National: Hackers Are Coming for the 2020 Election — And We’re Not Ready | Andy Kroll/Rolling Stone

… Four years ago, for an embarrassingly modest price, Russia pulled off one of the more audacious acts of election interference in modern history. The Internet Research Agency, the team of Kremlin-backed online propagandists, spent $15 million to $20 million and wreaked havoc on the psyche of the American voter, creating the impression that behind every Twitter avatar or Facebook profile was a Russian troll. Russian intelligence agents carried out the digital version of Watergate, infiltrating the Democratic Party and the Clinton campaign, stealing tens of thousands of emails, and weaponizing them in the days and weeks before the election. Russian-based hackers tested election websites in all 50 states for weak spots, like burglars casing a would-be target. “The Russians were testing whether our windows were open, rattling our doors to see whether they were locked, and found the windows and doors wide open,” says Sen. Mark Warner (D-Va.), the top Democrat on the Intelligence Committee. “The fact that they didn’t interject themselves more dramatically into our election was, I think, almost luck.”

Tennessee: Local advocates push for paper ballots in Shelby County | Kirstin Garriss/Cox Media Group

Some voters and elected officials are pushing for a more secure voting machine system in Shelby County. The group known as SAVE or “Shelby Advocates for Valid Elections” want paper ballots for future elections. Members of SAVE said Chattanooga/ Hamilton County already uses this same hand marked paper ballot system. It’s similar to filling out a scan-tron like you do for the SAT. But Shelby County election officials said what works in a smaller county may not work here and the risk for error increases with this system. 2020 is a big election year and members of SAVE want to make sure voting is as secure as possible.

National: Acting DHS secretary says he expects Russia to attempt to interfere in 2020 elections | Maggie Miller/The Hill

Acting Homeland Security Secretary Chad Wolf said Friday that his agency “fully expects” Russia to attempt to interfere in U.S. elections in 2020. “As we saw in 2016, we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions,” Wolf said during an event hosted by the Homeland Security Experts Group in Washington, D.C. Wolf also highlighted cyber threats from China and Iran. According to the report compiled by former special counsel Robert Mueller and to findings by the U.S. intelligence community and the Senate Intelligence Committee, Russia launched a sweeping interference effort in the lead-up to the 2016 presidential election, using both hacking and disinformation tactics.

National: Amid hacking fears, key caucus states to use app for results | Ryan J. Foley and Christina A. Cassidy/Associated Press

Two of the first three states to vote in the Democratic presidential race will use new mobile apps to gather results from thousands of caucus sites — technology intended to make counting easier but that raises concerns of hacking or glitches. Democratic Party activists in Iowa and Nevada will use programs downloaded to their personal phones to report the results of caucus gatherings to the state headquarters. That data will then be used to announce the unofficial winners. Paper records will later be used to certify the results. The party is moving ahead with the technology amid warnings that foreign hackers could target the 2020 presidential campaign to try to sow chaos and undermine American democracy. Party officials say they are cognizant of the threat and taking numerous security precautions. Any errors, they say, will be easily correctable because of backups.

National: US election still vulnerable to attacks, despite security improvements | Cynthia Brumfield/CSO Online

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact. Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements. A spokesperson for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) tells CSO that the agency has seen marked improvements in security over the past few years. “In our work with all 50 states and more than 2,400 local jurisdictions, we’ve seen a maturation in the risk management practices across the sector,” the spokesperson says. “Whether implementing controls like multifactor authentication and intrusion detection systems or exercising incident identification, communications, and response, the progress for election security is real.”

Editorials: Are we really listening to what MLK had to say? | Peniel Joseph/CNN

In 2020, the Martin Luther King Jr. holiday falls in a national election year, one that reminds us of the importance of voting rights, citizenship and political activism to the health of our democracy. King imagined America as a “beloved community” capable of defeating what he characterized as the triple threats of racism, militarism and materialism. The passage of the 1964 Civil Rights Act and 1965 Voting Rights Act, alongside the 1954 Brown Supreme Court decision, represents the crown jewels of the civil rights movement’s heroic period. Yet King quickly realized that policy transformations alone, including the right to vote, would be insufficient in realizing his goal of institutionalizing radical black citizenship toward the creation of the “beloved community.” King argued that justice was what love looked like in public. 2020 also marks the 55th anniversary of the passage of the Voting Rights Act, legislation that proved transformative for black citizenship, at least until the 2013 Shelby v. Holder Supreme Court decision that has helped enable the increase of voter suppression nationally. The most powerful way Americans can honor King now is through the pursuit of new national voting rights legislation that ends voter suppression and ID laws, allows prisoners to vote and automatically registers every 18-year-old citizen to vote.

Editorials: Connecticut needs to share election security test results | David Levine/Connecticut Post

As the 2016 presidential election demonstrates, U.S. election systems — from the voting machines themselves to internet-connected electronic pollbooks (e-pollbooks) — are vulnerable to cyberattacks, including from foreign governments seeking to undermine the integrity of our democracy. Connecticut recently found that e-pollbooks are not completely secure and could be vulnerable to cyberattacks that disenfranchise voters. Ahead of the 2020 presidential election, it is essential that Connecticut make these results widely known, so other state and local governments can take necessary precautions. Earlier this year, Connecticut Secretary of State Denise Merrill chose not to give funding she already had received for e-pollbooks to local jurisdictions after the University of Connecticut’s Center for Voting Technology Research (VoTeR Center) reviewed proposals from three vendors and found that none of them was sufficiently secure. This development is remarkable not only in light of the nationwide trend towards adopting e-pollbooks, but it also reflects a complete reversal by Merrill, who secured funding for the e-pollbooks in 2015 because she initially thought they would be more accurate and less work than paper pollbooks. Merrill is now concerned that election officials have acquired the technology too quickly and that there has not been a sufficient consideration of the risks and benefits of e-pollbooks.

Georgia: A Georgia election server was vulnerable to Shellshock and may have been hacked | Dan Goodin/Ars Technica

Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock, a critical flaw that gives attackers full control over vulnerable systems, a computer security expert said in a court filing on Thursday. Shellshock came to light in September 2014 and was immediately identified as one of the most severe vulnerabilities to be disclosed in years. The reasons: it (a) was easy to exploit, (b) gave attackers the ability to remotely run commands and code of their choice, and (c) opened most Linux and Unix systems to attack. As a result, the flaw received widespread news coverage for months. Despite the severity of the vulnerability, it remained unpatched for three months on a server operated by the Center for Election Systems at Kennesaw State University, the group that was responsible for programming Georgia election machines. The flaw wasn’t fixed until December 2, 2014, when an account with the username shellshock patched the critical vulnerability, the expert’s analysis of a forensic image shows. The shellshock account had been created only 19 minutes earlier. Before patching the vulnerability, the shellshock user deleted a file titled shellsh0ck. A little more than a half hour after patching, the shellshock user was disabled.

Iowa: Democrats revamped their caucuses to fend off disinformation. Now some fear the changes could sow new confusion in tight 2020 race. | Isaac Stanley-Becker/The Washington Post

When Democrats here went to bed on the night of their first-in-the-nation caucuses four years ago, the bitterly fought contest between Hillary Clinton and the insurgent Sen. Bernie Sanders was too close to call. So an abrupt predawn notice from the state party declaring Clinton the winner sent some into a fury. Shaky videos of coin tosses deciding delegates in Clinton’s favor spread on Twitter. Stories multiplied of confused caucus-goers, untrained volunteers and mathematical inconsistencies, all amid a wave of suspicion that the party was manipulating the process for Clinton’s benefit. “I never got a satisfactory explanation for how they arrived at their number,” said J. Pablo Silva, a historian at Grinnell College who wasn’t alerted when the state party transferred a delegate from Sanders to Clinton in the precinct in this small college town where he was serving as a caucus secretary. Now, as Iowa Democrats hurtle once again toward the opening faceoff of a hard-fought presidential primary cycle — with at least four candidates seemingly in contention to win Iowa’s Feb. 3 contest — some in the party fear that reforms put in place to prevent the disarray of 2016 may create an entirely new set of problems in 2020.

Iowa: Linn auditor’s complaint that voter registration vulnerable dismissed | Jason Clayworth/Des Moines Register

Linn County Auditor Joel Miller’s complaint that Iowa’s voting system is prone to hackers was dismissed Friday by a state commission without a public hearing on the allegations, an action Miller contends violates federal law. “We won’t rush to judgment on what to do next, but I think there is a good case to appeal because federal law is very clear that a hearing shall be heard and that didn’t happen,” Miller said. Miller in an August complaint filed with Iowa Secretary of State Paul Pate said Iowa’s voter registration system does not meet security safeguards mandated under the federal Help America Vote Act. He has declined to offer details about how the system could be hacked, citing confidentiality concerns. In its 2-to-1 vote Friday, Iowa’s Registration Commission approved a motion filed by the Iowa Attorney General’s Office to dismiss the complaint in part because of its lack of specifics.

Minnesota: New Primary System Brings Data-Sharing Concerns | Briana Bierschbach/Minneapolis Star Tribune

Sean Fahnhorst works behind the scenes for the state of Minnesota preparing the state budget based on the preferences of his boss — the governor. He likes his gig and wants to do similar work indefinitely, no matter who’s in charge. That’s why he’s hesitant to participate in the state’s new presidential primary election on March 3, which technically kicks off Friday with the start of early absentee voting. It’s the first primary in the state in nearly 30 years, a switch made after high turnout in 2016 bogged down the party-run caucus system with long lines and confusing rules that frustrated voters. Minnesota’s new presidential primary system, run and paid for by the state, is expected to be logistically smoother. But for many voters like Fahnhorst, there’s a big trade-off. The new system also records voters’ party preference and provides that data to the chairs of each major political party.

New Hampshire: Election security looms ahead of primary | Jake Lahut/Keene Sentinel

Amid ongoing efforts by foreign entities to influence American democracy, concerns have arisen nationwide about election security. At a 2018 “hackathon” in Florida, an 11-year-old was able to electronically break into a replica of the Sunshine State’s voter rolls in a matter of minutes, changing names and even election tallies. Legislation that would give states a total of $1 billion to require backup paper ballots in precincts nationwide — to be used alongside electronic machines to ensure an accurate recount if those machines are hacked — has been stalled in Washington by the Republican majority in the U.S. Senate. With each state using different election laws under the hyper-localized American system, the election security landscape remains complicated in the first general-election year since the Russian meddling efforts. An early test of voter confidence will come in the Granite State’s first-in-the-nation primary next month.

North Dakota: New electronic pollbooks set to go out to North Dakota counties | Jack Dura/Bismarck Tribune

raining sessions on new electronic pollbooks are planned throughout the next week and a half for North Dakota election officials. The new devices — 990 of them — will be distributed to North Dakota’s 53 counties for use at polling locations after being delivered to the state in February. Pollbooks are records of voters of a precinct. The devices, which resemble an iPad, will speed up what has been a paper process for most counties in checking voters and add an element of security, according to North Dakota Secretary of State Al Jaeger. “One of the things when it comes to election integrity is that once you come in and show your ID, that automatically goes back into our central voter file and so if you attempted to vote, let’s say, in Minot or drive up to Killdeer or some other place, they would know that you voted already,” Jaeger said Monday. North Dakota has no voter registration, but maintains a central voter file which is essentially a database of who has voted.

Editorials: Ballot images must be made public after all New York elections | New York Daily News

Honoring Dr. King’s legacy, state Senate Elections Committee Chairman Zellnor Myrie is introducing the New York Voting Rights Act to protect the franchise for citizens. He is also advancing welcome transparency with a bill requiring that the electronic images of the paper ballots be made public no later than a week after voting. This should have happened a decade ago with the arrival of computerized scanners. Those machines take a photo of each paper ballot and store it electronically. Having the images available allows anyone to examine the results, while keeping the original ballot secure. The state’s highest court made of botch of it with a terrible ruling last spring that locked away the images. Myrie’s bill sets it straight.

Pennsylvania: Cumberland County receives ExpressVote XLs as two courts continue to litigate their eligibility | Zack Hoopes/The Sentinel

Cumberland County received some of its new voting machines this week, the same machines that are the subject of state and federal lawsuits and that experienced mistabulations in Northampton County in the last election. Cumberland and Northampton counties, along with Philadelphia, are in limbo regarding the current or future use of the ExpressVote XL, a product of Election Systems and Software. Cumberland County received the first shipments of its 400-machine order this week, according to Bethany Salzarulo, director of the county’s elections bureau. Salzarulo said she and her staff were aware of the Northampton issues, which officials there blamed on ES&S not adequately communicating the necessary testing procedures to elections staff. Proper testing would have caught the errors well before election day, Salzarulo said, something Cumberland County staff is prepared to do regardless of ES&S.

Tennessee: Hand-marked paper ballots for elections get new push in Shelby County | Bill Dries/The Daily Memphian

Shelby County Commissioner Reginald Milton says when commissioners discuss a new voting system next week for local elections, he will advocate for hand-marked paper ballots to replace the touch-screen machines used in Shelby County elections. Milton recalls his first bid for elected office ended with a loss by 26 votes. While he didn’t seek to overturn the results in Chancery Court, Milton is among a lot of candidates in close races who want to see some data before they decide if it is worth it to go to court. “That took an entire month to resolve that issue. That was unnecessary,” he said. “It could have been done instantly.” The county has already allocated $2.5 million in funding for a new voting system the election commission hopes to debut this election year. Milton specifically favors printed ballots voters mark by hand that are then run through an optical scanner. The scanner results and the marked ballots, he and other advocates contend, offer two ways of verifying results.

West Virginia: Mobile absentee voting proposed for people with disabilities | Steven Allen Adams/News and Sentinel

A mobile phone app used by deployed military service members to vote overseas could be the answer for helping people with disabilities and the blind to vote absentee, though concerns were raised Monday about potential hacking. Senate Bill 94 was introduced Jan. 8 by Senate Judiciary Committee Chairman Charles Trump, R-Morgan, at the request of Secretary of State Mac Warner. The bill would provide West Virginians with physical disabilities the ability to vote by an electronic absentee ballot. The bill easily made it through the state Senate eight days later, passing unanimously Jan. 15 as the first bill to cross over from the Senate to the House of Delegates. The House Judiciary Committee took up the bill Monday morning and was still talking about the bill Monday afternoon. The bill was recommended for passage and will be sent to the full House.