National: Election vendors executives head to the Hill | Tim Starks/Politico

he House Administration Committee will start off the new year with a bang on Thursday when it convenes a hearing with the presidents of the three largest election technology vendors. Testifying on the first panel of the hearing, the committee told MC, are Tom Burt, president and CEO of Election Systems & Software; John Poulos, president and CEO of Dominion Voting Systems; and Julie Mathis, president and CFO of Hart InterCivic. The major vendors have sent lower-level representatives to congressional hearings in the past, but this is the first time that all three top executives have testified together, a House aide told MC. The timing is auspicious: the presidential primary season, which begins in just a few weeks, represents a high-profile test of many states’ new paper-backed electronic voting machines. Vendor oversight has been a top concern of voting security experts and activists, because the three largest firms have historically shunned transparency, downplayed security concerns and threatened competitors with lawsuits. House Administration Chairwoman Zoe Lofgren (D-Calif.) first told POLITICO that she was planning this hearing in August, after a bipartisan group of activist organizations pressed her panel and its Senate counterpart to scrutinize the vendors more closely. After vendor executives testify, the Administration Committee will hear from a trio of experts, according to the witness list shared with MC. They are Liz Howard from the Brennan Center for Justice, Georgetown University professor Matt Blaze and University of Florida professor Juan Gilbert.

North Carolina: Ignoring Warning Signs: Officials Approve Vulnerable Voting Machines | Gabriella Novello/WhoWhatWhy

Election officials know very well that using outdated and costly touchscreen voting machines — which are susceptible to hacking and other foul play — will likely lead to programming issues and cause long lines during the 2020 election that will ultimately drive voters away from the polls. Though more states are moving toward hand-marked paper ballots, most of those ballots will still be counted by machines. In other states — some of which could play a crucial role this year — election officials have ignored calls by election security experts to steer clear of problematic touchscreen machines altogether, and are rushing to approve even more. In North Carolina, despite overwhelming opposition from voters and election security experts, the State Board of Elections (NCSBE) bypassed a certification process to approve new touchscreen voting machines by Election Systems & Software (ES&S). At the same time, it  expressed “disappointment” in the company for misleading the board about whether it could provide enough of the voting machines that were certified in August. Critics of the decision argue that election officials rushed to approve the modification request after the board was forced to consider a more expensive voting machine just one month after the initial certification in August because ES&S said that it could not supply North Carolina with all the machines the state needed.

International: Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’ | Carole Cadwalladr/The Guardian

An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles. More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” are set to be released over the next months. It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse. The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoenaed by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.

Bangladesh: BNP urges Election Commission to roll back Electronic Voting Machine plan | Dhaka Tribune

BNP has urged the Election Commission to shelve its plan to use Electronic Voting Machine (EVM) in the upcoming elections to two Dhaka city corporations. The party said EVM is an ill-motivated government project to destroy people’s voting rights, reports UNB. “The Election Commission’s decision to use the EVMs in the polls to Dhaka south and north city corporations is part of an evil plan to implement a silent project of killing people’s voting rights by using the technology in the future election in which the government is changed,” BNP Secretary General Mirza Fakhrul Islam Alamgir said on Sunday. He said: “BNP thinks the decision to use the machine in Bangladesh’s election system is a serious conspiracy. We hope the Election Commission will take steps for holding the election through traditional ballot papers cancelling its decision to conduct the voting through the EVM so that people can freely exercise their right to franchise.”

Taiwan: China uses Taiwan for AI target practice to influence elections | Philip Sherwell/The Sunday Times

China has already deployed its expertise in artificial intelligence to erect a surveillance state, power its economy and develop its military. Now Taiwan’s cyber-security chiefs have identified signs that Beijing is using AI to interfere in an overseas election for the first time. In the run-up to its general and presidential elections on Saturday, Taiwan has detected what appear to be experiments with AI-generated messaging amid disinformation unleashed by Beijing and its proxies. This could presage China’s export of its Orwellian tools for manipulation and control to influence other democracies. If Chinese programmers can teach intelligent machines to mimic the language of voters — learning idioms, slang and mindsets via elaborate algorithms — it will be a game-changer, spreading fake news and disinformation through anonymous social media accounts at viral speeds. “We believe we are seeing China testing the use of artificial intelligence for the first time in their influence operations in this election,” said Tzeng Yi-suo, director of the cyber-warfare division at Taiwan’s Institute for National Defence and Security Research.

National: Cyber attacks and electronic voting errors threaten 2020 outcome, experts warn | Peter Stone/The Guardian

Potential electronic voting equipment failures and cyber attacks from Russia and other countries pose persistent threats to the 2020 elections, election security analysts and key Democrats warn. In November significant electronic voting equipment problems occurred in an election in the vital battleground state of Pennsylvania, sparking a lawsuit by advocacy groups charging the state is using insecure electronic voting machines. Other key states like Florida and North Carolina which experienced voting problems in 2016 and Georgia which had serious equipment problems in 2018, are being urged to take precautions to curb new difficulties in 2020, say election analysts. The Brennan Center’s electoral reform program last month released a study that stressed testing backup systems and electronic voting equipment before the primaries and next November’s general election was needed to reduce risks of cyber attacks and equipment failures, and offered guidance about ways to recover from attacks or malfunctions. In response to these and other threats, Congress in December added $425m for election related spending, including security measures, to a massive $1.4tn spending bill for 2020.

National: Election Security At The Chip Level | Andy Patrizio/Semiconductor Engineering

Technological advances have changed every facet of our lives, from reading to driving to cooking, but one task remains firmly rooted in 20th-century technology — voting. Electronic voting remains doggedly unavailable to most, and almost always unusable to those who have it. For more than a decade, it seems every election is accompanied by numerous reports of voting machine problems. The most common issue involves machines changing votes. It has happened in numerous states, and even to Ellen Swenson, chief analyst for the Election Integrity Project, a non-partisan California group seeking to preserve election integrity. It’s not easy when two separate voting machines in Riverside County, where Swenson resides, recorded incorrect votes. At least that machine worked. “So many have said they’ve gone to polls and the machines break down. That’s another thing that hurt the subject. There were so many broken machines across [Los Angeles] County in 2018 and none were fixed, so LA had to use paper ballots,” she said. For some people, the old paper punch ballot is actually preferable, said Swenson. “There is a whole set of challenges, philosophically and psychologically. The idea of connecting to the Internet scares some people, their fear of the privacy of their vote being compromised, or hacking it and changing the results. There’s a real psychological wall to climb,” she said.

National: America Won’t Give Up Its Hackable Wireless Voting Machines | Kartikay Mehrotra/Bloomberg

After Russian hackers made extensive efforts to infiltrate the American voting apparatus in 2016, some states moved to restrict internet access to their vote-counting systems. Colorado got rid of barcodes used to electronically read ballots. California tightened its rules for electronic voting machines that can go online. Ohio bought new voting machines that deliberately excluded wireless capabilities. Michigan went in a different direction, authorizing as much as $82 million for machines that rely on wireless modems to connect to the internet. State officials justified the move by saying it is the best way to satisfy an impatient public that craves instantaneous results. The problem is, connecting election machines to the public internet, especially wirelessly, leaves the whole system vulnerable, according to cybersecurity experts. So Michigan’s new secretary of state is considering using some of the state’s $10 million in federal election funds to rip out those modems before the March presidential primary. “The system we inherited is not optimal for security since our election equipment can and has connected to the internet,” said Jocelyn Benson, who won election as secretary of state and took office in January 2019. She convened a committee of cybersecurity experts to evaluate the state election system’s vulnerabilities. “If that’s what the committee recommends, we’ll take them out.”

National: Election Infrastructure Remains Vulnerable to Attacks | Diane Ritchey/Security Magazine

In 10 months, U.S. citizens will elect a new president (or re-elect a current one). As the race heats up and election day nears, a key component of the U.S. election infrastructure remains vulnerable to attack. Only five percent of the country’s largest counties are protecting their election officials from impersonation, according to an analysis by Valimail. The rest are vulnerable to impersonation, meaning their domains could become the vectors for cyberattacks and misinformation campaigns. According to Seth Blank, director of industry initiatives for Valimail, “This is a problem because the overwhelming majority of cyberattacks can be traced to impersonation-based phishing emails. In the corporate world, these cyberattacks result in the loss of funds or proprietary data. But when it comes to elections, the bedrock of democracy – free and fair elections – is at stake.” An August 2019 report from Valimail noted that most presidential candidates’ campaigns are not protected from email impersonation. An earlier report found a similar situation across the thousands of domains that are used by state and local governments. “And we’re not just talking about voting machines being vulnerable,” Blank says. “While most voting machines are isolated from the Internet (they are often air-gapped for security), the same cannot be said for other elements of the election process. The electronic pollbooks that voters use to sign in on election day and the machines that tabulate votes may be connected to the Internet for software updates or to receive or transmit voting information. This makes them potential targets for email-based attacks aimed at other users of the same networks.”

National: Paralysis Grips Federal Election Commission While Complaints Pile Up | Kenneth P. Doyle/Bloomberg Government

The agency charged with enforcing campaign finance law begins the presidential election year paralyzed by the lack of a board quorum and unable to dispense with hundreds of complaints. As Republican Caroline Hunter assumes the rotating chairmanship of the Federal Election Commission, she inherits a growing backlog of more than 300 pending campaign finance complaints, nearly 70 of which may never be resolved because they are close to the expiration of a five-year statute of limitations. FEC analysts continue to review campaign finance reports filed by candidates, and staff lawyers can interview witnesses and collect documents in more than two dozen investigations approved by the commissioners before the loss of a quorum at the end of August. However, none of these probes can conclude and no new investigations can begin until a quorum is restored.

Editorials: You could be disenfranchised in California’s presidential primary if you’ve registered nonpartisan | Jessica A. Levinson/Los Angeles Times

California is at risk of disenfranchising hundreds of thousands of voters in the March 2020 presidential primary election. The problem is so large it could impact who becomes the Democratic nominee. Voters in the Golden State are accustomed to seeing candidates from of all parties on the same ballot. This, of course, is how we vote for governor, and members of the state Legislature and the U.S. Congress. We have every reason to believe that if we are registered to vote, we will be able to weigh in on the presidential primary contest without doing more. But voting for president is different. The rules for presidential primaries are set by the national political parties — not California’s secretary of state or local county officials. And the national parties have divined a process sure to trip up millions of nonpartisan voters. If you are a nonpartisan voter, there is a different process for how you vote in the presidential primary versus any other election. If you registered as “no party preference” — previously known as “decline to state” — your ballot will not include any presidential candidates unless you take an extra step. The same applies to those registered with a party so small it isn’t officially recognized. (For instance, maybe you wrote in “Whig party” on your voter registration.)

New Jersey: Murphy undecided on measure allowing early mail ballot counting | Nikita Biryukov/New Jersey Globe

Gov. Phil Murphy isn’t backing or opposing a bill that would allow mail-in ballots to be counted in the week preceding election day. “I don’t think we’ve taken a position on that,” the governor said. The measure’s primary stated goal is moving the filing deadline for candidates back from April to March to avoid overtime bills at county clerks’ offices. The bill’s language appears to have been written with the intent that only ballots cast in the 2020 primaries be counted a week before polls open. Some activists and Republican lawmakers have raised alarms over the measure, claiming political insiders could leak early returns to better inform campaign strategy in the closing week of the election. Under the measure, results are not to be disclosed until after polls close, but leaks aren’t exactly uncommon in New Jersey politics.

North Carolina: Election probe finds security flaws in key North Carolina county but no signs of Russian hacking | Kim Zetter/Politico

A long-awaited report this week from the Department of Homeland Security found security problems with the computer systems that a North Carolina county used to handle voter data during the 2016 election — but no evidence that Russian hackers had breached them. Still, the review is unlikely to totally resolve questions surrounding the county’s use of software provided by the Florida company VR Systems, which — as POLITICO reported last week — have added to broader doubts about the security of election technology that Americans will use at the polls in 2020. Experts contacted by POLITICO said the new DHS analysis has its share of holes — for instance, failing to examine all the computer systems the Russians could have targeted. And they noted that officials in Durham County, N.C., had waited until about a week after Election Day to preserve some potentially important evidence. “I think [the investigation is] incomplete,” says Jake Williams a former NSA hacker who is founder of the security firm Rendition Infosec and trains forensic analysts. “It’s the best investigation that can be conducted under the circumstances. We can’t investigate what we don’t have, [and] a lot of the crucial evidence is missing.” Among other security issues, the heavily redacted DHS report indicates that someone had used a “high value” desktop computer handling Durham County’s voter-registration data to access a personal Gmail account on Election Day. The report provides a lengthy list of suggestions — all blacked out — for how the county can improve the security of its election infrastructure.

Ohio: Delaware County voting machine concerns addressed | D. Anthony Botkin/Delaware Gazette

Delaware County Board of Elections officials addressed Commissioner Gary Merrell’s concerns that he had encountered with the new voting equipment while working the polls during the Nov. 5 general election. “The machines didn’t work at the last election and what is the vendor doing to correct it?” Merrell declared in the commissioners’ Dec. 12 regularly scheduled session. “I realize we may not have all the answers until we actually use them in the spring, but all the more reason we need to have the understanding to hold the vendor responsible if they fail to perform.” Board of Elections Deputy Director Anthony Saadey said the problem the commissioner was talking about specifically was the barcode reader. “The scanners had issues on election day,” he said. “In the field technician logs, we found that 24 total out of the 844 deployed ballot marking devices had the same issue. Two of them happen to be at the commissioner’s location.”

Pennsylvania: Every county will have new voting machines — with paper trails — in 2020 | Jonathan Lai/Philadelphia Inquirer

With Dauphin County’s decision this week to end its standoff with the state and buy new voting machines, all 67 Pennsylvania counties met the year-end deadline to comply with a state order that they implement election systems capable of leaving a paper trail of votes that can be manually audited and recounted. Experts say this is a major step for election security ahead of the November presidential election, ensuring ballots can be accurately tallied even in the face of a cyber attack or a mishap. “The shift from paperless [electronic] machines to having individual paper ballots is a sea change,” said Christopher R. Deluzio, policy director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security. “It’s great, it’s huge, it was necessary.” As recently as 2018, most voters in Pennsylvania used paperless machines that recorded votes in electronic memory. In addition to concerns that computers can be hacked, electronic systems can fail and wipe out all records of votes cast. In April 2018, Gov. Tom Wolf ordered every county to select paper-based machines and implement them in time for the April 28, 2020, presidential primary. Dauphin County, after a weeks-long game of chicken with the state, selected its new systems Monday. The machines will cost $120 million to implement in 58 counties, according to data provided by the Pennsylvania Department of State, with no details available for the other nine counties. Not all contracts are finalized, and the figure does not include increased operating costs over the life of the machines.

International: Hackers will be the weapon of choice for governments in 2020 | Patrick Howell O’Neill/MIT Technology Review

When Russia was recently banned from the Olympics for another four years in a unanimous decision from the World Anti-Doping Agency (WADA), the instant reaction from Moscow was anger and dismissal. Now the rest of the world is waiting to see how Russia will retaliate this time. In the history books, 2016 will forever be known for unprecedented Russian interference into an American presidential election, but until that transpired, one of the most aggressive cyber campaigns that year centered on the Olympics. In the run-up to the summer games in Brazil, WADA had uncovered a national Russian doping conspiracy and recommended a ban. In response, Moscow’s most notorious hackers targeted an array of international officials and then leaked both real and doctored documents in a propaganda push meant to undermine the recommendation. The International Olympic Committee rejected a blanket ban and allowed each sport to rule individually. Next, the opening ceremony of the 2018 winter games in South Korea kicked off with all the traditional optimism, bright lights, and pageantry—plus a targeted cyberattack known as Olympic Destroyer that was designed to sabotage the networks and devices at the event. The attack’s origins were obfuscated, with breadcrumbs in the malware pointing to North Korea and China—but after investigators untangled the attempts to mislead them, it became apparent that some of the Russian government’s most experienced hackers were behind it. In a series of angry blog posts, the hackers charged that “on the pretext of defending clean sport,” what they described as “the Anglo-Saxon Illuminati” were fighting for “power and cash in the sports world.” It was clear that the Russians viewed the Olympics as one part of a larger world power competition, and looked to hacking as a weapon of choice. Almost nothing has been done to hold anyone responsible.