Italy: The Five Star digital voting platform that could threaten a government deal in Italy | Franck Iovene/AFP

If Italy’s political parties can agree on a government deal, it would still need to clear a final hurdle: the online voting platform of the Five Star Movement (M5S), which has long championed so-called ‘digital democracy’.
The platform, named after the 18th-century French philosopher Jean-Jacques Rousseau, is supposed not only to empower ordinary citizens but guarantee transparency — but it has been slammed as secretive and vulnerable to cyber attacks. Launched in 2016, it currently has some 100,000 members, M5S chief Luigi Di Maio said in July. But critics have lamented a lack of official documentation or certification from a third party to attest that this figure is correct. The M5S’s blog says the number of people registered on “Rousseau” rose from 135,000 in October 2016 to nearly 150,000 in August 2017, before dropping to 100,000 a year later. But political analysts say it cannot be seen as representative of M5S supporters, as the membership numbers are a drop in the ocean compared to the 10.7 million Italians who voted for M5S in the 2018 general election.

National: FEC vice chairman resigns, leaving agency unable to vote | Maggie Miller/The Hill

The vice chairman of the Federal Election Commission (FEC) submitted his resignation letter to President Trump on Monday, leaving the agency without the necessary number of commissioners to vote on proposed actions. Matthew Petersen, a Republican who has served as a commissioner since 2008, wrote that he will formally step down on Aug. 31. “Throughout my service, I have faithfully discharged my duty to enforce the law in a manner that respects free speech rights, while also fairly interpreting the relevant statutes and regulations and providing meaningful notice to those subject to FEC jurisdiction,” Petersen wrote. “I am honored to have served the American people in this capacity and to have fulfilled the oath taken 11 years ago.” A spokesperson for the FEC confirmed Petersen’s resignation, declining to comment further. His departure leaves the agency with only three of the four members required to vote on proposed actions.

National: As Russia Eyes 2020, America’s Election Watchdog Is Out of Commission | Nicole Goodkind/Newsweek

The Federal Election Commission, an independent agency that enforces all campaign finance law and ensures the integrity of political campaigns, lost its vice chairman Monday evening, essentially rendering the agency useless. In order to take any official enforcement or regulatory action, the agency is required to have a quorum of four members on its board, but the resignation of Matthew Petersen, effective this week, leaves the commission with only three members, all of whom are still working even though their six-year terms of service have all expired. There were already three vacancies before this week’s kerfuffle. The FEC issued about $33.6 million in fines between 1999 and 2008, but over the last 10 years that dropped to $11.4 million. Yet, election security has become an increasingly important issue. Just last month, former special counsel Robert Mueller ominously warned Congress that Russia had lofty plans to interfere in the next election. “They’re doing it as we sit here and they expect to do it during the next campaign,” he said.

National: Ransomware threat raises National Guard’s role in state cybersecurity | Benjamin Freed/StateScoop

National Guard units already play a large role in state governments’ cybersecurity activities, such as protecting election systems, but the threat of ransomware to cripple a state or city organization is a growing concern for uniformed personnel, the top military official overseeing the National Guard across the United States said. While Americans are long used to seeing guardsmen and women roll into to disaster-stricken areas after a hurricane or wildfire, deployments following cyberattacks are increasingly common, Air Force Gen. Joseph Lengyel said Friday on a conference call with reporters, likening the recent ransomware incidents in Texas and Louisiana to a “cyber storm,” though not quite a “cyber hurricane.” “We’re seeing the whole of the first responder networks come to assist and mitigate the damage and get everything back up and running, and the National Guard is part of that response,” he said.

National: U.S. officials fear ransomware attack against 2020 election | Christopher Bing/Reuters

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. “We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet. The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta. “Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

National: Federal officials working with states to protect elections | Andrew Selsky/Associated Press

Huddled in small groups in a remote town in Oregon, county and state elections officials tried to overcome hacking attempts, power failures and other problems as election day approached and finally arrived. It was a tabletop exercise, held as federal officials work to bolster defenses against interference in the 2020 elections, with states being a main line of defense against attempts by Russia or others to disrupt the elections. Officials from the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency traveled to La Grande, a town located in ranching country in northeast Oregon, for Wednesday’s exercise with county and state officials. During the event held on the campus of Eastern Oregon University, the officials had to work through various scenarios, like official websites being hacked, disinformation being spread on social media and electrical power and communications going down, Oregon Elections Director Stephen Trout said in a telephone interview. Disinformation involves deliberately spreading falsehoods and rumors, while misinformation — another election security threat that experts point to — entails simply disseminating incorrect or misleading information.

Editorials: Prediction: 2020 election is set to be hacked, if we don’t act fast | Adam K. Levin/The Hill

Since 1993, hackers have traveled to Las Vegas from around the world to demonstrate their skills at DefCon’s annual convention, and every year new horrors of cyber-insecurity are revealed as they wield their craft. Last year, for example, an eleven-year-old boy changed the election results on a replica of the Florida state election website in under ten minutes. This year was no exception. Participants revealed all sorts of clever attacks and pathetic vulnerabilities. One hack allowed a convention attendee to commandeer control of an iPhone with a non-Apple-issue charging cord, one that is identical to the Apple version. Another group figured out how to use a Netflix account to steal banking information. But for our purposes, let’s focus on election security because without it democracy is imperiled. And if you think about it, what are the odds of something like DefCon being permitted in the People’s Republic of China? Speaking of China (or Russia or North Korea or Iran or…) will the 2020 election be hacked? In a word: Yes.

National: Groups push lawmakers for hearings on voting machine security | Maggie Miller/The Hill

Voting rights and election security groups on Monday urged two House and Senate committees to hold hearings on the security of voting machines. The groups, which include the National Election Defense Coalition, Electronic Privacy Information Center, R Street Institute and Public Citizen, asked the House Administration Committee and the Senate Rules and Administration Committee in a letter to schedule election security hearings that include testimony from voting machine vendors and election security experts. “The security of our nation’s elections is acutely dependent on the vendors that supply our computerized voting systems,” the groups wrote. “The voting system vendors have operated with little oversight and no regulation for decades.” “Given the gravity and urgency of this issue, we write to you to urge the committees to hold a hearing on election system security featuring sworn testimony from officers of the voting system vendors to shed more light on their practices which directly impact the security of the nation,” they added. The groups cited reports in recent months that certain voting systems rely on outdated Windows 7 operating systems, that one major election machine vendor installed remote access software on its election systems and concerns about a lack of transparency from voting machine vendors.

Florida: Election security audit complete but details unclear | Mike Vasilinda/WIXT

A security audit of all 67 Florida counties ordered by Gov. Ron DeSantis has been completed, but once a report is published, it’s not going to advertise what problems were found.  “The secretary, basically, reported to us they had visited all 67 counties already,” said Okaloosa County Supervisor of Elections Paul Lux, who is the former president of the Florida State Association of Supervisors of Elections. “And they are in the process of producing a remediation report and we’ll go from there.” Lux added he was not aware of how much remediation has been ordered. DeSantis ordered the security audit in May after Special Counsel Robert Mueller’s report said Russians successfully hacked two Florida counties in 2016. “There was no manipulation. It didn’t have any effect,” DeSantis said in May. But he said the FBI would not let him name the counties, partly because the FBI said it would help the hackers learn how they were detected.

Iowa: Secretary of State raises concerns of cyber threats to elections | Rod Boshart/The Courier

Iowa Secretary of State Paul Pate on Wednesday likened the ongoing struggle against forces trying to hack the state’s election network to a “war.” “It’s a war for public opinion, and it’s a war, if you will, for minds rather than a physical one,” Pate said in pointing to efforts by Russians, North Koreans, Chinese and others trying to disrupt the U.S. election process and weaken the American public’s trust. “Their manipulation of the social media, their manipulation of certain types of probes that they’re doing is to try to create doubt, to make Americans question their elections process,” Pate told reporters. “So, yes, I consider that a war. I consider it something we need to push back and not tolerate.” Pate raised concerns about challenges to Iowa’s election process during a breakfast meeting with members of the Westside Conservative Club. He also shared his worries that any snafu in the upcoming 2020 Democratic “virtual” caucuses could have a “devastating” impact and jeopardize Iowa’s starting position in the presidential selection process every four years.

Florida: Russian hackers likely to target Florida again in 2020 election, experts warn | Peter Stone/The Guardian

Florida’s record as a vital swing state made it a target for meddling in the 2016 election when Russians breached two county voting systems and a software vendor and now concerns are being raised about voting security in the state for the 2020 ballot, say election and cyber security experts, federal reports and Democrats. With FBI director Christopher Wray and other intelligence officials predicting more Russian and possibly other foreign interference in the next elections, experts say Florida is again a likely target for Russian hackers, or others bent on disrupting voting, which potentially could alter tallies and create other problems. “Obviously, Florida will be a critical state in 2020 and Florida election officials should assume they will be targeted again,” said Larry Norden, who runs the election reform program at the Brennan Center for Justice. Election security experts are concerned about several potential problem areas, including software that stores sensitive voter registration data, the short timetable for any post-election audits and Florida’s history of voting snafus. Some of Florida’s election problems in 2016 were highlighted in April by special counsel Robert Mueller’s report about Russian interference and in a July Senate intelligence committee study on Russian meddling and election security issues nationwide.

Montana: ExpressVote Voting Machines Could Debut In Montana This November | MTPR

The Montana Secretary of State’s office plans to sign-off on a new touchscreen voting system designed for voters with disabilities that could be used at county polling sites as early as this November. The ExpressVote system resembles a touchscreen desktop computer or ATM. Voters insert a ballot, scroll through pages of candidates or initiatives and make their picks, and then hit print. The system includes audio, visual, and other aids designed to help individuals with disabilities vote. A separate machine does the vote counting. The Secretary of State’s Office and system developer ES&S ran demonstrations of the device Monday in the state Capitol ahead of an official certification event scheduled Tuesday. Staff with the Secretary’s office say the ExpressVote system is replacing an outdated device from the early 2000s that was also designed for people with disabilities. The state is using $750,000 of a $3 million federal grant to buy the equipment, with counties chipping in matching funds if they want to take part in the upgrade.

North Carolina: State certifies barcode ballot voting systems despite security concerns | Jordan Wilkie/Carolina Public Press

Amid threats of litigation from all sides, the North Carolina State Board of Elections voted 3-2 Friday afternoon to certify a voting system that experts say is insecure, voting rights groups advocated against and many public comments opposed.Chairman Damon Circosta, a Democrat, in his first meeting after being appointed by Gov. Roy Cooper, voted against a motion to make voting system certification requirements more stringent. The board’s two Republican members, David Black and Kenneth Raymond, voted with Circosta.The new certification requirements, proposed by Dr. Stella Anderson and supported by fellow Democrat Jeff Carmon III, would have precluded one voting-machine vendor, Election Systems and Software (ES&S), from having its system certified.The room for Friday’s meeting was packed with voters and advocates from civil rights and voting rights organizations, such as Democracy NC, which seeks to improve voter turnout in elections.“This is disappointing,” Democracy NC executive director Tomas Lopez said. “But the decision on what ultimately gets purchased is with the counties, and with the county boards of elections in particular.” Two counties, Davie and Transylvania, submitted letters to the board asking that existing certification requirements not be changed. Both counties use voting-machine-for-all systems, using old technology that the state will decertify on Dec. 1.

North Dakota: New election equipment going out to counties | Jack Dura/Bismarck Tribune

Burleigh County has received new election equipment being distributed to North Dakota counties over the next few weeks by state election officials. Auditor/Treasurer Kevin Glatt said the county on Monday received 50 ballot scanners, 50 accessibility devices for voters who may have difficulty marking ballots and one central scanner for tabulating absentee ballots. The equipment vendor is now testing the devices after delivery before formal training in September.  “We’re excited that we have them,” Glatt said. Morton County Auditor Dawn Rhone said she expects the new machines, including 18 ballot scanners, this week, likely on Thursday after the old machines are taken away Wednesday from the courthouse in Mandan. The secretary of state’s office in 2015 pressed the Legislature for new election equipment, but funding priorities didn’t favor the request, especially during deep budget cuts in 2017.

Rhode Island: Protecting elections in Rhode Island | Providence Journal

Secretary of State Nellie Gorbea’s most important job is to make sure Rhode Island elections are on the up-and-up. Unfortunately, she has unilaterally blocked the public from obtaining information that was previously available in digital form to check on the accuracy of the voter lists she maintains. (In this year’s session, the legislature balked at Ms. Gorbea’s attempt to deny the public such information by law.) And now it turns out that she bought voting machines that could be liable to hacking. The issue came to light recently through a Vice.com investigation, which found that, for a period of time, Rhode Island’s elections system was connected to the internet. The public had been assured the machines were walled off from potential hacking. Researchers were able to find online the reporting system for results from the entire state. Not good. The problem is striking a balance between quick reporting of results — which in itself helps protect our elections from fraud — and making sure machines are free from tampering. Modems in the voting machines Ms. Gorbea bought transmit election results quickly to the state Board of Elections after the polls close.

International: Governments risk cyber attacks if they continue to demand encryption backdoors | Sara Barker/Security Brief

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals. With election time looming, backdoors are perfect targets for cyber attackers who look to target election infrastructure. It was only last year with ‘Five Eyes’ nations (United States, Canada, United Kingdom, Australia, and New Zealand) were lobbying for technology providers to build backdoors into their solutions. According to 384 IT professionals polled at Black Hat USA 2019, 74% believe that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. Furthermore, many professionals believe that backdoors won’t make countries any safer – 72% believe laws that allow governments to access encrypted personal data will not make countries safer from terrorists.

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Canada: Cyber-risk ramps up during elections | Allan Bonner and Brennen Schmidt/Winnipeg Free Press

It’s almost federal election time — that means many Canadian voters will be trying to guess whether political parties will do what they say they will if elected. That’s a difficult guess. But what about judging a political party’s credibility on a policy issue by seeing whether it practises what it preaches? Here’s an easy example: cybersecurity is in the news. It’s in the budget, too. A while ago, the federal government devoted hundreds of millions of dollars to the threat. And every day there’s news from the U.S. about past and present meddling in the political process. There are also serious worries about future elections, and even the need for paper ballots to ensure the meddling isn’t in cyberspace or a cloud somewhere. Fans of detective novels and movies enjoy the denouement at the end when the culprit is exposed.

Russia: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken | Sugandha Lahoti/Security Boulevard

Russia is looking forward to its September 2019 elections for the representatives at the Parliament of the city (the Moscow City Douma). For the first time ever, Russia will use Internet voting in its elections. The internet-based system will use blockchain developed in-house by the Moscow Department of Information Technology. Since the news broke out, security experts have been quite skeptical about the overall applicability of blockchain to elections. Recently, a French security researcher Pierrick Gaudry has found a critical vulnerability in the encryption scheme used in the coding of the voting system. The scheme used was the ElGamal encryption, which is an asymmetric key encryption algorithm for public-key cryptography. Gaudry revealed that it can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. The main problem, Gaudry says is in the choice of three cyclic groups of generators. These generators are multiplicative groups of finite fields of prime orders each of them being Sophie Germain primes. These prime fields are all less than 256-bit long and the 256×3 private key length is too little to guarantee strong security. Discrete logarithms in such a small setting can be computed in a matter of minutes, thus revealing the secret keys, and subsequently easily decrypting the encrypted data. Gaudry also showed that the implemented version of ElGamal worked in groups of even order, which means that it leaked a bit of the message. What an attacker can do with these encryption keys is currently unknown, since the voting system’s protocols weren’t yet available in English, so Gaudry couldn’t investigate further.

Verified Voting Blog: Verified Voting’s Policy on DREs and BMDs

Download VerifiedVoting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices On November 21, 2019 we revised Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices to remove a reference to parallel testing on page 8 of the original document. Although the concept of parallel testing has been discussed…

National: DHS cyber agency to prioritize election security, Chinese threats | Maggie Miller/The Hill

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) plans to prioritize election security, cybersecurity at federal agencies, and the “persistent threat” posed by China, among its many goals. The agency laid out its key priorities in a new “strategic intent” document released on Thursday, which CISA Director Christopher Krebs described in the introduction as the “keystone” for the agency. Among Krebs’s operational priorities is addressing Chinese threats to U.S. supply chains and to the rollout of 5G networks, bolstering election security efforts at the state and local level, and protecting the cybersecurity of industrial control systems. Other priorities are protecting federal networks against cyber attacks, such as ransomware incidents that have increasingly spread across the country, and defending “soft targets” and crowded venues from physical threats. CISA is the primary agency responsible for assisting state and local governments with securing elections, replacing the former National Protection and Programs Directorate in a law that took effect last year.

National: Internet-Connected Election Systems Found in 10 U.S. States | Scott Ikeda/CPO Magazine

There has been much talk in the media about interference in United States presidential elections, but most of it has centered around the use of media and disinformation to influence votes. There is a widespread assumption that the voting machines themselves are safe from hacking; though many are electronic, these election systems are not supposed to be connected to the internet. A new report from Vice’s Motherboard indicates that these systems are not nearly as secure as anyone thought they were, including election officials. Researchers told Motherboard that a particular type of election system that is only supposed to connect to the internet for several minutes to transfer votes has been found to sometimes stay connected for months, and in some cases these machines were constantly connected and were exposed for at least a year. The election systems found to be vulnerable are made by a specific manufacturer: Election Systems & Software (ESS). ESS is the largest voting systems company in the country, with at least 260,000 machines in place in 21 states including in some swing states. Security researchers found backend systems that were connected to the internet when they were not supposed to be, distributed across a number of states including the key “battleground” centers of Florida, Michigan and Wisconsin.

National: IT Security Pros: Encryption Backdoors Would Be Election Hacking Risk | Phil Muncaster/Infosecurity Magazine

The IT security community overwhelmingly believes that government-mandated encryption backdoors will put countries at a greater risk of election hacking, according to new Venafi research. The security vendor polled over 380 security professionals at Black Hat USA 2019 in Las Vegas earlier this month, following recent comments by attorney general, William Barr. Like his predecessors, Barr last month claimed that strong data encryption in tech products is effectively creating a “law-free zone” exploited by terrorists and criminals as it “seriously degrades” the ability of law enforcement to detect and prevent crimes. Also like many others, he argued that government-mandated backdoor access “can and must be done,” claiming that if they only tried hard enough, tech firms could find a solution which could enable lawful access to data without undermining security for all users. This argument has been repeatedly shot down, not only by the tech firms themselves, but also world-renowned cryptography experts. Last year they backed senator Ron Wyden’s demands that the FBI explain the technical basis for its repeated claims that encryption backdoors can be engineered without impacting user security.

National: Election Security Lessons from DEFCON 27 | Ciara Torres-Spelliscy/Brennan Center for Justice

Given the extent of foreign interference in the 2016 election, every American should be concerned about election security in 2020. But what can computer hackers teach us about it? To find out, I went to Las Vegas earlier this month to attend DEFCON 27, the largest annual hacking conference in the United States, knowing this was probably my last chance to see a legal election hacking. Voting machines are protected from reverse engineering under the Digital Millennium Copyright Act. But the Library of Congress, which has certain authorities under the law, set a three-year window to allow third parties access to voting machines to test their security. Barring an extension by the Library of Congress, 2019 is the third and last year these hacks are legal. DEFCON is a huge event, and I saw fellow conference-goers all over Las Vegas with their distinctive glowing badges. I was only interested in the DEFCON Voting Village, which included a large assortment of voting equipment for participants to test, hack, and break.

National: Democrats call for a Senate vote on elections reform package | Jennifer McDermott/Associated Press

Democratic congressmen held an event Thursday in Rhode Island to try to pressure Republican Senate Majority Leader Mitch McConnell into allowing a vote on a comprehensive elections and ethics reform package. Maryland Democratic Rep. John Sarbanes, who is the bill’s main author, met with Rhode Island Rep. David Cicilline and Sen. Sheldon Whitehouse in North Providence. The influence of big money in politics is impeding efforts to address climate change, gun violence and prescription drug costs, they said. Activists working on those issues attended the event. “This isn’t just some theory, like wouldn’t it be good to reform government because good government is an abstract idea,” Cicilline said. “It has a direct effect on people’s lives. The corrupting influence of money and its impact on public policy is hurting the American people.”

National: Microsoft ElectionGuard aims to fix America’s broken voting | Mark Wilson/Fast Company

Voting is broken. From the hanging chad debacle of 2000 to the 2018 midterms when decade-old touchscreen computers cast the wrong votes, to long lines outside polling places, our democratic right to elect our own officials is constantly at odds with unreliable equipment and balloting policies that vary from one district to the next. And this is all not to mention that voting machines are absurdly hackable. It’s enough to make people not want to vote at all. But what if you could vote however you wanted to vote? Which could mean at home or, if you’re a person with a disability, with the assistance of specialized hardware? What if you could go online later and ensure your vote was your vote, and that it counted? What if you could write your own piece of software to do a recount of, or audit, your small town’s mayoral election instantly? That’s the vision of ElectionGuard, a new project by Microsoft, which debuted this summer at the Aspen Security Forum. ElectionGuard is an open code standard, that anyone can audit, freely use, and plug into, to create secure digital voting machines that remove many of the barriers of voting. Microsoft teamed up with Tucker Viemeister, a renowned industrial designer who spent years at prestigious firms including Frog, Smart Design, and Rockwell Group designing devices like hair dryers and coffee makers, to build something of a concept car for the future of voting—mostly out of off-the-shelf parts.

Georgia: Voters raise concerns about new voting system to state board | Mark Niesse/The Atlanta Journal-Constitution

Voters told Georgia’s election board Wednesday they’re deeply worried about the security and accuracy of the state’s new voting system and they urged the board to enact strong rules that ensure vote counts are correct.
The Secretary of State’s office announced it has started creating standards for recounts, audits and security of paper ballots that will be printed out by voting machines, which are scheduled to be used by Georgia voters statewide during the March 24 presidential primary.The 10 voters who spoke to the State Election Board, which is responsible for making election rules and investigating violations, said they distrust the $107 million voting system that Georgia bought from Denver-based Dominion this month. They doubted that computer-printed ballots will safeguard elections.“If a voter cannot recall every race and choice, she cannot identify whether the machine printout accurately reflects her intentions, or instead added, dropped or changed one of her choices,” said Rhonda Martin, a Fulton County voter. “No valid audit can be conducted on the basis of unverifiable source documents.”

North Carolina: Election officials closely watching state vote on voting systems Friday as 2019, 2020 races loom | Emily Featherston/WECT

Along with everything else it takes to prepare for the upcoming 2019 municipal elections, and the 2020 primaries close on their heels, election officials in southeastern North Carolina are also waiting to see what kind of equipment they will be able to use. On Friday, the North Carolina State Board of Elections is expected to finally make a decision that will dictate what machines voters use to cast a ballot. Most of the attention has been focused on the state’s move away from touchscreen equipment that only generates an electronic ballot, as counties across North Carolina wait to see what equipment will be approved for them to buy. New Hanover County is also waiting for the state’s stamp of approval for the replacement of its outdated voting equipment. New Hanover County last purchased ballot tabulators in 2006, explained county board of elections director Rae Hunter-Havens. Those machines typically have a lifespan of just 10 years — and they are starting to show their age. “We’ve exceeded that end-of-life projection,” Hunter-Havens said, and that means increasing mechanical issues.

Rhode Island: Security expert offers solution to prevent hacking of election computers in Rhode Island next year | Edward Fitzpatrick/The Boston Globe

A computer security expert is proposing a solution that would let the state Board of Elections bolster its cybersecurity on Election Day without having to rip out modems that make the state’s election system vulnerable to cyberattacks. On Aug. 2, the Board of Elections asked Tony Adams, an information security professional who lives in Providence, to write a memo suggesting ways to reduce the risk of hacking on election night, when modems are used to quickly report unofficial results. In an Aug. 14 memo, Adams suggests having the modems report unofficial results to computers that are separate from the state’s core election computer system, which configures ballots and tabulates official results. That way, if hackers did penetrate the system on election night, they couldn’t change the official results or hold the whole system hostage with ransomware, for example, he said. “This idea is so elegant you have to ask: Why didn’t I think of that?” Board of Elections Vice Chairman Stephen P. Erickson said this week. “Because you don’t have to spend a lot of money, it’s relatively simple to implement, and it will substantially increase the level of security — and the perceived security, which is important.”

Texas: Palo Pinto County to Block State Network Access for Security | David May/Mineral Wells Index

If state officials want to perform a security or other audits of the local elections office, they may have to come to Palo Pinto to do it. Joey Fenley, head of Palo Pinto County’s Information Technology department, said allowing remote access to the county’s network through an offsite connection – such as software using a virtual private network – puts the county’s network at risk of receiving a virus or, worse, ransomware. He said it is a breach of the county’s network security protocols. Fenley questions why the state would perform a network security audit using an insecure method. “It’s done by a third party and you don’t know who they are,” Fenley told the Index.