National: ‘Reckless and stupid’: Security world feuds over how to ban wireless gear in voting machines | Eric Geller/Politico

A federal elections panel is set to adopt new voting equipment standards that fall short of a crucial demand of many security advocates — a ban on devices that contain hardware for connecting to wireless networks. Instead, manufacturers would have to demonstrate that any wireless gear in their voting machines and ballot scanners has been rendered unusable. The compromise language is dividing security professionals, with some warning it would create a dangerous loophole for voting machinery that already faces both real-world cyber risks and wildly false rumors that undermine trust in elections. Supporters call it a concession to marketplace realities, saying it’s increasingly hard for vendors to find equipment without networking hardware. But the proposal “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems,” 22 security experts, activists and former election officials told the Election Assistance Commission in a Feb. 3 letter obtained by POLITICO. The experts included academics from Princeton, Johns Hopkins University and the University of California at Berkeley. “This decision is unconscionable, reckless and stupid,” said Susan Greenhalgh, the senior adviser on election security at the activist group Free Speech for People, who helped organize the letter. The commission is expected to approve the compromise measure this week as part of a massive and long-awaited update to federal voting equipment guidelines, the latest step in years of election security efforts by federal and state authorities. Its decision to reject a tougher wireless ban drew new attention in recent weeks after it quietly updated the draft standards with new language spelling out its compromise on the issue.

Full Article: ‘Reckless and stupid’: Security world feuds over how to ban wireless gear in voting machines – POLITICO

National: New cyber panel chair zeros in on election security, SolarWinds hack | Maggie Miller/TheHill

Rep. Yvette Clarke (D-N.Y.), the new chair of the House Homeland Security Committee’s cyber panel, said she plans to tackle a wide range of cybersecurity challenges, but with an early focus on bolstering election security and responding to a massive hack that has compromised much of the federal government. As one of the top cyber experts on Capitol Hill, Clarke’s committee will also have its plate full with figuring out how best to allocate resources to hospitals and schools increasingly targeted by hackers, and helping support the nation’s key cyber agency as it enters its third month without Senate-confirmed leadership. Clarke told The Hill in one of her first interviews as chair of the Subcommittee on Cybersecurity, Infrastructure Protection and Innovation that the goal is to chart a course that keeps previous mistakes in the past. “We have to learn from our adverse experiences, and from learning should come innovation, should come a deep desire to make sure that we don’t revisit these types of hardships ever again,” said Clarke, who succeeds Rep. Lauren Underwood (D-Ill.) atop the subcommittee. Clarke has served as both chair and ranking member of the panel in previous years. But this time around, she is taking the helm in the midst of an ongoing cybersecurity crisis stemming from the recently discovered Russian hack of IT group SolarWinds. The company counts much of the federal government as customers, with agencies including the Commerce, Defense, Energy, Homeland Security and Treasury departments compromised. 

Full Article: New cyber panel chair zeros in on election security, SolarWinds hack | TheHill

National: New voting machine security standards are already drawing controversy | Tonya Riley/The Washington Post

The Election Assistance Commission, an independent government body that issues voluntary voting guidelines to states and voting machine vendors, unanimously passed a new set of recommendations for voting machines.  Voluntary Voting System Guidelines 2.0 is the first major change to the commission’s recommendations since they were first established in 2005 and comes after a hotly contested 2020 presidential election in which former president Donald Trump and his allies lodged baseless allegations of fraud at state officials and voting machine companies. “Adopting VVSG 2.0 is the most important action the EAC has taken in 15 years”  EAC Commissioner Ben Hovland said at the vote yesterday. But the new standards are already drawing scrutiny from lawmakers and voting security advocates. They worry they leave loopholes allowing voting machine companies to skirt best practices and leave machines vulnerable to interference. They were approved as some of the nation’s most prominent voting machine companies are suing Fox News and top lawyers for Trump because of their unfounded fraud claims related to their machines. In a letter led by Rep. Bill Foster (D-Ill.), more than 20 members of Congress are asking the EAC to reconsider its recommendations. The letter expresses concerns about how the guidelines frame the use of machines with parts that can connect to the Internet. “This is extremely troubling, as computer security and networking experts have warned that merely disabling networking capability is not enough,” they wrote. “Benign misconfigurations that could enable connectivity are commonplace and malicious software can be directed to enable connectivity silently and undetectable, allowing hackers access to the voting system software.”

Full Article: The Cybersecurity 202: New voting machine security standards are already drawing controversy – The Washington Post

National: Election Assistance Commission adopts updated voting security standards. Not everyone is happy. | Tim Starks and Sean Lyngaas/CyberScoop

The Election Assistance Commission on Wednesday voted to adopt the first comprehensive update to its voting system security guidelines in more than 15 years, concluding a lengthy process that ended with a mixed reception from some election security experts. The security community largely greeted the update as a security upgrade to standards that most states rely upon at least partially for their own equipment testing and certification. A significant number of academics, activists and even some in Congress, though, voiced displeasure in particular for how the so-called Voluntary Voting System Guidelines 2.0 would handle wireless connections on voting systems. The update stands to shape the next generation of voting systems that election vendors produce for use around the country during a period of sinking trust in the electoral process. Regardless, the more than five-year drafting process and resulting EAC vote won’t immediately transform election security because states, equipment manufacturers and others will take time to get in line with the new standards. On the plus side, experts said the guidelines — VVSG 2.0 for short — would promote “software independence,” which translates into machines needing to produce independently verifiable records. The result will be the existence of verifiable paper ballots that election officials can audit after votes are cast.

Full Article: Federal election agency adopts updated voting security standards. Not everyone is happy.

National: Election Assistance Commission adopts nationwide paper ballot guidelines | Kevin Collier/NBC

The U.S. Election Assistance Commission voted Wednesday to adopt sweeping new guidelines for the first time in 16 years, effectively solidifying the nationwide move to paper ballots. “That was a long time coming,” Ben Hovland, the EAC’s chair, said on a phone call. “It’s a major step forward.” The field of voting equipment standards in the U.S. is labyrinthine. The EAC, run by a rotating board of four commissioners — two from each major political party — moves slowly and at times has been hampered by partisan infighting. It can only suggest recommendations to states, which ultimately decide what type of equipment to use. But states in turn can only select from a limited market of equipment vendors, most of which closely hew to federal guidelines. In an emailed statement, eight of the country’s largest election equipment companies praised the new guidelines as a “significant achievement.”

Full Article: U.S. election commission adopts nationwide paper ballot guidelines

National: Last-Minute Tweaks to Voting Machine Standards Raise Cyber Fears | Kartikay Mehrotra/Bloomberg

Last-minute changes to proposed federal standards for new voting machines could expose the equipment to cyber-attacks, according to some members of Congress and security professionals. The Election Assistance Commission, slated to authorize new voting system guidelines on Feb. 10, amended key sections of a 328-page document less than two weeks before the decision. The amended language of the Voluntary Voting System Guidelines 2.0 would allow next generation voting machines to include components capable of wireless communications, as long as they’re disabled. The changes were made even though the EAC’s technical advisory committee recommended an outright wireless ban. Cybersecurity experts, some of the EAC’s own advisers and members of Congress are calling for the agency’s four commissioners to vote on a version of the document finalized in July 2020 which included the prohibition on wireless capability. In a letter reviewed by Bloomberg, a bipartisan coalition of more than 20 members of Congress led by Representative Bill Foster told the EAC’s Chairman Ben Hovland that the current version would “diminish confidence in both the federal voting system certification program and the security of our election systems.” “We cannot sanction the use of online networking capabilities when they carry the very real and increased risk of cyber-attacks, at scale, on our voting machines,” reads the letter. A four-member panel of commissioners will vote on whether to approve the new standards, which aim to create new guidelines for ease of use, accessibility and security of voting systems. The proposal includes amended standards to ensure all ballots types can be audited and counted both digitally and manually — a system that was essential to verifying President Joe Biden’s victory in Georgia in November.

Full Article: Last-Minute Tweaks to Voting Machine Standards Raise Cyber Fears – Bloomberg

National: Google expands election security aid for federal, state campaigns | Maggie Miller/The Hill

Google announced Tuesday it is expanding its efforts around election security by providing free training to state and federal campaigns in all 50 states. The company detailed the effort in a blog post, saying it will involve supporting nonpartisan virtual cybersecurity trainings for state and federal campaigns across the country and deploying a digital “help desk” to answer security-related questions for campaigns. The new effort marks an expansion of Google’s work with the nonprofit group Defending Digital Campaigns (DDC), which provides free or low-cost security services to campaigns to help defend against malicious hackers. “Keeping everyone safe online remains our top priority and we look forward to continuing our work in 2021 to make sure campaigns and elected officials around the world stay safe online,” Mark Risher, Google’s director of product management, identity and user security, wrote in the blog post. During the 2020 election cycle, Google worked with DDC to provide free two-factor authentication keys to more than 140 federal campaigns, along with promoting best cyber practices for campaign employees.

Full Article: Google expands election security aid for federal, state campaigns | TheHill

National: Center for Internet Security report highlights cyber risks to US election systems | Christina A. Cassidy/Associated Press

Election systems in the U.S. are vulnerable to cyber intrusions similar to the one that hit federal agencies and numerous businesses last year and remain a potential target for foreign hacking, according to a report released Wednesday. The report by the Center for Internet Security, a nonprofit that partners with the federal government on election security initiatives, focuses on how hardware and software components can provide potential entryways for hackers. “We have to continue to get better,” said Aaron Wilson, a co-author of the report. “We have to improve our defenses, as those that are on the other side are likely honing their attack strategy, as well.” The 2020 election was deemed the “most secure” in history by a coalition of government cybersecurity experts and state and local election officials. There also is no indication that any election system was compromised as part of the hacking campaign that exploited an update of network management software from a company called SolarWinds. It was the largest cybersecurity breach of federal systems in U.S. history. Despite that, election systems are vulnerable to the same risks exposed by the SolarWinds hack, the report said. It describes the risk of such an attack, in which hackers might infiltrate the hardware or software used in election equipment. Even if voting results aren’t affected, such an attack could lead to confusion and undermine confidence in U.S. elections.

Full Article: Report highlights cyber risks to US election systems

Arizona Senate panel OKs bill requiring counties to disclose information on voting machines, systems | Howard Fischer/Arizona Daily Star

Facing defeats in court, Republican lawmakers are moving to change the law — retroactively — in a bid to eventually get their hands on voting equipment and ballots, even if it takes months. SB 1408 would spell out in statute that county election equipment, systems, records and other information “may not be deemed privileged information, confidential information or other information protected from disclosure.” The measure approved Thursday on a party-line 5-3 vote by the Senate Judiciary Committee declares that this information is “subject to subpoena and must be produced.” And it empowers judges to compel production of the materials and records. Sen. Warren Petersen, R-Gilbert, who chairs the panel, made it clear the legislation has one purpose: to force the hand of Maricopa County officials who have so far refused to comply with a subpoena the Senate has issued. They have produced various records. But the supervisors contend the county is precluded from surrendering access to voting machines and the actual ballots to senators or the auditors they hope to hire. And so far the Senate’s efforts to get a court ruling compelling disclosure have faltered.

Full Article: Senate panel OKs bill requiring counties to disclose information on voting machines, systems | Latest News | tucson.com

Georgia: Fulton County’s DA opens criminal investigation into Trump attempt to overturn election | Christian Boone and Greg Bluestein/The Atlanta Journal-Constitution

As U.S. House managers made their case for the impeachment of Donald Trump, Fulton County’s top prosecutor on Wednesday launched a wide-ranging criminal investigation into the former president. The investigation by District Attorney Fani Willis, a Democrat entering her second month in office, centers on a Jan. 2 phone call to Georgia’s Secretary of State Brad Raffensperger in which Trump pleaded with him to “find” enough votes to overturn his narrow defeat in the state. “This letter is notice that the Fulton County District Attorney has opened an investigation into attempts to influence the administration of the 2020 Georgia General Election,” Willis wrote in correspondences delivered Wednesday morning to Raffensperger, Gov. Brian Kemp, Lt. Gov. Geoff Duncan and Attorney General Chris Carr. Willis told The Atlanta Journal-Constitution on Wednesday that her office was best suited to handle the investigation since all other relevant state investigative agencies have conflicts. In her letter, Willis said her office “is the one agency with jurisdiction that is not a witness to the conduct that is the subject of the investigation.” “I don’t have any predetermined opinions” about whether a prosecution will even occur, she said. Willis would not say whether anyone else besides the former president is under investigation.

Full Article: Metro Atlanta prosecutor investigating Trump attempt to overturn Georgia election

Georgia GOP ‘election confidence’ report splits state Republicans | Greg Bluestein/The Atlanta Journal-Constitution

The Georgia GOP released a lengthy list of recommendations to limit voting after bruising political defeats. But the 10-page report immediately divided Republicans and led to a scathing response from one of the state’s highest-ranking officials. Several of the proposals promoted by the “election confidence task force” on Monday echo the demands then-President Donald Trump made as he sought to illegally reverse his election defeat in Georgia despite the repeated insistence of top officials that there was no evidence of widespread fraud. The report calls for photo ID verification for mail-in ballots, eliminating ballot drop boxes, ending no-excuse absentee voting, banning third-party groups and state officials from sending ballot request forms, and preventing voters from being automatically registered when they get their driver’s licenses. It also urges lawmakers to replace newly installed software from Dominion Voting Systems that was approved in 2019 as part of a $107 million overhaul of the state’s election infrastructure. Another recommendation calls for the elections division to be moved to the state Elections Board, stripping Secretary of State Brad Raffensperger of oversight of Georgia’s vote. Raffensperger infuriated Trump and his allies for refusing demands to “find” enough votes to overturn his November defeat in a call that factors into the Senate impeachment trial that opened Tuesday.

Full Article: Georgia GOP ‘election confidence’ report splits state Republicans

Louisiana: Voting machine bid process sparks concerns | Zach Parker/Ouchita Citizen

The state’s efforts to find a new vendor to replace 10,000 aging electronic voting machines needs a closer look to ensure no single vendor is favored over another, state lawmakers say. Dominion Voting Systems, a Denver, Colorado-based voting machine vendor, is expected to be one of the companies submitting a proposal to the state. Last month, Secretary of State Kyle Ardoin asked the Office of State Procurement to issue a request for proposals, or RFP. The contract could be worth some $100 million. In late 2018, Ardoin awarded the same contract to Dominion after it submitted a $95-million proposal, but the Office of State Procurement nixed the deal, according to media reports. One of Dominion’s competitors had complained the documents seeking proposals unfairly favored Dominion by requesting hardware specifications only Dominion could provide. Ardoin defended the selection of Dominion but deferred the matter until the RFP process could be rebooted, as it was on Jan. 27. Ardoin’s office did not respond to The Ouachita Citizen’s request for comment. Since the RFP controversy in 2018, Dominion became the subject of national headlines following the presidential election last November. After losing the election to now-President Joe Biden, former President Donald Trump claimed Dominion had perpetrated widespread election fraud, specifically that the vendor had switched votes from him to Biden. In response to those allegations, Ardoin and Dominion have each claimed the state’s use of Dominion’s voting equipment in recent elections was safe and secure. Area legislators say their constituents have not forgotten the Trump campaign’s complaints about Dominion. Concerning the mention of Dominion, state Rep. Michael Echols said, “My gut tells me that’s kind of a scary word in the political world, especially if you’re a Republican.”

Full Article: Voting machine bid process sparks concerns | Local/State Headlines | hannapub.com

Michigan: Costs rising in Antrim County election lawsuit | Mardi Link/Traverse City Record-Eagle

Costs are rising for Antrim County officials, who continue to defend against an ongoing election-related lawsuit and respond to security tasks, said County Clerk Sheryl Guy. “Since the election, we’ve probably spent $30,000 on legal fees and overtime for deputies,” Guy said Tuesday. “And we’re not done yet.” A Central Lake Township man, Bill Bailey, filed a lawsuit against the county Nov. 23, arguing his vote was “diluted,” and his constitutional rights violated. Bailey also accuses Antrim County of using what he claims were intentionally compromised Dominion voting equipment, that deliberately “switched” votes from Republican to Democratic candidates during the 2020 election. Such claims have been repeatedly debunked by Dominion CEO John Poulos, and by national, state and county election officials. Dominion, in response to claims made about its equipment and software, filed $1.3 billion defamation lawsuits against Rudy Giuliani and Sidney Powell, attorneys on former President Donald Trump’s election-challenging legal team, and sent a cease and desist letter to Bailey’s attorney, records show.

Full Article: Costs rising in Antrim election lawsuit | News | record-eagle.com

North Carolina: Ex-Trump lawyer Sidney Powell served at home near Asheville with $1.3B Dominion Voting lawsuit | Joel Burgess and William Cummings/Asheville Citizen

After evading attempts for weeks by a civil process server that included being “pursued over state lines,” ex-Donald Trump lawyer Sidney Powell was served with a $1.3 billion lawsuit at her Biltmore Forest home, near Asheville, according to recently filed court papers by Dominion Voting Systems. Dominion filed the defamation lawsuit against Powell Jan. 8 in U.S. District Court for the District of Columbia. But attempts to officially serve the Texas-based attorney with the summons took until Jan. 28, said attorneys for the company. “Powell evaded service of process for weeks, forcing Dominion to incur unnecessary expenses for extraordinary measures to effect service, including hiring private investigators and pursuing Powell across state lines,” according to a Feb. 9 answer to Powell’s request for more time to respond to the complaint. She is being sued over her false claims that the company, which manufactured electronic voting machines used by some districts in the 2020 election, changed votes for then-President Trump to votes for then-President-elect Joe Biden.

Full Article: Lawyer Powell served in NC with Dominion Voting lawsuit | Charlotte Observer

Ohio: As America Lurches Back Toward Reality, Stark County Confronts a Make-Believe Problem | Pete Kotz/Cleveland Scene

When Stark County’s voting machines grew so old it couldn’t find replacement parts, its election board reached a $6.45 million deal for new ones. Then a make-believe problem intervened. Residents pounded county commissioners with angry calls. They claimed that Dominion, the supplier whose machines are used in 26 states, was run by Venezuelan dictator Hugo Chavez. And that its machines were programmed to change votes. They didn’t seem to notice that Chavez had been dead for seven years. Nor that Dominion is actually a Toronto firm founded to help blind people vote. Or that there’d never been any evidence of vote changing or the unauthorized use of magic. County commissioners were forced to put the deal on hold pending investigation of the fairy tale. Consider it the latest sign of America’s regression to a childlike state, where monsters lurk under every bed, and public officials must placate citizenry tethered to the make believe.  At Dodger Stadium last week, officials were forced to halt a Covid vaccination drive when protesters blocked the entrance, believing it a sorcerer’s potion. The feds wondered what to do about the stock market as investors bet on an obsolete game store thought to have hidden, magical powers. Meanwhile, President Bided halted work on the border wall. The Trump administration had spent $15 billion to pacify fears of a Mexican “rapist” invasion, though undocumented immigrants have half the crime rate of native-born Americans. CNN even revealed an imaginary plot to eat babies. “Once you get to baby eating,” says a White House spokesperson, “it’s like trying to govern in the middle of a German bedtime story.”

Full Article: As America Lurches Back Toward Reality, Stark County Confronts a Make-Believe Problem | Scene and Heard: Scene’s News Blog

Pennsylvania mail-in ballot registry isn’t as permanent as the word implies | Deb Bradley/Pittsburgh Tribune-Review

Pennsylvania’s 2019 mail-in ballot law continues to create confusion as election officials across the state prepare for their first municipal primary under the new rules on May 18. The law that the GOP-controlled legislature passed by an overwhelming bipartisan margin in 2019 triggered a number of challenges and court clarifications last year as millions of Pennsylvania voters flocked to no-excuse mail-in voting for the first time in the midst of the covid-19 pandemic. Now, its wording is creating confusion anew for some. Many voters thought they had registered to receive a mail-in ballot in all future elections when they opted to be part of what the law termed a “permanent mail in ballot list.” But it turns out the list isn’t so permanent. In fact, many voters learned for the first time this month that it is, instead, an annual list that they must re-register for every year to continue to receive mail-in ballots. In fact, voters who registered to be on the “permanent list of mail-in voters” will be removed from the list if they don’t act now to re-register soon. Confused? Although the 2019 law that allowed Pennsylvanians to vote by mail without providing an excuse created a registry for those who opted to receive a mail-in ballot for all future elections, it added a provision that required those who chose that option to re-register annually.

Full Article: Pennsylvania mail-in ballot registry isn’t as permanent as the word implies | TribLIVE.com

Washington Senate Considers Election Worker Harassment Bill | Steve Jackson/Spokane Public Radio

The Washington Senate is considering a proposal that would protect election workers from harassment. The bill was prompted by threats reported nationwide, and in Washington following last November’s election.Secretary of State Kim Wyman spoke in favor of the bill in a Senate Law and Justice Committee hearing Monday. “Across the country and around the state there have been not only actionable credible threats, but in some cases, gunfire being shot through windows of election offices, and like I said the personal protection of some high-profile secretaries of state and election workers that require their state patrols to be with them 24/7. It’s a serious level I’ve never seen in 28 years of doing this work,” she said. The bill would expand existing protections to cover not just officials like Wyman, but also staff members in her office and in county auditors’ offices.

Full Article: Washington Senate Considers Election Worker Harassment Bill | Spokane Public Radio

Wisconsin Republicans order an audit of the 2020 elections | Patrick Marley/Milwaukee Journal Sentinel

Republican lawmakers launched an audit of Wisconsin’s elections Thursday, three months after Donald Trump lost at the ballot box and in a string of lawsuits. The review by the nonpartisan Legislative Audit Bureau will look at some issues that have faced scrutiny from courts and election observers, such as how the state maintains its voter rolls and when it allows voters to get absentee ballots without showing IDs. Rep. Samantha Kerkman, a Salem Lakes Republican and co-chairwoman of the Joint Legislative Audit Committee, said she wanted to make sure voters are confident that elections are fair. “It is the cornerstone of our government,” she said.  Her committee approved the audit along party lines Thursday after an hours-long hearing. The hearing included testimony from the state’s top elections official as well as lawmakers, young children who quoted from the Bible and a woman who read a computer’s IP address as she asked questions about the accuracy of electronic voting. No significant problems were found with Wisconsin’s voting machines after audits and recounts in 2016 and 2020. 

Full Article: Wisconsin Republicans order an audit of the 2020 elections