Editorials: Facing the primary attack on democracy | Emily Frye & Philip Reitinger/The Hill

Democracy is under attack — and our federal, state, and local elections are the front lines. Both technical attacks and disinformation campaigns designed to undermine election legitimacy are being deployed on a daily basis to threaten the basic tenets of American society. The Justice Department’s special counsel recently concluded that “there were multiple, systematic efforts to interfere in our elections. And that allegation deserves the attention of every American.” A government “of the people, by the people, and for the people” is possible only if the will of the people is known. We must be able to trust the results of our elections. Without that trust, governments appear illegitimate. The next presidential election is less than a year away, but our nation’s elections infrastructure has far less time to prepare to preserve the basic principles of democracy.

Georgia: Augusta University and Cyber Center partner with State on election security | Tom Corwin/The Augusta Chronicle

Georgia election officials are turning to Augusta experts for help in ensuring election integrity this year. Georgia Secretary of State Brad Raffensperger announced Wednesday that his office will partner with the Georgia Cyber Center and Augusta University School of Computer and Cyber Sciences to ensure Georgia’s new electronic voting systems are secure. “This is exciting,” said Dr. Alex Schwarzmann, dean of the School of Computer and Cyber Sciences. “Georgia is moving absolutely in the right direction.” Before coming to Augusta, Schwarzmann was part of a similar partnership in Connecticut between the secretary of state and the University of Connecticut. He said there were not more than 20 states that have created such a proactive arrangement with an independent technology agency to ensure electronic election systems stay secure.

Georgia: Secretary of State Issues Warning for Cyberattacks | The Albany Herald

Georgia Secretary of State Brad Raffensperger announced Monday that he is instructing elections officials for the state and individual counties to be on heightened diligence against possible cybersecurity attacks following a warning issued by the U.S. Department of Homeland Security. “Nothing is more important than the security and integrity of elections,” Raffensperger said. “The state’s election system uses the most advanced protections against cyberattacks and draws on the advice and best practices of national experts. While no specific threat has been identified, this latest warning serves as a reminder that we can never lower our guard.” The Multi State Information Sharing and Analysis Center and the Department of Homeland Security have notified the Georgia office of the Secretary of State “that Iran is highly likely to retaliate” against the United States and its interests following the airstrikes early Friday, killing a prominent Iranian military official. “We are continually improving and enhancing our cyber security,” responded Raffensperger. “Our goal is both prevention and resiliency in our infrastructure and systems.”

Texas: Electronic pollbook problems cost Dallas County taxpayers an additional $6 million | Lori Brown/KDFW

FOX 4 has discovered Dallas County spent millions of dollars on polling equipment that doesn’t work securely with its voting machines. Millions more will need to be shelled out to fix the problem by the March primary election. Dallas County bought the new equipment in order to have new voting centers so voters can vote anywhere in the county on Election Day. But it turns out $6 million were wasted on poll books made by one company that can’t securely function with voting machines made by a different company. It turns out Dallas County Commissioner J.J. Koch says new equipment unveiled in the November 2019 election could have been vulnerable to hackers. “We purchased something entirely too quickly, and it ended up costing taxpayers now additional millions of dollars,” he said. “Largely because of security features. In fact, we had an unsecure election.”

Texas: Governor warns of possible cyber attacks amid conflict with Iran | Allie Morris/HoustonChronicle.com

Republican Gov. Greg Abbott is warning of potential cyberattacks on state agencies as a result of the conflict between Iran and the U.S. In the past 48 hours, Abbott said Texas officials have identified Iran as the origin of as many as 10,000 attempted attacks per minute on state computers and networks. After a roundtable with law enforcement officials on Tuesday, Abbott said there are some concerns about the attempted hacks, but that state officials have no credible information about immediate threats to the state or Texas residents. A federal website and a state website that isn’t monitored by the Texas Department of Information Resources might have been defaced by someone with pro-Iranian sentiments, the agency’s executive director Amanda Crawford told reporters after the roundtable. But she declined to name the affected sites and said the department is still gathering information. Abbott is warning local governments to be especially vigilant.

Taiwan: Why the world must pay attention to the fight against disinformation and fake news in Taiwan | Catherine Shu/TechCrunch

On Saturday, Taiwan will hold its presidential election. This year, the outcome is even more important than usual because it will signal what direction the country’s people want its relationship with China, which claims Taiwan as its territory, to move in. Also crucial are efforts against fake news. Taiwan has one of the worst disinformation problems in the world and how it is handled is an important case study for other countries. Yesterday, Twitter said in a blog post that it has held trainings for the two main political parties in Taiwan, the Democratic Progressive Party (DPP) and the Kuomintang (KMT), and Taiwan’s Central Election Commission, in addition to setting up a portal for feedback during the election. Late last month, the state-owned Central News Agency reported that Facebook will set up a “war room” to counteract disinformation before the election, echoing its efforts in other countries (the company previously established a regional elections center at its Asia-Pacific headquarters in Singapore).

National: Facebook data misuse and voter manipulation back in the frame with latest Cambridge Analytica leaks | Natasha Lomas/TechCrunch

More details are emerging about the scale and scope of disgraced data company Cambridge Analytica’s activities in elections around the world — via a cache of internal documents that’s being released by former employee and self-styled whistleblower, Brittany Kaiser. The now shut down data modelling company, which infamously used stolen Facebook data to target voters for President Donald Trump’s campaign in the 2016 U.S. election, was at the center of the data misuse scandal that, in 2018, wiped billions off Facebook’s share price and contributed to a $5BN FTC fine for the tech giant last summer. However plenty of questions remain, including where, for whom and exactly how Cambridge Analytica and its parent entity SCL Elections operated; as well as how much Facebook’s leadership knew about the dealings of the firm that was using its platform to extract data and target political ads — helped by some of Facebook’s own staff. Certain Facebook employees were referring to Cambridge Analytica as a “sketchy” company as far back as September 2015 — yet the tech giant only pulled the plug on platform access after the scandal went global in 2018. Facebook CEO Mark Zuckerberg has also continued to maintain that he only personally learned about CA from a December 2015 Guardian article, which broke the story that Ted Cruz’s presidential campaign was using psychological data based on research covering tens of millions of Facebook users, harvested largely without permission. (It wasn’t until March 2018 that further investigative journalism blew the lid off the story — turning it into a global scandal.)

National: DHS issues bulletin warning of potential Iranian cyberattack | Maggie Miller/The Hill

The Department of Homeland Security (DHS) released a bulletin this week through its National Terrorism Advisory System warning of Iran’s ability to carry out cyberattacks with “disruptive effects” against critical U.S. infrastructure. In the bulletin, sent in the wake of the U.S. airstrike that killed Iranian Quds Force commander Gen. Qassem Soleimani, DHS noted that while there is currently “no information indicating a specific, credible threat to the Homeland,” Iran does have the ability to attack the U.S. in cyberspace. “Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets,” DHS wrote in the bulletin. The agency noted that “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.” Acting DHS Secretary Chad Wolf tweeted Saturday that the bulletin was intended to “inform & reassure the American public, state/local governments & private partners that DHS is actively monitoring & preparing for any specific, credible threat, should one arise.”

Alabama: Concerns over new voting machines in Mobile & Baldwin counties | James Gordon/WPMI

Alabama voters head back to the polls in less than two months for the primary elections. NBC 15 News investigated whether hackers can get into the new touch screen machines you’ll use in Mobile and Baldwin county. Alabama’s Secretary of State John Merrill answered some of our questions as to the security of the machines in the next election. Both Mobile and Baldwin County voting machines that were more than a decade old have been replaced with Express Vote machines and the state has established what’s called a “cyber navigator program.” “We want to make sure we are doing everything we can to help all 67 counties in the state, ” said Merrill.

Arkansas: Election gear on Pulaski County’s to-do list | Kat Stromquist/Arkansas Democrat-Gazette

As an election year begins, Pulaski County has yet to complete its planned purchase of new voting equipment to replace an inventory of aging machines. Some ambiguity around funding has slowed the process for the state’s largest county by population, tightening timelines in advance of November’s general election that includes the vote for the presidency. Officials learned last fall that they won’t need to provide a match to access about $1.56 million in state funding to replace dated voting equipment, but election commissioners said in December that they’re not expecting a buy until at least February. Commission chairwoman Evelyn Gomez said the board prefers to first ask the Quorum Court — likely next month, though an appearance is not scheduled — if the county can dedicate any carryover funds to the purchase. “We can’t move forward until we have a budget,” Gomez, who is a Republican appointee, said at a Dec. 20 commission meeting. “We cannot contract with money we don’t have.” Pulaski County is among 21 counties set to receive a total of $8.2 million in state funds to replace voting equipment that’s past its prime. Allocated through Act 808 of 2019, the money came from a property tax relief trust fund surplus.

Florida: Despite Improvements, Concerns Remain About 2020 Election Security | Denise Royal/WUSF

With the presidency on the ballot this year, there are real fears of attempts by foreign powers to interfere in Florida’s election. Increasing election security is a priority for local, state and federal officials. Millions of tax dollars are being spent to shore up election security and to reassure voters that their votes will count. In addition to the cyber-threats, Florida has a history of close elections, and trouble with recounting close votes. This year, Florida’s county officials are on the front lines to identify problems. The Florida Roundup took a close look at election security and what problems remain in this crucial year for voters. Tammy Jones, president of Florida Supervisors of Elections, and Ion Sancho, the former elections supervisor for Leon County, joined hosts Tom Hudson and Melissa Ross.

Idaho: Canyon County approves purchasing $3 million election equipment from Hart Intercivic | Rachel Spacek/Idaho Press

The Canyon County Board of Commissioners has approved a roughly $3 million contract for new voting equipment. After two separate meetings Monday, the commission in a 2-1 vote approved the contract between the Canyon County Elections Office and Texas-based Hart InterCivic. Commissioners Pam White and Tom Dale voted in favor of approving the contract, and Commissioner Leslie Van Beek voted against it. The contract includes the purchase of an entirely new voting system, including polling pads, ballot distribution machines and precinct counters. The system would eliminate most of the human error that comes with having election poll workers distribute ballots, said Haley Hicks, elections supervisor for Canyon County. The equipment and contract with Hart will cost the county just over $3 million. Canyon County has historically had multiple problems during elections, including late nights of ballot counting — the county finished counting ballots after 3 a.m. one election night in 2018 and at 7 a.m. the next morning in 2017. In 2018, the elections office forgot to count 39 ballots from overseas citizens and active members of the military on election night.

New Jersey: Lawmaker Backs Away from Allowing Early Tabulation of Mail-In Ballots | Nancy Solomon/WNYC

A New Jersey lawmaker is backing away from a proposal that would have allowed the state’s 21 counties to count vote-by-mail ballots one week before Election Day. The provision is buried in a bill sponsored by state Sen. James Beach (D-Cherry Hill). The stated purpose of the bill is to give county clerks more time to prepare for the 2020 primary. But the provision allowing each county’s Board of Elections to open and count mail-in ballots a week early has drawn the ire of some progressive activists. “We’re calling it legalized cheating,” said Yael Niv, president of the Good Government Coalition of New Jersey. County elections staff are often closely tied to party machines in the state. Under the proposed legislation, early results are supposed to be confidential. But Niv said she’s worried that candidates backed by the machine could gain an edge and better direct their resources if county employees share the early vote totals. “They have a whole week to send their canvassers, to send their pamphlets, and the money, and the ads and everything that they need to those places,” Niv said.

National: Election vendors executives head to the Hill | Tim Starks/Politico

he House Administration Committee will start off the new year with a bang on Thursday when it convenes a hearing with the presidents of the three largest election technology vendors. Testifying on the first panel of the hearing, the committee told MC, are Tom Burt, president and CEO of Election Systems & Software; John Poulos, president and CEO of Dominion Voting Systems; and Julie Mathis, president and CFO of Hart InterCivic. The major vendors have sent lower-level representatives to congressional hearings in the past, but this is the first time that all three top executives have testified together, a House aide told MC. The timing is auspicious: the presidential primary season, which begins in just a few weeks, represents a high-profile test of many states’ new paper-backed electronic voting machines. Vendor oversight has been a top concern of voting security experts and activists, because the three largest firms have historically shunned transparency, downplayed security concerns and threatened competitors with lawsuits. House Administration Chairwoman Zoe Lofgren (D-Calif.) first told POLITICO that she was planning this hearing in August, after a bipartisan group of activist organizations pressed her panel and its Senate counterpart to scrutinize the vendors more closely. After vendor executives testify, the Administration Committee will hear from a trio of experts, according to the witness list shared with MC. They are Liz Howard from the Brennan Center for Justice, Georgetown University professor Matt Blaze and University of Florida professor Juan Gilbert.

North Carolina: Ignoring Warning Signs: Officials Approve Vulnerable Voting Machines | Gabriella Novello/WhoWhatWhy

Election officials know very well that using outdated and costly touchscreen voting machines — which are susceptible to hacking and other foul play — will likely lead to programming issues and cause long lines during the 2020 election that will ultimately drive voters away from the polls. Though more states are moving toward hand-marked paper ballots, most of those ballots will still be counted by machines. In other states — some of which could play a crucial role this year — election officials have ignored calls by election security experts to steer clear of problematic touchscreen machines altogether, and are rushing to approve even more. In North Carolina, despite overwhelming opposition from voters and election security experts, the State Board of Elections (NCSBE) bypassed a certification process to approve new touchscreen voting machines by Election Systems & Software (ES&S). At the same time, it  expressed “disappointment” in the company for misleading the board about whether it could provide enough of the voting machines that were certified in August. Critics of the decision argue that election officials rushed to approve the modification request after the board was forced to consider a more expensive voting machine just one month after the initial certification in August because ES&S said that it could not supply North Carolina with all the machines the state needed.

International: Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’ | Carole Cadwalladr/The Guardian

An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles. More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” are set to be released over the next months. It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse. The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoenaed by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.

Bangladesh: BNP urges Election Commission to roll back Electronic Voting Machine plan | Dhaka Tribune

BNP has urged the Election Commission to shelve its plan to use Electronic Voting Machine (EVM) in the upcoming elections to two Dhaka city corporations. The party said EVM is an ill-motivated government project to destroy people’s voting rights, reports UNB. “The Election Commission’s decision to use the EVMs in the polls to Dhaka south and north city corporations is part of an evil plan to implement a silent project of killing people’s voting rights by using the technology in the future election in which the government is changed,” BNP Secretary General Mirza Fakhrul Islam Alamgir said on Sunday. He said: “BNP thinks the decision to use the machine in Bangladesh’s election system is a serious conspiracy. We hope the Election Commission will take steps for holding the election through traditional ballot papers cancelling its decision to conduct the voting through the EVM so that people can freely exercise their right to franchise.”

Taiwan: China uses Taiwan for AI target practice to influence elections | Philip Sherwell/The Sunday Times

China has already deployed its expertise in artificial intelligence to erect a surveillance state, power its economy and develop its military. Now Taiwan’s cyber-security chiefs have identified signs that Beijing is using AI to interfere in an overseas election for the first time. In the run-up to its general and presidential elections on Saturday, Taiwan has detected what appear to be experiments with AI-generated messaging amid disinformation unleashed by Beijing and its proxies. This could presage China’s export of its Orwellian tools for manipulation and control to influence other democracies. If Chinese programmers can teach intelligent machines to mimic the language of voters — learning idioms, slang and mindsets via elaborate algorithms — it will be a game-changer, spreading fake news and disinformation through anonymous social media accounts at viral speeds. “We believe we are seeing China testing the use of artificial intelligence for the first time in their influence operations in this election,” said Tzeng Yi-suo, director of the cyber-warfare division at Taiwan’s Institute for National Defence and Security Research.

National: Cyber attacks and electronic voting errors threaten 2020 outcome, experts warn | Peter Stone/The Guardian

Potential electronic voting equipment failures and cyber attacks from Russia and other countries pose persistent threats to the 2020 elections, election security analysts and key Democrats warn. In November significant electronic voting equipment problems occurred in an election in the vital battleground state of Pennsylvania, sparking a lawsuit by advocacy groups charging the state is using insecure electronic voting machines. Other key states like Florida and North Carolina which experienced voting problems in 2016 and Georgia which had serious equipment problems in 2018, are being urged to take precautions to curb new difficulties in 2020, say election analysts. The Brennan Center’s electoral reform program last month released a study that stressed testing backup systems and electronic voting equipment before the primaries and next November’s general election was needed to reduce risks of cyber attacks and equipment failures, and offered guidance about ways to recover from attacks or malfunctions. In response to these and other threats, Congress in December added $425m for election related spending, including security measures, to a massive $1.4tn spending bill for 2020.

National: Election Security At The Chip Level | Andy Patrizio/Semiconductor Engineering

Technological advances have changed every facet of our lives, from reading to driving to cooking, but one task remains firmly rooted in 20th-century technology — voting. Electronic voting remains doggedly unavailable to most, and almost always unusable to those who have it. For more than a decade, it seems every election is accompanied by numerous reports of voting machine problems. The most common issue involves machines changing votes. It has happened in numerous states, and even to Ellen Swenson, chief analyst for the Election Integrity Project, a non-partisan California group seeking to preserve election integrity. It’s not easy when two separate voting machines in Riverside County, where Swenson resides, recorded incorrect votes. At least that machine worked. “So many have said they’ve gone to polls and the machines break down. That’s another thing that hurt the subject. There were so many broken machines across [Los Angeles] County in 2018 and none were fixed, so LA had to use paper ballots,” she said. For some people, the old paper punch ballot is actually preferable, said Swenson. “There is a whole set of challenges, philosophically and psychologically. The idea of connecting to the Internet scares some people, their fear of the privacy of their vote being compromised, or hacking it and changing the results. There’s a real psychological wall to climb,” she said.

National: America Won’t Give Up Its Hackable Wireless Voting Machines | Kartikay Mehrotra/Bloomberg

After Russian hackers made extensive efforts to infiltrate the American voting apparatus in 2016, some states moved to restrict internet access to their vote-counting systems. Colorado got rid of barcodes used to electronically read ballots. California tightened its rules for electronic voting machines that can go online. Ohio bought new voting machines that deliberately excluded wireless capabilities. Michigan went in a different direction, authorizing as much as $82 million for machines that rely on wireless modems to connect to the internet. State officials justified the move by saying it is the best way to satisfy an impatient public that craves instantaneous results. The problem is, connecting election machines to the public internet, especially wirelessly, leaves the whole system vulnerable, according to cybersecurity experts. So Michigan’s new secretary of state is considering using some of the state’s $10 million in federal election funds to rip out those modems before the March presidential primary. “The system we inherited is not optimal for security since our election equipment can and has connected to the internet,” said Jocelyn Benson, who won election as secretary of state and took office in January 2019. She convened a committee of cybersecurity experts to evaluate the state election system’s vulnerabilities. “If that’s what the committee recommends, we’ll take them out.”

National: Election Infrastructure Remains Vulnerable to Attacks | Diane Ritchey/Security Magazine

In 10 months, U.S. citizens will elect a new president (or re-elect a current one). As the race heats up and election day nears, a key component of the U.S. election infrastructure remains vulnerable to attack. Only five percent of the country’s largest counties are protecting their election officials from impersonation, according to an analysis by Valimail. The rest are vulnerable to impersonation, meaning their domains could become the vectors for cyberattacks and misinformation campaigns. According to Seth Blank, director of industry initiatives for Valimail, “This is a problem because the overwhelming majority of cyberattacks can be traced to impersonation-based phishing emails. In the corporate world, these cyberattacks result in the loss of funds or proprietary data. But when it comes to elections, the bedrock of democracy – free and fair elections – is at stake.” An August 2019 report from Valimail noted that most presidential candidates’ campaigns are not protected from email impersonation. An earlier report found a similar situation across the thousands of domains that are used by state and local governments. “And we’re not just talking about voting machines being vulnerable,” Blank says. “While most voting machines are isolated from the Internet (they are often air-gapped for security), the same cannot be said for other elements of the election process. The electronic pollbooks that voters use to sign in on election day and the machines that tabulate votes may be connected to the Internet for software updates or to receive or transmit voting information. This makes them potential targets for email-based attacks aimed at other users of the same networks.”

National: Paralysis Grips Federal Election Commission While Complaints Pile Up | Kenneth P. Doyle/Bloomberg Government

The agency charged with enforcing campaign finance law begins the presidential election year paralyzed by the lack of a board quorum and unable to dispense with hundreds of complaints. As Republican Caroline Hunter assumes the rotating chairmanship of the Federal Election Commission, she inherits a growing backlog of more than 300 pending campaign finance complaints, nearly 70 of which may never be resolved because they are close to the expiration of a five-year statute of limitations. FEC analysts continue to review campaign finance reports filed by candidates, and staff lawyers can interview witnesses and collect documents in more than two dozen investigations approved by the commissioners before the loss of a quorum at the end of August. However, none of these probes can conclude and no new investigations can begin until a quorum is restored.

Editorials: You could be disenfranchised in California’s presidential primary if you’ve registered nonpartisan | Jessica A. Levinson/Los Angeles Times

California is at risk of disenfranchising hundreds of thousands of voters in the March 2020 presidential primary election. The problem is so large it could impact who becomes the Democratic nominee. Voters in the Golden State are accustomed to seeing candidates from of all parties on the same ballot. This, of course, is how we vote for governor, and members of the state Legislature and the U.S. Congress. We have every reason to believe that if we are registered to vote, we will be able to weigh in on the presidential primary contest without doing more. But voting for president is different. The rules for presidential primaries are set by the national political parties — not California’s secretary of state or local county officials. And the national parties have divined a process sure to trip up millions of nonpartisan voters. If you are a nonpartisan voter, there is a different process for how you vote in the presidential primary versus any other election. If you registered as “no party preference” — previously known as “decline to state” — your ballot will not include any presidential candidates unless you take an extra step. The same applies to those registered with a party so small it isn’t officially recognized. (For instance, maybe you wrote in “Whig party” on your voter registration.)

New Jersey: Murphy undecided on measure allowing early mail ballot counting | Nikita Biryukov/New Jersey Globe

Gov. Phil Murphy isn’t backing or opposing a bill that would allow mail-in ballots to be counted in the week preceding election day. “I don’t think we’ve taken a position on that,” the governor said. The measure’s primary stated goal is moving the filing deadline for candidates back from April to March to avoid overtime bills at county clerks’ offices. The bill’s language appears to have been written with the intent that only ballots cast in the 2020 primaries be counted a week before polls open. Some activists and Republican lawmakers have raised alarms over the measure, claiming political insiders could leak early returns to better inform campaign strategy in the closing week of the election. Under the measure, results are not to be disclosed until after polls close, but leaks aren’t exactly uncommon in New Jersey politics.

North Carolina: Election probe finds security flaws in key North Carolina county but no signs of Russian hacking | Kim Zetter/Politico

A long-awaited report this week from the Department of Homeland Security found security problems with the computer systems that a North Carolina county used to handle voter data during the 2016 election — but no evidence that Russian hackers had breached them. Still, the review is unlikely to totally resolve questions surrounding the county’s use of software provided by the Florida company VR Systems, which — as POLITICO reported last week — have added to broader doubts about the security of election technology that Americans will use at the polls in 2020. Experts contacted by POLITICO said the new DHS analysis has its share of holes — for instance, failing to examine all the computer systems the Russians could have targeted. And they noted that officials in Durham County, N.C., had waited until about a week after Election Day to preserve some potentially important evidence. “I think [the investigation is] incomplete,” says Jake Williams a former NSA hacker who is founder of the security firm Rendition Infosec and trains forensic analysts. “It’s the best investigation that can be conducted under the circumstances. We can’t investigate what we don’t have, [and] a lot of the crucial evidence is missing.” Among other security issues, the heavily redacted DHS report indicates that someone had used a “high value” desktop computer handling Durham County’s voter-registration data to access a personal Gmail account on Election Day. The report provides a lengthy list of suggestions — all blacked out — for how the county can improve the security of its election infrastructure.

Ohio: Delaware County voting machine concerns addressed | D. Anthony Botkin/Delaware Gazette

Delaware County Board of Elections officials addressed Commissioner Gary Merrell’s concerns that he had encountered with the new voting equipment while working the polls during the Nov. 5 general election. “The machines didn’t work at the last election and what is the vendor doing to correct it?” Merrell declared in the commissioners’ Dec. 12 regularly scheduled session. “I realize we may not have all the answers until we actually use them in the spring, but all the more reason we need to have the understanding to hold the vendor responsible if they fail to perform.” Board of Elections Deputy Director Anthony Saadey said the problem the commissioner was talking about specifically was the barcode reader. “The scanners had issues on election day,” he said. “In the field technician logs, we found that 24 total out of the 844 deployed ballot marking devices had the same issue. Two of them happen to be at the commissioner’s location.”

Pennsylvania: Every county will have new voting machines — with paper trails — in 2020 | Jonathan Lai/Philadelphia Inquirer

With Dauphin County’s decision this week to end its standoff with the state and buy new voting machines, all 67 Pennsylvania counties met the year-end deadline to comply with a state order that they implement election systems capable of leaving a paper trail of votes that can be manually audited and recounted. Experts say this is a major step for election security ahead of the November presidential election, ensuring ballots can be accurately tallied even in the face of a cyber attack or a mishap. “The shift from paperless [electronic] machines to having individual paper ballots is a sea change,” said Christopher R. Deluzio, policy director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security. “It’s great, it’s huge, it was necessary.” As recently as 2018, most voters in Pennsylvania used paperless machines that recorded votes in electronic memory. In addition to concerns that computers can be hacked, electronic systems can fail and wipe out all records of votes cast. In April 2018, Gov. Tom Wolf ordered every county to select paper-based machines and implement them in time for the April 28, 2020, presidential primary. Dauphin County, after a weeks-long game of chicken with the state, selected its new systems Monday. The machines will cost $120 million to implement in 58 counties, according to data provided by the Pennsylvania Department of State, with no details available for the other nine counties. Not all contracts are finalized, and the figure does not include increased operating costs over the life of the machines.

International: Hackers will be the weapon of choice for governments in 2020 | Patrick Howell O’Neill/MIT Technology Review

When Russia was recently banned from the Olympics for another four years in a unanimous decision from the World Anti-Doping Agency (WADA), the instant reaction from Moscow was anger and dismissal. Now the rest of the world is waiting to see how Russia will retaliate this time. In the history books, 2016 will forever be known for unprecedented Russian interference into an American presidential election, but until that transpired, one of the most aggressive cyber campaigns that year centered on the Olympics. In the run-up to the summer games in Brazil, WADA had uncovered a national Russian doping conspiracy and recommended a ban. In response, Moscow’s most notorious hackers targeted an array of international officials and then leaked both real and doctored documents in a propaganda push meant to undermine the recommendation. The International Olympic Committee rejected a blanket ban and allowed each sport to rule individually. Next, the opening ceremony of the 2018 winter games in South Korea kicked off with all the traditional optimism, bright lights, and pageantry—plus a targeted cyberattack known as Olympic Destroyer that was designed to sabotage the networks and devices at the event. The attack’s origins were obfuscated, with breadcrumbs in the malware pointing to North Korea and China—but after investigators untangled the attempts to mislead them, it became apparent that some of the Russian government’s most experienced hackers were behind it. In a series of angry blog posts, the hackers charged that “on the pretext of defending clean sport,” what they described as “the Anglo-Saxon Illuminati” were fighting for “power and cash in the sports world.” It was clear that the Russians viewed the Olympics as one part of a larger world power competition, and looked to hacking as a weapon of choice. Almost nothing has been done to hold anyone responsible.