Pennsylvania: Lawsuit seeks to force Pennsylvania to scrap these electronic voting machines over hacking fears | Joseph Marks/The Washington Post

Election security advocacy groups are suing the state of Pennsylvania today to stop some counties from using controversial voting machines they say are vulnerable to hacking by Russia and other adversaries in 2020. The suit, shared exclusively with The Cybersecurity 202, comes just weeks after these particular machines had technical issues and went haywire and called the wrong winner in a county judge’s race in November. The groups say hackers could do far worse to these electronic machines if they tried.  Concerns about hacking are supersized in Pennsylvania — a battleground state that could be vital to determining the next president. The ExpressVote XL machines, designed by Election Systems & Software, are being used in three counties that account for about 17 percent of the state’s registered voters, including Philadelphia County, the largest in the state. That’s more than enough to tip a close election.

Pennsylvania: Administration defends voting machines blamed in undercount | Marc Levy/Associated Press

Gov. Tom Wolf’s administration asked a federal court Thursday to reject a challenge to its certification of voting machines bought by Philadelphia and two other Pennsylvania counties, while the machine’s maker accepted responsibility for problems that led to badly undercounted returns in a judicial race last month. In a federal court filing, Wolf’s administration said the plaintiffs, former Green Party presidential candidate Jill Stein and several supporters, knew Pennsylvania was about to certify the ExpressVote XL touchscreen system when the sides settled the election-security lawsuit. “Many months had passed” before the plaintiffs objected to the certification of the machines, made by Omaha, Nebraska-based Election Systems & Software, lawyers for the Wolf administration said in the filing. The settlement agreement’s terms are clear and the ExpressVote XL complies with them, they wrote. The court fight casts doubt onto how 17% of Pennsylvania’s registered voters will cast ballots in the April 28 primary election, as well as next November, when the state is expected to be one of the nation’s premier presidential battlegrounds.

Texas: We won. No, you won. Wait! We won! Confusion in a Texas school bond election isn’t going away. | Dave Lieber/Dallas Morning News

Jim Wells County had the infamous Ballot Box 13. It was 1948, and supporters of Lyndon B. Johnson held the box back, and then, miraculously, came up with just enough votes for LBJ to win his first U.S. Senate race. History would be quite different if the future president’s South Texas supporters hadn’t cheated. The fragility of our voting system should not be taken for granted. This can happen anywhere in any election. Midland County currently faces its own threat to the sanctity of its election system. Nobody is officially accusing anyone of cheating, but there are problems galore. Much of the problems stem from the first-time use of new voter machines that are supposed to protect ballot security. Called hybrids, they record a vote both electronically and through a backup paper ballot. Most Dallas/Fort Worth area counties have switched to them or are working on a switch. But, so far, that promised measure of security hasn’t worked in that part of West Texas.

Estonia: E-election taskforce report complete, includes 25 improvement proposals | ERR

The e-election taskforce has completed a report which includes 25 proposals for supplementing Estonia’s e-election system, improving its reliability and managing its risks. Minister of Foreign Trade and Information Technology Kaimar Karu said that the report provided a useful overview of the issues surrounding e-elections. “The current e-election system has been in development and use since 2005 already, and, as with any other complex system, it requires continued further development and improvement,” Karu said in a press release on Thursday. The report by the taskforce, which was launched by previous IT minister Kert Kingo (EKRE), will serve as one input in agreeing on further concrete steps in cooperation with other involved ministries and agencies. “The e-election system can definitely be viewed as part of the state’s core infrastructure by now, and its funding and development are an extremely high priority,” he said. “We must continue to be sure that we are using the best technology currently available while also taking into account, to the extent possible, future changes in both cryptography and technology capabilities in general.”

Latvia: State institutions and politicians experience cyber attack | Latvian Public Broadcasting

The Information Technology Security Incident Response Institution Cert.lv announced on Friday, December 13 that over the last few days several state institution employees and politicians have experienced targeted cyber attacks using phishing emails from the Russian embassy formatted as a reply to a previous correspondence. The emails included a link for downloading a document, which would be used to infect the victim’s computer. All recipients recognised former correspondence fragments, which were used to promote trust in the email. This is at least the second such attack in the last three months where phishing emails were sent from the Russian embassy. The embassy itself informed the media in October that their email system experienced a cyber attack. The attack didn’t include critical vulnerabilities, but the downloadable documents included macro functions, where the user had to accept permissions. Cert.lv urges everyone to check the authenticity of all emails by checking the “From” and “Repy-to” addresses before opening any attachments or downloading any documents, as well as to avoid accepting any macro function permissions from documents.

Philippines: Comelec eyes ‘hybrid’ 2022 polls | Ferdinand Patinio/Philippine News Agency

The Commission on Elections (Comelec) is looking to “hybridize” the next national elections in May 2022. “We have no recommendations yet. It’s been talked about. Our focus really is a hybridization of the AES (Automated Election System),” Comelec spokesperson James Jimenez said in an interview Wednesday. A hybrid election system is a combination of both manual and electronic methods to be used either in voting, counting, transmission, and canvassing of results. However, the poll body official added that they have given Congress an estimated budget for their plan. “So far, we gave them our budget estimate, how much it would cost and well it looks like there is budget implication especially hybridization the way they are describing it now with projectors and everything at the canvassing level. So the costs have ballooned,” he said. While he doesn’t have the exact figures, Jimenez said the commission may have to pay twice or thrice the normal cost of an election.

Pennsylvania: How Pennsylvania’s election security lawsuit settlement led to the last minute challenge of the state’s top-selling touchscreen voting machine | Emily Previti/PA Post

Three Pennsylvania counties could end up scrambling to replace brand new voting machines before the 2020 election – a situation stemming largely from the loose terms of the 2018 legal settlement that mandates new voting machines across the state. Plaintiffs led by former Green Party presidential candidate Jill Stein say one system in particular never should have been certified in the first place and are asking a federal judge to force the state to decertify it. The ExpressVote XL doesn’t meet the agreement’s requirements for paper-based systems that produce auditable results and let voters verify ballots before they are cast, they claim. The Stein plaintiffs made their move about a month ahead of the year-end deadline for Pennsylvania counties to buy new machines, and well after most counties already spent or committed more than $150 million to buy machines certified by the Pennsylvania Department of State. It also comes amid Northampton County’s investigation into why the XL tabulated results incorrectly in some races in the Nov. 5 general election. Philadelphia debuted the machines that day, too, with comparatively minor issues. Stein spokesman Dave Schwab says they’re acting at this juncture, in part, because the settlement requires the parties to attempt to resolve any differences among themselves before seeking court intervention.

National: Several election security provisions are in the massive defense bill | Andrew Eversden/The Fifth Domain

The National Defense Authorization Act released Dec. 9 contains several provisions aimed at securing U.S. election infrastructure months before presidential primary season is in full-swing. The provisions in the compromised conference report mandate a broad range of election-related steps, from an assessment of foreign intelligence threats to U.S. elections to allowing top state election officials to receive Top Secret security clearances. The security clearance language is good news for the information-sharing relationship between the the federal government and state election officials, who don’t have proper clearance to view high-level intelligence related to election infrastructure cyberthreats. Throughout the 2016 election, the Department of Homeland Security and the FBI had a fraught information-sharing relationship with the states. In the years since, top federal election officials have consistently said information sharing needed to be improved, and while officials say it has been, the clearance problem was still a hindrance.

National: RNC, DNC bank on Duo authentication ahead 2020 election | Shannon Vavra/CyberScoop

The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other user accounts, both personal and professional, too, according to Mike Gilding, the deputy director of information technology at the RNC. The approach reflects the urgency with which both major political U.S. parties must adopt even basic cybersecurity measures after Russian hackers accessed email accounts belonging to key members of the Democratic National Committee in 2016. Another similar attack against either party could disrupt what is shaping up to be a particularly contentious U.S. election season, as impeachment proceedings against the president move forward. The DNC and RNC have a lot to safeguard, including polling data, candidate research, campaign funding, and election strategies.

National: Russia’s efforts to target U.K. elections a stark warning for 2020 | Joseph Marks/The Washington Post

An alleged Russian influence campaign to undermine this week’s British elections shows how tough it will be to keep foreign influence out of the 2020 U.S. contest. Russian-backed accounts on Reddit actively worked to boost the trove of documents appearing to detail key U.S.-U.K. trade negotiations that have been gaining traction over the internet for months, the social sharing site revealed Saturday. It’s not clear whether the documents were leaked or hacked, but Britain’s opposition Labour Party, has been using the seemingly genuine documents to slam the ruling conservative party for considering giving U.S. companies far more influence over Britain’s popular state-run National Health Service as part of a post-Brexit trade deal. It’s yet another example of Russia’s powerful digital army allegedly seeking to influence the outcome of a Western election — and it offers a stark reminder of how influence operations can be highly effective even before they’re identified. This dramatically undermines government and industry efforts to blunt their power or hold off their spread.

National: Multistate voter database suspended in lawsuit settlement | Roxana Hegeman/Associated Press

A much-criticized database that checks whether voters are registered in multiple states has been suspended “for the foreseeable future” until security safeguards are put in place as part of a settlement of a federal lawsuit, a civil rights group said Tuesday. The Interstate Crosscheck program was the subject a class-action lawsuit by the American Civil Liberties Union of Kansas on behalf of 945 voters whose partial Social Security numbers were exposed by Florida officials through an open records request. Kansas has operated the multistate program since 2005, although the program hasn’t been used since 2017 when a Homeland Security audit discovered security vulnerabilities. The settlement includes a list of safeguards the state has agreed to implement to protect voter’s personal information before the program can resume, the ACLU said in a news release.

Editorials: Election security: Oversight of vendors is lacking | Pittsburgh Post-Gazette

Well-documented Russian meddling in U.S. elections demands keen concern for the protection of election integrity. This concern should rise to the level of immediate action in light of a new report verifying the lack of federal oversight of the private companies that make voting equipment. The Brennan Center for Justice, which is based at New York University School of Law, reported that three companies provide more than 80% of the voting systems in the U.S., yet they lack meaningful oversight, leaving the electoral process vulnerable to attack. A cyberattack against any of these companies could have deep consequences for elections across the country. Other systems that are essential for free and fair elections, such as voter registration databases and electronic pollbooks, also are supplied and serviced by private companies. Yet these vendors, unlike those in other sectors that the federal government has designated as critical infrastructure, receive little or no federal review, the Brennan Center found. Oversight is needed. Federal standards must be set. Congress should establish a framework for certification of election vendors.

Kentucky: Officials Say Online Voting Not Coming Soon | Jacob Mulliken/Government Technology

The discussion about a digitized polling system has election officials and experts throughout the nation stepping up to avoid a potentially crippling move for the American electoral system, said Kentucky Secretary of State-elect Michael Adams. “I think concerns, especially surrounding hacking, are well-founded right now,” he said. “People want to confirm that their vote can’t be hacked and that the machine tallies the votes offline and that they are collected and processed, offline. The most secure elections are cast in person because there are checks and balances requiring some sort of identification and oversight. When you see fraud, and we have it, it most often happens outside of the purview of election officials. “An online method system out west may work where there is less history of election fraud, but not in places like Kentucky where fraud is still endemic. Internet voting in Kentucky is not anywhere near ready for primetime.”

Pennsylvania: What went wrong with Northampton County’s voting machines? The analysis is done. | Kurt Bresswein/Lehigh Valley Live

Election night, Nov. 5, came and went in Northampton County without any word on who had won and who had lost. County elections officials had to count ballots through the night, after apparent problems with electronic tabulation on the new Election Systems & Software (ES&S) ExpressVote XL machines in use for the first time. ES&S has now completed its analysis into what went wrong, and the results are set for release during a news conference Thursday afternoon at the county courthouse in Easton, county officials said Tuesday. County Executive Lamont McClure and Adam Carbullido, senior vice president of product development at Omaha-Nebraska-based ES&S, are scheduled to discuss the analysis. McClure’s administration and a representative of ES&S declined to detail any of the findings in advance of Thursday. “A team of experts from ES&S began examining Northampton County voting machines on Dec. 5 after the court-ordered impoundment was lifted,” ES&S said in a statement Tuesday. “During this examination, ES&S applied to Northampton machines the work it conducted at its main facility over the last several weeks to replicate and correct the human errors that caused the Northampton issues. After having the opportunity to review the machines in person, we look forward to sharing our diagnoses on the Election Day issues during Thursday’s meeting.”

Pennsylvania: State warns Dauphin County over defying voting machine edict | Marc Levy/Associated Press

A Pennsylvania county is being told it would lose out on millions of dollars in aid and almost certainly be sued by the state if it refuses to take action to buy new voting machines before Dec. 31, county officials said Monday. Dauphin County Commissioner Mike Pries said that was the message delivered to him during a meeting with Gov. Tom Wolf’s top elections officials last week, a message strong enough to change his mind. “Certainly the message from the state has been received loud and clear,” Pries said. In addition to the threat of a state lawsuit, Dauphin County would be unable to share in state and federal aid to help with a purchase that could exceed $5 million, county officials said. That aid could account for roughly 70% of each county’s tab. As a result, Pries said he has decided to vote to buy new voting machines, seeing it as the best option for the county’s residents and taxpayers. It is just a question of settling on which machine to buy, he said. A spokeswoman for Wolf’s Department of State declined comment Monday. Dauphin County’s other two commissioners have yet to meet with Department of State officials.

Rhode Island: Elections board discusses voter-system security | Katherine Gregg/Providence Journal

Voting by email. Upgrading the modems used to transmit election-day vote tallies.  Unmasking the donors hiding behind names like “The Coalition to Make Our Voices Heard” who pour money into campaigns. On a day Russian interference in past U.S. elections again made news, Rhode Island election officials waded into this quagmire without making any final decisions on what to do next. For example, they briefly weighed the pros and cons of allowing overseas voters — such as members of the military — to cast their R.I. election ballots from afar by email. The idea was shelved — at least for now — pending more study, after one member after another of the state Board of Elections voiced concern about the security of ballots cast in this fashion, despite assurances the ballots would be sent to a dedicated “address.” “I think we need to look very carefully at the security issues,” said the vice chairman, Stephen P. Erickson. It was unclear who authored the email-voting proposal that appeared on the board’s agenda, alongside a proposal to upgrade from 3G to 4G the modems the state uses on election-day to transmit results to state Board of Elections headquarters. That proposal too was put on hold — until next week — amid warnings from Brian Tardiff, the information security officer for the state’s Division of Information Technology, that making public all of the findings of a cybersecurity analysis of Rhode Island’s election system could put the system at risk.

Texas: Ahead Of 2020, Voting Group Warns Most County Election Websites In Texas Are Not Secure | Ashley Lopez/KUT

Almost 80 percent of county election websites in Texas are not secure ahead of the 2020 presidential primary, according to a report from the League of Women Voters of Texas. Before every major election, the nonpartisan voting group says, it looks through the state’s 254 county election websites to make sure they have the information they are legally required to have, that the information is easy to find and that it’s easy to read. League of Women Voters of Texas President Grace Chimene said as the group conducted this review, it found a glaring issue. “One of things that stood out to us is that there is a definite problem with website security,” she said. “I was really surprised. I was totally shocked that this is a problem.” In particular, Chimene said, 201 of the 254 sites don’t have https in their URLs, signaling the website is secure. “This is just the most simple thing to fix and it hasn’t been fixed,” she said.

New Zealand: Much awaited report on combatting foreign interference in elections delivered | Charlie Dreaver/Radio New Zealand

Parliament’s Justice Select Committee has released its results of its inquiry into the 2017 General and 2016 Local elections. The report covers a number of areas including allowing spy agencies to vet potential political candidates. Ahead of the 2017 general election the GCSB and the SIS drew up a protocol for managing foreign and cyber-security threats but they didn’t need to use it. But the Justice Select Committee said that was no reason to be complacent. It’s suggesting intelligence agencies should give advice about a particular candidate if the party asks for it. It wanted the agencies to be giving more advice in general about possible foreign interference. The committee’s deputy chairperson, National MP Nick Smith, pointed to the risks of what’s called “astroturfing” on social media.

Nigeria: National Electoral Commission says electronic voting not yet feasible | Eric Ikhilae/The Nation Newspaper

The National Electoral Commission (INEC) has said electronic voting systems could only be introduced into the nation’s electoral process when the nation was sure of the appropriate technologies, provide infrastructure, to address cyber security, among other challenges. According to INEC Chairman, Prof Mahmood Yakubu, the country was not there yet. He was however confident that his agency could achieve electronic collation of results (e-collation) and electronic transmission of results (e-transmission) during the next election circle in 2023. Mahmood spoke in Abuja on Monday at the Nigeria Civil Society Situation Room (NCSSR) stakeholders’ forum on elections. NCSSR is a coalition of civil society organisations, led by Clement Nwankwo, the Executive Director, Policy and Legal Advocacy Centre (PLAC). The INEC Chairmen, Deputy Senate President, Snetor Ovie Omo-Agege and the Minister of Justice and Attorney General of the Federation (AGF), Abubakar Malami were unanimous on the need to review the nation’s Electoral Act before the next election season and particularly, the importance of creating the much-requested Electoral Offences Commission.

United Kingdom: Britain’s Spies Probe Russian Election Meddling | Jamie Dettmer/VoA News

Britain’s cybersecurity agency is investigating whether state-sponsored Russian hackers were behind the leaks of British government documents used by opposition politicians to embarrass Boris Johnson’s ruling Conservative Party ahead of Thursday’s general election. The official probe into the origin of the leaked material — which included documents detailing discussions between British and U.S. negotiators on a possible post-Brexit transatlantic trade deal — comes days after the social media site Reddit announced it had blocked 61 accounts linked to the dissemination of the documents after investigating suspect activity bearing similarities to previous Russian online influence operations. The leaked documents were used by Jeremy Corbyn, leader of Britain’s main opposition Labour Party, as “evidence” that the Conservatives might include the country’s public health service in any future trade deal with the United States — a claim firmly denied by British Prime Minister Johnson. Corbyn, other Labour leaders, as well as Scottish nationalists, have contended that the Conservatives will “sell off” the National Health Service to American companies in order to secure a trade deal.

United Kingdom: Poll Hacks: How Cybercriminals Aim To Disrupt Elections | David Warburton/Information Security Buzz

The UK general election is almost upon us, and it is already turning into one of the most divisive and analysed political events in the country’s history. Discourse and debate are reaching fever pitch, from parliamentary benches and constituency doorsteps, to every conceivable media platform in play. It is no surprise then that an air of online volatility persists more than usual. At this moment in time, every new election is likely the most tech-enabled and at risk addled yet. Labour was most recently under the cybersecurity cosh, enduring what it termed as “sophisticated and large-scale” attempt to knock out its digital systems earlier in the month (it turned out to be a set of distributed denial-of-service (DDoS) attacks). Just the other day, Labour candidate Ben Bradshaw also claimed to be a victim of a suspected cyber-attack when he received an email with sophisticated malware attachments. These are politically unprecedented times and the UK’s National Cyber Security Centre knows it. Last year, the government-backed organisation issued a direct warning ahead of local elections, citing potential “insider activity” attempting to “manipulate or compromise electoral information.” Similar warnings are in place for 2019. There are many ways to knock an election off course. Below are some of the main existing and emerging cyber threats to bear in mind as we head to the polls this week.  It is, however, worth noting that variations of these methods are possible throughout the year as hackers opportunistically hijack political developments in real-time.

North Carolina: Bait and switch by ES&S in North Carolina? | Jordan Wilkie/Carolina Public Press

A voting system certified and tested earlier this year for use in North Carolina’s March 2020 primaries won’t be available, according to manufacturer Elections Systems and Software, so the company’s lobbyists have suggested the state quickly approve one of its other systems instead. While the N.C. Board of Elections director has recommended going along with the vendor on the substitution, others see the move as a deceptive bait and switch. One Board of Elections member, Stella Anderson, has objected to the situation, thereby forcing the board to convene a special meeting on the issue. She and others have questioned the integrity of the company and suggested both ES&S and board staff have used language that understates the significance of the difference between the two systems and misrepresents federal government requirements for approving such modifications to voting systems. ES&S has been trying to get its EVS voting system certified in North Carolina since 2017. Litigation between the Republican legislature and the Democratic governor, the 9th Congressional District ballot fraud scandal in 2018, and the resignation of the former Board of Elections chairman delayed certification of the new system until the 11th hour.

National: Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing | Byron Tau and Dustin Volz/Wall Street Journal

Two top government officials with broad cybersecurity and election-integrity portfolios have announced they are stepping down this month, a loss of expertise in a critical area less than a year before the 2020 presidential election. Amy Hess, the executive assistant director of the Criminal, Cyber, Response, and Services Branch of the Federal Bureau of Investigation will depart for a job as the chief of public services in Louisville, Ky. Jeanette Manfra, the most senior official dedicated exclusively to cybersecurity at the Department of Homeland Security, will leave her post at year’s end for a job in the private sector. Both women have announced their departure in recent weeks. Senior U.S. intelligence officials have warned the elections are likely to be targeted online by Russia and other foreign adversaries following Moscow’s success in disrupting the 2016 race. The FBI and DHS are two of the primary agencies responsible for combating foreign influence operations online, along with intelligence agencies including the National Security Agency. The FBI established a Foreign Influence Task Force in 2017 and has made investments to deepen its cybersecurity capabilities. DHS is the lead federal partner for state and local election officials with a focus on safeguarding voting systems from hackers.

Editorials: This is our last chance to ensure the 2020 election is not rigged | Myrna Pérez/The Guardian

On Friday the House of Representatives showed the country that it will not tolerate racial discrimination at the polls. It passed the Voting Rights Advancement Act, a bill that would restore the 1965 Voting Rights Act to its full strength. Our country needs that reform and others to make the 2020 election free and fair for all. Since its founding, America has moved slowly towards granting suffrage to more and more Americans, bringing more people into the electoral process. The Voting Rights Act of 1965 has been instrumental to that progress. But in 2013 the supreme court dramatically weakened that law. In Shelby county v Holder, the court disabled the act’s provision that required states and localities with histories of racial discrimination in voting to “pre-clear” new voting regulations. The pre-clearance system had allowed federal authorities to vet proposed voting rules for racial discrimination before they could cause injury. From 1965 right up until the Shelby decision, this safeguard blocked many restrictions that would have made it more difficult for black and brown people to participate and vote.

Georgia: Groups Claim New Voting Machines Will Cost Counties Millions Extra, Georgia Secretary Of State’s Office Disagrees | Emil Moffat and Emma Hurt/WABE

A new study warns that Georgia’s new voting system could cost counties more than $80 million over the next ten years. The study was compiled by three groups: Fair Fight Action, a group founded by former Democratic gubernatorial candidate Stacey Abrams; The National Election Defense Coalition, which declares itself bi-partisan; and Freedom Works, a conservative group. That cost estimate, for some counties, includes the purchase of additional voting machines for this coming election to meet requirements under a new law that passed this year. The law, House Bill 316, mandates that each precinct has one voting station for every 250 registered voters. The estimates for the additional machines gathered in the study varied from hundreds, such as in Fulton County, to no additional machines, such as in DeKalb County. The state of Georgia agreed to a $107 million contract with Dominion Voting Systems in July. The groups who compiled the election cost study argue that the terms of the contract don’t cover warranty and licensing costs in the future, as well as printing costs like paper and toner, leaving the counties to foot the bill.

Ohio: Deadline looming for Ohio’s county elections boards to complete new state security requirements for 2020 | Andrew J. Tobias/Cleveland Plain Dealer

While Ohio’s 88 county boards of elections are at various stages of completing a mandatory pre-election security check-list, Ohio Secretary of State Frank LaRose said Friday that he’s confident Ohio will have a secure 2020 election. During a security briefing in Columbus on Friday, LaRose, a Republican, urged local elections officials to get working on the security directive his office issued last June. Counties are required, among other things, to install a device that can automatically detect hacking attempts, and to conduct criminal background checks on elections workers who hold sensitive jobs. LaRose’s office, which oversees state elections, set a Jan. 31 deadline to get everything done. LaRose’s office emphasized that 52 of Ohio’s 88 counties are at least half done completing the security check-list. But that means 36 aren’t. And a handful are far behind, LaRose said. Only 13 counties have installed the devices that detect hacking attempts. LaRose drew chuckles and whispering from local elections officials when he said the current period — after last November’s election and before the Dec. 17 filing deadline for the March primary election — could be a slower time where elections board can get caught up.

Ohio: Few county boards of elections have adopted digital alarm used to detect hacks | Rick Rouan/The Columbus Dispatch

The vast majority of Ohio’s county boards of elections haven’t installed the digital burglar alarm that Secretary of State Frank LaRose says helped his office detect a hacking attempt of his office’s website on Election Day. With less than two months to go before the deadline LaRose imposed for installation of the so-called Albert systems, just 13 out of Ohio’s 88 county boards of elections have operational alarms. The remaining 75 have until Jan. 31 to install them. “The most important consequence is not being prepared,” LaRose said Friday after the start of a daylong security conference for county elections officials in Columbus. “This is too important to take lightly.” Franklin County has had an Albert sensor in place since May 2018, with other network sensors in place at the Franklin County data center before that. But even with the threat of digital attacks, LaRose said Ohio’s election procedures are secure. None of the equipment used to cast or tally ballots is connected to the internet. Doing so would violate Ohio law.

Oklahoma: State increases election security efforts | Addison Kliewer/NonDoc

With the end-of-the-year deadline to pass election security measures in Congress quickly approaching, Sen. James Lankford (R-OK) said Oklahoma has already taken steps to secure elections from foreign interference. Lankford, who has been pushing election security to keep American democracy from foreign interference, said there is “no question” that Russia tried to meddle in the 2016 election. “We were one of the 21 states that were identified early by the FBI that the Russians tried to get into, but they couldn’t get into our system in 2016, so they moved along to others,” Lankford said. In 2017, this information was brought to the Oklahoma State Election Board, encouraging the board to partner with numerous federal and state agencies to address the issue of election security. “We met regularly to discuss risks and plan for contingencies. We arranged for unclassified briefings and security training for county election officials, and shared ‘best practices’ with state and county election employees,” said Election Board Secretary Paul Ziriax in a June congressional testimony.

Pennsylvania: Voting-Machine Upgrade Stirs a Partisan Clash in Pennsylvania | Alexa Corse/Wall Street Journal

A partisan clash is unfolding over an effort to upgrade voting systems in Pennsylvania, after Republicans accused the Democratic governor of rushing the deployment of new voting machines, some of which malfunctioned in November. The rift in Pennsylvania—a key battleground state for the 2020 elections—is an example of how election security is becoming a political flashpoint across the country. A spokesman for Pennsylvania Gov. Tom Wolf said this week that the state has made significant security improvements and is continuing such efforts. “These inaccurate, political claims only serve to undermine confidence in our election,” said spokesman J.J. Abbott. Election-security efforts elsewhere have attracted controversy as well. On Capitol Hill, congressional Republicans and Democrats have clashed on election-security bills and on whether to give more funding to the states to improve their systems. Complaints at the state level are significant because of Pennsylvania’s potential importance as a battleground state in the 2020 election, and because state and local governments have the primary responsibility for administering elections. At issue in Pennsylvania are reports that some voting machines malfunctioned during a statewide election on Nov. 5. In Northampton County, election workers counted paper records all night. Another glitch was blamed for causing long lines in York County.

Pennsylvania: Philadelphia’s voting machines challenged in federal court | The Philadelphia Sunday Sun

A federal court was asked last Tuesday to force Pennsylvania to rescind its certification of a voting machine newly purchased by Philadelphia and at least two other counties in the state ahead of 2020’s presidential election. The filing casts doubt on how 17% of Pennsylvania’s registered voters will cast ballots in the April 28 primary election, as well as next November, when the state is expected to be one of the nation’s premier presidential battlegrounds. Court papers filed by former Green Party presidential candidate Jill Stein and several supporters accuse Gov. Tom Wolf’s administration of violating their year-old agreement in Philadelphia’s federal court by certifying the ExpressVote XL touchscreen system made by Omaha, Nebraska-based Election Systems & Software. The plaintiffs say certifying the system violates their agreement, in part because the machine does not meet the agreement’s requirements “that every Pennsylvania voter in 2020 uses a voter-verifiable paper ballot.” For one, the ExpressVote XL counts votes by counting machine-printed barcodes on paper, a format that is neither readable nor verifiable by an individual voter, they wrote in court papers. Second, the ExpressVote XL does not use a “paper ballot” and relies on software to record the voter’s choice, they wrote. Third, it is not capable of supporting strong pre-certification auditing of election results because its paper records may not accurately reflect voters’ intent, they wrote.