Finland: Russia’s Neighbor Finland Mounts Defenses Against Election Meddling | Bloomberg

The country that shares a bigger border with Russia than the rest of the European Union combined is ramping up its defenses against the threat of foreign meddling in its April 14 election. Finland has always had a love-hate relationship with its much bigger neighbor. A history of tension and bloody confrontations has given way to a strong trading partnership, and the country’s diplomatic role as a bridge between Russia and the West is one reason why its capital was picked for last year’s summit between Donald Trump and Vladimir Putin. But with evidence of Russian interference in Western politics mounting, the euro area’s northernmost member state remains on high alert. Social media influence campaigns or direct cyber attacks are already thought to have impacted key votes such as the U.S. election in 2016 and the U.K’s Brexit referendum.

Thailand: Election Observers Call Still-Partial Thai Vote Count Flawed | Associated Press

A group of international observers criticized vote counting in Thailand’s first election since a 2014 military coup, saying Tuesday that the “tabulation and consolidation of ballots were deeply flawed” though it had no reason to believe the issues affected overall results. The Asian Network for Free Elections said the announcement of some preliminary results that were “wildly inaccurate” damaged the “perceived integrity of the general election.” The group, also known by its acronym Anfrel, is one of several observer groups that have raised concerns about Sunday’s vote, which in part pitted a party allied with the ruling junta against the party that led the government it ousted. Thailand’s Election Commission, appointed by the junta’s hand-picked legislature, has already defended its count, which is still in its preliminary stages. It blamed any issues on the failure of the media to keep up with the raw data. After delaying the release of the full vote count on election night and then again on Monday, the commission has now said it will release its final preliminary results on Friday. Official results are not expected until May.

Ukraine: Intelligence Service elaborates on Russia’s election meddling plans | Reuters

The Foreign Intelligence Service of Ukraine (SZRU) has released a report on the features of Russia’s approaches to affecting the course and results of Ukraine elections. Russia’s main action plan on Ukraine in the short and medium term envisages further provoking extensive destabilization to facilitate the revenge of pro-Russian forces following the 2019 election, the Information Resistance OSINT Group wrote citing the SZRU report published on its website Wednesday, March 27. This will include systemic and versatile measures for influencing the course of the election process and the vote count during the presidential and parliamentary elections, the report says. In this context, the main areas where Russia is most likely to intensify its efforts is destabilization, including on the contact line in Donetsk and Luhansk regions, incitement of military-political confrontation with elements of economic influence; propaganda campaigns in the Ukrainian media and using instruments for cyber interference; measures to provide electoral support to individual candidates; and discrediting the electoral process in the international media space and through Kremlin’s positions in international organizations, as well as Western political and expert circles.

National: States Need Way More Money to Fix Crumbling Voting Machines | WIRED

THE 2018 MIDTERM elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Now, a new report published by New York University’s Brennan Center for Justice finds that unless state governments and Congress come up with additional funding this year, the situation may not be much better when millions more Americans cast their vote for president in 2020. In a survey that the center disseminated across the country this winter, 121 election officials in 31 states said they need to upgrade their voting machines before 2020—but only about a third of them have enough money to do so. That’s a considerable threat to election security given that 40 states are using machines that are at least a decade old, and 45 states are using equipment that’s not even manufactured anymore. This creates security vulnerabilities that can’t be patched and leads to machines breaking down when the pressure’s on. The faultier these machines are, the more voters are potentially disenfranchised by prohibitively long lines on election day. “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting up,” one South Carolina election official told the Brennan Center’s researchers, noting that he feels “lucky” to be able to find spare parts.

National: Senate Democrats investigate cybersecurity of election machines, introduce version of H.R. 1 | InsideCyberSecurity.com

A group of senior Senate Democrats is seeking information on what the three largest manufacturers of U.S. voting machines are doing to secure the systems ahead of the 2020 elections, while the entire Democratic Caucus on Wednesday signed on to sponsor the Senate version of House-passed H.R. 1, the “For the People Act,” which includes language on securing election machines. A letter — signed by Senate Rules ranking member Amy Klobuchar (D-MN), Intelligence ranking member Mark Warner (D-VA), Homeland Security and Governmental Affairs ranking member Gary Peters (D-MI), and Armed Services ranking member Jack Reed (D-RI) — was sent Tuesday to voting machine vendors Hart InterCivic, Dominion Voting Systems, and Election Systems and Software, or ES&S. “Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems,” the senators wrote. “Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades. Although each of your companies has a combination of older legacy machines and newer systems, vulnerabilities in each present a problem for the security of our democracy and they must be addressed.” The senators posed questions on steps the companies are taking to secure their machines ahead of 2020, and how Congress can assist in these efforts; what the plans are for updating “legacy” voting machines; whether the companies would support legislation requiring “expanded use of post-election audits”; if the companies have vulnerability disclosure programs; and if they employ full-time cybersecurity experts.

New Jersey: New voting machines being tried in districts across the state | NorthJersey.com

A decade after New Jersey voters were promised more secure voting machines, some districts will receive new machines through a federally funded pilot program. Voters in Gloucester, Union and Essex counties have already seen new machines, and Passaic County intends to join the pilot this year. Meanwhile, Bergen County officials are taking a wait-and-see approach. Robert Giles, director of the state Division of Elections, wrote to county election officials in September to explain one of the initiatives: the Voter Verified Paper Audit Trail pilot. “This pilot program will afford counties the opportunity to purchase and test new VVPAT voting machines,” Giles wrote. “The goal of this pilot program is to assist counties to begin the process of transitioning from their current paperless voting systems to the new voting systems that produce a voter-verifiable paper record of each vote cast.” The program rolls out in a climate of heightened concern over ballot security. “It’s a step forward; there are better ways to do it and worse ways to do it,” Professor Andrew Appel of Princeton University said about the upcoming replacements.

National: Wyden lambastes voting machine makers as ‘accountable to nobody’ | Politico

Sen. Ron Wyden (D-Ore.) on Thursday attacked the small but powerful group of companies that controls the production of most voting equipment used in the U.S. “The maintenance of our constitutional rights should not depend on the sketchy ethics of these well-connected corporations that stonewall the Congress, lie to public officials, and have repeatedly gouged taxpayers, in my view, selling all of this stuff,” Wyden said during the Election Verification Network conference, a gathering of voting integrity advocates and election security experts in Washington. Wyden has been a leading voice among lawmakers who have criticized the voting machine industry as too opaque and not subject to enough oversight from Washington, especially as concerns grow among U.S. intelligence officials that elections will once again be a prime hacking target in 2020. “We’re up against some really entrenched, powerful interests, who have really just figured out a way to be above the law,” he said. “There is no other way to characterize it.” Furthermore, Wyden said, voting machine vendors have “been able to hotwire the political system in certain parts of the country.” He noted that newly elected Georgia Gov. Brian Kemp picked the top lobbyist for the voting giant Election Systems & Software as his deputy chief of staff. The companies, he said, “are accountable to nobody.”

Switzerland: Second flaw found in Swiss election system could change ‘valid votes into nonsense,’ researchers say | CyberScoop

Researchers have uncovered a second security flaw in the electronic voting system employed by the Swiss government. The vulnerability involves a problem with the implementation of a cryptographic protocol used to generate decryption proofs, a weakness that could be leveraged “to change valid votes into nonsense that could not be counted,” researchers Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague wrote in a paper published Monday. This disclosure comes weeks after the same team of researchers announced they had uncovered a flaw in the e-voting system that could allow hackers to replace legitimate votes with fraudulent ones. Swiss Post, the country’s national postal service, which developed the system along with Spanish technology maker Scytl, said earlier this month that first vulnerability had been resolved. Researchers said at the time that the vulnerability demonstrated what can go wrong when governments shift to electronic voting with no alternative plan. The security and integrity of electronic voting systems vary by country, and the vulnerabilities outlined in this research are specific to Switzerland, but other areas of the world increasingly are moving toward a voting infrastructure where it could soon be impossible to verify whether vote tampering has occurred. Christopher Krebs, head of the U.S. Cybersecurity and Infrastructure Agency told Congress last month election officials must have the ability to audit election results.

National: Election security in 2020 means a focus on county officials, DHS says | CNET

As special counsel Robert Mueller’s investigation on Russian hacking and collusion with the Trump campaign ends, the Department of Homeland Security is gearing up to prevent a repeat for the 2020 US presidential election. The federal agency, which formed the Cybersecurity and Infrastructure Security Agency last November, said that it’s “doubling down” on its efforts, calling election security for 2020 a top priority. It hopes to do that by focusing on local election officials, Matt Masterson, a DHS senior adviser on election security, said in an interview with CNET. The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place’s security and handling vote auditing.

National: What Will Mueller’s Russia Report Mean For Election Security In 2020? | WMOT

The release of special counsel Robert Mueller’s report may provide Americans with the best playbook yet on how to defend democracy in the lead-up to the 2020 presidential election. In the days since Attorney General William Barr’s letter to Congress, much of the focus has boiled down to one line from President Trump: “No Collusion, No Obstruction.” But judging by Barr’s language and the details that have come to light through indictments filed by Mueller’s team over the past two years, the report may also reveal more about how Russia attacked the 2016 U.S. presidential election. The report’s first section, according to Barr, focuses on Russian “computer hacking operations,” which included the theft of emails from the Democratic National Committee and Hillary Clinton’s campaign, as well as agitation online to try to exacerbate divisions among Americans. Barr’s summary didn’t address an aspect of the interference that Mueller has described elsewhere, including the cyberattacks that targeted state elections infrastructure.

National: ‘Russian playbook’ remains after Mueller report wraps up | Associated Press

The collusion question now answered, another one looms ahead of 2020: Will U.S. elections be secure from more Russian interference? The 22-month-long special counsel investigation underscored how vulnerable the U.S. was to a foreign adversary seeking to sow discord on social media, spread misinformation and exploit security gaps in state election systems. With the presidential primaries less than a year away, security experts and elected officials wonder whether the federal government and the states have done enough since 2016 to fend off another attack by Russia or other hostile foreign actors. “Although we believe that Russia didn’t succeed in changing any vote totals, the Russian playbook is out there for other adversaries to use,” said Virginia Sen. Mark Warner, a Democrat and vice chairman of the Senate Committee on Intelligence. “As we head towards the 2020 presidential elections, we’ve got to be more proactive in protecting our democratic process.” Special counsel Robert Mueller detailed the sweeping conspiracy by the Kremlin to meddle in the 2016 election in an indictment last year, charging 12 Russian military intelligence officers with hacking the email accounts of Clinton campaign officials and breaching the networks of the Democratic Party. The indictment also included allegations the Russians conspired to hack state election systems and stole information on about 500,000 voters from one state board of elections’ computers.

Illinois: Cook County rolling out new voting machines in west suburbs, expects countywide use by 2020 primaries | Chicago Tribune

New voting machines are coming to three west suburban Cook County townships for next week’s consolidated elections in preparation for a countywide rollout next year. The Cook County clerk’s office will test machines in 147 precincts in Oak Park, River Forest and Proviso townships, and hopes to have the new voting machines in every suburban Cook County precinct by the 2020 presidential primary election. “Our current equipment has served us well for a decade, but these new machines have the latest technology,” county Clerk Karen Yarbrough said at a Tuesday morning news conference. “The touch screens are more intuitive and accessible for voters with disabilities, and every single voter will get to review their ballot with paper in their hands before their vote is cast,” Yarbrough said. Each machine can accommodate three voters at one time, with two touch screens and a paper ballot. A voter will use the touch screen as a ballot marker, then print the ballot to review it, according to a demonstration by the clerk’s election director, Tonya Rice. The voter will then hand the ballot in a privacy sleeve to an election judge, who will initial it and place it in the scanner. The scanner accepts the paper ballot and creates an image of the ballot. Because it’s the same machine, the paper ballot and touch screen ballots are automatically consolidated, according to information provided by the clerk’s office. One touch screen is lower to accommodate voters who use wheelchairs, and voters will be able to change the text size and color contrast if they need. An audio ballot is available in English, Spanish, Hindi and Chinese.

Michigan: Secretary Benson forms Election Security Commission | UPMatters

Secretary of State Jocelyn Benson today announced an Election Security Commission to recommend reforms and strategies for ensuring the security of elections in Michigan. The first-of-its-kind effort brings together 18 local and national experts on cybersecurity and elections to secure elections and protect the integrity of every vote. Together they will advise the secretary of state and Bureau of Elections on best practices. … The commission will convene in early April to begin its review and assessment of election security in Michigan. It later will host hearings throughout the state and invite citizen and expert input on election problems and security. The commission will deliver a set of recommended reforms and actions to the secretary of state by the end of 2019. Its work is funded through a federal grant for election security. Benson has named David Becker, executive director of the nonprofit Center for Election Innovation & Research, and J. Alex Halderman, professor of computer science and engineering at the University of Michigan, as co-chairs of the commission. It will be staffed and facilitated by designated secretary of state employees.

Pennsylvania: Cyber security expert urges Pennsylvania to find the money for new voting machines | WITF

A national cyber security expert says the state legislature must find the money to upgrade Pennsylvania’s voting system ahead of the 2020 election. Anthony Shaffer is a retired Army Lieutenant Colonel and intelligence officer who now works for a conservative think tank. At a state capitol news conference Tuesday, he warned Pennsylvania, as a swing state, is a target for foreign agents looking to sow doubt in the next election. But he noted adversaries typically look for easy prey. “So, if Russia, if China sees the state of Pennsylvania is doing something, they’re probably going to go to another state and take another target which they perceive as less able to defend itself or less prepared,” Shaffer said. He added the legislature needs the proper funding, technology, and perception to protect the state’s voting system.

Editorials: Texas Bill promises better election security. Let’s be sure to get it right. | Dan Wallach/Austin American-Statesman

Election security experts in Texas and nationwide have been pushing for the use of paper ballots in elections to defend against cyber attacks and bolster public confidence in election results. The Texas Legislature has finally taken notice. This week, the Senate heard testimony on Sen. Bryan Hughes’s election security bill, which would require a paper record of every vote and implement post-election audits of every election. This change is long overdue—but the details matter. As a cybersecurity and elections security expert, I know those details well. In fact, my colleagues from across Texas are joining me in pushing for an even stronger bill. Legislators must recognize that paper ballots are the means to a much more important end: ensuring the final results are correct, even when sophisticated adversaries try to interfere. This requires implementing “risk limiting” post-election audits, where auditors randomly sample paper ballots to make sure they match up with the digital records. Discussion about “paper trails” and “voter-verified paper audit trails” can seem complicated. Unfortunately, not all paper trails are created equal. When it comes to elections, “paper” can mean three things: paper ballots filled out (“marked”) by hand, paper ballots marked by a machine (a “ballot-marking device”), or a paper receipt of some kind printed by an electronic voting machine. What makes a good paper ballot? It must be human-readable (not a bar code or other non-English symbols) and auditable (by human auditors, not just machine scanners). Voters must be able detect errors on machine-marked paper ballots and have opportunity to correct them (e.g., “spoil” the ballot and start over), as they can with hand-marked ballots.

Tennessee: Counties eye vote paper trail; state stays neutral | Associated Press

Amid growing national concerns about election security, Tennessee’s three largest counties plan to begin using voting machines that produce a verifiable paper trail in time for the presidential primaries in March 2020, whether the Republican-led state requires it or not. Tennessee is one of only 14 states without a statutory requirement of a paper record of all ballots — regarded by most election security experts as crucial to ensuring accurate vote-counting. But election officials in the three Tennessee counties switching to paper-trail machines say they aren’t worried about the paperless technology. bRather, they just want to be sure voters trust the process. “Now, you’ve got an issue of voter confidence and public perception, factors which cannot be ignored, at least by election commissions,” said Elections Administrator Clifford Rodgers in Knox County, one of the Tennessee local governments looking to switch. He said he’s doing so “reluctantly” and predicted problems with printers and scanners. The others are Shelby County, anchored by Memphis, and Davidson County, encompassed by Nashville. Knox, Shelby and Davidson account for 1.3 million of Tennessee’s 4.16 million registered voters.

Australia: Fury as online voting system crashes on NSW election day | Australian Associated Press

Some New South Wales voters have had trouble casting their ballot as issues plaguing the state’s electronic voting system ran into election day. Technical issues began on Friday night but continued Saturday morning as thousands flooded iVote to register and cast their ballot. Frustrated voters then turned to the telephone registration system, which itself was then overloaded, with some told to call back later. Some New South Wales voters have had trouble casting their ballot as issues plaguing the state’s electronic voting system ran into election day. Technical issues began on Friday night but continued Saturday morning as thousands flooded iVote to register and cast their ballot.

Israel: Cybersecurity researchers find security flaws in Likud, Labor party Android apps | The Times of Israel

Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they had found “serious security breaches” granting access to “highly sensitive personal information” in the Android phone apps of the Likud and Labor parties. “There has been much talk of impact attacks on social networks and we learn more and more about the offensive capabilities of various countries and entities in cyberspace. But we often ignore the factor that allows these attacks — access to sensitive information we share, sometimes without any intention of doing so,” Check Point said in a emailed statement. “Sensitive information such as political opinion, social contacts, demographic data, telephone numbers, and addresses of us and those close to us can be of great help to the various elements operating in cyberspace,” the statement said.

Ukraine: With elections just days away, Ukraine faces disinformation, cyber attacks and further Russian interference | Global Voices

UkraineUkrainians will head for the polls on Sunday 31 March in what will be the first regular national elections since the country’s 2014 Euromaidan revolution. With its Crimean peninsula still occupied by Russian forces, an ongoing military conflict in eastern Ukraine, and rising activity of far-right groups, the country is a prime target for both domestic and external information influence operations. Ukraine has been in the crossfire of disinformation warfare since 2014, with multiple political actors attempting to disrupt its democratic development. The elections for both the office of the president and parliamentary seats will be a crucial test for Ukraine’s democracy and stability. Much of the action has taken place on Facebook, which is the country’s most popular social network. Despite persistent efforts of civil society and media groups, Facebook has done relatively little to respond to Ukraine’s disinformation problem in the past. But the company changed its tune in January, when it publicly announced that it had taken steps to counter some of these issues.

Media Release: Verified Voting Applauds Rep. Daryl Metcalfe, Rep. Garth Everett and Lt. Col. Anthony Shaffer’s Nonpartisan Call for the Penn. General Assembly to Appropriate Funding to Replace Vulnerable Electronic Voting Machines

Marian K. Schneider: “Election security is a nonpartisan issue and the goal of hardening our voting systems against potential threats is shared across the aisle.” The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, following the press conference with Lt. Col. Anthony…

National: DARPA Is Building a $10 Million, Open Source, Secure Voting System | Motherboard

For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.

National: Voting tech creates growing concern for local officials | The Hill

Some voters in Johnson County, Ind., found themselves waiting for hours to cast their ballots in last year’s midterm elections, but not because of a massive surge in turnout or malfunctioning voting machines. What struggled to work were the electronic poll books used to check a voter’s registration, triggering long lines at polling stations. A state investigation determined that the vendor for the e-poll books, Election Systems & Software (ES&S), was responsible for the technical issue, and the Johnson County election board ultimately voted to terminate the contract. ES&S is one of the biggest voting machine vendors in the country. And despite the report’s findings, other counties in Indiana have continued to work with it, including some that recently signed new contracts. Experts told The Hill that the scenario underscores the new issues that local election officials have to consider as they juggle the benefits and security risks of voting technology, particularly in light of heightened concerns over election hacking.

National: State election officials opt for 2020 voting machines vulnerable to hacking | Politico

Election officials in some states and cities are planning to replace their insecure voting machines with technology that is still vulnerable to hacking. The machines that Georgia, Delaware, Philadelphia and perhaps many other jurisdictions will buy before 2020 are an improvement over the totally paperless devices that have generated controversy for more than 15 years, election security experts and voting integrity advocates say. But they warn that these new machines still pose unacceptable risks in an election that U.S. intelligence officials expect to be a prime target for disruption by countries such as Russia and China. The new machines, like the ones they’re replacing, allow voters to use a touchscreen to select their choices. But they also print out a slip of paper with the vote both displayed in plain text and embedded in a barcode — a hard copy that, in theory, would make it harder for hackers to silently manipulate the results. Security experts warn, however, that hackers could still manipulate the barcodes without voters noticing. The National Academies of Sciences, Engineering and Medicine has also warned against trusting the barcode-based devices without more research, saying they “raise security and verifiability concerns.”

National: I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming | WIRED

In 2016, I bought two voting machines online for less than $100 apiece. I didn’t even have to search the dark web. I found them on eBay. Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online. If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn’t work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the “Property Of” government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.

National: U.S. Military Steps Up Cyberwarfare Effort | Govenment Technology

The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process. It started with texts in October 2018. Russian hackers operating in the Internet Research Agency – the infamous “troll factory” linked to Russian intelligence, Russian private military contractors and Putin-friendly oligarchs – received warnings via pop-ups, texts and emails not to interfere with U.S. interests. Then, during the day of the election, the servers that connected the troll factory to the outside world went down.

National: Election security threats loom as presidential campaigns begin | TechTarget

Never has it been more important to have a mechanism to audit U.S. voting results, but experts say election security risks combined with the weaponization of social media make the task more difficult than ever. The electronic voting systems used in a number of states are a concern for security experts who have seen serious flaws in these systems. If the 2020 U.S. election results are disputed by a candidate, there must be a clear way to show voting results are accurate to ensure a peaceful transition of government, said Avi Rubin a computer science professor at Johns Hopkins University, during an RSA Conference 2019 session on election hacking. … Ronald Rivest, a professor in MIT’s Cryptography and Information Security research group, said during a separate session at RSA Conference that “keeping it simple with low-tech paper ballots” is the lesson learned over the past decade. We still need to know that the tabulation of those ballots is accurate, via audits, and states like Colorado and Rhode Island are piloting new risk-limiting audit systems, Rivest said.

National: New ‘Hybrid’ Voting System Can Change Paper Ballot After It’s Been Cast | WhoWhatWhy

For years, election security experts have assured us that, if properly implemented, paper ballots and routine manual audits can catch electronic vote tally manipulation. Unfortunately, there is no universal definition of “paper ballot,” which has enabled vendors and their surrogates to characterize machine-marked paper printouts from hackable ballot marking devices (BMDs) as “paper ballots.” Unlike hand-marked paper ballots, voters must print and inspect these machine-marked “paper ballots” to try to detect any fraudulent or erroneous votes that might have been marked by the BMD. The machine-marked ballot is then counted on a separate scanner.

Most independent cybersecurity election experts caution against putting these insecure BMDs between voters and their ballots and instead recommend hand-marked paper ballots as a primary voting system (reserving BMDs only for those who are unable to hand mark their ballots). But vendors and many election officials haven’t listened and are now pushing even more controversial “hybrid” systems that combine both a BMD and a scanner into a single unit. These too are now sold for use as a primary voting system.

Unlike hand-marked paper ballots counted on scanners and regular non-hybrid BMDs,  these new hybrid systems can add fake votes to the machine-marked “paper ballot” after it’s been cast, experts warn. Any manual audit based on such fraudulent “paper ballots” would falsely approve an illegitimate electronic outcome. According to experts, the hybrid voting systems with this alarming capability include the ExpressVote hybrid by Election Systems & Software, LLC (ES&S), the ExpressVote XL hybrid by ES&S, and the Image Cast Evolution hybrid by Dominion Voting.

California: Contra Costa County elections detects attempted hacking into system | San Jose Mercury News

An unknown hacker recently tried to access Contra Costa County’s election internet system, according to an email sent by the county’s elections chief. The unsuccessful hacking attempt “fits a pattern of other attempts/attacks that trace back to foreign interests,” Clerk-Recorder and Registrar of Voters Joe Canciamilla wrote, in an internal email to county staff on Friday morning. He said the elections office notified the California Secretary of State’s office, as well as the Department of Homeland Security, about the “attempted intrusion.” “Our security protocols captured and isolated the threat almost immediately,” Canciamilla wrote in the email. It’s unclear when the attack took place. Elections spokesman Paul Burgarino said the investigation into the incident is still in its early stages, but preliminary information indicated the attempt was unsuccessful.

Colorado: Denver Offers Blockchain Voting to Military, Overseas Voters | The Denver Post

The city of Denver will allow thousands of voters to cast their ballots with a smartphone application this year. The pilot program is one of the first U.S. deployments of a phone-based voting system for public elections — but it will only be available to military members and voters living in other countries. The city has invited all of its international voters — about 4,000 people — to use the app in the May 2019 election. The idea of digital voting has been met with skepticism from some elections security experts, but Denver officials say it could make life easier for a limited set of voters. “This pilot enables us to offer that convenience for our military and overseas citizens who have the most difficult time voting and participating in the democratic process here at home,” said Deputy Elections Director Jocelyn Bucaro.