National: Voting machines touted as secure option are actually vulnerable to hacking, study finds | Joseph Marks/The Washington Post

New voting machines that hundreds of districts will use for the first time in 2020 don’t have enough safeguards against hacking by Russia and other U.S. adversaries, according to a study out this morning from researchers at the University of Michigan. The study marks the first major independent review of the machines called ballot-marking devices, or BMDs, which at least 18 percent of the country’s districts will use as their default voting machines in November. The results are a major blow for voting machine companies and election officials, who have touted BMDs as a secure option in the wake of Russia’s 2016 efforts to compromise U.S. election infrastructure. “The implication of our study is that it’s extremely unsafe [to use BMDs], especially in close elections,” Alex Halderman, a University of Michigan computer science professor and one of seven authors of the study, said in an interview. People who use BMDs cast their votes using a computer touch screen, but the machine spits out a paper record of those votes. That is usually used to tally the results and can be saved for audits that ensure votes were tallied correctly. The machines were touted by election officials as a compromise between paperless voting machines, which experts uniformly agree are far too vulnerable to hacking, and hand-marked paper ballots, which serious cybersecurity hawks favor but which can be tougher to tally and are inaccessible for many people with disabilities. But only a handful of people who vote on BMDs are likely to check that their votes were recorded accurately, the researchers found – meaning that if hackers succeed in altering even a small percentage of electronic votes, they might be able to change the outcome of a close election without being detected.

National: Voting machine vendors to testify on election security | Maggie Miller/The Hill

The CEOs of the three biggest U.S. voting equipment manufacturers will testify before the House Administration Committee on Thursday, marking the first election security hearing of 2020. The hearing, which is to be focused on the status of election security, will represent the first time that top executives from the three companies have testified together before Congress. The presidents and CEOs of Dominion Voting Systems, Hart InterCivic and Election Systems and Software (ES&S) are all scheduled to appear. These three companies are estimated to control more  90 percent of the voting equipment market in the U.S., according to a report put out by the University of Pennsylvania’s Wharton Public Policy Initiative. All three have come under scrutiny from Washington in the wake of Russia’s interference in the 2016 presidential race. The Senate Intelligence Committee in volume one of its investigation into Russia’s actions expressed concerns for the security of voting machines. It voiced particular concerns with “direct-recording electronic” machines, which do not print out a paper copy of a voter’s vote.

National: New voting machines’ top security challenge? The voters, researchers say | Bill Theobald/The Fulcrum

Let’s get something straight about the security and reliability of elections: No matter how a voting system is designed, something could go wrong — either accidentally or on purpose. That is important to keep in mind in considering a report, released Wednesday, criticizing a type of voting machine that’s been purchased by jurisdictions all across the country in the past few years in the name of improved security. The study, led by computer science graduate students at the University of Michigan, found that most people who participated in a mock election using ballot-marking devices, known as BMDs, failed to notice errors that had been introduced on the paper ballots that were generated and then used for casting votes. The problem, in other words, was with the attentiveness of the citizens but not the reliability of the hardware. Nonetheless, the Michigan researchers are touting their findings as evidence that BMDs don’t provide sufficient safeguards against hacking by the Russians or other adversaries out to disrupt democracy in the November presidential election.

National: New “secure” voting machines are still vulnerable—because of voters | Patrick Howell O’Neill/MIT Technology Review

A new study of voting machines is spotlighting the “serious risk” that election results can be manipulated because most voters do not check that their ballot is correct, according to new research. Ballot-marking devices, or BMDs, combine physical and digital voting methods in a single machine. A voter selects a candidate on a computer screen, and the machine then prints out a paper ballot for review. The goal is to provide both ease of voting and a physical audit trail that hackers can’t readily change, and the Washington Post reports that ballot-marking devices are used by at least 18% of the country’s electoral districts. But the new study from the University of Michigan suggests that if a voting machine is compromised, people are not likely to realize it, because so few of them check that their printout is correct. And even the rare voters who do check the paper version almost never catch errors when they’ve been made. The research raises questions about hackable computers and post-election audits—two major issues in election cybersecurity—just weeks before the first US primary votes are cast in Iowa on February 3. “Inserting a hackable computer in between the voter and the recording of intent poses big issues,” says Eddie Perez, a former election industry executive with Hart InterCivic for 16 years. “If we don’t know if voters actually look at the the paper and accurately confirm their intent, the strength of audit is weakened.”

National: Why the 2020 US presidential election is still vulnerable to foreign interference | Armen Najarian/Help Net Security

With the international political situation becoming increasingly fraught and divisive, it is hard to ignore the shadow of foreign interference looming over electoral proceedings around the world. Not only are the US elections arguably some of the most influential on the global stage, but the infamous cyber attack on Clinton campaign manager John Podesta during the 2016 presidential elections was a watershed moment. The attack, which used email-based social engineering techniques to breach Podesta’s email account and leak thousands of emails, marked a move towards more overt and hostile cyber activity in the political arena. The threat of foreign interference takes many forms, from the more subtle use of fake news and online trolls to confuse and frustrate the political discourse, to direct attacks on vulnerable voting infrastructure and to disrupt or breach political parties and individuals. Four years on from the Podesta hack, email remains one of the most prominent weapons in the cyber attacker’s arsenal – and worryingly, the majority of political parties and candidates are still extremely vulnerable to email attacks.

National: Facebook Bans Deepfakes but Permits Some Altered Content | Betsy Morris/Wall Street Journal

Facebook Inc. is banning videos that have been manipulated using advanced tools, though it won’t remove most doctored content, as the social-media giant tries to combat disinformation without stifling speech. But as with many efforts by social-media companies to address content on their sites that is widely seen as problematic, Facebook’s move swiftly drew criticism for not going far enough and having too many loopholes. The policy unveiled Monday by Monika Bickert, Facebook’s vice president for global policy management, is the company’s most concrete step to fight the spread of so-called deepfakes on its platform. Deepfakes are images or videos that have been manipulated through the use of sophisticated machine-learning algorithms, making it nearly impossible to differentiate between what is real and what isn’t. “While these videos are still rare on the internet, they present a significant challenge for our industry and society as their use increases,” Ms. Bickert said in a blog post. Facebook said it would remove or label misleading videos that had been edited or manipulated in ways that would not be apparent to the average person. That would include removing videos in which artificial intelligence tools are used to change statements made by the subject of the video or replacing or superimposing content.

National: The 2020 election will be the country’s biggest cybersecurity test ever | Joseph Marks/The Washington Post

What will be the biggest cybersecurity story of the year? You hardly have to ask. The 2020 election probably is the most anticipated event in U.S. history when it comes to digital security. Russia’s hacking and disinformation campaign to interfere in the last presidential election shook the nation’s confidence in the U.S. democratic process and rocketed cybersecurity into the mainstream of Washington’s political life. Top questions now are not just when but how Russia will try to interfere in the approaching presidential election and whether it will be emboldened by the fact it has yet to face any significant consequences — and, of course, whether other U.S. adversaries will jump into the fray. “Nobody has really punished them for it and the reality is our adversaries are constantly pushing the envelope,” John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye, told me. “They see what they can get away with and then they push the envelope again.” If the election concludes without a security disaster that compromises the results or undermines public confidence in them, that will be a victory for solid planning, education and more than $900 million spent on digital election defense since 2016. If it’s disrupted, however, it will be a drastic blow to faith in democracy and to the idea the United States can set any red lines in cyberspace that our adversaries won’t cross.

Editorials: Facing the primary attack on democracy | Emily Frye & Philip Reitinger/The Hill

Democracy is under attack — and our federal, state, and local elections are the front lines. Both technical attacks and disinformation campaigns designed to undermine election legitimacy are being deployed on a daily basis to threaten the basic tenets of American society. The Justice Department’s special counsel recently concluded that “there were multiple, systematic efforts to interfere in our elections. And that allegation deserves the attention of every American.” A government “of the people, by the people, and for the people” is possible only if the will of the people is known. We must be able to trust the results of our elections. Without that trust, governments appear illegitimate. The next presidential election is less than a year away, but our nation’s elections infrastructure has far less time to prepare to preserve the basic principles of democracy.

Georgia: Augusta University and Cyber Center partner with State on election security | Tom Corwin/The Augusta Chronicle

Georgia election officials are turning to Augusta experts for help in ensuring election integrity this year. Georgia Secretary of State Brad Raffensperger announced Wednesday that his office will partner with the Georgia Cyber Center and Augusta University School of Computer and Cyber Sciences to ensure Georgia’s new electronic voting systems are secure. “This is exciting,” said Dr. Alex Schwarzmann, dean of the School of Computer and Cyber Sciences. “Georgia is moving absolutely in the right direction.” Before coming to Augusta, Schwarzmann was part of a similar partnership in Connecticut between the secretary of state and the University of Connecticut. He said there were not more than 20 states that have created such a proactive arrangement with an independent technology agency to ensure electronic election systems stay secure.

Georgia: Secretary of State Issues Warning for Cyberattacks | The Albany Herald

Georgia Secretary of State Brad Raffensperger announced Monday that he is instructing elections officials for the state and individual counties to be on heightened diligence against possible cybersecurity attacks following a warning issued by the U.S. Department of Homeland Security. “Nothing is more important than the security and integrity of elections,” Raffensperger said. “The state’s election system uses the most advanced protections against cyberattacks and draws on the advice and best practices of national experts. While no specific threat has been identified, this latest warning serves as a reminder that we can never lower our guard.” The Multi State Information Sharing and Analysis Center and the Department of Homeland Security have notified the Georgia office of the Secretary of State “that Iran is highly likely to retaliate” against the United States and its interests following the airstrikes early Friday, killing a prominent Iranian military official. “We are continually improving and enhancing our cyber security,” responded Raffensperger. “Our goal is both prevention and resiliency in our infrastructure and systems.”

Texas: Electronic pollbook problems cost Dallas County taxpayers an additional $6 million | Lori Brown/KDFW

FOX 4 has discovered Dallas County spent millions of dollars on polling equipment that doesn’t work securely with its voting machines. Millions more will need to be shelled out to fix the problem by the March primary election. Dallas County bought the new equipment in order to have new voting centers so voters can vote anywhere in the county on Election Day. But it turns out $6 million were wasted on poll books made by one company that can’t securely function with voting machines made by a different company. It turns out Dallas County Commissioner J.J. Koch says new equipment unveiled in the November 2019 election could have been vulnerable to hackers. “We purchased something entirely too quickly, and it ended up costing taxpayers now additional millions of dollars,” he said. “Largely because of security features. In fact, we had an unsecure election.”

Texas: Governor warns of possible cyber attacks amid conflict with Iran | Allie Morris/HoustonChronicle.com

Republican Gov. Greg Abbott is warning of potential cyberattacks on state agencies as a result of the conflict between Iran and the U.S. In the past 48 hours, Abbott said Texas officials have identified Iran as the origin of as many as 10,000 attempted attacks per minute on state computers and networks. After a roundtable with law enforcement officials on Tuesday, Abbott said there are some concerns about the attempted hacks, but that state officials have no credible information about immediate threats to the state or Texas residents. A federal website and a state website that isn’t monitored by the Texas Department of Information Resources might have been defaced by someone with pro-Iranian sentiments, the agency’s executive director Amanda Crawford told reporters after the roundtable. But she declined to name the affected sites and said the department is still gathering information. Abbott is warning local governments to be especially vigilant.

Taiwan: Why the world must pay attention to the fight against disinformation and fake news in Taiwan | Catherine Shu/TechCrunch

On Saturday, Taiwan will hold its presidential election. This year, the outcome is even more important than usual because it will signal what direction the country’s people want its relationship with China, which claims Taiwan as its territory, to move in. Also crucial are efforts against fake news. Taiwan has one of the worst disinformation problems in the world and how it is handled is an important case study for other countries. Yesterday, Twitter said in a blog post that it has held trainings for the two main political parties in Taiwan, the Democratic Progressive Party (DPP) and the Kuomintang (KMT), and Taiwan’s Central Election Commission, in addition to setting up a portal for feedback during the election. Late last month, the state-owned Central News Agency reported that Facebook will set up a “war room” to counteract disinformation before the election, echoing its efforts in other countries (the company previously established a regional elections center at its Asia-Pacific headquarters in Singapore).