The ubiquity of online life comes with devastating vulnerabilities. Even one of the world’s richest men, Jeff Bezos, is reportedly not safe from hackers of electronic devices. Despite this well-established risk, Washington elections officials are moving in disjointed directions about internet security. In Olympia, Secretary of State Kim Wyman wants to bar emailed ballot returns because of potential fraud and network tampering via attachment. In King County, Elections Director Julie Wise is aiding a local public agency’s experiment with online voting. The King County move is a badly flawed approach to broadening elections access. Washington’s elections must — without exception — be kept safe from online tampering. The best way to do this is to keep elections computers entirely off the internet. House Bill 2647 and Senate Bill 6412 are Wyman’s request legislation that would ban returning ballots by email. The proposal would close a vulnerability without meaningfully limiting access for military and overseas voters. Their current extended voting window of 30 or 45 days to download, print and return ballots reasonably allows for international postal delays.Full Article: Resist push for online ballot box | The Seattle Times.
National: Analysts question whether FBI election cybersecurity changes are robust enough | Jonathan Greig/TechRepublic
The FBI released new guidelines on how it will approach cyberattacks on elections after facing years of criticism from lawmakers across the country for their response to Russian intrusion attempts during the 2016 election. State officials, particularly those in Florida, were incensed when the Mueller Report revealed that two county voting databases were breached by Russian hackers ahead of the 2016 election. The FBI never told state-level officials and only coordinated with people in the counties that had been hit, waiting nearly two years until meeting and explaining the situation to Florida Gov. Ron DeSantis. The new guidelines, explained on a media call last Thursday and in a press release last Friday, say the FBI will notify a state’s chief election official and other local election workers in the event of any cyberattack. “Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure,” the FBI statement said.Full Article: Analysts question whether FBI election cybersecurity changes are robust enough - TechRepublic.
National: Weakening Encryption Could Impact Election Security, Coalition Says | Frank Konkel/Nextgov
A coalition for secure elections sent a letter to Attorney General William Barr Wednesday, criticizing the AG for recent comments he made calling on companies to create a “backdoor” through encryption. The letter, published by the Project on Government Oversight, warns such backdoors—even if expressly for use by law enforcement—would weaken the security of encrypted services and devices, “opening the door” for hackers to harm users. “While encryption does not guarantee safety from all forms of malicious hacking, it is a vital safeguard to minimize risk. The Department of Justice has previously asked companies to create a ‘backdoor’ through encryption that would be accessible to law enforcement—but it is simply not possible to create a ‘backdoor’ that could not also be accessed by malicious hackers,” the letter states.Full Article: Weakening Encryption Could Impact Election Security, Coalition Says - Nextgov.
National: Tech Companies Volunteer to Beef Up Presidential Campaigns’ Cybersecurity | Alexa Corse/Wall Street Journal
Nearly a dozen technology companies said they will provide free or reduced-cost cybersecurity services to presidential campaigns, which experts and intelligence officials have warned are ripe targets for intrusion and disinformation. They join a growing number of firms offering protection on a nonpartisan basis, a trend that has gained steam in the past 18 months or so, since federal regulators eased rules to make such offers permissible under campaign-finance laws. The Federal Election Commission made policy changes after urging from nonprofits and technology companies, including Microsoft Corp. Campaigns have struggled to make their information more secure in part because of budget pressures and the fast-moving nature of a campaign. “Any dollar that a campaign spends on extra levels of cybersecurity is a dollar they’re not spending on voter contact and getting their candidate elected,” noted Matt Rhoades, campaign manager for Republican Mitt Romney in 2012.Full Article: Tech Companies Volunteer to Beef Up Presidential Campaigns’ Cybersecurity - WSJ.
California: Lawsuit claims new Los Angeles County voting machines could favor some candidates | Jason Ruiz/Long Beach Post News
A lawsuit filed Thursday by the City of Beverly Hills alleges that the machines to tabulate votes that are being deployed by Los Angeles County for the upcoming March 3 elections could give some candidates an unfair advantage. In a statement the city said that the issue is that only four candidates can be displayed at one time on the screens and that the confusion between the “More” and “Next” buttons could lead to those not listed on the first page being overlooked by voters. Potential for the city’s suit was first reported by LAist, which earlier this month reported the Beverly Hills City Council was considering the action after it received a preview of the machines and noticed the potential for confusion. One of its incumbent members is listed fifth on the ballot, which means he would appear on the second screen and potentially be skipped over by voters. The county is using VSAP (Voting Solutions for All People) machines for the first time during the March elections, but have rolled them out for demonstrations in the past few months including at November’s California Democratic Party Endorsing Convention hosted in Long Beach. Voters can use the machines to electronically mark selections, with the machine printing out a paper version of their votes to be turned into county officials. The machines have yet to be certified by state election officials.Full Article: Lawsuit claims new voting machines could favor some candidates • Long Beach Post News.
The following is a comment on the certification process for Los Angeles County’s VSAP 2.0 system. To view a pdf, click here.
Los Angeles County Voting Systems for All People (VSAP) 2.0 Certification
Comment of Pamela Smith, Senior Advisor, Verified Voting
January 20, 2020 Verified Voting commends Los Angeles County for the decade-long process of reimagining a voting system that must effectively serve the nation’s most populous and most diverse voting jurisdiction, as that system approaches certification and use in California’s upcoming elections. We have appreciated the opportunity to participate on the County’s Technical Advisory Committee since it was established and provide vigorous comment through the development process. We also appreciate the changes brought about by California’s lawmakers and Secretary of State Padilla to establish a more rigorous set of requirements for testing and examination of voting systems prior to approval for use. We believe, however, that there is a gap in the certification process that must be addressed for it to be fully transparent and to enable the public to more fully understand voting system compliance with California’s requirements.
The California Voting System Standards (CVSS)1 framework is supported by a set of regulations1 which govern a sequence of events for certification of a system, from application and provision of documentation and system/s for test, to a series of tests by qualified testing entities on security, software, functionality and more, to a set of reports to be published prior to a public hearing and comment period, and to eventual approval or denial of certification.
The required publications include test reports from the involved testing authorities, and a staff report from the Office of Voting Systems Technology Assessment (OVSTA). Reviewing these reports show test results that are characterized as failing or not complying with requirements in some instances, while the subsequent Staff report indicates that the system is in compliance, which seems contradictory at best, and it is not clear to the public how to reconcile those reports.
Georgia: Fearing long lines, Georgia election officials reject voting proposal | Mark Niesse/The Atlanta Journal-Constitution
Georgia’s election board rejected a proposal Wednesday that could have resulted in long lines of voters, instead introducing a plan to require more voting machines during this year’s high-turnout presidential election. Still, the State Election Board’s proposed rules won’t provide as many voting machines as mandated by a state law passed last year, which called for one voting booth for every 250 voters in each precinct. Election officials said they will likely try to change that law during this year’s legislative session. With a new voting system being rolled out during the March 24 presidential primary, the State Election Board approved rules for the state’s voting machines and proposed several other changes dealing with absentee ballot rejections, provisional ballots, paper ballot backups and accessibility options for people with disabilities. The board’s most consequential decision determined how many voting machines are available in each precinct on Election Day.Full Article: Georgia election officials require more voting machines.
With less than two weeks until Iowans line up to cast the first votes to pick a Democratic presidential nominee, party officials are reassuring voters that a new app used to report its caucus votes is secure. It’s not clear if they are correct. The app will be used in Iowa and Nevada by caucus managers — local registered Democrats who sign up to organize and run the caucus process in each location — to expedite the process, calculate and assign delegates and report results back quickly. The app will also be used in satellite voting locations across the country and overseas. But questions about the app remain unanswered, including who developed it and whether it has been subjected to independent security testing. Security experts say that the app is a potential target for early election interference, particularly since it is downloaded on to the personal phones of the caucus managers. Party officials say operational security prevents them from disclosing specifics about the app. Kiersten Todt, managing director of the Cyber Readiness Institute, a nonprofit group that provides cybersecurity advice to small and medium-size businesses, said those phones “can be breached in a heartbeat.”Full Article: Iowa caucus app sparks election security concerns.
Nevada: Amid hacking fears, Nevada Democrats to use app for caucus results | Jason Hidalgo, Ryan Foley and Christina Cassidy/Reno Gazette Journal
Nevada is one of two early caucus states to use new mobile apps to report caucus results amid heightened worries about election hacking. The Silver State will be joining Iowa in using mobile apps to gather results from thousands of caucus sites. The decision to use the apps was made to increase transparency and help run the caucuses more smoothly, said Shelby Wiltz, director of the Nevada State Democratic Party Caucus, on Monday. “NV Dems has been committed to making our First in the West Caucus the most accessible, expansive and transparent caucus yet,” Wiltz said. “We developed a reporting application in order to streamline the caucus process and provide our volunteers with additional support to run their caucuses as efficiently as possible.” Although the technology is intended to make counting easier, however, it also raises concerns about the potential for hacking or glitches. Party officials said that they worked closely with the Democratic National Committee and security experts while picking and vetting the app vendor that was chosen. They declined to name the vendor, however, citing security reasons.Full Article: Nevada Democratic Party to use app for caucus results.
New Hampshire: Paper Ballots Are Hard to Hack, But That’s Only Part of the Election Security Puzzle | Casey McDermott/New Hampshire Public Radio
New Hampshire Secretary of State Bill Gardner has long projected confidence about the security of the state’s elections. In the fall of 2016, as national security officials were warning state elections offices to “be vigilant and seek cybersecurity assistance” from federal partners, Gardner declined — saying New Hampshire didn’t need the extra help. “We have a system that, we don’t have to be concerned that it’s going to be something different this time because of some imaginary foreign element out there or something that might be interfering with this election,” Gardner said at the time. Since then, Gardner — the nation’s longest serving elections chief — continued to downplay the risk facing New Hampshire. When asked about election security at a meeting of the state’s Ballot Law Commission a few months before the 2018 midterms, he had a simple response. “You want to know about being hacked? You see this pencil here?” Gardner said, holding one up for emphasis. “Want me to give it to you and see if you can hack this pencil? We have this pencil. This is how people vote in this state. And you can’t hack this pencil.”Full Article: N.H.'s Paper Ballots Are Hard to Hack, But That's Only Part of the Election Security Puzzle | New Hampshire Public Radio.
New Jersey: New Jersey will soon allow you to register to vote online | Brent Johnson and Matt Arco/NJ.com
Looking to register to vote in New Jersey? You will soon be able to do it online under a bill Gov. Phil Murphy signed into law Tuesday. The new law (S589) requires the Garden State’s secretary of state to create and maintain a secure website to allow eligible voters to register to vote using an online form. It takes effect in June. It’s the latest move Murphy and his fellow Democrats who control the state Legislature have made to open up voting in New Jersey. They have also expanding mail-in voting, made voter registration automatic when you apply for a driver’s license, and restored voting rights to people on probation and parole. New Jersey is the 38th state to institute online voter registration, according to the National Conference of State Legislatures. The District of Columbia also has it and Oklahoma is phasing in a similar program.Full Article: N.J. will soon allow you to register to vote online - nj.com.
Pennsylvania: Federal judge delays voting machine case against Department of State | Emily Previti/PA Post
A federal judge on Friday ordered a month-long delay in a case that seeks to bar the use of a specific voting machine in the upcoming presidential primary. Hearings were to begin Tuesday in U.S. District Court in Philadelphia to determine whether the ExpressVote XL touchscreen tabulator violates a legal settlement that set higher standards for election security in Pennsylvania. Philadelphia, Northampton and Cumberland counties selected the XL as part of an election system update required of all Pa. counties by the end of 2019. The delay ordered by the judge leaves the counties in limbo. Officials from the counties and the Pa. Department of State say shelving the XL and shifting to different voting systems so close to the election would create chaos for voters. They say plaintiffs could and should have acted sooner — and U.S. District Judge Paul Diamond agreed with that point in the order issued Friday. A key issue in Diamond’s decision to delay the next hearing until Feb. 18 is the potential that one of the plaintiffs attorneys, Ilann Maazel, could be called as a witness by the DoS. If the state insists on calling Maazel, Diamond said he would remove the lawyer from the case. The delay, the judge said, is intended to give the plaintiffs time to prepare new counsel.Full Article: Federal judge delays voting machine case against Pa. Department of State | PA Post.
Pennsylvania: More new electronics for voting in Northampton County? Election officials hit pause. | Kurt Bresswein/Lehigh Valley Live
Northampton County officials are considering spending about a quarter of a million dollars on specially configured iPads to check in voters at the polls beginning with the 2020 primary election. County Executive Lamont McClure’s administration sprang the proposal on the county election commission during its quarterly meeting Thursday. Director of Administration Charles Dertinger was looking for a recommendation on the purchase to bring to county council, calling the timeline tight to get the new ePollbooks ordered and delivered. Commission Chairwoman Maudenia Hornik, elected by her colleagues to the leadership role at the start of the meeting, pushed back on having to make a decision immediately. She wants to do her own research on the options available, especially after the problems the county had with new touchscreen paper-ballot voting machines in November’s election. “We just made a huge purchase and we’ve got egg on our face,” Hornik said during Thursday’s meeting at the courthouse and government center in Easton. “I didn’t know we were voting tonight. … i just feel as if I don’t want to do this hastily.”Full Article: More new electronics for voting in Northampton County? Election officials hit pause. - lehighvalleylive.com.
Tennessee: New Shelby County election machinery debate heightens fraud claims on all sides | Bill Dries/The Daily Memphian
Shelby County Commissioner Michael Whaley may have framed the debate on a new voting system that is about to land at the county building. “It’s easy to probably find studies on either side of this,” he said Wednesday, Jan. 22, as commissioners prepared to debate a resolution coming up at the Monday, Jan. 27, commission meeting endorsing hand-marked paper ballots. They would replace the touchscreen machines used in Shelby County elections. The resolution by Commissioner Van Turner is part of a new push by critics of computer-based voting machines. Turner said his goal is to “build integrity into the system.” The committee discussion on a day when committee sessions ran long showed there are disagreements on the matter within the Shelby County Election Commission, the organization that has a request for proposal out now for a new voting system to be used at some point during the current election year.Full Article: New Shelby election machinery debate heightens fraud claims on all sides - The Daily Memphian.
Washington: Secretary of state questions online, mobile voting plan in King County race | David Gutman/The Seattle Times
Washington Secretary of State Kim Wyman expressed concerns Wednesday with newly announced plans to allow voters in one obscure King County election to vote online through mobile devices. The plan, which went into effect Wednesday, allows voters to cast ballots through a touch-screen device in the race for King Conservation District Board of Supervisors. That election, which is held annually for a volunteer position on a board with no regulatory power, has traditionally drawn voter turnout of only about 1%. Because of a quirk in state law, the conservation district has to hold its elections in the first three months of the year, so voting can’t piggyback on the primary or general election ballots in August or November. And, sending out paper ballots to all 1.2 million eligible voters in the district would eat up about a quarter of the small agency’s annual budget. So, they’re trying voting by mobile device, the first election in the country to offer that technology to every eligible voter. “Any time you connect a system online, it becomes vulnerable to attack,” said Wyman, a Republican, who oversees most of the state’s elections, but not those of conservation districts.Full Article: Secretary of state questions online, mobile voting plan in King County race | The Seattle Times.
… Four years ago, for an embarrassingly modest price, Russia pulled off one of the more audacious acts of election interference in modern history. The Internet Research Agency, the team of Kremlin-backed online propagandists, spent $15 million to $20 million and wreaked havoc on the psyche of the American voter, creating the impression that behind every Twitter avatar or Facebook profile was a Russian troll. Russian intelligence agents carried out the digital version of Watergate, infiltrating the Democratic Party and the Clinton campaign, stealing tens of thousands of emails, and weaponizing them in the days and weeks before the election. Russian-based hackers tested election websites in all 50 states for weak spots, like burglars casing a would-be target. “The Russians were testing whether our windows were open, rattling our doors to see whether they were locked, and found the windows and doors wide open,” says Sen. Mark Warner (D-Va.), the top Democrat on the Intelligence Committee. “The fact that they didn’t interject themselves more dramatically into our election was, I think, almost luck.”Full Article: 2020 Election Hackers Are Coming -- And We're Not Ready - Rolling Stone.
Tennessee: Local advocates push for paper ballots in Shelby County | Kirstin Garriss/Cox Media Group
Some voters and elected officials are pushing for a more secure voting machine system in Shelby County. The group known as SAVE or “Shelby Advocates for Valid Elections” want paper ballots for future elections. Members of SAVE said Chattanooga/ Hamilton County already uses this same hand marked paper ballot system. It’s similar to filling out a scan-tron like you do for the SAT. But Shelby County election officials said what works in a smaller county may not work here and the risk for error increases with this system. 2020 is a big election year and members of SAVE want to make sure voting is as secure as possible.Full Article: Local advocates push for paper ballots.
National: Acting DHS secretary says he expects Russia to attempt to interfere in 2020 elections | Maggie Miller/The Hill
Acting Homeland Security Secretary Chad Wolf said Friday that his agency “fully expects” Russia to attempt to interfere in U.S. elections in 2020. “As we saw in 2016, we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions,” Wolf said during an event hosted by the Homeland Security Experts Group in Washington, D.C. Wolf also highlighted cyber threats from China and Iran. According to the report compiled by former special counsel Robert Mueller and to findings by the U.S. intelligence community and the Senate Intelligence Committee, Russia launched a sweeping interference effort in the lead-up to the 2016 presidential election, using both hacking and disinformation tactics.Full Article: Acting DHS secretary says he expects Russia to attempt to interfere in 2020 elections | TheHill.
National: Amid hacking fears, key caucus states to use app for results | Ryan J. Foley and Christina A. Cassidy/Associated Press
Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches. Democratic Party activists in Iowa and Nevada will use programs downloaded to their personal phones to report the results of caucus gatherings to the state headquarters. That data will then be used to announce the unofficial winners. Paper records will later be used to certify the results. The party is moving ahead with the technology amid warnings that foreign hackers could target the 2020 presidential campaign to try to sow chaos and undermine American democracy. Party officials say they are cognizant of the threat and taking numerous security precautions. Any errors, they say, will be easily correctable because of backups.Full Article: Amid hacking fears, key caucus states to use app for results.
National: US election still vulnerable to attacks, despite security improvements | Cynthia Brumfield/CSO Online
Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact. Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements. A spokesperson for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) tells CSO that the agency has seen marked improvements in security over the past few years. “In our work with all 50 states and more than 2,400 local jurisdictions, we’ve seen a maturation in the risk management practices across the sector,” the spokesperson says. “Whether implementing controls like multifactor authentication and intrusion detection systems or exercising incident identification, communications, and response, the progress for election security is real.”Full Article: US election still vulnerable to attacks, despite security improvements | CSO Online.