South Carolina: Tony Shaffer: New Report Highlights Urgent Need to Replace South Carolina Voting System | FITSNews

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have confirmed that Russian hackers targeted all 50 states during the 2016 elections – not just the 21 states previously reported. This new information highlights the urgent need to replace South Carolina’s old, vulnerable digital touchscreen “DRE” voting machines. As a cyber operations expert with nearly forty years of national security experience, I feel the need to speak up: It’s critical to deter and mitigate these threats before the 2020 elections. South Carolina is moving in the right direction. The legislature has appropriated $40 million for a new voting system and, to ensure a smooth procurement process, given responsibility for procuring the system to the S.C. Department of Administration (SCDOA). As the department examines the available systems, it should carefully consider the efficiency, cost, and security of each system. It should also avoid the mistakes made in Georgia, where the legislature fast-tracked a bill requiring a $150 million voting system comprised of ballot-marking devices (BMDs) without considering a more secure, lower-cost system of hand-marked paper ballots. BMDs, which require voters to select their preferred candidates using a touchscreen, may be more high-tech than paper ballots but are by no means higher quality. BMDs contain vulnerable computer systems that can be hacked to change ballots after they are cast. Although BMDs print a paper record of votes cast, they often do so in barcode format, making it impossible for voters to ensure that their vote will ultimately be recorded accurately. And like any machine, BMDs are susceptible to technical glitches and power outages, increasing chances that voters will be forced to wait in long lines on election day.

Switzerland: Trapdoor commitments in the SwissPost e-voting shuffle proof | Vanessa Teague

Verifiability is a critical part of the trustworthiness of e-voting systems. Universal verifiability means that a proof of proper election conduct should be verifiable by any member of the public. The SwissPost e-voting system, provided by Scytl, aims to offer a partial form of verifiability, called “complete verifiability”, which resembles universal verifiability but adds the assumption that at least one of the components on the server-side, i.e., the computers running the voting system, behaves correctly. (Universal verifiability offers guarantees even if all server-side components are malicious.) In the SwissPost system, encrypted electronic votes need to be shuffled to protect individual vote privacy. Each server who shuffles votes is supposed to prove that the set of input votes it received corresponds exactly to the differently-encrypted votes it output. This is intended to provide an electronic equivalent of the publicly observable use of a ballot box or glass urn. We show that the mixnet specification and code recently made available for analysis does not meet the assumptions of a sound shuffle proof and hence does not provide universal or complete verifiability. We give two examples of how an authority who implemented or administered a mix server could produce a perfectly-verifying transcript while actually – undetectably – manipulating votes.

National: Mueller report is a reminder that Russian hack hit House races, too | Roll Call

Special counsel Robert S. Mueller III’s report provided new details Thursday about how Russian agents hacked into Democratic Congressional Campaign Committee computers in 2016, renewing the question of whether the two parties would agree not to use stolen material in future political attacks. Leaders of the DCCC and the National Republican Congressional Committee came close to such an an agreement in late 2018, but talks broke down. The two committees, which have new leaders for the 2020 cycle, have not restarted discussions. The DCCC is interested in re-engaging in talks, according to a source familiar with the committee’s thinking. The NRCC declined to comment. The group’s new chairman, Minnesota Rep. Tom Emmer, was more focused Thursday on attacking the politics of investigating President Donald Trump. “It is time for the emotional, socialist Democrats to knock it off with their childish temper tantrums, accept reality and get back to work,” he said in a statement. DCCC Chairwoman Cheri Bustos could not be reached immediately for comment.

National: Mueller Report Raises New Questions About Russia’s Hacking Targets In 2016 | NPR

While the headlines about special counsel Robert Mueller’s report have focused on the question of whether President Trump obstructed justice, the report also gave fresh details about Russian efforts to hack into U.S. election systems. In particular, the report said, “We understand the FBI believes that this operation enabled [Russian military intelligence] to gain access to the network of at least one Florida county government” during the 2016 campaign. That came as news to Paul Lux, president of the Florida State Association of Supervisors of Elections — which has been working closely with federal authorities to protect their election systems against such attacks. “I haven’t heard even a whisper” about such a breach, Lux told NPR, noting that the report referred to a county “government” office network, not specifically to an “elections” office, although the two are frequently connected. It’s unusual that such a breach would occur and Florida officials would not know about it. For the past two years, election officials around the country have been working with both the Department of Homeland Security and the FBI to share information about potential security threats. They have set up several national communications networks specifically for that purpose.

Florida: Mueller report: Russians gained access to Florida county through spear phishing | Tampa Bay Times

Russian hackers gained access to at least one Florida county’s election computer network during the 2016 campaign, according to Special Counsel Robert Mueller’s report released on Thursday. Mueller’s report said the FBI concluded that the GRU, Russia’s foreign military intelligence agency, sent spear phishing emails to over 120 email accounts used by Florida county officials responsible for overseeing the 2016 election. The emails contained an attached Word document that included malicious software that gave the GRU access to the infected computer. While the hacking attempts were previously reported, the spear phishing effort’s apparent success in at least one Florida county was newly revealed on Thursday. The county was unnamed. “We understand the FBI believes that this operation enabled the GRU to gain access to the network of at least one Florida county government,” the report said. Mueller’s office “did not independently verify that belief.” Paul Lux, president of the Florida State Association of Supervisors of Elections, said he wasn’t aware that any county-level election systems were compromised in Florida. “It is not information that I am aware of,” Lux said in an interview Thursday. “To my knowledge, no counties were compromised. So, my presumption is that. I don’t know which county would have been compromised, and that’s nothing I’ve ever heard of.” The Florida Department of State said they have no knowledge of any successful hacking attempt during the 2016 election.

Illinois: Mueller report confirms Russians ‘compromised’ Illinois State Board of Elections | Chicago Sun-Times

The Mueller Report confirms the Russians tried to hack the Illinois Board of Elections website in 2016. “In one instance in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE’s website. The GRU then gained access to a database containing information on millions of registered Illinois voters and extracted data related to thousands of U.S. voters before the malicious activity was identified,” the report states. This was part of an effort of the Russian intelligence agency — the GRU — to determine “vulnerabilities” on websites of more than two dozen states, including Illinois. The Chicago Sun-Times reported on the hacking attempt in 2017. The hack had nothing to do with counting votes in elections in Illinois. The hackers looked at voting registration data: name, address, date of birth, gender and the last four digits in the Social Security number. In all, hackers searched through about 80,000 records, with the elections board confirming the records of just under 3,000 voters were viewed by the hackers.

North Carolina: In wake of Mueller report, North Carolina elections officials want answers from electronic pollbook vendor | WRAL

North Carolina elections officials want to know whether an unnamed voting technology company that Robert Mueller’s report says was compromised by Russian hackers is the same firm that supplies poll book software to more than a dozen counties across the state. In a letter to VR Systems sent Thursday afternoon, State Board of Elections General Counsel Josh Lawson asked the company to provide “immediate, written assurance” about the security of its products, which came under fire two years ago when a leaked intelligence report named the company as the target of a Russian hacking attempt known as “spearphishing.” Mueller’s report, released in a redacted form Thursday morning, notes that, in August 2016, Russian intelligence officers targeted a “voting technology company that developed software used by numerous U.S. counties to manage voter rolls,” installing malicious code on the company’s network. The name of the firm is blacked out due to “personal privacy” exemptions. Lawson said, based on the leaked intelligence report and a separate 2017 federal indictment, that VR Systems was a target of the GRU, the Russian military intelligence agency.

Pennsylvania: Philadelphia elections officials won’t overturn controversial voting-machine decision | Philadelphia Inquirer

The two judges acting as Philadelphia’s elections officials won’t overturn the three-member election board’s selection of new voting machines, a setback for watchdogs and advocates who have been criticizing the choice and urging officials to start over. Instead, Common Pleas Court Judge Giovanni Campbell wrote Wednesday to City Controller Rebecca Rhynhart, he will allow the Feb. 20 voting-machine decision to stand. “I recognize that voting systems are contested issues and people feel passionately about the systems that will be used for their exercise of a core constitutional right. And I am grateful that you and others have been voicing those concerns to the Board of Elections,” Campbell wrote. “However, I do not believe the Board of Elections should overrule its prior legitimate determinations.” Advocates have for weeks implored Campbell and another judge, Vincent Furlong, to invalidate the selection, arguing among other things that it was an illegal vote and that the choice was not in voters’ best interests.

Australia: Electoral Commission spins up cyber ops centre | iTnews

With the date of next month’s federal ballot now set, the agency in charge of Australia’s electoral systems has switched on its new security operations centre to protect against external interference. The short-term SOC capability was established late last month in preparation for Prime Minister Scott Morrison calling the election last week. It will be used it to detect any compromises – or compromise attempts – made against the Australian Electoral Commission’s systems in the lead up to, during and following the May 18 election. The resilience of Australia’s core electoral systems – the age of which remains an ongoing concern for the agency – is particularly acute in this year’s election following Russia’s alleged cyber interference in the 2016 US election. Monitoring services will be provided by Technical Security Services (TSS), which was established by Defence Signals Directorate (now Australian Signals Directorate) alumni Richard Byfield. For up to the next ten weeks or until the results of the election are declared, the company will provide a real-time alerting system for significant cyber security events, as well as at least daily review of log files.

India: Electronic voting machines glitches mar voting in seven states | Times of India

Technical glitches in electronic voting machines (EVM) marred voting in seven of the 12 states that went to polls in the second phase of the staggered Lok Sabha elections. Faulty EVMs delayed polls in several constituencies in Odisha, Uttar Pradesh, Maharashtra, Karnataka, Tamil Nadu, Bihar and Jammu and Kashmir, officials said. In Odisha, EVM glitches in many booths in Talsara Assembly constituency were reported while polling was delayed in six booths in Bonai Assembly constituency. Odisha saw both Lok Sabha as well as Assembly elections. Booths in Kendudihi, Bolangir and Kandhamal, G.Udayagiri and Baliguda in Odisha were also affected. In Uttar Pradesh, EVMs malfunctioned and disrupted polling in Mathura, Bulandshahr and Amroha. In Fatehpur Sikri, voters created a ruckus at booth no 201 and 54 where polling was on hold for more than 30 minutes due to EVM troubles. There were also reports of snags in the VVPAT (voter-verified paper audit trail)-EVMs in Nanded, Latur and Solapur in Maharashtra which either delayed polling or stopped it midway.

Editorials: I counted votes. Here’s what I learned | Joel Carmek/Jerusalem Post

After years of active interest in politics – particularly the mechanics of political systems in Israel and other countries – I decided to see for myself what an election looks like from behind the scenes. Instead of campaigning for my preferred party (with which I’m constantly disappointed), I applied to the Central Elections Committee to become a mazkir va’adat kalpi, the secretary of a local election committee, the person who hands you your envelope. It’s actually more complex than it sounds. Trusted with the oversight of the entire election process for one polling station, the secretary ensures that everything is set up correctly, that the voting is carried out according to the rules, and that votes are properly counted and reported to the regional committee as soon as possible. It was an exhausting, but exhilarating experience. Here are some of my main takeaways. 1. There were many opportunities to cheat the system. Although the careful selection process is designed to weed out people who applied for the job in order to take advantage of their position, and while rules are in place to guarantee the integrity of the elections, the system is still far from watertight. There were several opportunities for me, or others, to stuff the ballot box with hundreds of ptakim (voting slips) of our own choice, and the system still relies heavily on trust. For example, even setting aside a scenario whereby one of the people involved in the counting process had bribed everyone else in the room (there were five of us) to turn a blind eye to misconduct, I could easily have changed the results on the vote tally on my way to the regional headquarters where I reported my station’s results.

Ukraine: Hacked Emails Appear to Reveal Russia Is Backing Comedian Likely to Be Ukraine’s Next President | Newsweek

Comedian and actor Volodymyr Zelenskiy, a political novice, has upended Ukraine’s presidential race over the past several months by promising young voters a break from a past riddled with corruption and leaders beholden to powerful oligarchs. But now, a tranche of hacked emails suggest that Zelenskiy may have a powerful patron of his own: the Kremlin. On Tuesday, Ukraine’s security services revealed that they are investigating whether Zelenskiy’s campaign received financing from members of the Russian security service who are supporting the leadership of the Donetsk People’s Republic, a self-proclaimed, pro-Russian separatist proto-state in Ukraine’s eastern Donbas region. The claims first surfaced after a Ukrainian hacking group associated with the non-profit Myrotvorets Center released a set of hacked emails showing that a Russian security official with links to the DPR’s leadership had attempted to exchange cryptocurrency for cash to send to Zelenskiy’s presidential campaign. In one of the emails, a member of the Russian security services notes that they “have approved the budget for the actions of the comedian.” The emails also appear to show that some of the financing came from Kremlin aide Vladislav Surkov and Russian billionaire Konstantin Malofeev, both of whom allegedly help dictate the Kremlin’s policies towards Ukraine.

Editorials: Cybersecurity doesn’t stop at the federal level — our states need help | John DeSimone/The Hill

This week, Congress reintroduced the State Cyber Resiliency Act, which encourages state and local governments to strengthen their defenses against cybersecurity threats and vulnerabilities. The bill, originally introduced in 2017, would create and authorize the Department of Homeland Security to run a grant program for states to develop, revise or implement cyber resiliency measures — including efforts to detect, protect, respond to, and recover from cyber threats. This legislation is good news for local government leaders, businesses and civilians who have been victims of ransomware and other forms of cyberattacks targeted at major cities. Local governments are an attractive target for malicious actors, including the massive cyberattack on the city of Atlanta last year and the recent ransomware attack in Albany, NY. As attacks increase in frequency and sophistication, increased funding at the local level is needed for cyber training and enhancing recruitment and retention efforts, ultimately helping ensure public safety. Just because a cyberattack is focused on one city — or even smaller, one sector of infrastructure within a city — does not mean the consequences are minor. In the example of the SamSam ransomware attack in Atlanta, the more than week-long event caused major disruption in five of the city’s 13 local government departments and ultimately cost the city $17 million. Impacting citizens, the system shutdown crippled the court system, limited vital communications involving critical infrastructure requests and forced the Atlanta Police Department to file paper reports. Empowering officials at the state and local level to easily detect and deter such preventable breaches like ransomware could save millions of dollars in damages. 

National: House Homeland Committee wants more cyber funding for DHS | FCW

Twenty-eight members of the House Homeland Security Committee are urging appropriators to boost cyber funding at the Department of Homeland Security above what the White House has requested. In a letter sent to the House Appropriations Committee, the signatories — including Chairman Bennie Thompson (D-Miss.) and ranking member Mike Rogers (R-Ala.) — asked for a raise in the spending cap for DHS cyber spending, saying years of flat funding levels at the department will not be enough to “properly resource” the newly established Cybersecurity and Infrastructure Security Agency and its mission. “We urge the committee to break from the status quo and increase the Homeland Security Subcommittee’s 302(b) allocation commensurate with the threat,” the members wrote. “It is imperative that [the allocation] enable CISA to mature and grow the services it provides to secure federal and critical infrastructure networks.” The letter cited increasing threats to federal data, election infrastructure, critical infrastructure sectors and “long-standing threats from nation-states, terrorists, transnational criminal organizations and other malicious actors” to justify an elevation in funding. Members highlighted how past funding increases have helped DHS and CISA expand their services to state and local governments to secure election and voting systems and incorporate additional federal agencies into cybersecurity programs like Einstein and Continuous Diagnostics and Mitigation.

National: How Will Cybersecurity Influence the 2020 US Election Cycle? | HeadStuff

The air is undeniably tense surrounding the next United States presidential race. Not only does the Land of the Free currently have one of the most controversial commanders-in-chief in its history, but the issues at stake are being approached from more partisan, polarised angles than ever before. Whether it’s women’s rights, the tax plan, or guns and public health, you cannot deny the stiff atmosphere in politics today. There’s a topic that’s become a bigger issue than it was four years ago, however: data protection. Cybersecurity is already a hot topic in the media. Of course, data security was previously a concern to the people who knew a thing or two about it, but the public was largely focused on other issues. But now, cybersecurity has become a public cause of concern. With the emerging news in the last few years about Russia’s attempts to tamper with the 2016 election, the American people are skeptical like never before. This begs a few questions: What role is cybersecurity going to play in our upcoming presidential debates? How will it be discussed in the media? And how will the public come down on these important issues?

National: The cyber teams that helped stop Russian election interference | Fifth Domain

When Pentagon leaders tasked Air Force cyber teams with helping prevent Russian trolls from influencing the 2018 midterm elections, it marked the first time those forces were tasked with such a mission under new authorities. Department of Defense has openly discussed their success in keeping the midterm elections free from Russian interference, but officials have provided few details about which teams were tasked with doing so. During an April 11 event at Langley Air Force Base, Gen. James Holmes, commander of Air Combat Command, said Maj. Gen. Robert Skinner, the head of Air Forces Cyber, was ordered and given the authority to defeat Russian influence operations. “It’s the first time we’ve really had the authority to go operate and do that in the cyber environment,” Holmes said. Cyber authorities have typically been held at the highest levels of government making them difficult to be approved for rapid use, but over the last year the Trump administration has begun to loosen those restrictions in an attempt to make it easier for commanders to employ cyber tools faster and react more quickly to adversaries in a domain that is measured in milliseconds.

Minnesota: Simon: Federal election money shouldn’t be budget bargaining chip | Mankato Free Press

The Minnesota Legislature shouldn’t delay up to $6.6 million in federal election cybersecurity funding to use as potential end-of-session bargaining, according to Secretary of State Steve Simon. Simon made several stops in south-central Minnesota Monday to discuss the upcoming 2020 election with local officials. The secretary of state stopped at Gustavus Adolphus College to praise students’ efforts to increase voter turnout. He also shared concerns he has with lawmakers delaying discussions on federal funding. “Every state in the country has it,” Simon said after a meeting with Blue Earth County officials. “We’re the only state that doesn’t. And it’s inexcusable.” Congress approved $380 million in additional election cybersecurity money following the 2016 elections and numerous attacks on state election systems. While 45 states automatically received funding, Minnesota — which gets $6.6 million under the updated Help America Vote Act — is one of five states that needs lawmaker approval before the Secretary of State’s Office gets that money. Simon made a $1.5 million request from lawmakers last year to free up money before the 2018 election, as Minnesota was one of 21 states targeted by foreign hackers attempting to get access to voter information during the 2016 election. That request was rolled into a $1 billion supplemental budget bill then-Gov. Mark Dayton vetoed. The DFL-controlled House passed a new bill in February allowing election officials to get all $6.6 million. Yet the GOP-controlled Senate passed a bill that only freed up Simon’s original $1.5 million request.

Editorials: More secure voting with a paper trail on its way to Pennsylvania | Jonathan M. Marks/Bucks County Courier Times

Pennsylvania voters can expect some important improvements at their polling place in the next year. More secure voting systems that produce a paper record are on the way. The paper record allows voters to verify their choices before casting the ballot. The systems also will make it easier for people with disabilities to vote without assistance and for officials to conduct better post-election audits. At least 25 percent of Pennsylvania’s 67 counties have already selected new voting systems that meet Pennsylvania’s enhanced standards for security, accessibility and auditing. Other counties are in various stages of deciding which certified system will best serve the needs of their voters. Susquehanna County led the way and installed new voting machines in time for last November’s election. Pennsylvania’s most populous county — Philadelphia — selected their new system recently with plans to implement it in time for this November’s election. We know we have little choice but to modernize our election infrastructure. The U.S. Department of Homeland Security and the Senate and House intelligence committees are urging states to upgrade their voting systems. There is nearly universal agreement among national security and election experts that all voters should be casting their ballots on new paper-based systems. Most other states have already made the vital switch to paper ballots.

Texas: Election security bill passes in Senate | News-Journal

East Texas state Sen. Bryan Hughes’ signature bill on election security won passage Monday in the Texas Senate and moves to the House of Representatives for debate. Senate Bill 9 creates a paper trail for electronic voting. It also takes aim at voter fraud that can occur when people who help disabled voters try to influence how they vote. It enhances the penalty for making a false statement on a mail ballot application from a misdemeanor to state jail felony and requires those who help voters who are not family members to sign a form documenting their role. The bill also would require people who help disabled voters cast a mail-in ballot officially certify that the voter they help is physically unable to enter a poll without risk to harm. In addition, it allows poll watchers to accompany both the voter and helper into the voting area. “The heart of the bill is that paper ballot, that paper backup,” Hughes, R-Mineola, said as he urged passage of the measure. “This is not a partisan issue. … It says if you’re going to bring someone to the polls and help them cast their ballot … then, yes. We want to know your names.” Hughes chaired a Select Committee on Election Security last summer in preparation for the legislative session that opened in January. Many of the provisions in his Senate Bill 9, he told senators, came from sworn testimony from Democrats and Republicans. The bill passed on a 19-12 vote along party lines. “For whatever reason, the national Democrats made this a lightning rod,” he said. “Election integrity is important to all of us.”

Europe: The EU is not ready to deal with Russian influence in its elections. Here’s why | CNBC

The European Union is having a hard job building a sufficient firewall when it comes to election interference, experts have told CNBC. The European Parliament — the EU’s legislative arm — has launched a campaign to tackle online disinformation ahead of its elections in May. But there are certain loopholes that mean there could still be outside influence in the vote. “Russia will attempt to influence the parliamentary elections using its usual tool kit, including targeted propaganda, and the stealing and leaking of information,” Andrew Foxall, director of the Russia and Eurasia studies at the Henry Jackson Society, told CNBC via email. He added that there are a number of steps that European institutions should take to prevent such influence. EU countries could share information with each other on “fake news” stories or disinformation; make public any influence attempts — whether from Russia or elsewhere; pledge not to use stolen data in their campaigns and make campaign financing more transparent, Foxall said. The Russian government was not immediately available for comment when contacted by CNBC.

Editorials: A storm of misinformation is coming. The Canadian federal election could be at risk | Eric Jardine/The Globe and Mail

Foreign Affairs Minister Chrystia Freeland made headlines recently when she proclaimed that foreign interference in Canada’s coming federal election was “very likely,” and that there had “probably already been efforts by malign foreign actors to disrupt our democracy.” Ms. Freeland is not wrong, nor is she being alarmist. If Canada’s election avoids the meddling and campaigns of disinformation experienced by the United States in the 2016 presidential election and Britain during the Brexit campaign, it will be because we have a small population and are of marginal power in comparison to the United States and Britain – not because we are special or somehow immune. Indeed, to think that there is something unique about Canada or Canadians that would make us more resilient to disruptive foreign influence operations would be a grave mistake. Canadians are just as prone as our U.S. and British friends to being swayed by malicious interference and the poisoning of our democratic processes by disinformation. The lessons of other Western countries loom large. While perhaps narrowly correct to say that Russia preferred Donald Trump to Hillary Clinton in the 2016 election, the real objectives of these operations are often not as clear-cut as trying to elect a particular person or secure a specific referendum outcome.

Israel: Can Israel’s election count be tampered with? An official explains the process | The Times of Israel

Last Thursday, two days after the elections, New Right party leader Naftali Bennett learned that his party was about 1,380 votes shy of earning any seats in the Knesset and demanded a recount, hinting at possible foul play. Sources in his party went so far as to allege that the elections were being “stolen” via a corrupted count. On Sunday, the Central Elections Committee granted Bennett access to the original “double-envelope” ballots — the “extra” votes from soldiers and diplomats on whose votes New Right had pinned its hopes of making it into the Knesset — so that he could confirm for himself that the count was honest. At the same time, the committee chastised his party for its insinuations of wrongdoing. In addition to New Right, several parties, including United Torah Judaism and Meretz, were in touch with the committee in the days immediately after the election over what they believed were mishandled ballot boxes. With the votes finalized on Tuesday — and UTJ bumped up a seat, Likud down a seat, and New Right still outside the Knesset — Bennett’s party remained insistent that it was the victim of fraud in the vote-counting process, asserting discrepancies in 8% of ballot boxes. The Central Elections Committee dismissed the claim as unfounded.

Philippines: System reviewers: Automated election system tough to hack, but Comelec still has to keep close watch | BusinessWorld

Individuals who took part in reviewing the automated election system (AES) that will be used for the midterm elections in May assure its security, but said they will still keep track of the Commission on Elections (Comelec) in ensuring its integrity. Philippine Linux Users’ Group (PLUG) source code reviewer Pablo Manalastas Jr. said that while the system is taxing for those who plan to rig the automated elections, the Comelec still plays a part in upholding the 2019 National and Local Elections fairness. “It’s very difficult for outsiders to hack into the system but it’s not as difficult to hack into the system if you’re a Comelec or a group of Comelec or Smartmatic personnel who knows all the.. access, then you can hack the system,” he said on Monday during the Poll Body’s consultation with the Local Source Code Review Committee (LSCRC) for this year’s elections. “We have to have faith that the Comelec will do its job,” he added. NPC Source Code reviewer Gadburt Mercado, for his part, said, “This is the first time we have been given unprecedented access so we clearly see the commitment of the agency towards ensuring the elections is a really transparent one.”

Russia: MPs cry foul in row over electronic voting | BBC

Russia’s lower house of parliament has passed a law allowing electronic voting in public elections – despite complaints that MPs’ own electronic voting system was being abused. Communist Aleksei Kurinny said fewer than half the MPs who backed the bill were actually present to vote. Earlier, his colleague Sergei Ivanov said some MPs were abusing the system by voting on behalf of colleagues. Deputy Speaker Alexander Zhukov ignored the complaints. Mr Ivanov, an MP for the Liberal Democratic Party, appeared to cast doubt on the reliability of any electronic voting, based on his colleagues’ behaviour in the State Duma. “I will not vote for this bill… There are 140 of you in this chamber, give or take one or two. If you are honest and decent people and don’t vote for your colleague who is not occupying their seat next to you, the bill won’t pass.” Media reports say Mr Zhukov tried to make a joke of the plea, calling on MPs not in the chamber to take their seats.

Ukraine: Ukraine’s Election Is an All-Out Disinformation Battle | The Atlantic

“Everything,” Dmytro Zolotukhin tells me, “is going like they wanted.” Slumped in a chair in a café here in the Ukrainian capital, Zolotukhin wasn’t talking about the campaign of Volodymyr Zelensky, a comedian who is favored to win the country’s presidential elections this weekend, or the incumbent, Petro Poroshenko. No, they are the Russians. Moscow has used Ukraine as a disinformation laboratory for years—and Zolotukhin is one of the men charged with fending them off. The Kremlin stands accused of interfering in elections the world over, driving division in societies through an array of tactics, chief among them online disinformation. Using fabricated or misleading news stories and fake accounts, Russian operations have sought to sow doubt in the democratic process. Ahead of European Parliament elections next month and the American presidential contest in 2020, Putin’s online armies are auditioning their tactics in Ukraine. Kyiv isn’t just the laboratory for Russia’s information warfare tactics, though; it’s also a proving ground for possible solutions, where officials such as Zolotukhin, Ukraine’s deputy minister of information policy, struggle to walk the line between defending democratic discourse and trampling freedom of speech. As the United States prepares for another contentious presidential race and social-media regulation looks inevitable, the Ukrainian government’s efforts highlight how difficult it is to fight disinformation in a polarized information environment. But offices such as Zolotukhin’s are often under-resourced, and in a divisive electoral period in which campaigns are themselves combatants in the information war, separating fact from fiction, patriot from enemy, and friend from foe is not as simple as it once was.

Verified Voting Blog: Counting Votes May 16 2019

In her testimony at an election security hearing before the Committee on House Administration last week, Verified Voting President Marian Schneider joined advocates and election officials in calling on Congress to help states and local jurisdictions replace aging voting systems, conduct risk-limiting audits and enhance election infrastructure security. In order to prepare for 2020, Congress…

International: Cyber security: This giant wargame is preparing for the next big election hack | ZDNet

A giant cyber-defence exercise has pitted teams from NATO nations against mysterious hackers trying to cause chaos during the elections of a small, fictional, country. The aim of the annual Locked Shields exercise is to give teams the chance to practice protection of national IT systems and critical infrastructure under the intense pressure of a severe cyberattack. The event organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which describes the event as the largest and most advanced international live-fire cyber exercise in the world. According to the Locked Shields scenario, the fictional island country of Berylia finds itself under a cyber attack just as the country is conducting national elections. The coordinated attacks aim to disrupt water purification systems, the electric power grid, 4G public safety networks, and other critical infrastructure components. The cyber attacks also attempt to undermine the trust in the election result — leading to public unrest.

National: Feds say Russian 2016 election meddling spanned all US states | Naked Security

A multi-agency report has strengthened claims that Russia meddled with election systems in all 50 US states during the last presidential race. The report is called a joint intelligence bulletin (JIB), and it comes from the Department of Homeland Security and the FBI. It is an unclassified document intended for internal distribution to state and local authorities. Intelligence newsletter OODA Loop reports that the JIB reveals stronger evidence of Russian interference. Agencies believe that Russian agents targeted more than the 21 states initially suspected. According to the bulletin:

Russian cyber actors in the summer of 2016 conducted online research and reconnaissance to identify vulnerable databases, usernames, and passwords in webpages of a broader number of state and local websites than previously identified, bringing the number of states known to be researched by Russian actors to greater than 40.

Although there are some gaps in the data, the bulletin claims “moderate confidence” that Russia conducted “at least reconnaissance” against all US states because its research was so methodical, it added.

National: Inside the Russian effort to target Sanders supporters — and help elect Trump | The Washington Post

After Bernie Sanders lost his presidential primary race against Hillary Clinton in 2016, a Twitter account called Red Louisiana News reached out to his supporters to help sway the general election. “Conscious Bernie Sanders supporters already moving towards the best candidate Trump! #Feel the Bern #Vote Trump 2016,” the account tweeted. The tweet was not actually from Louisiana, according to an analysis by Clemson University researchers. Instead, it was one of thousands of accounts identified as based in Russia, part of a cloaked effort to persuade supporters of the senator from Vermont to elect Trump. “Bernie Sanders says his message resonates with Republicans,” said another Russian tweet. While much attention has focused on the question of whether the Trump campaign encouraged or conspired with Russia, the effort to target Sanders supporters has been a lesser-noted part of the story. Special counsel Robert S. Mueller III, in a case filed last year against 13 Russians accused of interfering in the U.S. presidential campaign, said workers at a St. Petersburg facility called the Internet Research Agency were instructed to write social media posts in opposition to Clinton but “to support Bernie Sanders and then-candidate Donald Trump.” That strategy could receive new attention with the release of Mueller’s report, expected within days.  

Editorials: Good, bad and ambiguous in Georgia’s new voting system | Wenke Lee/Atlanta Journal Constitution

Although I’m pleased the Georgia General Assembly acted quickly this session to address flaws in our current voting equipment, I remain concerned that, overall, our state has chosen the less-secure, more-cumbersome, costly option and that too many details — essential for election security and voter confidence — are still undefined. First, let’s review what’s right about HB 316 and what Georgia gained. It requires: pre-certification election audits to validate initial outcomes; “voting in absolute secrecy;” that voting equipment produce a paper record in a format readable by humans, and that equipment will “mark correctly and accurately.” I’m also pleased that voter education is part of this bill, in the albeit very modest stipulation that poll workers post signs reminding voters to read, review, and verify paper printouts before casting their final votes. What’s bad about HB 316 is what it could have accomplished but did not: human-readable, hand-marked paper ballots — by far the most cost-effective and cybersecure method of voting. Instead, it establishes a system where electronic ballot markers (EBMs) are used to generate a paper receipt of voter selections — rather than a hand, holding a pen to paper. Overwhelmingly, citizens, computer scientists, cybersecurity experts, and nonpartisan groups recommended and requested hand-marked paper ballots in Georgia over any other method. I am baffled as to why state lawmakers repeatedly ignored such an overwhelming cry.