Tennessee: Hand-marked paper ballots for elections get new push in Shelby County | Bill Dries/The Daily Memphian

Shelby County Commissioner Reginald Milton says when commissioners discuss a new voting system next week for local elections, he will advocate for hand-marked paper ballots to replace the touch-screen machines used in Shelby County elections. Milton recalls his first bid for elected office ended with a loss by 26 votes. While he didn’t seek to overturn the results in Chancery Court, Milton is among a lot of candidates in close races who want to see some data before they decide if it is worth it to go to court. “That took an entire month to resolve that issue. That was unnecessary,” he said. “It could have been done instantly.” The county has already allocated $2.5 million in funding for a new voting system the election commission hopes to debut this election year. Milton specifically favors printed ballots voters mark by hand that are then run through an optical scanner. The scanner results and the marked ballots, he and other advocates contend, offer two ways of verifying results.

West Virginia: Mobile absentee voting proposed for people with disabilities | Steven Allen Adams/News and Sentinel

A mobile phone app used by deployed military service members to vote overseas could be the answer for helping people with disabilities and the blind to vote absentee, though concerns were raised Monday about potential hacking. Senate Bill 94 was introduced Jan. 8 by Senate Judiciary Committee Chairman Charles Trump, R-Morgan, at the request of Secretary of State Mac Warner. The bill would provide West Virginians with physical disabilities the ability to vote by an electronic absentee ballot. The bill easily made it through the state Senate eight days later, passing unanimously Jan. 15 as the first bill to cross over from the Senate to the House of Delegates. The House Judiciary Committee took up the bill Monday morning and was still talking about the bill Monday afternoon. The bill was recommended for passage and will be sent to the full House.

California: Los Angeles County’s New Voting System Is Still Uncertified. Why Election Security Experts Are Worried | Libby Denkman/LAist

Los Angeles County is moving full steam ahead with plans to use its new election equipment for the first time in the upcoming presidential primary. The system, which includes high-tech “ballot marking devices,” has the potential to revolutionize the election industry, creating a transparent and fully accessible way to vote. But for all its innovations, some experts in the voting security community worry it’s not ready for prime time. For starters, the state has yet to sign off on the new technology — and it’s coming down to the wire: In-person voting begins in six weeks, on Feb. 22.

Certification testing has uncovered:

  • Dozens of critical user interface and security problems, according to recent published reports and conversations with experts.
  • The Secretary of State found vulnerabilities that left the door open to bad actors changing voting data and, ultimately, the outcome of an election.
  • Testers could also access and alter electronic records and get into physical ballot boxes — all without detection.

Some candidates for local offices are so disturbed by how ballots appear on the machines that cities like Beverly Hills are exploring lawsuits. But Dean Logan, the Los Angeles County Registrar Recorder, says his office has worked hard to address and mitigate all concerns. The issues with the actual voting system come at the same time L.A. County is fundamentally changing not just how but where people vote. Many observers are concerned that shift in voting location alone will lead to widespread confusion.

National: FBI will now notify state election officials when any part of their election systems is hacked | Ken Dilanian/NBC

The FBI will now notify state election officials about cyber breaches to election systems in their jurisdictions, even those that only affect a single county, FBI and Justice Department officials said Thursday. The change stems from a belief that the “traditional policy did not work in the election context,” an FBI official told reporters in a background call. Typically, the FBI notifies only the victim of a cyber intrusion. When it comes to election systems, the victim is often a county. But if the FBI only notifies local officials, “it may leave the state officials with incomplete knowledge of the threats,” the official said. The policy shift comes after a 2018 episode in Florida in which Democratic Sen. Bill Nelson said he had been told that Russian hackers gained access to some voting systems in his state, only to be accused of making that up by then-Gov. Rick Scott, the Republican running to unseat Nelson in that year’s election. Scott said state officials had not been notified of any such breach.

National: Security vulnerabilities in voting machines show America still isn’t ready for the 2020 election | Alexandra Ossola/Quartz

Though researchers discovered a fundamental security flaw in voting machines months ago, the company behind the machines may still be advertising them to states in a way that allows the vulnerability to persist, according to a letter sent to the US Election Assistance Commission and reported by NBC News. In Aug 2019, a team of independent security experts found that, contrary to popular belief, many digital voting machines were connected to the internet, sometimes for months on end, Motherboard reported. This, the experts feared, could give hackers a window through which to manipulate votes. The company that makes the machines that the researchers found to be flawed is called Election Systems & Software (ES&S) (company officials disputed this characterization of its systems). About 70 million Americans’ votes are counted using one of ES&S’ machines, which make up about half of the election equipment market, according to ProPublica. ES&S markets its machines to include an optional modem, which can connect them to the internet. Modems allow election officials to get quick preliminary results, and also help ES&S maintain the machines.

National: Cloudflare is giving away its security tools to US political campaigns | Zack Whittaker/TechCrunch

Network security giant Cloudflare said it will provide its security tools and services to U.S. political campaigns for free, as part of its efforts to secure upcoming elections against cyberattacks and election interference. The company said its new Cloudflare for Campaigns offering will include distributed denial-of-service attack mitigation, load balancing for campaign websites, a website firewall and anti-bot protections. It’s an expansion of the company’s security offering for journalists, civil rights activists and humanitarian groups under its Project Galileo, which aims to protect against disruptive cyberattacks. The project later expanded to smaller state and local government sites in 2018, with an aim of protecting from attacks servers containing voter registration data and other election infrastructure.

National: Schiff schedules public hearing with US intel chief  | Rebecca Klar/The Hill

House Intelligence Committee Chairman Adam Schiff (D-Calif.) has called on the acting Director of National Intelligence (DNI) to testify at a public hearing next month over security threats facing the U.S. and its allies. The invitation seeking testimony from acting DNI Joseph Maguire comes amid reports that intelligence officials are trying to persuade Congress from dropping the public portion of the annual Worldwide Threat hearing after backlash from President Trump last year. Schiff sent a letter Thursday inviting Maguire to testify at a public hearing before the Intelligence Committee on Feb. 12, followed by a closed hearing for the panel later the same day. Schiff said the committee will inquire about unclassified assessments regarding threats to the nation during the public hearing. He added that the committee “expects” Maguire and intelligence officials to “delve further into classified details about these threats” in the classified portion.

California: Cities worried about new Los Angeles County voting system | Ian Bradley/The Acorn

In the March election Los Angeles County will launch a new method of computerized voting to replace the system that citizens have used for more than 50 years, but some officials are saying the new method has shortcomings and isn’t fair to all candidates on the ballot. The Los Angeles County registrar began rolling out the new program, Voting Solutions for All People, last year. The program replaces paper-and-pen ballots with a new digital interface that voters will use to make their selections. County officials say the change will make voting easy, accurate and fast. But critics say the system gives unfair advantage to certain candidates because only four names are displayed on the first page of a given race unless a “MORE” button is hit and a second screen loads up with the remaining candidates. Several cities are concerned about the on-screen layout issue including Beverly Hills and Calabasas. Both sent letters to the county voicing their objections. Calabasas City Councilmember James Bozajian said the problem is that in local races where victory can be decided by a handful of votes, a litigious candidate could argue that not being on the first screen kept them from winning.

Georgia: Expert: Georgia election server showed signs of tampering | Frank Bajak/Associated Press

A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked. The server was left exposed to the open internet for at least six months, a problem the same expert discovered in August 2016. It was subsequently wiped clean in mid-2017 with no notice, just days after election integrity activists filed a lawsuit seeking an overhaul of what they called the state’s unreliable and negligently run election system. In late December 2019, the plaintiffs were finally able to obtain a copy of the server’s contents that the FBI made in March 2017 and retained — after the state allegedly dragged its feet in securing the image. State officials have said they’ve seen no evidence that any election-related data was compromised. But they also long refused to submit the server image for an independent examination. Logan Lamb, a security expert for the plaintiffs, said in an affidavit filed in Atlanta federal court on Thursday that he found evidence suggesting the server was compromised in December 2014. Lamb said the evidence suggests an attacker exploited a bug that provided full control of the server. Lamb also said he determined that computer logs — which would have been critical to understanding what might have been altered on or stolen from the server — only go back to Nov. 10, 2016 — two days after Donald Trump was elected U.S. president. Two years later, Brian Kemp won the Georgia governor’s race by a narrow margin over Democrat Stacey Abrams.

Georgia: State’s Election Systems Feared at Risk in 2020 Vote | Kartikay Mehrotra/Bloomberg

The state of Georgia’s new voting system may be at risk of a cyber-attack leading up to the 2020 election because the state failed to eradicate malware that exposed sensitive data six years ago, a cybersecurity expert said as part of a lawsuit against the state. A server central to Georgia’s election system was infiltrated and taken over by a hacker in 2014, according to Logan Lamb, a cybersecurity expert who is part of a lawsuit between voting integrity advocates and the state over the election system. The server was wiped and taken offline in 2017, but the contract between Georgia and its new vendor, Dominion Voting Systems, indicates old data was “imported” into the new system. That old data could carry remnants of the “Shellshock” malware used to attack the state in 2014, according to filings in the lawsuit. Shellshock allowed unauthorized users to access sensitive layers of a network. “Because this compromised server is inextricably connected to Georgia’s voting systems past and present, it is unreasonable to assume that the new election system … is not already potentially compromised,” according to documents filed Thursday by the nonprofit Coalition for Good Governance. The group has filed its suit to block the state from destroying their old voting system records.

Iowa: Caucus results will be compiled over the internet, hacking threat aside | The Fulcrum

The first votes of the presidential election will be tabulated after the Iowa caucuses next month using the sort of internet-connected system that worries election security experts. They say preventing the sort of interference that sullied the 2016 election should be more of a priority than speed in compiling the returns. But the Iowa Democratic Party plans to deploy a smartphone app to officials running the caucuses across the state for use in calculating and transmitting the results the night of Feb. 3. Putting such vote totals into cyberspace makes them readily vulnerable to nefarious hacking. Party leaders say they are aware of the potential problems but believe their system will repel them. If that doesn’t happen, the opening round of the intense contest for the Democratic nomination will be condemned to global ridicule.

Iowa: New rules could muddle results of Iowa caucuses | Stephen Ohlemacher/Associated Press

For the first time, the Iowa Democratic Party will report three sets of results from the party’s presidential caucuses. And there is no guarantee that all three will show the same winner. Each set of results represents a different stage of the caucus. The new rules for the Feb. 3 contest were mandated by the Democratic National Committee in a bid to make the process more transparent. In the past, Iowa Democrats reported only one set of results: the number of state convention delegates won by each candidate through the caucus process. Democrats choose their party’s eventual White House nominee based on national convention delegates, and the state delegates are used to determine those totals in Iowa. The Associated Press will declare a winner in Iowa based on the number of state delegates each candidate wins. The AP will also report all three results.

New York: Advocates, lawmakers warn against ExpressVote XL voting machines | Annie McDonough/CSNY

One of the first items on state legislators’ agendas at the start of session last year was approving election reforms, like allowing early voting. But as session kicks off in Albany this year, some lawmakers – along with good government group Common Cause New York – rallied against a different kind of election modernization: new touch-screen voting machines. The ExpressVote XL machines, made by the voting machine company ES&S, were demonstrated on Tuesday in Albany as part of the Board of Elections’ certification process, but advocates and lawmakers – including Assemblyman Ron Kim and New York City Public Advocate Jumaane Williams – asked the BOE to think twice before certifying them, saying the touch-screen machines are prone to malfunctioning. In Pennsylvania, where the machines are in use, there have been problems with flawed screens and, in one instance, votes for a particular candidate were undercounted by tens of thousands. Advocates added that the machines are prone to cyberattacks as well.

Washington: Secretary Of State Pushes ‘Election Security’ Bill | Associated Press

Washington Secretary of State Kim Wyman is seeking $1.8 million in state money for security in county election offices that would make Washington eligible for another $8.6 million in matching federal funds. The Seattle Times reports that the budget request is part of an election security proposal Wyman, a Republican, unveiled Wednesday. The bill also provides stricter penalties and restrictions surrounding the collection of ballots — which are mailed to each of the state’s nearly 4.5 million voters — and provides more thorough post-election audits for race recounts. It also would eliminate online ballots for military and overseas voters, to reduce the risk of potential malware coming into elections offices.

Ukraine: Interior Ministry asks FBI to help probe suspected Russian hack of Burisma | Ilya Zhegulev/Reuters

Authorites in Ukraine have asked the top law enforcement agency of the United States for help investigating the suspected cyberattack by Russian military hackers on Burisma Holdings, an energy company caught up in the impeachment of US President Donald Trump. The Ukrainian interior ministry on Thursday also announced an investigation into the possible illegal surveillance of the then American ambassador to Kyiv, Marie Yovanovitch, following the release of  messages this week by the US Congress as part of the impeachment case. Burisma was at the center of attempts by Trump last July to persuade Ukraine to announce an investigation into Hunter Biden, who is the son of Democratic US presidential contender Joe Biden and used to have a seat on the Ukrainian company’s board.

National: Internet voting Is happening now and it could destroy our elections | Rachel Goodman and J. Alex Halderman/Slate

Russian hackers will try to disrupt American voting systems during the 2020 election cycle, as they did in 2016. This time, they’ll be joined by hackers from all over the world, including some within the United States. What unites them all is an eagerness to undermine free and fair elections, the most basic mechanism of American democracy. There are some hard questions about what to do about all this, but one piece is surprisingly straightforward: We need to keep voting systems as far away from the internet as possible. There’s a growing and clear consensus on this point. Federal guidelines for new voting machines might soon prohibit voting systems from connecting to the internet and even using Bluetooth. At the same time, though, voter turnout in this country remains abysmal. Allowing people to vote on their phones seems intuitively like it could help, especially for young people who vote at especially low rates. It could also be helpful for some military and overseas voters, as well as some voters with disabilities, who face challenges getting a physical ballot cast, returned, and counted. So why not try it? Well, put mildly, security vulnerabilities introduced by internet voting could destroy elections.

National: U.S. election security czar says attempts to hack the 2020 election will be more sophisticated | Ken Dilanian/NBC

The U.S. government is geared up as never before to combat foreign election interference, but there are limits to what American intelligence agencies can do, even as determined adversaries build on their 2016 playbook, the nation’s election security czar said Tuesday. In prepared remarks before an elections group, and in an exclusive interview afterward with NBC News, Shelby Pierson, the election security threats executive at the Office of the Director of National Intelligence, said a number of adversaries may be poised to attempt election interference. “The threats as we go into 2020 are more sophisticated,” she said. “This is not a Russia-only problem. Russia, China, Iran, North Korea, non-state hacktivists all have opportunity, means and potentially motive to come after the United States in the 2020 election to accomplish their goals.” Pierson spoke at an election summit sponsored by the U.S. Election Assistance Commission, an independent, bipartisan agency that certifies voting systems and serves as a national clearinghouse of information on election administration.

National: State election officials will get fresh intelligence briefing after Iran tensions | Sean Lyngaas/CyberScoop

In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover the full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “As our adversaries look to the political climate … it wouldn’t surprise me at all that this is part of the calculus,” she added.

National: Democrats sound election security alarm after Russia’s Burisma hack | Maggie Miller/The Hill

Congressional Democrats are raising fresh concerns about 2020 election security following a report this week that Russian military officers hacked Burisma Holdings, the Ukrainian gas company at the center of President Trump’s impeachment. Several Democratic lawmakers are viewing the incident, reported by The New York Times on Monday night, as the first major sign that Moscow is gearing up for a repeat of its 2016 election interference. They cited what they call similarities between the Burisma attack and the Democratic National Committee hack four years ago. Sen. Gary Peters (Mich.), the top Democrat on the Senate Homeland Security Committee, said the hack confirmed that Russia will be back to interfere in U.S. elections this year. “The Russians are actively engaged in hacking all sorts of sites and businesses, and I am sure there was a political motivation behind it. We know the Russians are going to be actively involved in trying to cause problems in the 2020 election, and this is just a further confirmation of their active involvement in American politics,” Peters told The Hill.

National: Paperless voting machines pose risk to US’s election infrastructure | Ash-har Quraishi/Scripps Media

Could foreign parts in voting machines be putting the U.S. election at risk for hacking? It’s a question that lawmakers have been exploring as they seek answers from top bosses at three major voting manufacturers. Tom Burt, the President and CEO OF Election Systems & Software, appeared confident as he testified before the House Administration Committee last week. “We’ve seen no evidence that our voting systems have been tampered with in any way,” said Burt. The companies that make vote tabulation systems say they welcome federal oversight of election infrastructure and need help securing their supply chains, especially for voting machine parts made in foreign countries. “Several of those components, to our knowledge, there is no option for manufacturing those in the United States,” explained Dominion Voting Systems CEO John Poulos. Cyber and national security experts say antiquated and paperless voting machines pose the most significant risk to the U.S.’s election infrastructure.

National: Election officials are watching how their states respond to cyberattacks | Benjamin Freed/StateScoop

State election officials said Tuesday that they’ve been watching how their state governments have responded to incidents like ransomware attacks as lessons on what they would do if the voter registration databases, vote-total reporting systems and other components of election infrastructure that they manage were targeted. Though the ransomware incidents that have spread through state and local governments across the United States have largely spared election systems from the worst, debilitating effects, the Department of Homeland Security last year said that local officials could be targeted by viruses that lock them out of voter rolls unless they pay a financial demand. And at a conference in Washington hosted by the Election Assistance Commission, state officials said they are paying attention to ransomware wave.

National: Millions of Americans have been purged from voter rolls – and may not even realize it | Natasha Bach/Fortune

Millions of Americans have been purged from the voter rolls in recent years, as state governments seek to remove the names of individuals who have died, relocated, or have otherwise become ineligible to vote. But such purges have been widely criticized due to instances in which states have relied on bad information, unregistering eligible voters who are often unaware until they attempt to cast their ballots on Election Day. “The most important thing people get wrong is they forget that purges are a necessary and important part of administering our elections,” Myrna Pérez, director of the Brennan Center’s Voting Rights and Elections Program, told Fortune. “We all benefit when our rolls are clean, and sometimes we forget that purges—when done properly—are a good thing.” But large-scale systematic purges that remove hundreds of thousands of names at a time are more likely to round up individuals who should not be removed from the rolls.

California: Beverly Hills City Council Might Sue Over Los Angeles County’s New Voting Machine Design | Libby Denkman/LAist

The Beverly Hills City Council has voted to move ahead with a possible lawsuit against election officials responsible for the new Los Angeles County voting equipment which will debut in the March 3 primary. The new machines are digital, and there are concerns that voters will vote without seeing all the candidates. Already there are huge changes in store for Angelenos voting in-person when vote centers start opening Feb. 22 — from where and when to vote to a new, high-tech way to cast a ballot. Electronic ballot marking devices developed by Los Angeles County will be the default option in all 1,000 new vote centers, replacing the familiar old InkaVote System. The new devices include touch screens to mark voter selections, which are then printed onto a paper ballot that will be collected and tallied by election officials. Now, with voting fast approaching, local governments and campaigns are familiarizing themselves with the new system. And many don’t like what they see.

Verified Voting Blog: Verified Voting Comments on proposed amendments to Georgia State Election Board rules

Download as PDF Verified Voting welcomes the opportunity to comment on the proposed amendments to Georgia’s State Election Board rules published on December 19, 2019. These amendments are wide-ranging, and we recognize that substantial work has gone into drafting them. Our comments focus on certain aspects especially relevant to cybersecurity and election verification. We substantially…

Iowa: Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App | Kate Payne, Miles Parks/NPR

Iowa’s Democratic Party plans to use a new internet-connected smartphone app to help calculate and transmit results during the state’s caucuses next month, Iowa Public Radio and NPR have confirmed. Party leaders say they decided to opt for that strategy fully aware of three years’ worth of warnings about Russia’s attack on the 2016 election, in which cyberattacks played a central role. Iowa’s complicated caucus process is set to take place Feb. 3 in gymnasiums, churches, rec centers, and other meeting places across the state. As opposed to a primary in which voters cast ballots in the same way they would for a general election, Iowa’s caucuses are social affairs; caucus-goers gather in person and pledge their support for a candidate by physically “standing in their corner” in designated parts of a room.

Kansas: State won’t be ready to implement vote center law for 2020 elections | Tim Carpenter /The Topeka Capital-Journal

Secretary of State Scott Schwab predicted Tuesday regulations necessary to implement a state law allowing Kansans to vote at the polling station of their choice won’t be completed in time for the August or November elections in 2020. Schwab told members of the Senate’s election committee that technical considerations, including cellphone coverage problems, in the state’s 105 counties made the process of drafting rules complex. The program won’t be finalized until 2021, he said. The voting reform bill signed last year by Gov. Laura Kelly was inspired by a proposal from Sedgwick County officials. “They are not going to be ready by this year simply because we don’t want to screw up,” the secretary of state said. “If we rushed it through for this year, I promise you there would be a lot of mistakes.”

New York: Lawmakers call on Board of Elections to vote ‘no’ on new machines | Denis Slattery/New York Daily News

A coalition of advocates and lawmakers are calling on the state Board of Elections to reject controversial new touchscreen voting machines they say aren’t compatible with the city’s soon-to-take-effect ranked choice system. Opponents say the problem-plagued ES&S ExpressVote XL voting machines, which the state will be testing on Tuesday as part of its certification process, pose too many problems and could present major issues as the city prepares for ranked voting in 2021. “What we’re hoping is that the Board will realize that there are significant issues with this machine and require the vendor to answer questions particularly regarding its capability to run a ranked choice voting election,” Susan Lerner, the executive director of good government group Common Cause, told the Daily News. City voters approved a ballot initiative last November giving the green light to ranked choice in upcoming elections, allowing voters to literally rank their top picks for a given position in order of preference.

Pennsylvania: Some voting security groups want Northampton County voting machines gone after November malfunction | Bo Koltnow/WFMZ

“They are insecure and administration panels are easily opened and tampered with.” Attorney Leslie Grossberg is talking about the ExpressVoteXL voting machines. The machines used in Northampton County malfunctioned last November causing a paper ballot recount. Grossberg’s clients, voting security groups, recently filed an injunction with the Court of Common Pleas to block the XL in 2020. The groups cite immediate and irreparable harm to the election. “Decertification of the ExpressXL is the goal,” Grossberg said. In December the machines, also used in Philadelphia, received a vote of no-confidence from the Northampton County Election Commission Board.  A state hearing is set that could decide to keep or toss the XL.

New York: State Contemplates Voting Machines with Troubled Track Record | Brigid Bergin/WNYC

The New York State Board of Elections may approve a voting machine with a troubled track record. The State is testing the Express Vote XL from Election Software & Systems. The machine uses a touchscreen and marks the ballot FOR the voter. But the machines were used in a Pennsylvania judicial election last year where thousands of votes weren’t counted due to mechanical error. Advocates say New York needs a higher standard. “To be sure [the machines] are minimally hackable and that the vote will reflect the intent of the voter so that they can be cast and accurately counted is to have hand-marked paper ballot,” said Susan Lerner, head of Common Cause New York. A spokeswoman for ES&S said the machines use layers of security and have been approved by the federal government.

National: ‘Online and vulnerable’: Experts find nearly three dozen U.S. voting systems connected to internet | Kevin Monahan, Cynthia McFadden and Didi Martinez/NBC

It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.” Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system. So many government officials like Manfra have said the same thing over the last few years that it is commonly accepted as gospel by most Americans. Behind it is the notion that if voting systems are not online, hackers will have a harder time compromising them. But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk. That team of election security experts say that last summer, they discovered some systems are, in fact, online. “We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition, told NBC News.