National: Voting Machine Makers Give U.S. Access in Fight Against Hackers | Chris Strohm and Alyza Sebenius/Bloomberg

Companies that make voting machines and election systems have given the Homeland Security Department access to engineering details and operations so the U.S. can identify potential vulnerabilities hackers might exploit heading into the 2020 election, a department official said. The new cooperation has allowed Homeland Security to map out the ecosystem of election voting systems and processes to help state and local governments, as well as private companies, defend against hackers, Jeanette Manfra, assistant director for cybersecurity, said at an Intelligence and National Security Summit on Thursday. Makers of voting machines and election systems are cooperating voluntarily, representing a breakthrough for the government, Manfra said in an interview after the conference in the Washington suburbs. “I think we’ve made a lot of progress with the vendors of those systems,” Manfra said. “We know what makes up the systems and how it actually works.” Officials, citing Russian interference in the 2016 campaign, predicted lively combat between hackers and government protectors of cybersecurity in the run-up to next year’s presidential election.

National: ‘No One Is Accountable for This’: Why the 2020 Campaigns Are Struggling With Security | Uri Friedman/The Atlantic

It’s the eve of Election Day 2020, and political reporters have just received an incendiary email. Donald Trump’s campaign has sent out grainy cellphone footage of his Democratic challenger, Joe Biden, at a private meeting with wealthy donors, ridiculing Americans who voted for the president in 2016 and plotting how to trick them into backing him instead. Except Biden never made the remarks and Trump never shared them. A few overeager journalists post the video on Twitter before fully investigating its authenticity, causing the clip to spread on social media faster than the presidential campaigns and the press can expose it as a fraud. U.S. authorities will eventually attribute the deception to North Korean hackers, impersonating the Trump campaign’s domain name and deploying deepfake technology to keep their preferred nuclear-talks counterpart in office. But that won’t happen for weeks, well after Americans have chosen their next leader. Such a hypothetical scenario isn’t implausible. In fact, it’s a type of threat that the email-security firm Agari flagged in a recent report. Three and a half years have passed since John Podesta, the chairman of Hillary Clinton’s presidential campaign, fell for a phishing email—granting Russian hackers, and thereby the world, access to his Gmail account and coming to embody the devastating ways foreign governments can meddle in democratic politics. In light of that trauma, the current crop of presidential campaigns has made progress in fortifying their digital operations. But according to those who have worked with the campaigns on these efforts, they nevertheless remain vulnerable to attack and lack cybersecurity best practices. “The risk is more than reasonable that another Podesta-like attack could take place,” Armen Najarian, Agari’s chief marketing officer, told me.

National: New NSA cyber lead says agency must share more info about digital threats | Joseph Marks/The Washington Post

The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks. That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations. The directorate’s mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July. Neuberger acknowledged the difficulty of her mission during an onstage interview at the Billington Cybersecurity Summit, but also said the growing hacking threats from Russia, China and other U.S. adversaries mean the nation “must” achieve it. “The nation needs it … the threat demands it and the nation deserves that we achieve it,” Neuberger said. That mission also means, however, that NSA, which was once colloquially known as “no such agency” and has traditionally kept mum to protect its own hacking operations and secret sources, must start sharing more threat data with cybersecurity pros in the private sector, she said. And the NSA will have to share that information far more quickly than it has in the past when many recipients hcomplained that, by the time they get the information, it’s no longer useful, she said. In some instances, the agency will have to look for “creative approaches” to share that information, Neuberger told reporters after her talk.

National: Blue Dog Democrats urge action on election security | Maggie Miller/The Hill

The leaders of the House Blue Dog Coalition and the House Blue Dog Task Force on National Security on Thursday sent a letter to House and Senate leaders calling for action to prevent foreign interference in U.S. elections and to secure election systems. The House Blue Dog Coalition, a group of 26 moderate Democrats, urged congressional leaders to “put politics aside and pursue bipartisan solutions” to bolster election security ahead of 2020. “We are calling on Congress to take further action to secure our elections, punish Russia for its attempts to meddle in the 2016 and 2018 elections, and deter our adversaries from meddling in future U.S. elections,” the leaders of the Blue Dog Coalition and the Task Force wrote. “The threat to our national security could not be more clear.” The letter was sent to Speaker Nancy Pelosi (D-Calif.), House Majority Leader Steny Hoyer (D-Md.), Minority Leader Kevin McCarthy (R-Calif.), Senate Majority Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Charles Schumer (D-N.Y.).  The House has passed two major election security bills earlier this year, both along party lines. The SAFE Act, passed in June, would provide states with $600 million for election security efforts, and would also ban voting machines from being connected to the internet and from being manufactured outside the U.S. The House also approved the For the People Act, which includes sweeping language on election security and voting reform. Both bills have been blocked from a vote in the Senate by Republicans, who cite concerns around federalizing elections.

California: Los Angeles County Offering New Ballot Casting Process For Voters in 2020 | R.J. Johnson /KFI

Los Angeles County’s antiquated voting system is getting a badly needed upgrade in time for the upcoming 2020 elections. Starting next year, more than 5.2 million residents will have the chance to use the Voting Solutions for All People, or VSAP, which aims to make voting for residents easier, more secure and transparent. The new Ballot Marking Devices were designed by the Registar-Recorder/County Clerk in response to the aging system and meant to make it easier for voters to to customize their voting experience to fit their needs. Voters will be able to access 13 languages, adjust the touch screen to a comfortable angle, change the display settings such as text size and contrast or go through the ballot using the audio headset and control pad. Rest assured, the Ballot Marking Device is NOT connected to any kind of a network or the internet. If you’re not as technically-savvy as others, don’t worry, the easy-to-follow instructions guide voters through the voting process without any need for assistance.

Ohio: Secretary of State to ask for $1.7 million to monitor cyber-security threats | Jim Provance/Toledo Blade

Ohio’s top elections official on Monday will ask a state budgetary panel to allow him to tap just more than $1.7 million in federal funds to monitor county boards of elections for potential cyber-security threats going into the 2020 presidential election. If approved, Ohio would become just the third state, following Nevada and Florida, to have such devices in all of its counties. Secretary of State Frank LaRose has asked the bipartisan Ohio Controlling Board to release the funds made available through the federal Help America Vote Act to contract with the Center for Internet Security. The New York-based nonprofit organization is the sole vendor approved by the U.S. Department of Homeland Security and has staff at the National Cybersecurity and Communications Integration Center in Washington. “The security directive is intended to protect that infrastructure that is connected to the Internet — stations where board staff work, email systems, voter registration databases, the board of election website…,” Mr. LaRose said. Voting machines and tabulating equipment would not be included since they are not connected to the Internet.

Russia: Masked man tasers Russian election chief before regional vote | Reuters

A masked man broke into the home of Ella Pamfilova, the head of Russia’s Central Election Commission, in the early hours of Friday morning and repeatedly tasered her, Russia’s Ministry of Internal Affairs said. The attack came two days before Russians vote in regional elections, including in Moscow. The vote in the Russian capital has triggered weeks of protests after Pamfilova and her colleagues refused to register a slew of opposition-minded candidates. Election officials said the barred candidates had not collected enough genuine signatures to take part in Sunday’s election, an allegation the candidates denied. “The masked intruder broke in through a window and got onto the house’s terrace and repeatedly tasered the home owner (Pamfilova) and then fled,” the ministry said in a statement.

National: Big Tech Companies Meeting With U.S. Officials on 2020 Election Security | Mike Isaac and Davey Alba/The New York Times

Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election. The daylong meeting, held at Facebook’s headquarters in Menlo Park, Calif., included security teams from the tech companies, as well as members of the F.B.I., the Office of the Director of National Intelligence and the Department of Homeland Security. The agenda was to build up discussions and strategic collaboration ahead of the November 2020 state, federal and presidential elections, according to Facebook. Tech company representatives and government officials talked about potential threats, as well as how to better share information and detect threats, the social network said. Chief executives from the companies did not attend, said a person briefed on the meeting, who declined to be identified for confidentiality reasons.

National: DNC move against phone-in caucuses pits cybersecurity vs. voter participation | Joseph Marks/The Washington Post

The Democratic National Committee’s decision to recommend scrapping phone-in virtual caucuses in Iowa and Nevada is pitting security hawks, who say those systems are ripe for hacking, against Democratic activists who want to increase voter participation. The DNC announcement on Friday comes after a test of the phone-in systems showed they were vulnerable to hacking, as my colleagues Isaac Stanley-Becker and Michael Scherer reported. That confirmed the suspicions of cybersecurity experts who have long argued there’s no way to ensure the authenticity of votes that aren’t cast in person — including votes cast by email, websites or mobile phones. But it was a blow to activists who want to make it easier for people to participate in the democratic process — and who say lengthy in-person caucuses exclude people who work long hours or are caring for young children. Iowa and Nevada developed their phone-in systems after the DNC urged caucus states in 2018 to either switch to primaries — which are speedier  — or make it easier for people to participate remotely. The Iowa system would have allowed voters to register for a unique PIN number and use that PIN when they called in to vote for a candidate, my colleagues reported. The DNC move also sparked the ire of some 2020 presidential hopefuls.

Iowa: A Virtual Iowa Caucus Would Have Been A Hacking Nightmare | Maggie Koerth-Baker/FiveThirtyEight

When the Democratic National Committee put the kibosh on plans for virtual caucuses in Iowa and Nevada, they may have pissed off the people who saw the event as a chance to give more people the opportunity to vote. But at least the DNC made the cybersecurity community happy. “It was absolutely the right decision,” said Herb Lin, senior research scholar at Stanford’s Center for International Security and Cooperation. Lin and other experts praised the DNC for deciding the risks of a virtual caucus outweighed the benefits of making the time-consuming and byzantine caucus system more accessible. Yes, that has thrown state parties into a bit of chaos as they scramble to come up with new plans by a Sept. 13 deadline. But, Lin and others told me, there’s no getting around the fact that a virtual caucus would be massively hackable — easy to steal, and even easier to simply disrupt. If anything, they said, they wished more political leaders would take the same stance against such schemes, both in the U.S. and abroad.

Pennsylvania: Election security advocates criticize Pennsylvania Department of State over re-examination of voting machines | Ed Mahon and Emily Previti/PA Post

Election security advocates are criticizing the Pennsylvania Department of State over the way it re-examined an electronic voting machine from a leading election technology company. “We are profoundly disappointed that the Secretary’s office has conducted this re-examination in secret, without transparency or public engagement, which we believe to be in contravention of the requirements of the Commonwealth and the provisions of the Stein settlement,” Susan Greenhalgh, vice-president of programs for the National Election Defense Coalition, said in a news release. “We are examining our options for further action.” Several other groups, including Protect Our Vote Philly and the Pennsylvania-based Citizens for Better Elections, joined in criticizing the state department. In July, Greenhalgh and other election security advocates submitted a petition to the Department of State, requesting a re-examination of the ES&S ExpressVote XL electronic voting machine. The petition included 200 signatures from voters across the state. “They’ve never refused to let the public come in and observe these systems,” said petitioner and VotePA founder Mary Beth Kuznik. “It’s distressing.”

Russia: Anger over alleged Moscow election tampering spurs protest | Nataliya Vasilyeva/Associated Press

Thousands of people marched across central Moscow on Saturday to protest the exclusion of some city council candidates from the Russian capital’s local election, but did not result in riot police making mass arrests and giving beatings like at earlier demonstrations. Opposition-led protests erupted in Moscow this summer after election officials barred more than a dozen opposition and independent candidates from running in the Sept. 8 election for the Moscow city legislature. Some marchers on Saturday held placards demanding freedom for political prisoners: 14 people arrested in earlier protests face charges that could send them to prison for up to eight years. The only police seen along the route to Pushkin Square were traffic officers, a contrast to the previous unsanctioned demonstrations where phalanxes of helmeted, truncheon-wielding riot police confronted demonstrators. At earlier protests, authorities did not allow key opposition figures to get anywhere near the places they were held. Individuals were detained outside their homes and sent them to jail for calling for an unpermitted protest. This time, the protest leaders attended the gathering unhindered.

Verified Voting Blog: Report on Rhode Island Risk Limiting Audit Pilot Implementation Study Released

Download the Full Report (PDF) In October 2017, Rhode Island Governor Gina Raimondo signed into law a groundbreaking election security measure. Now, state law requires Rhode Island election officials to conduct risk-limiting audits, the “gold standard” of post-election audits, beginning with the 2020 primary. A risk-limiting audit (“RLA”) is an innovative, efficient tool to test…

National: Cyber Experts Warn Of Vulnerabilities Facing 2020 Election Machines | Miles Parks/NPR

A group of guys are starring into a laptop, exchanging excited giggles. Every couple minutes there’s an “oooooh” that morphs into an expectant hush. The Las Vegas scene seems more like a college dorm party than a deep dive into the democratic process. Cans of Pabst Blue Ribbon are being tossed around. One is cracked open and spews foam all over a computer keyboard. “That’s a new vulnerability!” someone yells. The laptop that’s drawing the most attention in this moment is plugged into a voting machine that was used just last year in Virginia. “Right now, we’re trying to develop a way to remotely control the voting machine,” said a hacker named Alex. He’s seated next to Ryan, and like a lot of the hackers at the Defcon conference, they didn’t feel comfortable giving their full names. What they’re doing — messing around with voting equipment, the innards of democracy — falls into a legal gray area. The voting machine looks sort of like a game of Operation. The cover is off and dozens of cords are sticking out, leading to multiple keyboards and laptop computers. No one could get that kind of access on a real Election Day, which is when most people come into contact with voting machines for a few minutes at most. Election supervisors are quick to point out that any vulnerabilities found under these conditions aren’t indicative of problems that actually could be exploited during an election. All the same, hackers like Alex and Ryan say the work they’re doing is important because it’s the highest profile public investigation of the equipment U.S. citizens use to vote. And if they can exploit it, so could government-sponsored specialists working for another nation’s intelligence agency.

National: FEC shutdown — Democracy dies in daylight, too | Renée Graham/The Boston Globe

The Federal Election Commission is essentially toast. Last week, Matthew Petersen, its Republican vice chairman, resigned, leaving the six-member panel with only three members — one person short of the requisite quorum. “Without a quorum, certain Commission activities will not take place,” said FEC commissioner Caroline C. Hunter in a statement. “For example, the Commission will not be able to hold meetings, initiate audits, vote on enforcement matters, issue advisory opinions, or engage in rulemakings.” In one of his last actions, Petersen, along with Hunter, also a Republican, stopped the FEC from using its powers as intended. They blocked an investigation into a report that Alexander Torshin (a Russian central banker close to Russian President Vladimir Putin) and Maria Butina used the NRA as “a conduit” to illegally funnel money between Russia and the Trump campaign. Butina later pleaded guilty to conspiring to act as an unregistered foreign agent of the Russian state. She was sentenced to 18 months in prison. Now the FEC’s dysfunction is tumbling toward disaster. The regulatory agency charged with enforcing campaign finance laws in federal elections has been kneecapped during a general election season already under a sustained attack by enemies both foreign and domestic.

Editorials: Why is the Russian medding in 2016 such a big secret? I’m not allowed to say. | Stephanie Murphy/The Washington Post

In May, other members of Florida’s congressional delegation and I were briefed for 90 minutes in the U.S. Capitol by officials from the FBI and the Department of Homeland Security regarding Russia’s interference in the 2016 election. I sought the briefing after then-special counsel Robert S. Mueller III’s report showed Russia had probed and even pierced election networks in Florida, among the most closely contested states in U.S. politics. Although our briefers supplied new details, much remained unknown. What I do know, I can’t talk about. Why that’s the case is itself a mystery. The Mueller report noted that Moscow’s meddling involved three lines of effort, and Florida was a target of each. First, a Russian entity conducted a social media campaign to sow discord and help then-candidate Donald Trump, including by organizing pro-Trump rallies in Florida. Second, a Russian intelligence agency — the GRU — hacked computer accounts connected to Hillary Clinton’s campaign. As part of this effort, it published Florida-related data stolen from House Democrats’ campaign arm. Finally, Mueller reported, the GRU sought to infiltrate computer networks involved in the administration of elections, which could enable Russia to alter voter registration databases or perhaps vote tabulation systems. That would be tantamount to an act of war, with malware rather than missiles as the weapon of choice. While Russian cyber actors cast a wide net, Florida’s county-based election supervisors were a focal point.

Editorials: Paper ballots are essential to securing our elections and our democracy | Lee C. Bollinger and Michael A. McRobbie/The Hill

Public confidence in the integrity and security of our elections is essential for democracy to be a trusted means of governing, and that very confidence is now under unprecedented attack by foreign adversaries. A newly released report from the Senate Select Committee on Intelligence, as well as recent congressional testimony by Special Counsel Robert Mueller, indicated that in 2016 Russia attempted intrusions into the election infrastructure of all 50 states. In one of the most dramatic moments of his testimony, Mueller said that Russia is at it again “as we sit here.” With just 15 months until the next round of major state and federal elections, and as Congress continues to debate the sources of and steps to combat the cyberattacks, it is sobering to consider the effect that a deep erosion of public confidence in the election process could have. It would be devastating to Americans’ faith in our democracy and the legitimacy of our elected government. For these reasons, state and federal leaders must act with urgency to secure our elections. As co-chairs of the committee convened in 2016 by the National Academies of Sciences, Engineering and Medicine to address voting security, we concluded that the nation should immediately take three actions to strengthen the safeguards for election systems against the mounting cyberthreats.

Georgia: State gets new election machines, but paper ballots abound | Mark Niesse and Arielle Kass/The Atlanta Journal-Constitution

The 2,271 people eligible to vote in Chattahoochee Hills may feel like they’re stepping back in time whenever they cast a ballot for the City Council or mayor. In much of the rest of the state, electronic voting machines are standard for each and every election. But in Chattahoochee Hills and about 70 other cities, residents vote using paper ballots. In many of those cities, the votes are even tallied by hand.On election night in Chattahoochee Hills, residents can pile into City Hall to watch City Clerk Dana Wicher and a handful of poll workers open a locked metal ballot box and call out the names on each ballot. Like keeping score at a baseball game, they can even tally along.As the debate rages over whether Georgia’s new touchscreen-and-printed-ballot voting system is secure, voters in cities across the state will continue to fill out their ballots with pens this November. They won’t use any modern technology during their municipal elections. State law exempts cities from having to use the uniform voting system mandated for county, state and federal elections.“Folks like coming in and doing the paper ballots. It’s that old-town community feeling,” Wicher said. “There is some suspense. There’s probably more transparency with the paper system.”

Georgia: Cobb County trialing backup paper ballot voting system in Nov. 5 elections | Rosie Manins/Marietta Daily Journal

The majority of voters in Cobb County will be using hand-marked paper ballots to vote in the Nov. 5 municipal elections, the Cobb County Board of Elections and Registration says. The Cobb board is piloting the paper ballot method for the elections it is managing in November for the cities of Smyrna, Kennesaw, Powder Springs and Austell. Acworth is managing its own municipal elections this year, using its existing paper ballot system, and Marietta is not holding elections in November because none of its elected members are up for re-election. In the four Cobb cities where the board manages elections, the hand-marked paper ballot trial will be conducted on Nov. 5 and in any subsequent runoffs as an extra safeguard to address concerns and any surprise problems associated with the statewide switch to new electronic voting machines in 2020, the board says. This kind of paper ballot system has to be used by Georgia if its new electronic voting machine system is not fully implemented and operational by the March 24, 2020, presidential primaries, according to a federal judge’s order. The Cobb trial is aimed at testing and refining if necessary a voting method which could be used in case of a problem with the new voting machines, which are supposed to be in place across the state for the March elections.

Missouri: St. Louis County Voters To Mostly Use Paper Ballots | KBIA

The St. Louis County Board of Elections unanimously voted Tuesday to shift toward using paper ballots and away from touch-screen voting machines. The elections board is moving forward with a $6.9 million contract with Hart Intercivic eSlate to provide new voting machines and software that primarily run a paper ballot system. The new apparatus is expected to be in place for the Nov. 5 election. A small number of touch-screen machines — one per polling station — will continue to be available for people with disabilities, said election board chair Sharon Buchanan-McClure. It’s unclear how many machines were purchased or other details, since the contract was not immediately provided Tuesday. The board held a closed-door meeting to discuss its voting machine options. Then, it opened the meeting to take the vote on the contract without any public discussion about its decision. 

Montana: State puts $1.3M toward updating county voting machines | Holly K. Michaels/Helena Independent Record

The Montana Secretary of State’s office announced Tuesday more than $1.3 million in money for counties to update their voting equipment. The money comes from a federal Help American Vote Act and is matched with county funds. Counties will be able to purchase new Express Vote voting equipment with the funding. “This is a big step in the right direction for counties to upgrade election technology that strengthens Montana’s election security ahead of 2020,” Secretary of State Corey Stapleton said in a press release announcing the funding. The new equipment is meant to ease voting access for people with disabilities. However, at a meeting of the State Administrative and Veterans Affairs hearing Tuesday, Beth Brenneman, attorney for Disability Rights Montana, said that because of how the Express Vote machines function, they may present some issues for voters who are blind. Joel Peden, advocacy coordinator with the Montana Independent Living Project, voiced more concerns to the interim committee about access to voting for those with disabilities. He said some machines, either new or old, don’t provide enough privacy for voters to feel comfortable their vote is secret.

Pennsylvania: Guard’s Cyber Defense Team meets with Acting Secretary of the Commonwealth | DVIDS

Members of Pennsylvania National Guard’s Cyber Defense Team met with Pennsylvania Acting Secretary of the Commonwealth Kathy Boockvar to discuss current mutual projects, including election security, in early August during a Pennsylvania State Department orientation of the Pennsylvania National Guard’s capabilities and assets which included a tour of Fort Indiantown Gap, Pennsylvania. “This visit covered a variety of topics,” explained Maj. Christine Pierce, defensive cyber operations team chief. “We have been working with multiple Pennsylvania state agencies to provide a variety of services and we were excited to assist the Pennsylvania Department of State with the 2018 midterms as well as other cyber requirements.” Pennsylvania National Guard’s Cyber Defense Team provides comprehensive cyber defense services such as: vulnerability assessments, critical infrastructure assessment, penetration testing, and network monitoring. Network monitoring assistance was provided to the Pennsylvania State Department during the 2018 midterm elections. The team is preparing to assist the Pennsylvania Department of State during the 2020 elections.

Rhode Island: Report examines ways to adopt election audit system in Rhode Island | Jennifer McDermott/Associated Press

A new report recommends how to adopt a system for auditing election results required in Rhode Island. Common Cause, Verified Voting and The Brennan Center for Justice at NYU School of Law released the report Tuesday. They helped the state design and test the risk-limiting audit system this year. Rhode Island will first use risk-limiting audits for the 2020 presidential primaries. There are three ways to do the postelection audit. The report recommends a ballot-level comparison because of its efficiency, transparency and relatively predictable cost. That type of audit would compare the vote on an individual ballot to the machine’s recording of the vote on that ballot, which requires the fewest number of ballots to be examined. The other methods, ballot polling and batch comparison, compare more ballots to totals produced by the machines and require the examination of far more ballots, John Marion, executive director of Common Cause Rhode Island, said Tuesday.

Wisconsin: Outdated systems could affect state vote | Capitol Report

A Wisconsin Elections Commission security official is expressing concern that outdated operating systems are being used by local elections clerks across the state, raising the prospect of foreign interference in Wisconsin’s elections ahead of the 2020 presidential race. In a memo, Election Security Lead Tony Bridges details how a number of local clerks are using Windows XP or Windows 7 on office computers to access the WisVote voter database. According to Bridges, failure to maintain an up-to-date operating system poses “a tremendous risk.” Security patches on Windows XP have not been supported since 2014, while Windows 7 will reach its end-of-life cycle in January 2020, meaning Microsoft will no longer provide free security updates. Bridges pointed to a recent cyberattack in Georgia that brought down systems across Jackson County and warned a similar attack could “dramatically impact voter confidence in the electoral process” in Wisconsin.

Canada: Unlike U.S., Canada plans coordinated attack on foreign election interference | Alexander Panetta and Mark Scott/Politico

Russian interference in the 2016 U.S. presidential election rattled America’s next-door neighbor so badly that Canada spent the last three years developing the most detailed plan anywhere in the Western world to combat foreign meddling in its upcoming election. But with the country’s national campaign to begin in a matter of weeks, one question remains: Will the efforts pay off? Prime Minister Justin Trudeau’s government passed new transparency rules last year for online political ads that run on platforms including Facebook and Twitter — further than what’s required in the U.S. It ordered the country’s usually tight-lipped intelligence services to go public about foreign threats. Canada also housed a G-7 project to share the latest intelligence between allies about possible foreign disinformation and created a non-partisan group to warn political parties and the public about outside interference. “The way the Canadians have responded to the problem of technology and democracy is much more impressive than what we’ve seen in Washington,” said Ben Scott, a former Hillary Clinton official, now based in Toronto, who has tracked disinformation campaigns in elections across the West. “Pound for pound, Canada is way ahead of the U.S. in terms of policy development on these issues.”

United Kingdom: “Highly likely” cross-government cell will be used to monitor interference and threats if election called | Derek du Preez/Diginomica

Senior civil servants giving evidence to the House of Lords Committee on Democracy and Digital Technology today gave insight into cross-Government work being carried out to monitor interference, disinformation and threats during elections – including the creation of an ‘election cell’ on the day of voting. Natalie Bodek, the acting deputy director of the elections division within the Cabinet Office, and Sarah Connolly, director of security and online harms at DCMS, both shared insights into how the government is collaborating across departments and agencies, as well as with social media giants, to monitor interference. Defending democracy from misinformation and digital interference has become a huge area of concern for governments across the world. Whilst no evidence has been found of online foreign interference in UK elections, it has been highlighted as a top priority by senior politicians and experts. Evidence on the topic has been collected by Parliamentary committees for some time now. A Commons Select Committee recently said that the “UK is clearly vulnerable to covert digital influence campaigns”.

National: States Upgrade Election Equipment — Wary Of ‘A Race Without A Finish Line’ | Pam Fessler/NPR

With five months before primary season begins, election officials around the country are busy buying new voting equipment. Their main focus is security, after Russians tried to hack into U.S. election systems in 2016. Intelligence officials have warned that similar attacks are likely in 2020, from either Russia or others intent on disrupting U.S. elections. Federal, state and local authorities are trying to improve the security of the nation’s voting systems before that happens. One way they’re doing that is by purchasing more machines that produce paper ballots, which can be used to verify results in the event of a cyberattack on electronic systems. … Marian Schneider, a former Pennsylvania election official, thinks whatever the counties decide, this state is in much better shape than it was in 2016, when more than 80 percent of its machines had no paper records. “You couldn’t check them. Whatever the computer said, the computer said. You were done,” Schneider says. “This is a sea change for Pennsylvania and it’s a good thing.” But Schneider, who runs Verified Voting, a national group that’s long promoted paper ballots, also says paper alone is not enough. “You have to check the paper afterwards. You have to randomly sample those ballots and make sure that the results that the software reported matches what’s on the paper ballots,” she says. She’s talking about something called a risk-limiting audit, which is becoming an increasingly popular way to verify election results. Pennsylvania is among a dozen states now testing the idea.

National: Election Security And Voting Machines: What You Need To Know | Philip Ewing/NPR

Voting systems in the United States have come a long way since the hanging chads of the 2000 recount in Florida — but now cybersecurity is as big a concern as ballot fidelity. Here’s what you need to know.

The good news

There are about 3,200 counties or their equivalents across the United States and its territories, ranging in size from Los Angeles County with around 10 million residents to Kalawao County, Hawaii, with fewer than 100. Most counties — more than 70% — have populations under about 50,000, says the National Association of Counties. That huge breadth and diversity means that most elections truly are local and it would be nearly impossible for a foreign adversary to touch them all with a single effort. Elections in the United States remain, as then-FBI Director James Comey famously told Congress, “a bit of a hairball.”

The bad news

A huge breadth and diversity of counties means a huge breadth and diversity of security capabilities. Also, every jurisdiction that runs elections in the United States doesn’t present the same kind of appeal to a foreign interference campaign. The results of a close election can depend on turnout in only a few key states or other locations, meaning some locations are under much more pressure than others.

At the same time, evidence about successful interference in an election system anywhere in the United States would raise questions about the integrity of elections everywhere. Russian cyberattackers have been able to gain access to voter databases and other systems around country, but U.S. officials say they believe no votes have been changed.

National: States brace for ransomware assaults on voter registries | Laura Hautala/CNET

Extortionists have recently shut down municipal computer systems in Texas, Maryland, Florida and New York, threatening to erase databases unless the cities pay a ransom. Now officials around the country are concerned the tool the hackers used, known as ransomware, could be tapped to target state voter registration rolls and disrupt confidence as the nation heads into the 2020 election. Illinois, for example, is making its voter registration database accessible only from a closed fiber optic network, rather than the open internet, according to Matt Deitrich, a spokesman for the State Board of Elections. The Prairie State is making progress, though it still has a way to go, he says. Less than a third of its 108 jurisdictions currently connect to the database via the dedicated network. The security effort is worth it, Deitrich says. If a hacker successfully hits even one county’s election agency with ransomware, that can create the impression the whole system is compromised. “It’s a phenomenon that can undermine voter confidence,” Deitrich said. Ransomware would be a new feature of election hacking, which came to public attention after intelligence officials said Russian hackers probed voter registries during the 2016 presidential campaign. A ransomware attack in 2020 could prove devastating, preventing voters from registering or poll workers from confirming voter eligibility, officials say. The hackers’ goal wouldn’t be changing the votes that were cast, but spreading doubt that eligible voters were able to make their voices heard.

National: Report highlights Instagram, deepfake videos as key disinformation threats in 2020 elections | Maggie Miller/The Hill

Instagram will likely be the main social media platform used to disseminate disinformation during the 2020 election, while altered “deepfake” videos of candidates will pose a threat as well, according to a report out on Wednesday.  The report on disinformation tactics during the 2020 election, put together by New York University’s (NYU) Stern Center for Business and Human Rights, also pinpointed China, Russia, and Iran as countries likely to launch such attacks against the U.S. in the lead up to the elections. But foreign states will not be alone, with NYU finding that domestic sources of disinformation, such as users within the U.S. creating and circulating it, will be more prevalent than overseas ones. Voter suppression will be the main target of both streams of disinformation, with the report warning that “unwitting Americans” could also be manipulated into participating in rallies and protests. The report from NYU emphasized that while “social media companies are playing better defense than they did in 2016,” it called on them “to step up their games in anticipation of 2020.”