Israel: Benjamin Netanyahu’s election app potentially exposed data for every Israeli voter | Steve Hendrix /The Washington Post

An election app in use by Israeli Prime Minister Benjamin Netanyahu’s political party potentially exposed sensitive personal information for the country’s entire national voting registration of about 6.5 million citizens, according to Israeli media reports. The cellphone-based program, identified as the Elector app, is meant to manage the Likud party’s voter outreach and tracking for the country’s March 2 election, according to the Haaretz newspaper. But an independent programmer reportedly spotted a breach over the weekend that potentially exposed the names, addresses, ID numbers and other private data for every registered voter in the country. There was no immediate indication that any of the information had been downloaded before the breach was repaired, the paper said. The app’s developer told Haaretz that the flaw was quickly fixed and that new security measures were implemented. But a person close to Likud, who spoke on the condition of anonymity to discuss sensitive matters, said the party was braced for the possibility that information could have leaked, with worrying consequences. The comprehensive list of voters would have included personal details, including home addresses, for military leaders, security officials, government operatives and others of potential interest to Israel’s enemies.

Nevada: Democrats Tight-Lipped About Vote-Counting Plans | Tarini Parti and Alexa Corse/Wall Street Journal

The Nevada Democratic Party is still working on its process for conducting and transmitting the results of its Feb. 22 caucuses and has been unable to answer questions about how that will be carried out, causing alarm among volunteers and campaigns. With early voting starting in less than a week, volunteers who have attended training sessions said they were confused about the process and technology they were expected to use for the state’s caucuses. And questions from campaigns to the state party have either been ignored or only heightened concerns when answered, according to campaign aides. The state party has said that it is evaluating its process and will have backups including paper records in place to ensure that the caucuses run smoothly. In the aftermath of the debacle in Iowa’s caucuses, where glitchy technology and poor planning cast confusion over the outcome, the Nevada State Democratic Party said it would no longer use an app built by Shadow Inc., the vendor in charge of a similar app that failed in Iowa. Nevada’s app was set to play an even bigger role than the one in Iowa did, according to people familiar with the issue. The Nevada Democratic Party, which is implementing early voting for its caucuses for the first time, was planning on using the app to fold in early voting results with caucus night alignments, calculate the threshold required for viability for candidates and the realignment results and then transmit them. Ditching the app has forced the party to make changes to multiple parts of the process, the people said. Some of those changes still aren’t clear, they said.

National: Bipartisan lawmakers introduce bill to combat cyber attacks on state and local governments | Juliegrace Brufke/The Hill

A bipartisan group of lawmakers on Monday introduced a bill that would establish a $400 million grant program at the Department of Homeland Security (DHS) to help state and local governments combat cyber threats and potential vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.), John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Mike McCaul (R-Texas), Dutch Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) — DHS’ Cybersecurity and Infrastructure Security Agency (CISA) would be required to develop a plan to improve localities’ cybersecurity and would create a State and Local Cybersecurity Resiliency Committee to help inform CISA on what jurisdictions need to help protect themselves from breaches. The group noted that state and local governments have become targets for hackers, having seen an uptick in attacks in recent years. “It provides more grant funding to state and locals for cybersecurity my own state of Texas impacted, particularly as tensions rise in Iran, for instance, we are seeing more cyber attacks coming out of Iran,” McCaul told The Hill. “And then of course going into the election we will make sure that our voting machines are secure.”

National: Voting Process Under Spotlight After Iowa Confusion | Alexa Corse/Wall Street Journal

States conducting presidential nominating contests in the weeks ahead are facing new scrutiny of their voting processes, after glitches caused confusion over which candidate prevailed in Iowa’s caucuses last week. Federal and local law-enforcement officials huddled at a Manchester, N.H., conference center on Friday morning, gaming out responses to hypothetical hacking scenarios ahead of New Hampshire’s Tuesday primary. The meeting included representatives from the U.S. Secret Service and from the police forces of Manchester, Concord and Nashua, along with private-sector experts. The Manchester gathering, which had been scheduled for months, is one example of intensified efforts nationwide to secure the voting process since 2016, when Russia was found to have interfered in the U.S. presidential election. But such efforts have taken on a new urgency after Iowa’s debacle. The failure of a results-reporting app, due to what the Iowa Democratic Party called a coding issue and a series of problems cascading from those glitches, showed that foreign meddling isn’t the only risk, experts say.

National: US counterintel strategy emphasizes protection of democracy | Eric Tucker/Associated Press

The U.S. government’s top counterintelligence official said Monday that he was concerned Russia or other foreign adversaries could exploit the chaos of the Iowa caucuses to sow distrust in the integrity of America’s elections. “How can an adversary take what happened in Iowa and pour gasoline on it?” Bill Evanina, the director of the National Counterintelligence and Security Center, told reporters at a briefing. Evanina’s comments came as he unveiled a strategy document aimed at guiding the government’s national security priorities over the next two years. The document identifies the U.S. economy, infrastructure, democracy and supply chains as areas being routinely targeted by foreign governments and in need of heightened protection. Election security, particularly combating foreign influence in U.S. politics, accounts for one of the counterintelligence community’s top priorities as voters head to the polls this year. A malfunctioning app used by the Iowa Democratic Party caused a delay in the reporting of caucus results last week and fueled calls for a recanvassing. Because of the delay and after observing irregularities in the results once they did arrive, The Associated Press says it cannot declare a winner.

California: Los Angeles County’s Seismic Voting Shift | Gabrielle Gurley/The American Prospect

Election officials’ decision-making will come under greater public scrutiny after the Iowa caucus debacle—especially in Los Angeles County, home to ten million residents and five million registered voters, the largest voting jurisdiction in the country. On March 3—Super Tuesday—some Angelenos will surely go to their neighborhood polling place where they’ve been casting their votes for decades, only to find no signs of life. What to do—call City Hall? The police? Give up and head to work? Beginning with the March 3 election, California is instituting an epochal shift in the way its residents vote, debuting in 15 of the state’s 58 counties, of which L.A. is the big one. For this crucial presidential primary, voters in Los Angeles can use approximately 1,000 centralized vote centers rather than the roughly 5,000 precinct polling places where Angelenos have been accustomed to voting. Unlike those precinct polling places, however, which were open only on Election Day, the new voting centers will be open for voting for many days: Most of them will be in operation not just on Election Day but also on the ten days preceding it, while the rest will be open on Election Day and the four days before. What’s more, L.A. County voters can drop in and vote at any one of the centers. (Besides, this year as in many past elections, more than half of California voters will cast their votes by mail.)

Iowa: How the Iowa Caucuses Became an Epic Fiasco for Democrats | Reid J. Epstein, Sydney Ember, Trip Gabriel and Mike Baker/The New York Times

The first signs of trouble came early. As the smartphone app for reporting the results of the Iowa Democratic caucuses began failing last Monday night, party officials instructed precinct leaders to move to Plan B: calling the results into caucus headquarters, where dozens of volunteers would enter the figures into a secure system. But when many of those volunteers tried to log on to their computers, they made an unsettling discovery. They needed smartphones to retrieve a code, but they had been told not to bring their phones into the “boiler room” in Des Moines. As a torrent of results were phoned in from school gymnasiums, union halls and the myriad other gathering places that made the Iowa caucuses a world-famous model of democracy, it soon became clear that the whole process was melting down. Volunteers resorted to passing around a spare iPad to log into the system. Melissa Watson, the state party’s chief financial officer, who was in charge of the boiler room, did not know how to operate a Google spreadsheet application used to input data, Democratic officials later acknowledged.

New Hampshire: Ballot-counting machines are two decades old, with no replacement in sight | David Brooks/Concord Monitor

Experienced New Hampshire voters will see something quite familiar when they cast their primary ballots Tuesday: A vote-counting machine that hasn’t changed in more than two decades. The AccuVote optical reader has been part of Granite State elections since the early 1990s, when it was first accepted by the Secretary of State’s office. It’s a 14-pound box that looks like an oversized laptop computer sitting on top of a collection bin. As each voter leaves the polling place, poll workers slip their ballot into the AccuVote slot and the machine bounces light off the paper. Sensors tally filled-in circles next to candidates’ names and then the ballot falls into the bin below the reader. After polls close, the reader prints out the results, with all the paper ballots available for a recount. Other technologies have come and gone over the years but AccuVote has remained, and today is still the state’s only legal ballot-counting technology. On primary day it will be used in 118 towns and 73 city wards, leaving the other 100 or so towns in the state, including several in the Concord area, to count ballots on election night by hand.

Nevada: Election Security Institute Criticizes Newly-Unveiled Nevada Caucus App After Iowa Disaster | Hunter Moyler/Newsweek

An institute that studies election security criticized the Nevada Democratic Party for planning to use a digital tool for its caucuses, arguing that Nevada was likely to run into many of the same issues that Iowa did with its voting app last week. The Open Source Election Technology (OSET) Institute began its Twitter thread Sunday with a link to a story from The Nevada Independent, which detailed how the Nevada Democratic Party (NDP) will be using a digital “tool” on the day of that state’s caucuses on February 22. The Independent reported that NDP staffers made a distinction between its tool and the app that was used by the Iowa Democratic Party for their caucuses on February 3. A faulty app that was not tested properly and had coding issues led to delays of the Iowa results. “Deja Vu; this time in NV,” OSET’s first tweet read. “Let’s be clear from the start: their’s is an ‘App’ and no designation of ‘tool’ changes that. Let’s stop playing word games here. The fact that its pre-loaded & may not use mobile connectivity is the only ‘difference.'” The institute dismissed the NDP’s distinction between an “app” and a “tool,” arguing that any difference between the two was superficial.

Nevada: Democrats Canceled Their Caucus App. But That Poses Its Own Problems. | Kaleigh Rogers and Amelia Thomson-DeVeaux/FiveThirtyEight

A week ago, Nevada Democrats were planning to use an app for their caucuses on Feb. 22. The chaos in Iowa has put an end to that. The Nevada Democratic Party confirmed to FiveThirtyEight that it has “eliminated the option of using an app at any step in the caucus process,” Molly Forgey, the party’s communications director, said Friday. The app that was going to be used was reportedly developed by Shadow Inc., the company that developed the infamous app for the Iowa Democratic Party. But that doesn’t mean Nevada is out of the woods. Scrapping the app could also lead to some complications thanks to a new addition to the Silver State’s caucuses this year: early voting. The Nevada Democratic Party hasn’t yet revealed what it plans to do instead — “At this time, we’re considering all of our options,” Forgey said — though using paper and phoning in results seems like an obvious solution. But the party’s plan to introduce early voting this year — slated to start on Feb. 15 — relied heavily on a functioning app, and it’s unclear how those votes will now be incorporated during the in-person caucuses.

Nevada: Democrats fret about another tech disaster in Nevada caucuses following the mess in Iowa | Joseph Marks/The Washington Post

Democrats who are still reeling from last week’s Iowa debacle are increasingly worried about another technology disaster in the next caucus state: Nevada. Nevada Democrats initially forswore using apps after a coding error and rushed design choices threw the Iowa contest into chaos. They backpedaled over the weekend, though, and said precinct leaders will be given an iPad-based tool to sync early voters’ preferences with choices from people who come to the Feb. 22 caucuses, the Nevada Independent’s Megan Messerly reported. And in an echo of Iowa that is giving heartburn to some, the state party hasn’t said who built the app or how it’s being tested and vetted for security vulnerabilities. “I volunteered to do this because I’m a loyal Democrat, and there’s nothing more I want to do than defeat Donald Trump,” Seth Morrison, a caucus volunteer, told Megan. “But if we allow this to go down and it’s another Iowa, what does this do for my party?” The concerns come as Democrats are struggling to prove they have the tech and cybersecurity savvy to endure another presidential race four years after Hillary Clinton’s campaign was upended by a Russian hacking and disinformation campaign focused on smearing her and aiding Donald Trump.

Oregon: Two counties offer vote-by-mobile to overseas voters | Andrew Selsky/Associated Press

Two Oregon counties are offering the opportunity for U.S. military members, their dependents and others living overseas to vote in special elections this November with smartphones, officials announced Wednesday. While some technology experts have warned that such systems could be insecure, the two counties have already advised hundreds of registered voters living overseas about the option to cast ballots using blockchain-based mobile voting. Oregon residents normally vote by mail. Jackson County Clerk Christine Walker expressed confidence in the system and said it will help ensure that the votes of those overseas will be counted. She noted that overseas mail systems can be unreliable and that she was very worried that Washington’s threats to pull the United States from the United Nations’ postal agency would prevent voters overseas from casting ballots. “We need to make sure that our military and overseas voters have the not only ability to vote, but they can easily access their ballots in a safe manner,” Walker said in a telephone interview Tuesday. “There was a potential crisis going on.”

Tennessee: No new voting machines in Shelby County for the November election | Rudy Williams/WATN

A shocker from the Shelby County Commission Monday. Turns out there will be no new voting machines as promised for the November election. For now, those problem-riddled touch screen machines aren’t going anywhere. This surprising turn came as commissioners were expected to approve a resolution urging the Shelby County Election Commission to buy hand-marked ballot machines instead of computer based machines. Advocates say hand-marked ballots are the best way to ensure elections in Shelby County this November are secure, but tonight nobody can say which machines the county will buy or even when. There will be no new machines in 2020. No one could believe it when Shelby County Commissioner Tami Sawyer made the announcement especially advocates like Erika Sugarmon. “I am disheartened that we will not have new voting machines. This is a very serious year,” said Sugarmon. “They’ve had years to deal with this and find the funding. Why are voters just hearing about the funding.”

Washington: ‘Proceed very cautiously’: Experts say online elections raise security concerns | Amy Radil/KUOW

Voting online is now an option for certain voters in King, Pierce, and Mason counties. But Washington state lawmakers and security experts say these methods should be “off the table” in 2020. Tuesday, February 11 is the last day for voters in the King Conservation District election to submit their online ballots. The election made headlines last month as the country’s first in which all eligible voters cast ballots via smartphones and computers. Pierce and Mason counties plan to use the same method to allow military and overseas voters to cast ballots in the presidential primary. But the failure of the app at the Iowa caucuses last Monday has inflamed doubts around online voting. Even before then, Washington Secretary of State Kim Wyman and cybersecurity experts condemned online balloting calling for the exclusive use of paper ballots this year. Should Washington voters worry about online voting? …Computer scientist Jeremy Epstein has a much different perspective than Tusk. He argues the platforms Tusk has funded through two firms, Voatz and Democracy Live, are not transparent. “Both Voatz and Democracy Live have talked about, ‘Oh yes we’ve had security assessments,’” said Epstein, who works for the Association for Computing Machinery. “But they won’t release any information on what they’ve tested, what the results are. They just said, ‘don’t worry, be happy.’” Epstein said there are no standards for secure internet voting because it is “fundamentally insecure. ” He add that “we don’t want to build standards for ‘safe cigarettes,’” and “we don’t build standards for ‘safe’ internet voting because it’s a contradiction in terms.”

Israel: Data of All 6.5 Million Voters Leaked | Daniel Victor, Sheera Frenkel and Isabel Kershner/The New York Times

A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election. The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government’s entire voter registry, though it was unclear how many people did so. How the breach occurred remains uncertain, but Israel’s Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter — though it stopped short of announcing a full-fledged investigation. The app’s maker, in a statement, played down the potential consequences, describing the leak as a “one-off incident that was immediately dealt with” and saying it had since bolstered the site’s security. The flaw, first reported on Sunday by the newspaper Haaretz, was the latest in a long string of large-scale software failures and data breaches that demonstrated the inability of governments and corporations around the world to safeguard people’s private information, protect vital systems against cyberattacks and ensure the integrity of electoral systems.