New Hampshire: Dixville Notch may have to ditch traditional midnight voting | Kathy McCormack/Associated Press
A tiny, isolated community near the Canadian border known for casting ballots just after the stroke of midnight in presidential elections may need to forfeit that tradition in 2020. Dixville Notch, New Hampshire, has been in the spotlight for years for voting first in the state's first-in-the-nation presidential primary and in November general elections. But the attorney general's office recently said the community is currently missing a required official in order to hold an election come the Feb. 11 primary. Dixville Notch has shared midnight voting with two other places. One is Hart's Location, a small town in the White Mountains that started the early voting tradition in 1948 to accommodate railroad workers who had to be at work before normal voting hours. Hart's Location suspended the midnight voting in 1964 and brought it back in 1996. The town of Millsfield, 12 miles (20 kilometers) south of Dixville Notch, had midnight voting as far back as 1952, but stopped after a while. It decided to revive the early voting in 2016. Dixville drew notice after Neil Tillotson, who bought a resort called the Balsams, arranged for early voting at the hotel beginning in 1960. Tillotson, who ran a rubber factory and is credited with inventing the latex balloon, died in 2001 at age 102.North Carolina: Clear Ballot leaving North Carolina, seeks probe of ES&S’s practices | Frank Taylor/Carolina Public Press
Clear Ballot, one of three companies certified to provide election systems to North Carolina counties for 2020, formally withdrew from the state on Thursday, citing certification and marketing rules that Clear Ballot said perpetuate a virtual monopoly by competitor Election Systems & Software. Jordan Esten, chief executive officer of Boston-based Clear Ballot, told Carolina Public Press on Thursday that he has asked the N.C. Board of Elections to look into whether ES&S improperly capitalized on its presence in North Carolina with older generations of election equipment, marketing its elections systems to counties before the state certified it this summer. Separately, N.C. Rep. Verla Insko, D-Orange, issued a letter to the state Board of Elections calling for the board to “to delay this use of (ES&S’ systems) until after the 2020 election.” She pointed to many questions that have been raised about ES&S and its newly certified ballot-marking devices. North Carolina and Indiana are the only states that prevent elections systems makers from marketing systems prior to certification. Clear Ballot CEO Esten said he thinks this is a foolish law, but his company has followed the rule. Esten said he remains suspicious about ES&S’ compliance because many counties rapidly adopted its new electronic voting system almost immediately after it was certified. N.C. Board of Elections member Stella Anderson told CPP Thursday that she also had concerns about ES&S having an uncompetitive advantage. She observed that many counties have chosen to go with ES&S systems even though she felt its product wasn’t strong. “I haven’t met a person yet who thinks the ES&S Express Vote is good technology,” she said.Ohio: Is Ohio Ready for the 2020 Election? Secretary of State, League of Women Voters Weigh-In | Kabir Bhatia/WVXU
Ohio Secretary of State Frank LaRose says the state’s voting systems are secure and ready for 2020. But Jen Miller of the League of Women Voters is concerned about voter turnout. LaRose has been touring each of Ohio’s 88 Boards of Elections. He finished up last week in Akron, touting more than $114 million spent this year to equip almost every county with new voting machines. He estimates another $13-15 million in federal “Help America Vote Act” funds is on its way. And he says counties will be completing his 34-point voting security checklist by the end of next month to ensure readiness. “We’ve required every board of elections to install an intrusion detector – it’s essentially a burglar alarm for your server and IT infrastructure. What it does is, it allows us to know – whether it’s 4 a.m. on a Saturday or whenever – if there is malicious activity occurring so we can respond to it.”Pennsylvania: Northampton County officials unanimously vote ‘no confidence’ in ExpressVote XL voting machine | Emily Previti/PA Post
Northampton County Election Commissioners unanimously supported a “vote of no confidence” in the county’s new voting machines after vendor Election Security & Software presented findings Thursday night from an investigation into tabulation errors and other problems when the system debuted. The incorrect tallies in last month’s election were linked to races with cross-filed candidates and straight-ticket ballots cast by voters. Cross-filed candidates are ones seeking an office on more than one party line, while the straight ticket option lets voters click one box to select every candidate on the ballot from one party. Voters also complained that the ExpressVote XL touchscreens registered votes they hadn’t cast. Commissioner Kathy Fox said it happened to her. “I didn’t even think I touched it,” Fox said at Thursday’s meeting. “And [the machine] recorded that vote. And so that made me a little nervous. Just because I don’t really think I was touching it.” According to ES&S, a selection on the XL can be triggered by an infrared sensor without the voter actually touching the machine. “It’s very thin, but you can make a selection just by getting just close enough,” said ES&S Vice-President of Product Development Adam Carbullido.Wisconsin: ‘Model’ disability rights voting program has declined | Rory Linnane/Milwaukee Journal Sentinel
Despite the clamor to turn out Wisconsin voters in 2020, some voters might be stopped at the doors of their polling places. Auditors have flagged hundreds of violations at Wisconsin polls that make it harder or impossible for voters with disabilities to vote in person. A Journal Sentinel review of audits found officials are missing required action plans to fix most of these issues from the last two years. Though Wisconsin once had a robust program for monitoring accessibility problems at polls — one that was lauded as a best practice by a presidential commission in 2014 — state officials have let it wane. Since the recognition, officials have missed audits, been slow to follow up on accessibility violations and provided fewer supplies to help polling places become more accessible. “This dramatic decrease in the audit program is troubling as these audits provide critical information on the accessibility of polling places around the state,” said Denise Jess, executive director of the Wisconsin Council of the Blind and Visually Impaired. Jess serves on an advisory committee for the Wisconsin Elections Commission, which runs the accessibility program. She and other disability rights advocates on the committee want to see the commission do more to address problems that shut out voters with disabilities.National: Chinese parts, hidden ownership, growing scrutiny: Inside America’s biggest maker of voting machines | Ben Popken, Cynthia McFadden and Kevin Monahan/NBC
Just off a bustling interstate near the border between Nebraska and Iowa, a 2,800-square-foot American flag flies over the squat office park that is home to Election Systems & Software LLC. The nondescript name and building match the relative anonymity of the company, more commonly known as ES&S, which has operated in obscurity for years despite its central role in U.S. elections. Nearly half of all Americans who vote in the 2020 election will use one of its devices. That’s starting to change. A new level of scrutiny of the election system, spurred by Russia’s interference in the 2016 election, has put ES&S in the political spotlight. The source of the nation’s voting machines has become an urgent issue because of real fears that hackers, whether foreign or domestic, might tamper with the mechanics of the voting system. That has led to calls for ES&S and its competitors, Denver-based Dominion Voting Systems and Austin, Texas-based Hart Intercivic, to reveal details about their ownership and the origins of the parts, some of which come from China, that make up their machines. But ES&S still faces questions about the company’s supply chain and the identities of its investors, although it has said it is entirely owned by Americans. And the results of its government penetration tests, in which authorized hackers try to break in so vulnerabilities can be identified and fixed, have yet to be revealed. The secrecy of ES&S and its competitors has pushed politicians to seek information on security, oversight, finances and ownership. This month, a group of Democratic politicians sent the private equity firms that own the major election vendors a letter asking them to disclose a range of such information, including ownership, finances and research investments.National: EAC advisers to consider draft voting system standards | Eric Geller/Politico
The EAC’s Technical Guidelines Development Committee meets today by phone to review the latest draft of version 2.0 of the Voluntary Voting System Guidelines. Public working groups have been meeting for months to revise different aspects of the widely cited federal standards, including its security provisions. In October, the cybersecurity working group added a ban on internet and wireless connectivity, which prompted some consternation and confusion at a TGDC meeting in November. Input from the TGDC — a body that includes technical experts and election officials — marks one of the first steps in the process of approving a new VVSG. But more work remains to be done on VVSG 2.0, and the TGDC isn’t likely to give the draft its final seal of approval at today’s meeting. “We anticipate continuing the discussion of the requirements with the TGDC on the next call,” NIST staffer Gema Howell wrote in an email to members of the cyber working group.National: Limited election security funds pose risk for 2020 | Kimberly Adams/Marketplace
As presidential candidates vie for voters’ attention, there’s another group getting ready for 2020: state and local election officials. Congress sent $380 million to states after attempts, some successful, to hack voter lists and election machines in the 2016 election. But elections security experts say that’s unlikely to be enough to fix the patchwork of voting machines, voter lists, and state or county computer systems that make up America’s voting infrastructure. Efforts to shore up that infrastructure happen in quiet offices like that of Chris Piper, commissioner for the Virginia Department of Elections. “The irony of being an election official is that if you’ve done your job right, nobody notices,” he said. Virginia was among the states probed by foreign hackers in 2016, and Piper said the commonwealth is working to ensure that doesn’t happen again. “Virginia was obviously one of the states that was scanned, but we were not breached,” Piper said. “We’ve taken an incredible number of steps to improve that security posture.”National: More election security funds headed to states as 2020 looms | Christina A. Cassidy/NPR
Congress is giving states a last-minute infusion of federal funds to help boost election security with voting in early caucus and primary states slated to begin in February. Under a huge spending bill, states would receive $425 million for upgrading voting equipment, conducting post-election audits, cybersecurity training and other steps to secure elections. To receive the funds, states must match 20% of their allocation. The Senate approved the bill Thursday, sending it to President Donald Trump for his signature. States have been scrambling to shore up their systems ahead of the 2020 election. The nation’s intelligence chiefs have warned that Russia and others remain interested in attempting to interfere in U.S. elections and undermine democracy. For many who have been advocating for more congressional action on election security, the money is welcome, but they say more must still be done to ensure elections are secure. Sen. Ron Wyden, a Democrat from Oregon, has been among those pushing Congress to require states to implement rigorous post-election audits and use paper ballots in exchange for federal funds. “I’m afraid this bill will widen the gulf between states with good election security and those with perilously weak election security,” Wyden said in a statement. “I appreciate the intent behind this provision, but until Congress takes steps to secure the entire election system, our democracy will continue to be vulnerable to foreign interference.”National: 2019’s top cybersecurity story is still what Russia did in 2016 | Joseph Marks/The Washington Post
The historic House vote to impeach President Trump last night also marked the most recent turn in a cybersecurity saga that’s gripped the nation since 2016 and consumed much of the past year. Russia’s hacking and disinformation operation in 2016 has occupied lawmakers, election officials and cybersecurity pros for three years now as they try to hold the Kremlin accountable and to prevent a repeat in 2020. It was also Trump’s obsession with poking holes in the official narrative about that operation – by urging Ukraine’s president to investigate a baseless conspiracy theory about Russia's Democratic National Committee hack and the cybersecurity firm CrowdStrike -- that helped spark an impeachment trial that promises to grip the nation for weeks to come. “This impeachment is, to a great degree, a cyber story,” Jon Bateman, a Cyber Policy Initiative fellow at the Carnegie Endowment for International Peace and a former Pentagon cybersecurity official, told me. “It’s the president’s inability to grasp what really happened in a series of cyber incidents that’s led to our current political crisis.” Election hacking was a key battleground for lawmakers this year as Democrats demanded Congress provide $600 million for states and localities to secure their voting machines and impose strict mandates to ensure elections are as secure as possible. They also pummeled Republicans who blocked those efforts, accusing them of being complicit with Russia, and even branding Senate Majority Leader Mitch McConnell (R-Ky.) as “Moscow Mitch” before he relented this week and endorsed sending $425 million to states. Homeland Security Department officials, meanwhile, crisscrossed the country vetting election equipment and running cybersecurity training for local officials. But they were regularly undermined by the president’s wavering on whether Russia was actually responsible for the 2016 interference, helping spark concern the Kremlin will do it again.Editorials: Congress waited too long to start securing the 2020 elections | Justin Rohrlich/Quartz
After the US House and Senate passed a $1.4 trillion spending package this week, lawmakers on both sides of the aisle congratulated themselves, which funds the federal government through September. It adds nearly $2 billion in additional funding for fighting wildfires, sets aside $25 million for gun violence research, and apportions $7.6 billion for the 2020 Census. Under the terms of the deal, all 50 states will also receive funding to improve election security. But according to Lawrence Norden, director of the Election Reform Program at the Brennan Center for Justice at New York University School of Law, securing the 2020 elections from top to bottom require more time and money than what has been allocated thus far. “Congress has been completely absent when it comes to funding for election security,” Norden told Quartz. “For the most part, Congress has said, ‘States, it’s up to you,’ and states have said, ‘Counties, it’s up to you,’ and election security has been neglected.” Congress voted to distribute $425 million among the states. A provision calls for states to match an additional 20% of the amount received within two years, bringing the eventual funding for election security to about $500 million nationwide. Last year, Congress also earmarked $380 million for states to strengthen election security. State governments have until October 2023 to spend it all.Editorials: Cybersecurity Experts Are Leaving the Federal Government. That’s a Problem. | Josephine Wolff/The New York Times
At the end of 2019, with less than a year to go until the presidential election, the government official who has been leading efforts to secure voting systems in the United States will leave the Department of Homeland Security to join Google. The impending departure of Jeanette Manfra, the assistant director for cybersecurity at the department’s Cybersecurity and Infrastructure Security Agency, is a major loss for the federal government’s civilian cybersecurity efforts, and it comes at the end of a year that saw a series of departures by key cybersecurity personnel. In August, the White House chief information security officer, Joe Schatz, left government to join a consulting firm, TechCentrics. A few months later, in October, Dimitrios Vastakis, the branch chief of White House computer network defense, resigned as well, explaining his reasons in a memo, obtained by Axios, with the subject line “cybersecurity personnel leaving office of the administration at an alarming rate.” Mr. Vastakis’s memo stated that the majority of the high-level cybersecurity personnel at the White House had already resigned because of the administration’s “habitually being hostile” to them, including using tactics such as “revocation of incentives, reducing the scope of duties, reducing access to programs, revoking access to buildings and revoking positions with strategic and tactical decision making authorities.” Through these tactics, in combination with a structural reorganization this summer, the White House effectively dismantled the Office of the Chief Information Security Officer, which was established by President Barack Obama in 2014 following the discovery that Russian hackers had infiltrated White House networks.Voting Blogs: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice
America’s intelligence agencies have unanimously concluded that the risk of cyberattacks on election infrastructure is clear and present — and likely to grow. 1 While officials have long strengthened election security by creating resiliency plans, 2 the evolving nature of cyber threats makes it critical that they constantly work to improve their preparedness. It is not possible to build an election system that is 100 percent secure against technology failures and cyberattacks, but effective resiliency plans nonetheless ensure that eligible voters are able to exercise their right to vote and have their votes accurately counted. This document seeks to assist officials as they revise and expand their plans to counter cybersecurity risks. Many state and local election jurisdictions are implementing paper-based voting equipment, risk-limiting audits, and other crucial preventive measures to improve overall election security. In the months remaining before the election, it is at least as important to ensure that adequate preparations are made to enable quick and effective recovery from an attack if prevention efforts are unsuccessful. While existing plans often focus on how to respond to physical or structural failures, these recommendations spotlight how to prevent and recover from technological errors, failures, and attacks. Advocates and policymakers working to ensure that election offices are prepared to manage technology issues should review these steps and discuss them with local and state election officials.Georgia: State Elections Board seeks public comment on paper ballot rules | Albany Herald
The State Elections Board voted Tuesday to post for public comment updated rules for county officials to run elections on Georgia’s new paper ballot system, another key step in the implementation of the largest voting system rollout in U.S. history. An important aspect of the rules are procedures for maintaining the integrity of the touchscreen ballot-marking devises, known as BMDs. The rules require county poll managers to test each BMD before every election to ensure that voters’ selections will be accurately printed on the ballots. “These rules, and the verification procedures they contemplate, are critical in assuring voters that their choices will be recorded faithfully and counted accurately,” Secretary of State Brad Raffensperger, chairman of the five-member State Elections Board, said in a news release. The proposed rules reflect best practices recommended by election-security experts and House Bill 316 passed earlier this year by the Georgia General Assembly. They also incorporate comments from the American Civil Liberties Union, the Democratic Party of Georgia, the Brennan Center for Justice, and a working group of local election officials. The proposed rules are posted at here.North Carolina: Elections officials anxious over software upgrade | Brooke Conrad/Carolina Journal
A voting software company the N.C. State Board of Elections certified earlier this year wants approval for a last-minute technology update. But some board members are asking whether the company, Election Systems and Security, should have been certified in the first place. In September, ES&S asked the BOE to approve changes to equipment already certified by the state. The timing of the request would require the BOE to circumvent its normal, thorough certification process. Problem was, the company told the board it didn’t have enough of the originally certified equipment to meet the state’s needs, forcing a vote. On Dec. 13, the board, in a 3-2 vote, approved the upgrade, with Democratic Chairman Damon Circosta and Republicans Kenneth Raymond and David Black voting in favor of the update. Democrats Stella Anderson and Jeff Carmon opposed the move. State Board Secretary Stella Anderson, along with several election security advocates across the state, had raised concerns about ES&S during earlier discussions about certification. “The vendor will have done exactly what it wanted to do: put our backs up against the wall,” Anderson said during the meeting.Rhode Island: Board of Elections votes to purchase new modems to enhance security | Mark Reynolds/Providence Journal
The Rhode Island Board of Elections voted unanimously Tuesday afternoon to enhance the security of the voting system by acquiring new modems for the machines that tabulate votes and embracing other recommendations of a recent security assessment. The board took action after releasing a public copy of the security assessment and taking input from Rhode Island National Guard Col. R. Michael Tetreault, who was part of a team that helped draft the assessment. The state Division of Information Technology and the Rhode Island Guard Defensive Operations Element looked at “technology enhancements” made to the state’s election management system, according to a report obtained Tuesday by The Providence Journal. The initiative also reviewed efforts to reduce risk based on recommendations made last year.Pennsylvania: No confidence: Northampton County election board calls for new voting machines for 2020 | Tom Shortell/The Morning Call
A month after widespread problems plagued the general election, the Northampton County Election Commission Board voted 4-0 to express no confidence in its new election machines. At the same meeting Thursday evening, representatives of the county’s Democratic and Republican committees called on the county to move away from the machines and perform an independent analysis of the results. “We believe the problems the machines exhibited this year will make it virtually impossible to restore voters’ confidence heading into 2020. We’d recommend avoiding that by not using them again,” said Democratic Chair Matthew Munsey. Despite the bipartisan condemnation of the machines, it’s unclear how county residents will cast their vote in the upcoming presidential elections. Richard Santee, the board’s solicitor, said the decision to reject these machines must be made in conjunction with Northampton County Council and Executive Lamont McClure. Some council members have demanded a refund on the machines, though McClure has continued to stand by them. Even if there was universal agreement, it would be logistically difficult to swap systems in time for the April 28 primary. The board, council and McClure’s administration would have to reach a consensus on getting rid of the machines, selecting a new system, purchasing it, training staff and delivering the machines to the polls in less than four months. “I can’t imagine what we are going to do between now and April,” said Council President Ron Heckman, who attended the meeting as a member of the public. “What’s the alternative?”Pennsylvania: State officials break silence on controversial ExpressVote XL voting machine | Emily Previti/PA Post
After weeks of silence, state officials have shed some light on their stance that the ExpressVote XL voting machine should remain in use, despite a shaky debut in Pa. during the last election and legal challenges over its shortcomings. In their first public comments about the XL, they laid out their position in 418 pages filed last week in response to plaintiffs’ claims in a federal lawsuit over Pennsylvania’s election system. That case was settled more than a year ago, but plaintiffs led by ex-Green Party presidential candidate Jill Stein recently asked a federal judge to enforce the settlement terms. They claim the Pa. Department of State hasn’t upheld the agreement’s parameters for upgrading voting systems statewide by the end of the year. And they’ve asked U.S District Court Judge Paul S. Diamond to order DoS to decertify the ExpressVote XL voting machine, the pick in three Pa. jurisdictions (Philadelphia, Northampton and Cumberland counties).United Kingdom: Leaked NHS dossier inquiry focuses on personal Gmail accounts | Dan Sabbagh/The Guardian
Britain’s security agencies are investigating whether hackers from a hostile state successfully targeted a personal Gmail account to access an explosive cache of correspondence that was seized on by Labour during the election campaign. The leak inquiry into how the 451-page dossier got into the public domain is focused on the Department for International Trade. Jeremy Corbyn said during the campaign that the documents proved the NHS was “on the table” in future US trade talks. Dominic Cummings, the prime minister’s chief adviser, warned ministerial special advisers at a meeting on Tuesday not to use personal Gmail accounts because “foreign powers” were targeting them. Special advisers are not supposed to use personal accounts for government business but, in practice, some communications are conducted via private accounts, where security may be weaker because they are outside official networks. It is not clear which country – if any – is behind the alleged hack, but independent analysts have already suggested that the cache was originally disseminated online by a Russian operation known as Secondary Infektion.Verified Voting Blog: Verified Voting Statement on Ballot Marking Devices and Risk-limiting Audits
This statement is intended to clarify Verified Voting’s position regarding the use of ballot-marking devices (BMDs) in elections, and the use of risk-limiting audits (RLAs). It is approved by the President, Board of Directors, and Staff of Verified Voting.
Ballot-marking devices
Verified Voting believes that voters should vote on paper ballots, but we recognize an important distinction between hand-marked and machine-marked ballots. Hand-marked paper ballots are not subject to inaccuracies or manipulation from software bugs or malicious code. In contrast, machine-marked paper ballots produced using BMDs might not accurately capture voter intent if the software or ballot configuration is buggy or malicious.
Verified Voting specifically opposes the purchase and deployment of new voting systems in which all in-person voters in a polling place are expected to use BMDs. The trustworthiness of an election conducted using BMDs depends critically on how many voters actually verify their ballots, and how carefully they do it. All voters who vote on BMDs should be made aware of the importance of carefully and conscientiously verifying their ballots before casting them, and should be actively encouraged to do so. However, empirical research thus far shows that few voters using BMDs carefully verify their printed ballots. Moreover, if voters do verify BMD-marked ballots and find what they believe are discrepancies, there is no reliable way to resolve whether the voters made mistakes or the BMDs did. For these and other reasons (such as cost) Verified Voting recommends that the use of BMDs be minimized.