National: Election Assistance Commission staff ‘strained to the breaking point’ | Christopher Bing/Reuters

As the U.S. government prepares to defend the 2020 presidential election from cyber threats, the federal agency charged with helping administer elections, the Election Assistance Commission, says it is “strained to the breaking point,” according to Chairwoman Christy McCormick. “Obviously we’re a very small agency and quite under funded,” McCormick said on Wednesday during a…

National: Trump not doing enough to thwart Russian 2020 meddling, experts say | Peter Stone/The Guardian

Intelligence warnings are growing that Russia will probably meddle in the 2020 elections, but Donald Trump and a powerful Senate ally are downplaying these concerns and not doing enough to thwart interfering, say Russia and cyber experts and key congressional Democrats. Despite fears that Moscow may seek to influence the 2020 elections by launching cyber attacks, social media disinformation, covert agent operations and other “active measures” as it did in the 2016 election, adequate funding and White House focus to counter any new Russian meddling are lagging, experts and officials say. Election security concerns that critics say require more resources and attention include: a paper ballot system to replace or backup electronic voting machines vulnerable to hacking; more resources and attention for cybersecurity programs at the Department of Homeland Security (DHS); a requirement that campaigns report to the FBI any contacts with foreign nationals; and a strong public commitment from the president to an interference-free election. Federal efforts to beef up election security, critics say, have been undercut by Trump’s apparent willingness to accept Russian president Vladimir Putin’s word that the country did not interfere in 2016, and Trump’s slighting of intelligence community conclusions about Russian meddling.

Editorials: Russia hacked us: We made it far too easy — and still do | Jeremy Epstein/The Hill

Florida Gov. Ron DeSantis recently made it official: when it comes to the security of America’s elections, we have seen the enemy… and it is us. Governor DeSantis forthrightly acknowledged that, according to the FBI, two Florida counties’ election systems were infected by malware in the 2016 elections. Reportedly, that malware was furtively installed on at least two county employees’ computers via a run-of-the-mill email “spearphishing” campaign. The malware installed then compromised county databases when those county employees used their computers to access their employers’ computer networks, allowing hackers to access vote and voter data stored elsewhere on those same networks. Fortunately, it appears that the malicious code was used “merely” to infect databases separate from voting machines themselves and other internal ballot-tallying systems.

Florida: Election officials wanted an elections cybersecurity team. Lawmakers said no. | Lawrence Mower/Tampa Bay Times

Gov. Ron DeSantis said Wednesday he wants state officials to “review” the state’s elections systems after news that two county elections offices were hacked in 2016. But for the last two years, Florida’s secretaries of state have asked for that help — only to be turned down twice by state lawmakers. Last year, then-Secretary of State Ken Detzner asked the Legislature for $488,000 to create a full-time elections cybersecurity team with five people, according to the department. Even though it was a measly amount in the scope of their $88.7 billion budget, lawmakers refused, and the department instead hired five cybersecurity contractors to help local supervisors in last year’s election. This year, Secretary of State Laurel Lee asked lawmakers for $1.5 million to keep those cybersecurity contractors, and lawmakers again refused. Thankfully, all were not lost.

Florida: VR Systems says it has proof it wasn’t breached by Russians | Kim Zetter/Politico

A Florida-based maker of voter registration software says it has proof that neither its employees’ email accounts nor its systems were penetrated in a Russian cyberattack in 2016 — an attack that could have allowed hackers to prevent voters from casting ballots during the presidential election if successful. The company, VR Systems, said in a letter to Sen. Ron Wyden (D-Ore.) this month that an analysis by a cybersecurity firm found that it had not been breached, despite allegations to the contrary in special counsel Robert Mueller’s report on Russian election interference. Mueller’s report said Russian hackers installed malware on the network of an unnamed voting technology company. A leaked National Security Agency document published by The Intercept contained details that indicate VR Systems was the most likely victim. Furthermore, in its letter to Wyden, the company admits to receiving so-called “spearphishing emails” in 2016. In the letter, VR Systems responded to questions from the senator about whether computer forensic experts or a government agency had examined the company’s computers and networks after the phishing campaign occurred.

North Carolina: Is North Carolina rushing into major election changes? Some officials warn of confusion in 2020 | Will Doran/Charlotte Observer

Roughly a third of North Carolina voters use electronic machines with no paper ballots. But that might all change next year for the 2020 presidential election. Supporters of the change say it will help ensure election security, especially given reports from the FBI and other sources that the Russian government attempted to influence America’s 2016 elections and may have hacked into some U.S. voting software. But the switch has been held up for years, despite first being ordered in a 2013 law. Now, some officials — including the new state elections director — worry that there’s not enough time left to get new voting systems in place for the 2020 elections. The state’s biggest county, Mecklenburg, is one of the counties that will have to make the switch away from touchscreen voting machines. But officials there still don’t know what machines they might be allowed to buy as replacements, or how much they’ll cost. Meanwhile, the deadline to get new machines in place is coming up at the end of this year.

North Carolina: Federal Government To Check North Carolina Election Equipment Over Hacking Fears | Pam Fessler/NPR

The Department of Homeland Security has finally agreed to conduct a thorough inspection of election equipment used in North Carolina that was supplied by a vendor whose system was targeted by Russian hackers in 2016. It has been three years since the machines — laptops used to check in voters in Durham County — malfunctioned on Election Day, telling voters that they had already voted, even though they had not. The county took the laptops out of service that day and switched to using paper poll books, but what caused the problem has remained a mystery. It’s one of several remaining questions about what happened in the 2016 elections, the answers to which could help the U.S. protect itself against future cyberattacks. “This support may help to provide a better understanding of previous issues and help to secure the 2020 elections,” said Sara Sendek, a DHS spokesperson. She added that the agency “has no information that there is any previous or ongoing issues regarding elections systems” in the state.

North Carolina: Software vendor may have opened a gap for hackers in 2016 swing state | Kim Zetter/Politico

A Florida election software company targeted by Russians in 2016 inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election, according to a document reviewed by POLITICO and a person with knowledge of the episode. VR Systems, based in Tallahassee but with customers in eight states, used what’s known as remote-access software to connect for several hours to a central computer in Durham County, N.C., to troubleshoot problems with the company’s voter list management tool, the person said. The software distributes voter lists to so-called electronic poll books, which poll workers use to check in voters and verify their eligibility to cast a ballot. The company did not respond to POLITICO’s requests for comment about its practices. But election security experts widely condemn remote connections to election-related computer systems — not only because they can open a door for intruders but because they can also give attackers access to an entire network, depending on how they’re configured.

Oregon: On Election Day, Oregon Senate passes bill requiring future election audits | Associated Press

County clerks in Oregon would be required to audit results after each election under a bill that overwhelmingly passed the Senate on Election Day. The bill approved Tuesday requires county clerks to conduct hand-count or risk-limiting audits after every primary, general and special election. Risk-limiting audits are based on counts of statistical samples of paper ballots. Sen. Lew Frederick, a Portland Democrat, said the bill ensures more audits happen to make sure election results are correct. The bill requires audits after every election, instead of just general elections. It goes next to the House. Heading into the 2020 cycle, a new report out Tuesday provides a stark warning about the cyber-insecurity of the highest-profile U.S. political organizations even after years of concerted efforts to improve digital safeguards and an intense focus in Washington on the need to secure campaigns and elections.

Pennsylvania: Here’s who makes money from the voting machine requirement for Pennsylvania counties — and how those decisions are being made | Emily Previti & Ed Mahon|PA Post

As Jeff Frank strode out of his polling place on a recent Tuesday morning, poll watchers thanked him for voting. “Have a great day – enjoy the complaints as they come out the door,” Frank responded. Municipal elections tend to be relatively quiet – even in Montgomery, which consistently turns out a higher number of voters than any other county in the state but more-populous Philadelphia and Allegheny counties  But this year, several counties debuted new voting machines – and two, including Montgomery, went to an entirely different way of voting. “When I came and discovered what the process was, I said, okay, but it is ridiculous, a waste of time and will cause lines so long that people will not be here when the presidential election comes up,” Frank said. Other voters exiting the Temple Brith Achim Synagogue polling location in Upper Merion weren’t quite as animated over the switch from push-button machines to scannable paper ballots filled out by hand. “It’s even it’s better now that you actually get a confirmation ticket that your vote was cast. We never got that before,” said Tykia Turner.

Tennessee: Official: No funds means Shelby County’s old voting machines to be used in 2020 | Katherine Burgess /Commercial Appeal

Unless funding for new voting machines is included in the capital improvements budget for fiscal year 2020, voters in Shelby County will continue using antiquated machines through the 2020 presidential elections, said Linda Phillips, administrator of elections. Phillips spoke with the Shelby County Board of Commissioners a day after Shelby County Mayor Lee Harris announced that he is withholding $5 million that would have gone for new machines from his proposed budget until a conversation can be had regarding voter registration, access to the vote and the delivery of timely and accurate results. “From when I started in 2011 to even before when I started — when machines were young, when machines were old — almost every election I have been observing has been a performance disaster. At some point, somebody’s got to be held accountable,” Harris said. “Although my means is not perfect, this is not the right lever, I’ve got to do what I’ve got to do, and that’s the lever in front of me.”

Texas: Secretary of State David Whitley resigns as end-of-session deadline nears | Austin American-Statesman

Shortly before the Senate’s closing gavel ended his term as Texas secretary of state, David Whitley delivered his letter of resignation, “effective immediately,” to Gov. Greg Abbott on Monday afternoon. Whitley needed Senate confirmation by the end of the legislative session to remain on the job but fell short of the required 21 votes despite expected support from all 19 Republican senators. All 12 Democrats, however, held firm in their opposition to Whitley over his handling of an error-filled investigation into the citizenship status of registered voters that prompted three federal lawsuits and an eventual court settlement that halted the probe and limited the scope of future investigations. Abbott, Whitley’s friend and mentor, was unable to dislodge opposition to the nominee in the 3½ months since Whitley’s confirmation hearing before the Senate Nominations Committee.

India: Roads, boats and elephants: How India mobilised a million polling stations | Simon Scarr, Manas Sharma and Marco Hernandez/Reuters

The final day of voting in India’s mammoth general election was on Sunday. Over 900 million people were eligible to cast their ballots in the staggered seven-phase polling. The world’s biggest election involved around 1 million polling stations spread across the country, from remote corners of the Himalayas to crocodile-infested mangrove swamps of the Andaman Islands. Each polling station served about 900 voters on average but some catered for over 3,000 people. Each voting location used electronic voting machines (EVMs) which were first introduced in 1982. Instead of issuing a ballot paper, electors cast their votes by pressing a button next to a candidate’s name and party symbol. The Voter-Verifiable Paper Audit Trail (VVPAT) system is attached to the EVM to confirm the vote. It prints a small slip of paper carrying the symbol and name of the candidate voted for. This is visible to the voter for a short period, and can be later used by the Election Commission of India (ECI) to verify the votes. After voting, people receive a mark of purple ink on their index finger as an indication that they have cast their ballot.

Iraq: Electronic Voting in Iraq: Mission Unaccomplished | e-lected blog

Fifteen years after US President George W. Bush gave his “Mission Accomplished” address, Iraq continues its struggle for democracy. Regrettably, key institutions like its Independent High Electoral Commission have proven inefficient in laying the foundations for a thriving democracy. What is worst, they are failing to learn from their own recent experiences. In May 2018, Iraq headed to the polls for its first election in the post-ISIS era. What initially appeared to be a relatively decent election gradually emerged to have involved massive potential fraud, forcing a manual recount of the results of a failed electronic voting system. These botched elections cast into serious doubt Iraq’s ability to strengthen its own democratic institutions and conduct future election processes. The tragic episode of the 2018 elections could have had a positive spin, had authorities learned the lesson. However, the fact that they are mulling over the idea of using the same unreliable technology, is a sad testament to the struggle facing Iraq’s fragile, corrupt and inefficient institutions.

National: NGA selects six states for election cybersecurity policy academy | Benjamin Freed/StateScoop

The National Governors Association announced Wednesday the six states that will participate in the organization’s latest cybersecurity policy academy. Officials from Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans and practices to protect the integrity of their voting systems ahead of the 2020 presidential election. The NGA has convened the cybersecurity policy academies, which are run by the group’s Homeland Security and Public Safety division, since 2016. Last year’s program — which included Indiana, North Carolina, West Virginia and Wisconsin — focused broadly on IT security, ultimately producing a set of recommendations for greater collaboration between state and local governments. The 2019 academy will focus more closely on issues related to election security, from building protections around voter registration databases to developing better communications between agencies. Participants will include governors’ office staffers, election directors and statewide cabinet agencies, the NGA said.

International: 1 in 5 elections faced foreign cyber interference | Dylan Bushell-Embling/Technology Decisions

One in five national elections held worldwide since 2016 were potentially influenced by foreign interference, according to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS. An analysis of 97 national elections and 31 referenda that have been held since the 2016 US presidential election identified 20 countries with clear examples of foreign interference, including Australia. The analysis was limited to countries considered to be free or partly free countries. These incidents ranged from cyber attacks to voter registration systems, to DDoS attacks to national election commissions, to the use of Facebook to spread disinformation and discourage voter turnout.

Verified Voting Blog: Election Cybersecurity Legislation Hits a Wall, RobinHood Visits Baltimore, and of course Florida

“According to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS, one in five national elections held worldwide since 2016 were potentially influenced by foreign interference, … “Democracies around the world have been struggling to grapple with foreign interference from state actors during elections,” International Cyber Policy Centre…

National: Technology has made voting lines move faster but also made elections less secure | Miles Parks/NPR

From 8 a.m. to noon on Election Day last November, voting in Johnson County, Ind., ground to a halt. Lines at precincts across the county, just south of Indianapolis, swelled. Some voters waited hours to cast a ballot; some left furious that they were unable to do so. “People weren’t happy. People had to leave and go to work,” said Cindy Rapp, the Democratic member on Johnson County’s election board. The county votes on electronic voting machines, which don’t provide a paper trail — something cybersecurity experts vehemently warn against. But those machines weren’t what caused the issue in November. Instead, the problem came from the computer system, known as an electronic poll book, that poll workers were using to check people in. Increasingly, more and more states and voting jurisdictions are using these systems to speed up and improve in-person voting. According to federal data, nearly half of all voters who voted in person in 2016 signed in at their polling place using an electronic poll book. That’s up from 27 percent just one presidential election prior. Like many issues surrounding elections, moving from paper to a digital process may bring convenience, but it also brings big questions about security and reliability.

National: Republicans make alleged conservative bias top priority at election security hearing | Cat Zakrzewski/The Washington Post

Google, Facebook and Twitter executives came to Capitol Hill to testify about election security. Instead they faced a grilling about whether their platforms are biased against conservatives. A string of Republicans on the House Oversight and Reform Committee skipped questions about how the companies were tackling disinformation campaigns or preventing Russians from purchasing political ads on their platforms in the run-up to the 2020 election. They were more interested in whether Facebook and Twitter were “shadow-banning” — quietly blocking or restricting — conservatives’ accounts on their platform. “The minute you start putting your hand on the scale of freedom and justice to tilt it one way or another, quite frankly we’ve got to act as members of Congress,” warned Rep. Mark Meadows (R-N.C.). The technology executives vehemently denied that they engage in shadow banning. There is no evidence that the platforms have been systematically biased against one political party.

National: U.S. House bill would require feds to notify public of election hacking | Benjamin Freed/StateScoop

Two members of the U.S. House of Representatives from Florida said Thursday they will introduce a bill that would require federal officials to inform Congress, state and local authorities and the public if an election-related computer system is hacked. The measure, from Democrat Stephanie Murphy and Republican Michael Waltz, comes as a response to federal authorities’ refusal to publicly name the two Florida counties where voter registration databases were successfully breached by Russian military intelligence hackers during the 2016 presidential election. Under the bill, text of which has not yet been released, federal law enforcement and cybersecurity authorities who detect unlawful access of election systems would be required to “promptly” notify the relevant state and local officials, as well as members of Congress representing the targeted jurisdiction. In turn, state and local officials would be obligated to notify any potentially affected voters.

Editorials: There’s Bipartisan Support for Election Security. Mitch McConnell Won’t Let It Happen. | Lawrence Norden/Slate

Robert Mueller’s first public comments about the Russia investigation Wednesday had everyone from Fox News to the New York Times reporting that House Democrats would now feel increased pressure to begin an impeachment inquiry against the president. No doubt, the question of whether Donald Trump obstructed justice and should be subject to impeachment is of critical importance to Congress and the nation. But Robert Mueller also began and ended his comments with another issue that he said “deserves the attention of every American.” Namely, that a foreign government made multiple, systematic attempts to interfere in our elections. Congress is not doing enough to prevent it from happening again, despite ongoing attempts to sound the alarm by cybersecurity experts, intelligence agencies, and Robert Mueller himself. By the next presidential election, the Russians will have had four years to leverage the knowledge they gained in 2016. That could mean even more harm the next time around. That harm will no doubt include more disinformation on social media and potential attacks on our election infrastructure. And there is every reason to believe other nation-states will now get in on the game.

National: Mueller remarks put renewed focus on election security bills | Maggie Miller/The Hill

Legislation aimed at securing U.S. elections got an unexpected shot in the arm this week when Robert Mueller devoted a fair share of his first remarks on the Russia probe to the threat posed by foreign actors seeking to undermine democracy at the ballot box. Election security bills have been languishing in Congress for months, due in large part to Republicans who do not want to shine a light on Russia’s actions and risk the fury of President Trump. The president weighed in on the issue Thursday, telling reporters that “we are doing a lot, and we are trying to do paper ballots as a backup system as much as possible, because going to good old-fashioned paper in this modern age is the best way to do it.” Those remarks came after he said Russia did not help him secure the presidency — his first on-camera response to Mueller’s comments, though he tweeted earlier in the day that Russia helped him win the election. The president’s comments came a day after Mueller shined a spotlight on Russia’s attempts to interfere in the 2016 U.S. presidential election. Mueller emphasized that “the central allegation of our indictments” was “there were multiple, systematic efforts to interfere in our election.” He ended his 10-minute statement by saying this “deserves the attention of every American.”

Texas: Embattled elections chief on brink of losing job | Paul J. Weber & Jim Vertuno/Houston Chronicle

Texas’ embattled elections chief who wrongly questioned the U.S. citizenship of tens of thousands of voters was on the brink of losing his job Sunday, while Republican lawmakers prepared to head home hoping to save their own in 2020. Secretary of State David Whitley appeared set to go down without a public fight in the final hours of an unusually quiet session of the Texas Legislature, where a weakened GOP majority this year showed little appetite for partisan battles over signs their grip on the Capitol is slipping. Whitley, a former top aide of Republican Gov. Greg Abbott, can’t stay in office unless the state Senate confirms his nomination before the session ends Monday. But his prospects were dimming by the minute as Democrats continued blocking a vote on his confirmation, as they have done since February. That was after Whitley’s office rolled out a bungled scouring of voter rolls that flagged nearly 100,000 voters as potential noncitizens. President Donald Trump seized on the news out of Texas to renew his unsubstantiated claims of widespread voter fraud, but within days, it became clear the data used was deeply flawed.

Editorials: What if 2020 election is disputed? | Edward Foley/The Hill

Speaker Nancy Pelosi was correct when she recently said that the best way to avoid a disputed election is for the result to be a blowout. But that is a hope, and we need a plan. If the midterm elections are any indication, the number of states with razor thin majorities is increasing. With partisan distrust on the rise, the result could be a constitutional standoff, a loss of democratic legitimacy for the outcome, and even violence stemming from anger. We need to agree in advance on procedures for resolving electoral disputes that determine the winner of the presidential election next year.

National: Keeping voting security standards from bureaucracy | Derek B. Johnson/GCN

Although the security updates to the Election Assistance Commission’s new Voluntary Voting System Guidelines 2.0 are sorely needed, its approval and updating process can’t keep up with the technological changes. Later this year, the full commission is expected to vote to approve a five-page document outlining principles that will guide the development of VVSG 2.0, including a new emphasis on security. At a May 21 hearing, however, a number of stakeholders advised the agency to refrain from requiring a full vote to approve the technical portions of the guidelines, saying it could keep the latest technology from being incorporated into voting machine standards. “We cannot wait weeks or months for a decision on a federal level when there’s a need to act immediately,” Iowa Secretary of State Paul Pate said. “I’m asking all of you to have a dialogue about what happens if we run into that situation again when there is not a full quorum on the EAC. How will decisions be made, and will that make it more difficult for state election officials to protect the security and integrity of the vote?”

National: Top Republican says Senate unlikely to vote on any election security bills | Maggie Miller/The Hill

Sen. Roy Blunt (R-Mo.), a member of Senate GOP leadership, said Wednesday that the chamber is unlikely to vote on any election security legislation, despite requests from a federal agency for more funding to improve election systems nationwide. Blunt made the remarks at a Senate Rules Committee hearing where Election Assistance Commission (EAC) officials highlighted what they said is an urgent need for more resources. His comments were in response to Senate Minority Whip Dick Durbin (D-Ill.) pointedly asking during the hearing whether the Rules Committee, chaired by Blunt, would mark up any election security bills already introduced this Congress. “At this point I don’t see any likelihood that those bills would get to the floor if we mark them up,” Blunt said. When Durbin asked why that was the case, Blunt said, “I think the majority leader is of the view that this debate reaches no conclusion. And frankly, I think the extreme nature of H.R. 1 from the House makes it even less likely we are going to have that debate.”

National: Americans may vote in 2020 using old, unsecured machines | Gopal Ratnam/Roll Call

The first primary in the 2020 presidential race is a little more than 250 days away, but lawmakers and experts worry that elections will be held on voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results. Although states want to upgrade their voting systems, they don’t have the money to do so, election officials told lawmakers last week. Overhauling the nation’s election systems would mean injecting as much as $1 billion in federal grants that would then be supplemented by states, but top Senate Republicans have said they are unlikely to take up any election security bills or give more money to the states. The deadlock could mean that even as federal government and private companies spend tens of billions of cybersecurity dollars annually to protect their computers and networks from attacks, the cornerstone of American democracy could remain vulnerable in the upcoming elections.