolf administration said in the filing. The settlement agreement’s terms are clear and the ExpressVote XL complies with them, they wrote. The court fight casts doubt onto how 17% of Pennsylvania’s registered voters will cast ballots in the April 28 primary election, as well as next November, when the state is expected to be one of the nation’s premier presidential battlegrounds.

Texas: We won. No, you won. Wait! We won! Confusion in a Texas school bond election isn’t going away. | Dave Lieber/Dallas Morning News

Jim Wells County had the infamous Ballot Box 13. It was 1948, and supporters of Lyndon B. Johnson held the box back, and then, miraculously, came up with just enough votes for LBJ to win his first U.S. Senate race. History would be quite different if the future president’s South Texas supporters hadn’t cheated. The fragility of our voting system should not be taken for granted. This can happen anywhere in any election. Midland County currently faces its own threat to the sanctity of its election system. Nobody is officially accusing anyone of cheating, but there are problems galore. Much of the problems stem from the first-time use of new voter machines that are supposed to protect ballot security. Called hybrids, they record a vote both electronically and through a backup paper ballot. Most Dallas/Fort Worth area counties have switched to them or are working on a switch. But, so far, that promised measure of security hasn’t worked in that part of West Texas.

Estonia: E-election taskforce report complete, includes 25 improvement proposals | ERR

The e-election taskforce has completed a report which includes 25 proposals for supplementing Estonia's e-election system, improving its reliability and managing its risks. Minister of Foreign Trade and Information Technology Kaimar Karu said that the report provided a useful overview of the issues surrounding e-elections. "The current e-election system has been in development and use since 2005 already, and, as with any other complex system, it requires continued further development and improvement," Karu said in a press release on Thursday. The report by the taskforce, which was launched by previous IT minister Kert Kingo (EKRE), will serve as one input in agreeing on further concrete steps in cooperation with other involved ministries and agencies. "The e-election system can definitely be viewed as part of the state's core infrastructure by now, and its funding and development are an extremely high priority," he said. "We must continue to be sure that we are using the best technology currently available while also taking into account, to the extent possible, future changes in both cryptography and technology capabilities in general."

Latvia: State institutions and politicians experience cyber attack | Latvian Public Broadcasting

The Information Technology Security Incident Response Institution Cert.lv announced on Friday, December 13 that over the last few days several state institution employees and politicians have experienced targeted cyber attacks using phishing emails from the Russian embassy formatted as a reply to a previous correspondence. The emails included a link for downloading a document, which would be used to infect the victim's computer. All recipients recognised former correspondence fragments, which were used to promote trust in the email. This is at least the second such attack in the last three months where phishing emails were sent from the Russian embassy. The embassy itself informed the media in October that their email system experienced a cyber attack. The attack didn't include critical vulnerabilities, but the downloadable documents included macro functions, where the user had to accept permissions. Cert.lv urges everyone to check the authenticity of all emails by checking the “From” and “Repy-to” addresses before opening any attachments or downloading any documents, as well as to avoid accepting any macro function permissions from documents.

Philippines: Comelec eyes ‘hybrid’ 2022 polls | Ferdinand Patinio/Philippine News Agency

The Commission on Elections (Comelec) is looking to "hybridize" the next national elections in May 2022. “We have no recommendations yet. It’s been talked about. Our focus really is a hybridization of the AES (Automated Election System),” Comelec spokesperson James Jimenez said in an interview Wednesday. A hybrid election system is a combination of both manual and electronic methods to be used either in voting, counting, transmission, and canvassing of results. However, the poll body official added that they have given Congress an estimated budget for their plan. “So far, we gave them our budget estimate, how much it would cost and well it looks like there is budget implication especially hybridization the way they are describing it now with projectors and everything at the canvassing level. So the costs have ballooned,” he said. While he doesn't have the exact figures, Jimenez said the commission may have to pay twice or thrice the normal cost of an election.