China: Spy defects to Australia, alleging election interference and cybercrimes | Devin Coldewey/TechCrunch

A purported agent of the Chinese intelligence service is seeking asylum in Australia, bringing with him explosive allegations of widespread interference in political affairs in that country, Taiwan and elsewhere. He claims also to have run a cyberterrorism campaign against supporters of Hong Kong independence. Wang “William” Liqiang indicated to Australian news outlet The Age that during a deep-cover assignment intended to manipulate the 2020 presidential election in Taiwan, he decided to defect and expose the Chinese networks from abroad. In addition to The Age, Wang spoke with The Sydney Morning Herald and 60 Minutes; the various outlets appear to be planning a broader release of the contents of his interviews on Monday. Wang has reportedly explained in detail the inner workings of a Hong Kong-listed company called China Innovation Investment Limited, which the government has allegedly been using as a front to infiltrate various universities, political groups and media companies.

Russia: Charges of Ukrainian Meddling? A Russian Operation, U.S. Intelligence Says | Julian E. Barnes and Matthew Rosenberg/The New York Times

Republicans have sought for weeks amid the impeachment inquiry to shift attention to President Trump’s demands that Ukraine investigate any 2016 election meddling, defending it as a legitimate concern while Democrats accuse Mr. Trump of pursuing fringe theories for his benefit. The Republican defense of Mr. Trump became central to the impeachment proceedings when Fiona Hill, a respected Russia scholar and former senior White House official, added a harsh critique during testimony on Thursday. She told some of Mr. Trump’s fiercest defenders in Congress that they were repeating “a fictional narrative.” She said that it likely came from a disinformation campaign by Russian security services, which also propagated it. In a briefing that closely aligned with Dr. Hill’s testimony, American intelligence officials informed senators and their aides in recent weeks that Russia had engaged in a yearslong campaign to essentially frame Ukraine as responsible for Moscow’s own hacking of the 2016 election, according to three American officials. The briefing came as Republicans stepped up their defenses of Mr. Trump in the Ukraine affair. The revelations demonstrate Russia’s persistence in trying to sow discord among its adversaries — and show that the Kremlin apparently succeeded, as unfounded claims about Ukrainian interference seeped into Republican talking points. American intelligence agencies believe Moscow is likely to redouble its efforts as the 2020 presidential campaign intensifies. The classified briefing for senators also focused on Russia’s evolving influence tactics, including its growing ability to better disguise operations.

Verified Voting Blog: Verified Voting supports respectful public observation of elections

For more than a decade Verified Voting has supported and encouraged respectful public observation of the election process consistent with a state or jurisdiction’s regulations governing observers, and promoted transparency as a key element of reliable, evidence-based elections. Election observers should be free from harassment and intimidation. Observation enables parties, candidates, citizen groups and independent…

National: Report: Election Assistance Commission Grapples With Staffing, Budget Cuts | Alexa Corse/Wall Street Journal

The federal agency responsible for setting election security standards is grappling with key leadership vacancies and inadequate funding, a new report by a government watchdog office has found. The U.S. Election Assistance Commission, which is focused exclusively on the voting process, is struggling to help state and local officials bolster the security of their voting systems, the agency’s inspector general said in a report released Wednesday. The commission has sought to promote cybersecurity best practices and to serve as a central resource for state and local governments, which have the primary responsibility for administering elections. But the inspector general’s report says that the commission’s efforts are faltering amid staffing shortages and years of budget cuts. Two of the agency’s most senior officials—the executive director and general counsel—stepped down last month, and the agency has begun looking for their successors, the report said. The agency’s acting executive director and chief information officer, Mona Harrington, said in a letter to the inspector general dated Monday that the agency “concurs” with the findings about its troubles.

National: CISA and VotingWorks release open source post-election auditing tool | Catalin Cimpanu/ZDNet

The US Cybersecurity and Infrastructure Security Agency (CISA) and VotingWorks, a non-partisan, non-profit organization, have open-sourced today a tool for the post-election auditing process. Developed by VotingWorks and named Arlo, the tool is available on GitHub. It’s a web-based app designed specifically for the US election process where votes are tallied electronically using software or special machines. To safeguard the election process against hacked or faulty voting systems, the US government mandates that all counted votes go through a post-election audit to verify the results, in a process called a Risk-Limiting Audit (RLA). Arlo is designed to automate this auditing process by automatically selecting random voter ballots for the RLA process, providing auditors with the information they need to find those ballots in storage, helping officials compare audited votes to tabulated votes, and providing monitoring & reporting capabilities so that election officials and public observers can follow the audit’s progress and outcome. “The tool supports numerous types of post-election audits across various types of voting systems including all major vendors,” CISA said in a press release today. CISA did not develop Arlo — created by VotingWorks on its own — but the agency has adopted the tool and is currently working on convincing state election officials to deploy it before next year’s presidential election.

National: House Panel Zeroes in on Election Security Ahead of 2020 | MeriTalk

With election security firmly in place as the popular policy de jour on Capitol Hill in the ramp-up to the 2020 election cycle, House members from both sides of the aisle voiced support at a Nov. 19 hearing for more focus on cyberattacks targeting election infrastructure, with a particular focus on ransomware exploits. The hearing of the House Homeland Security Committee subcommittee on Cybersecurity, Infrastructure Protection, and Innovation featured testimony from officials in the Federal government, academia, and the private sector, but mainly targeted efforts the private sector is making to protect U.S. elections infrastructure and political campaigns from malicious actors. Subcommittee Chairman Cedric Richards, D-La., began the hearing by highlighting Russia’s malicious cyber activity in the 2016 elections, saying, “The Russian government’s covert malicious foreign interference campaign attacked every aspect of our elections.” He further pointed to two new countries he said are working towards attacking U.S. elections – Iran and China. Rep. Richards said those countries are “weaponizing new technologies to disrupt our democracy, distort the daily news, and compromise our election security.”

National: On election security, U.S. government leaving much on the table | Derek B. Johnson/FCW

Expert witnesses warned Congress that the U.S. government has largely failed to address known security shortfalls leading up to 2020 and future elections.Much of the election security debate in Washington since 2016 has focused on improving baseline protections for voting machines, but witnesses at a Nov. 19 House Homeland Security Committee hearing noted that similar deficiencies also exist when it comes to protecting political campaigns from compromise by foreign intelligence services and preventing foreign and domestic disinformation. In his opening statement, Georgetown University professor Matthew Blaze noted that the current generation of voting machines used in U.S. elections were never designed to combat attacks or threats from adversarial foreign governments with the resources to penetrate the global supply chain or obtain software source code before it’s even shipped to election officials. “The intelligence services of even small nations can marshal far greater financial, technical and operational resources than would be available to even highly sophisticated criminal conspiracies,” Blaze said.

National: DHS cyber agency invests in election auditing tool to secure 2020 elections | Maggie Miller/The Hill

The Department of Homeland Security’s (DHS) cybersecurity agency announced Thursday it would partner with election officials and private sector groups to develop an election auditing tool that can be used to help ensure the accuracy of votes in 2020. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) is partnering with non-profit group VotingWorks on an open-source software tool known as Arlo, which is provided to state and local election officials for free. According to CISA, Arlo conducts an audit of votes by selecting how many ballots and which ballots to audit and comparing the audited votes to the original count. The tool has already been used to conduct post-election audits across the country, including during the recent 2019 elections. Election officials in Pennsylvania, Michigan, Virginia, Ohio and Georgia have signed on to partner with CISA on Arlo, with more officials expected to join.

National: Senior DHS cyber official Jeanette Manfra to step down | Sean Lyngaas/CyberScoop

Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position, according to multiple sources familiar with the matter. DHS officials are preparing an internal announcement about Manfra’s departure that could come as soon as this week, two sources told CyberScoop. Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress. She has also represented DHS at top cybersecurity conferences like RSA and DEF CON. Over the course of her tenure, Manfra took on increasingly senior and cybersecurity-focused roles, culminating in her becoming assistant director at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) last year. In a speech last year, she likened supply-chain vulnerabilities to a “digital public health crisis.” It was not immediately clear who would replace her. One source told CyberScoop that officials had a replacement in mind, but declined to say who that was.

Colorado: County clerks ask federal, state officials for cash | Charles Ashby/Grand Junction Sentinel

Colorado’s county clerks are asking state and federal lawmakers to send money, lots of it. In a letter Wednesday to the state’s two U.S. senators — Democrat Michael Bennet and Republican Cory Gardner — the Colorado County Clerks Association asked them to ask U.S. Senate leaders to make sure they include funding to ensure the state’s and nation’s election systems are protected from cyber attacks, among other things. “Despite extraordinary progress by state and local election officials to improve election security, upgrade equipment and implement audit procedures, critical vulnerabilities remain,” wrote Janice Vos Caudill, Pitkin County clerk and current association president. “Although Colorado leads the nation in secure election practices — for example, Colorado is the first U.S. state to require risk-limiting audits after each election — there is much more Colorado can do with additional federal money,” she added. “This funding needs to be earmarked specifically to harden local government systems in a comprehensive way.”

Iowa: 2012 election problem a window into ongoing voter dysfunction, county auditor contends | Jason Clayworth/Des Moines Register

An Iowa election reporting delay that occurred the night President Barack Obama won a second term underscores longtime and ongoing dysfunction in the state’s voter system, says a county auditor who has filed an elections complaint against the state. A spokesman for Iowa Secretary of State Paul Pate, a Republican, disputed the contention by Linn County Auditor Joel Miller, a Democrat. “It’s totally irrelevant to anything this office has done,” spokesman Kevin Hall said this week. The 2012 delay was the result of a glitch in free computer software Iowa received from South Dakota, records the Des Moines Register obtained last week from the Iowa Secretary of State’s Office show. Because of a software crash, results from 126 Statehouse races were delayed and the balance of power in the Iowa Legislature remained unclear until the day after the election. BPro — a South Dakota company that designed the software and was hired via a no-bid contract to customize the system for Iowa — agreed to pay the state $150,000 in “liquidated damages” for the problem in its election night reporting system and its related work, according to an August 2014 termination agreement and a company spokesman.

Louisiana: Louisiana was hit by Ryuk, triggering another cyber-emergency | Sean Gallagher/Ars Technica

In October, the Federal Bureau of Investigation issued a warning of increased targeting by ransomware operators of “big game”—targets with deep pockets and critical data that were more likely to pay ransoms to restore their systems. The past week has shown that warning was for good reason. On November 18, a ransomware attack caused Louisiana’s Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor’s office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state’s cybersecurity response team. While some services have been brought back online—in some cases, within hours—others are still in the process of being restored. Most of the interrupted services were caused by “our aggressive actions to combat the attack,” according to Louisiana Commissioner of Administration Jay Dardenne. “We are confident we did not have any lost data, and we appreciate the public’s patience as we continue to bring services online over the next few days.”

Editorials: Averting a voting-machine disaster: New York must stay far away from election devices with a proven record of failure | Ritchie Torres/New York Daily News

Imagine spending millions of taxpayer dollars for brand-new voting technology. Then imagine the first time the machines are used in an election, they fail catastrophically. That’s what happened this month across the state line in one Pennsylvania county. How bad was it? Widespread and alarming were failures of this machine, an Election Systems & Software (ES&S) product called ExpressVote XL. Hypersensitive touchscreens picked candidates without voters actually touching the screens. Tick-marks next to selected candidates randomly disappeared. Some machines were unable to tabulate “yes/no” questions at all. In some races, there were “severe undercounts,” including one judicial candidate who received an implausible zero votes, according to the machine’s false reporting. Another candidate won by roughly 1,000 votes, but the ExpressVote XL machine reported 15 votes cast total. Amid the chaos that ensued in this low-turnout election, poll workers were forced to physically pry open the machines, pull out ballot papers and wait for scanners to arrive from outside the state to recount the votes. Weeks later, ES&S has still “has not determined root cause” of the malfunctions, and now reports indicate that lawsuits are likely to be filed against the company and the county. If this sounds like a nightmarish but distant scenario with no practical relevance to us, think again. In fact, if New York City Board of Elections Executive Director Mike Ryan gets his way, the voting technology that catastrophically failed in Pennsylvania will be heading to polling places in the five boroughs for next year’s presidential elections, when turnout will be through the roof.

Pennsylvania: State starts testing new election auditing procedures | Emily Previti/PA Post

Pennsylvania’s elections overhaul isn’t limited to deploying new voting machines and making sweeping changes to absentee voting and registration deadlines. Officials also are working on new post-election auditing procedures that employ statistical modeling. Test runs occurred earlier this week in Mercer County and are scheduled for Thursday in Philadelphia. Post-election audits already happen in Pennsylvania. State law requires counties to audit 2 percent of ballots cast – or 2,000, whichever is less – in each race. Other auditing criteria – such as sample ballot selection – are largely left up to county election officials. That’s expected to change in 2022. The state agreed to implement a more robust post-election audit system — called risk-limiting audits — as part of the settlement of a lawsuit brought by 2016 Green Party presidential candidate Jill Stein. “The process that’s in place now is practically meaningless,” Stein’s spokesman Dave Schwab wrote in an email Tuesday. “In contrast, risk-limiting audits are designed to use the paper records to ensure that the machine count didn’t produce the wrong winner.”

Pennsylvania: Northampton County voters want refund for ExpressVote XL voting machines | Jeff Ward/WFMZ

Northampton County should get back the $2.88 million it spent on voting machines, residents told County Council on Thursday night. The ExpressVote XL machines used for the Nov. 5 election had touch screens that were too sensitive, did not record all votes electronically, and the backup paper ballots that were displayed to voters to confirm their choices were hard to read. The county bought machines from Election Systems & Software after Pennsylvania required voting machines that would thwart hacking and provide a paper backup to electronic tallies. “We really need to get our money back,” Gail Preuninger of Bethlehem Township said. Deborah Hunter, who served on the county’s election commission and opposed selection of Election Systems & Software’s machines, said the vendor broke its contract. “I will not use this machine,” said Roger Dreisbach-Williams of Williams Township. He said he will vote via a paper ballot next time, perhaps as an absentee voter.

Editorials: Hand-marked Paper Ballots: How this Tried-and-True Method Makes Us More Secure | Bennie J. Smith/Memphis Commercial Appeal

In 2016, Facebook CEO Mark Zuckerberg shared a photo on Instagram (owned by Facebook) to celebrate Instagram’s historic milestone of reaching 500 million users. Though Zuckerberg was excited to share his company’s success, headlines instead focused on the unintended revelation that his laptop’s webcam and mic were covered with tape. As one of the greatest high-tech inventors, he knows the dangers of modern technology and reveals his simple low-tech method of protection from hackers. One thing is clear, he doesn’t blindly trust technology, and neither should you.We’ve blindly trusted voting technology until it recently came under intense scrutiny. Many technologists, concerned citizens and others now want to replace voting machines with hand-marked paper ballots to record our votes. Combined with post-election audits, these low-tech methods provide evidence that voters’ choices were counted correctly when tabulated. If you think about it, paper marked by a human is immune to any virus since no computer is involved. It’s your starting line in an election, with its most important fact (true voter intent) undeniably created by you. Your available choices and who you chose are both verifiable and documented. Voters unable to mark a ballot by hand will need ballot-marking device choices.

Virginia: State Board of Elections Approves 2020 Election Cybersecurity Standards | The Fredericksburg Free Lance-Star

The Virginia State Board of Elections on Monday unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178, calling for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database, according to a news release from the state board. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans, the release stated.

Georgia: Problems with new Georgia voting system found in test election | Mark Niesse/The Atlanta Journal-Constitution

Voting machines rebooted in the middle of voting. Computers couldn’t program the cards voters use to activate voting machines. One voter inserted a driver’s license into the voting machine, causing it to go blank. Those were some of the 45 incidents reported during a test run of Georgia’s new voting system, according to a summary from the secretary of state’s office. The pilot was conducted in six counties, where 27,482 ballots were cast in this month’s election. The test identified issues with the voting system, which combines touchscreens with printed-out paper ballots, that can now be corrected before it’s used statewide in the March 24 presidential primary, said Gabe Sterling, the chief operating officer for the secretary of state’s office. “These problems are mainly human-based,” Sterling said. “We can train and train, and our plan is to train again. That’s going to be the main thing that’s going to make these things work properly.” Sterling said he’s confident that the state’s voting system will be ready for the presidential primary, and all equipment is scheduled for delivery by late January.

National: States and cities make cybersecurity pledge after Trump administration rejects it | Joseph Marks/The Washington Post

U.S. states and cities are breaking with the federal government and signing onto an international pledge aimed at making cyberspace safer. Virginia, Colorado and Washington state have all endorsed the Paris Call, which was first boosted last year by French President Emmanuel Macron and which commits members to combatting major cyberattacks, digital theft of intellectual property and foreign election interference. City governments in Louisville, San Jose and Huntington, W.Va., have also joined. The Trump administration, meanwhile, is still refusing to endorse the pledge — even though it was approved by 74 other nations including our closest allies in Britain, Canada, Australia and New Zealand. The move is another way that cities and states are breaking with the Trump administration. Others have done so on issues ranging from climate change, privacy to immigrant rights. It also underscores how states and localities, which have been pelted with costly ransomware attacks and struggled to protect their elections against highly sophisticated Russian hackers in recent years, are increasingly viewing cybersecurity as an existential threat. “It’s a problem that’s facing us and I really don’t give a flip whether a governor or a president is addressing it,” Huntington, W.Va., Mayor Stephen T. Williams told me. “I’m going to find people on common ground and we’re going to move forward and make our case. If the states and federal government want to come along, that’s fine, but, if not, we’ve got our own voice.”

National: Senate Democrats urge DHS to fund cyber threat information-sharing programs | Maggie Miller/The Hill

A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts. In a letter sent on Monday to Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency, Senate Minority Leader Charles Schumer (D-N.Y.), and Sens. Maggie Hassan (D-N.H.) and Gary Peters (D-Mich.) expressed concerns around the funding level for two information-sharing groups. Specifically, the senators noted that DHS’s proposed fiscal 2020 budget covers only around 70 percent of the estimated $15 million it would take for the Center for Internet Security to run both the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

National: Ex-U.S. security officials urge ‘aggressive steps’ to protect 2020 election | Mark Hosenball/Reuters

The United States should boost spending and take other “aggressive steps” to protect next year’s presidential election from foreign meddling, a group of former national security officials said on Monday. Citing what they said were signs U.S. rivals want to undermine the November 2020 poll, National Security Action – a group led by former advisers to President Barack Obama – said states and agencies should invest in paper ballot backups for digital voting machines, ensure audits of election results, improve cybersecurity and boost training for poll workers. Election security has become a major concern since U.S. intelligence agencies claimed Russia interfered in the 2016 presidential election to tilt the vote in Donald Trump’s favor. Moscow has denied here any interference. Congress has appropriated some $600 million for election security since 2018 and is working to approve another $250 million, an amount that National Security Action called a “modest start.” Its statement was signed by 70 former security officials from a range of agencies.

National: Russian Hacking 2.0 Could Employ a Whole New Bag of Digital Dirty Tricks | Nick Bilton/Vanity Fair

Last week, a woman, who we’ll call Jane, woke up in her home, as she does every morning, at around 5 a.m. (Her kids didn’t get the memo about daylight saving time.) Jane hobbled downstairs, still half asleep, walked into her kitchen, and started the coffee machine. Then she turned on her iPhone and immediately said, “Holy fuck!” Jane is a former senior staffer at the Democratic Congressional Campaign Committee, or DCCC, and when she turned on her phone that morning, her email inbox had filled with over 4,500 new messages from thousands of authentic businesses across the internet. Because of their authenticity, many of those messages had not been spotted by her Gmail spam filter. As she held her phone in her hand, she watched in disbelief as new messages appeared almost every second. Before she could quell the onslaught, 8,000 had landed in her inbox.

National: U.S. National Guard’s Evolving Mission Includes Assisting Local Governments Experiencing Cyber Attacks | Scott Ikeda/CPO

Cyber attacks on municipalities have been on the rise in the past year, particularly in smaller cities that have inadequate resources to deal with them. In the smallest of towns and cities, local government relies on state and federal resources to deal with remediation in the wake of a breach. For some, those resources now include the National Guard. Established at the national level in 1903, the National Guard is a reserve military force called upon for certain domestic emergencies; primarily, recovery efforts when natural disasters and major terrorist attacks occur. With cyber attacks evolving to target both the digital and physical infrastructure of towns and cities, states are now able to justify deploying the Guard to assist in supporting and protecting these vital services. As little as a few years ago, cyber defense was not even on the radar of most National Guard agencies. In the past two years, cyber brigades have begun to spring up around the country as the need for proactive defense and response to nation-state cyber attacks has become clear. Though each state has its own National Guard agency, many of these cyber brigades are responsible for covering multiple states. For example, the Army Nation Guard’s 91st Cyber Brigade is based in Virginia but is tasked with overseeing cyber response units in 30 states.

National: 3 Cybersecurity Threats Facing Campaigns in 2020 | Sean J. Miller/Campaigns & Elections

Cyber threats are a growing market this cycle. Security vendors, some free or low-cost, are stepping up to provide services for campaigns and groups to help protect themselves from hacking, which could come from a lengthening list of foreign adversaries. Still, awareness and adoption remain uneven, particularly down-ballot. Now, the industry vulnerabilities that exist aren’t just being probed by Russians. Other state actors are trying their hands at election inference, according to Matt Rhoades, co-founder of the non-profit group Defending Digital Campaigns, Inc. “We know that the Chinese play this game. But if you’re a Republican too, you know that the Iranians are now fully invested in this kind of effort, and they’re going to be targeting Republicans, especially, who have been hardcore on things like the Iranian nuclear deal,” Rhoades said last month during a panel at the George Washington University’s GSPM. “You have to look past just Putin.” The tactics that the state actors could use are established, with some new twists. Here are three threats campaigns face.

Colorado: Secretary of State’s Office begins post-election ballot audit | Michael Karlik/Colorado Politics

Secretary of State Jena Griswold on Friday directed county clerks to begin the audit of a random selection of ballots after this month’s general election. A press release said that this risk-limiting audit, the only statewide one in the country following most elections, provides a “high statistical level of confidence that the outcome of an election is correct and reflects the will of the voters.” Colorado conducted its first statewide audit in 2017, covering all counties that used machines to tally their votes. Two counties, Jackson and San Juan, do not perform an audit because their ballots are hand counted. The secretary of state’s office randomly chose the ballots for each clerk to review using a 20-digit number, generated from multiple rolls of a 10-sided die. “If what the audit board reports matches how the voting system tabulated the ballots, the audit concludes,” Griswold’s website explains. “If there are discrepancies, additional ballots are randomly selected to compare until the outcome has been confirmed. If the wrong outcome was reported eventually all of the ballots will be examined and a new outcome will be determined.”

Indiana: Why Critics Say Indiana Isn’t Doing Enough To Beef Up Election Security | Adam Pinsker & Sean Hogan/ Indiana Public Media

A big upgrade of voting machines is taking place around the state, but it won’t be finished before the 2020 election, when Hoosiers will choose a president, governor and other down ballot candidates. Some Hoosier voters worry their votes aren’t protected, and critics say a larger effort to safeguard votes is needed from the state. There are two types of machines for counties to use during elections in Indiana: Direct Record Electronic (DREs) and Optical Scans, which utilize a paper ballot. Valerie Warycha, the Indiana Deputy Chief of Staff says the state is providing four DRE counties — Bartholomew, Boone, Hamilton, and Hendricks — with Voter Verifiable Paper Audit Trails (VVPAT) by 2020. A VVPAT is a device that attaches to the machine and prints out a paper copy of an individual vote that can be reviewed in the course of an election audit. A law that went into effect in July requires all counties to use voting machines that provide a paper trail audit by the beginning of 2030.

Louisiana: Government computers knocked out after ransomware attack | Christopher Bing & Raphael Satter/Reuters

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it. Louisiana Secretary of State spokesman Tyler Brey said that while his office’s website was briefly offline, the tallying of Saturday’s vote, in which Bel Edwards narrowly won re-election, was unaffected. The vote drew national attention following U.S. President Donald Trump’s well-publicized endorsement of Bel Edward’s Republican challenger, Eddie Rispone.

Michigan: Absentee voting surges in Michigan, creating challenges for local clerks | Kathleen Gray/Detroit Free Press

With absentee voting skyrocketing since voters approved a ballot proposal  last year allowing for its expansion, clerks across the state are worrying about counting ballots next year, when a record turnout is expected for the presidential race. Some clerks and Secretary of State Jocelyn Benson are calling on the state to allow election officials to be able to open and prepare absentee ballots for counting — and maybe even begin tabulating — votes before Election Day. Opponents worry that early processing and counting could lead to more voter fraud because ballots could be less secure until they’re ready to be counted. They’re also concerned that results could leak out and have a chilling effect on voters who haven’t cast ballots yet. In the August primary and November general election, when city leadership races and police and parks millages were at stake, absentee voting in some communities was as high as 82%. Hot races drew a record number of absentee voters:

Pennsylvania: Mercer County conducts first risk limiting election audit | Glenn Stevens/WFMJ

Mercer County is conducting a risk-limiting post-election audit for the first time in Pennsylvania. A working group assembled at the Mercer county courthouse on Monday to perform the post-election audit.   It’s described as a scientifically designed procedure that utilizes math and statistical data to confirm election outcomes. “They’ve found out a way to use the math to provide a statistical certainty that the results that we are reporting accurately reflect that’s what the voters did,” said Mercer County Elections Director Jeff Greenburg. “The math is maybe a little complicated for the average person until you get kind of hands-on experience, and that’s really what we’re doing here today,” according to Jonathan Marks, Deputy Secretary of Elections for Pennsylvania.  Pennsylvania has returned to a paper ballot, and the risk-limiting audit is viewed as another step forward for voter confidence and election integrity.

Virginia: State Board of Elections approves election security standards for 2020 | Augusta Free Press

The Virginia State Board of Elections unanimously passed minimum security standards for all Virginia elections administrators to follow beginning next year. In 2019, the General Assembly passed HB 2178; this legislation called for new, modern cyber security standards that must be met throughout the Commonwealth before systems are allowed to access Virginia’s election database. Since July, the Department of Elections along with a workgroup comprised of local government IT professionals and general registrars have met to compose a list of standards that will help to ensure the integrity of Virginia’s voter registration system. These new minimum security requirements for election administrators include, but are not limited to: setting new standards for creating secure passwords, requiring an increased emphasis on utilizing anti-virus protection on their election systems, and developing and training on incident response plans.