Experts: False claims on voting machines obscure real flaws | Kate Brumback/Associated Press

The aftermath of the 2020 election put an intense spotlight on voting machines as supporters of former President Donald Trump claimed victory was stolen from him. While the theories were unproven — and many outlandish and blatantly false — election security experts say there are real concerns that need to be addressed. In Georgia, for example, election security expert J. Alex Halderman says he’s identified “multiple severe security flaws” in the state’s touchscreen voting machines, according to a sworn declaration in a court case. Halderman told The Associated Press in a phone interview that while he’s seen no evidence the vulnerabilities were exploited to change the outcome of the 2020 election, “there remain serious risks that policymakers and the public need to be aware of” that should be addressed immediately to protect future elections. Trump loyalists — pushing the slogan “Stop the Steal” — held rallies, posted on social media and filed lawsuits in key states, often with false claims about Dominion Voting Systems voting machines. Almost all of the legal challenges casting doubt on the outcome of the election have been dismissed or withdrawn and many claims of fraud debunked. State and federal election officials have said there’s no evidence of widespread fraud. And Dominion has fought back forcefully, filing defamation lawsuits against high-profile Trump allies. As an election security researcher, it’s been frustrating to watch the proliferation of misinformation, said Matt Blaze, a professor of computer science and law at Georgetown University. For years, he said, concerns raised by election security experts were dismissed as unimportant. “All of a sudden, people are going the other way, saying the existence of a flaw not only is something that should be fixed, it means the election was actually stolen,” he said. “That’s not true either.”

 

Full Article: Experts: False claims on voting machines obscure real flaws

Colorado Republican official accused after voting system passwords are leaked to right-wing site | Kim Bellware/The Washington Post

A bizarre security breach of a rural Colorado county’s voting system has in a matter of days escalated into a criminal probe of the clerk’s office, a ban on the county’s existing election equipment, and heightened partisan divides over election-fraud claims. Footage that showed passwords related to the county’s voting systems was surreptitiously recorded during a May security update and published last week on a far-right blog, Colorado Secretary of State Jena Griswold (D) said Thursday. Griswold determined Mesa County cannot use its existing equipment for its November election. Griswold alleged Mesa County Clerk Tina M. Peters (R) allowed the breach. A spokesperson for Mesa County confirmed a criminal probe headed by the 21st Judicial District Attorney’s Office was underway but said it was still in the early stages. During a Thursday news conference, Griswold said Peters falsely passed off a man as a county employee and misled her office about his background check status. Days before the breach, she said Peters directed her staff to turn off the video surveillance of the voting machines, which she said has remained off until just recently.

Full Article: Colorado official Tina M. Peters accused after voting system passwords leaked to GatewayPundit – The Washington Post

‘We are in harm’s way’: Election officials fear for their personal safety amid torrent of false claims about voting | Tom Hamburger, Rosalind S. Helderman and Amy Gardner/The Washington Post

In preparation for a vote on local tax assessments last week in Houghton County, Mich., county clerk Jennifer Kelly took extraordinary precautions, asking election staff in this remote northern Michigan community to record the serial numbers of voting machines, document the unbroken seals on tabulators and note in writing that no one had tampered with the equipment. In the southeastern part of the state, Michael Siegrist, clerk of Canton Township, followed similar steps, even organizing public seminars to explain how ballots are counted. Despite their efforts, they said they could not fend off an ongoing torrent of false claims and suspicions about voting procedures that have ballooned since President Donald Trump began his relentless attacks on the integrity of the 2020 election last year. “People still complained about our Dominion voting machines, about the need for more audits, and most of all they complained about the use of Sharpies,” Siegrist said, referring to the widely used pen, which has become the focus of a conspiracy theory gripping Trump supporters in Arizona and other states.

Full Article: ‘We are in harm’s way’: Election officials fear for their personal safety amid torrent of false claims about voting – The Washington Post

National: Election officials face complex challenges looking to 2022 | Christina A. Cassidy/Associated Press

State election officials say they are confronting a myriad of challenges heading into the 2022 midterm elections, from threats of foreign interference and ransomware to changes of election laws and concerns of physical safety — all while still dealing with a wave of misinformation and disinformation surrounding last year’s presidential election. The nation’s secretaries of state have been meeting with the goal of building relationships across states, sharing best practices and hearing from experts. The long list of challenges, outlined in various panel discussions over their association’s four-day conference, might seem daunting but election officials said preparations have already begun. “The journey of a thousand miles begins with one step,” said Ohio Secretary of State Frank LaRose, a Republican. “For us to be able to get together and talk with one another, compare notes, even commiserate on a human level a little bit about some of the drama over the last year and a half is a good experience. It’s a useful thing, and we learn a lot from each other.” Heading into the 2020 presidential election, the focus for election officials was shoring up cybersecurity around the nation’s voting systems after Russia four years earlier had probed for vulnerabilities and, in a small number of cases, breached voter registration systems. Then the pandemic happened, and state election officials had to scramble to ensure they could handle an onslaught of mail ballots from voters wary of crowded polling places while also dealing with shortages of poll workers and other staff triggered by the coronavirus.

Full Article: Election officials face complex challenges looking to 2022

National: New intel reports indicate fresh efforts by Russia to interfere in 2022 election | Katie Bo Williams, Natasha Bertrand and Alex Marquardt/CNN

The Biden administration is receiving regular intelligence reports indicating Russian efforts to interfere in US elections are evolving and ongoing, current and former officials say, and in fact, never stopped, despite President Joe Biden’s warnings to Russian President Vladimir Putin over the summer and a new round of sanctions imposed in the spring. Biden made deliberate mention of Russia’s operations two weeks ago when he revealed in public remarks to the intelligence community that that he had received fresh intelligence about “what Russia’s doing already about the 2022 election and misinformation” in his daily intelligence briefing that day. “It’s a pure violation of our sovereignty,” Biden said at the time. One of the people familiar with the matter confirmed that there have been recent intelligence reports about what the Russians are up to, particularly their efforts to sow disinformation on social media and weaponize US media outlets for propaganda purposes. There are some indications that Moscow is now attempting to capitalize on the debate raging inside the US over vaccines and masking, other sources told CNN.

Full Article: New intel reports indicate fresh efforts by Russia to interfere in 2022 election – CNNPolitics

National: Senate Democrats unveil bill to protect election officials, prevent election subversion | Celine Castronuovo/The Hill

A group of Democratic lawmakers led by Senate Rules Committee Chairwoman Amy Klobuchar (Minn.) unveiled legislation Thursday aiming to combat efforts to undermine election results and install new protections for election workers, who have received a rise in violent threats since the 2020 election. The bill, titled the Protecting Election Administration from Interference Act, would extend existing prohibitions on threats to election officials to include individuals involved in ballot-counting, canvassing and certifying election results. The legislation also calls for strengthened protections for federal election records and election systems to “stop election officials or others from endangering the preservation and security of cast ballots,” and allowing the Justice Department to bring lawsuits to enforce compliance with election records requirements.

Full Article: Senate Democrats unveil bill to protect election officials, prevent election subversion | TheHill

National: It’s still practically impossible to secure your computer (or voting machine) against attackers who have 30 minutes of access | Andrew Appel/Freedom to Tinker

It has been understood for decades that it’s practically impossible to secure your computer (or computer-based device such as a voting machine) from attackers who have physical access. The basic principle is that someone with physical access doesn’t have to log in using the password, they can just unscrew your hard drive (or SSD, or other memory) and read the data, or overwrite it with modified data, modified application software, or modified operating system. This is an example of an “Evil Maid” attack, in the sense that if you leave your laptop alone in your hotel room while you’re out, the cleaning staff could, in principle, borrow your laptop for half an hour and perform such attacks. Other “Evil Maid” attacks may not require unscrewing anything, just plug into the USB port, for example. … More than twenty years ago, computer companies started implementing protections against these attacks. Full-disk encryption means that the data on the disk isn’t readable without the encryption key. (But that key must be present somewhere in your computer, so that it can access the data!) Trusted platform modules (TPM) encapsulate the encryption key, so attackers (even Evil Maids) can’t get the key. So in principle, the attacker can’t “hack” the computer by installing unauthorized software on the disk. (TPMs can serve other functions as well, such as “attestation of the boot process,” but here I’m focusing on their use in protecting whole-disk encryption keys.) So it’s worth asking, “how well do these protections work?” If you’re running a sophisticated company and you hire a well-informed and competent CIO to implement best practices, can you equip all your employees with laptops that resist evil-maid attacks? And the answer is: It’s still really hard to secure your computers against determined attackers.

Full Article: It’s still practically impossible to secure your computer (or voting machine) against attackers who have 30 minutes of access

Editorial: Trump is planning a much more respectable coup next time | Richard L. Hasen/Slate

 

Full Article: Trump is planning a much more respectable coup next time.

Editorial: It is time for Congress to act again to protect the right to vote | Merrick B. Garland/The Washington Post

Our society is shaped not only by the rights it declares but also by its willingness to protect and enforce those rights. Nowhere is this clearer than in the area of voting rights. Fifty-six years ago Friday, the Voting Rights Act became law. At the signing ceremony, President Lyndon B. Johnson rightly called it “one of the most monumental laws in the entire history of American freedom.” Prior attempts to protect voting rights informed his assessment. The 15th Amendment promised that no American citizen would be denied the right to vote on account of race. Yet for nearly a century following the amendment’s ratification, the right to vote remained illusory for far too many. The Civil Rights Act of 1957 marked Congress’s first major civil rights legislation since Reconstruction. That law authorized the attorney general to sue to enjoin racially discriminatory denials of the right to vote. Although the Justice Department immediately put the law to use, it quickly learned that bringing case-by-case challenges was no match for systematic voter suppression. Things would not have changed without the civil rights movement’s persistent call to action. By the time a 25-year-old John Lewis was beaten on the Edmund Pettus Bridge in Selma, Ala., the Justice Department had been embroiled in voting rights litigation against the surrounding county for four years. Although the county had approximately 15,000 Black citizens of voting age, the number of Black registered voters had only risen from 156 to 383 during those years.

Full Article: Opinion | Merrick Garland: It is time for Congress to act again to protect the right to vote – The Washington Post

Arizona: Cyber Ninjas leader ignored records contradicting his false claim | Jeremy Duda and Garrett Archer/Arizona Mirror

Speaking before several thousand supporters at a “Rally to Protect Our Elections” in downtown Phoenix, former President Donald Trump recited a litany of alleged findings from the Arizona Senate’s self-styled election audit, including a debunked claim that 74,000 mail-in ballots were counted despite no record of them being sent to voters. “There’s no record of them being sent, but they were counted. So, nobody knows where the hell are they?” Trump told the crowd at Arizona Federal Theatre on July 24. The former president didn’t realize it, but Trump personally found a voter who had cast one of those ballots. Later in his speech, he asked each of the Republican gubernatorial candidates who had spoken earlier in the day to stand up and be recognized. Among those candidates was state Treasurer Kimberly Yee, who was one of the 74,000 voters. She was, in fact, very real, and had cast a perfectly legal ballot. According to Maricopa County’s files, Yee cast her ballot in-person at an early voting center on Oct. 28. Trump’s claim stemmed from a statement made by Doug Logan, the leader of the election review team, that 74,243 mail-in ballots were counted that had “no clear record of them being sent.” Right-wing pundits and supporters of the so-called audit, including those funding it, seized on the number and dubbed those people “phantom voters” who stole the election from Trump.

 

Source: Cyber Ninjas leader ignored records contradicting his false claim

Colorado: Decertified election equipment could prove costly to Mesa County | Charles Ashby/Grand Junction Sentinel

Mesa County isn’t just on the hook for replacing all of its expensive election equipment, but also for up to $170,000 in money the Clerk’s Office received in COVID-19 aid, according to the Secretary of State’s Office. In the wake of Thursday’s announcement from Secretary of State Jena Griswold to decertify the county’s election equipment because of a security breach that Griswold said Clerk Tina Peters had aided, the county may have to spend hundreds of thousands of dollars to replace that equipment. Some of the money from the Coronavirus Aid, Relief and Economic Stability Act, known as the CARES Act, approved by Congress and signed by then-President Donald Trump in March 2020 went to purchasing some of the now-decertified election equipment. And some of that equipment is brand new. A year ago this month, the Mesa County Board of Commissioners approved three grant applications that Peters and her Elections Division had applied for: $70,000 for six electronic ballot marking tablets from Dominion Voting Systems and ballot drop boxes, $69,996 for 22 additional Dominion voting tablets, and $10,000 for a new drop box and security equipment in Palisade. All of that equipment came from CARES Act funding, and all of the requests came from Peters, who now is publicly challenging whether Dominion voting equipment is reliable. Because that equipment was paid for through grants provided by Griswold’s office, some of it may have to be paid back to the state, and the county will have to use its own money to replace them.

 

Full Article: Decertified election equipment could prove costly to county | Western Colorado | gjsentinel.com

Georgia; Cybersecurity concerns raised over ballot marking devices | Doug Richards/11alive

A new court brief is sounding an alarm from cybersecurity experts about Georgia’s voting system. It suggests that cities like Atlanta use hand-marked paper ballots in elections this fall instead of the Dominion voting machines purchased by the state in 2019. This critique is separate and distinct from the unsubstantiated complaints that claimed election fraud in November. The concerns posed by cybersecurity experts say Georgia is asking for trouble by continuing to use the state’s voting machines. “I’m one of the cybersecurity professionals that think the more computers we have in the (election) system, the more vulnerable it is,” said Dr. Rich DeMillo, the founder of Georgia Tech’s new College of Cybersecurity. DeMillo says the state’s voting system can be hacked through networks or by infecting a machine or a printer in a voting booth. Another computer hacking expert, J. Alex Halderman, wrote a court brief detailing how he experimentally hacked a few of Georgia’s voting machines with the blessing of a federal judge. The court sealed the report to avoid tipping off real hackers how to do it. “My report demonstrates that Georgia’s (ballot marking devices) can be manipulated so that both the barcodes and the printed (ballot) text indicate the same fraudulent selections. No audit or recount can catch such fraud because all records of the voter’s intent would be wrong,” Halderman explained in a brief referencing the report.

 

Full Article: Cybersecurity concerns raised over Georgia voting system | 11alive.com

Georgia: Good Luck to the Judge Who Sealed a Ballot Machine Vulnerability Report | Dell Cameron/Gizmodo

Facing a quintessential damned-if-I-do-damned-if-I-don’t scenario, a federal judge in Georgia has sealed a 25,000-word report said to outline vulnerabilities in the state’s ballot-marking machines. The decision was seemingly made out of fear that the contents would add fuel to rampant conspiracy theories surrounding the 2020 election; a topic which is not even broached by its author. The Daily Beast, reporting the judge’s decision early Friday, said the report by J. Alex Halderman, a computer science professor at the University of Michigan, outlines specific vulnerabilities that, to quote the professor, “allow attackers to change votes despite the state’s purported defenses.” In a signed declaration, Halderman said he’d discovered “multiple severe security flaws” that could be exploited using malware, either with temporary physical access to the machine or by injecting it remotely via election management systems. Halderman writes: “I explain in detail how such malware, once installed, could alter voters’ votes while subverting all the procedural protections practiced by the State, including accepted testing, hash validation, logic and accuracy testing, external firmware validation, and risk-limiting audits (RLAs). Finally, I describe working proof-of-concept malware that I am prepared to demonstrate in court.”

Full Article: Judge Seals Ballot Machine Vulnerability Report in Georgia, Uh Oh

Idaho Governor’s new Cybersecurity Task Force targets election integrity and security | Tristan Lewis|KTVB

After previously indicating that cybersecurity is one of his top priorities at the State of the State address, Idaho Governor Brad Little is making some action. On Thursday, Little announced the formation of a new task force to advance cybersecurity initiatives in Idaho. “We’ll need increased resources, partnerships and active collaboration between a broad range of organizations to successfully protect from ever-growing cybersecurity threats, and I’m confident my Cybersecurity Task Force is up to the task,” Gov. Little said in a press release. Improvements to business, government and personal cybersecurity defense are just some of the goals for the 19-person task force. They will figure out cybersecurity assets, resources, and public-private partnerships across Idaho. Among boosting cybersecurity altogether around the Gem State, election integrity and security are at the top of the list for the team. “I’m also asking the task force to find new ways to protect Idaho’s election infrastructure because fair and free elections are a hallmark of Idaho’s proud representative democracy and the expectation of every Idahoan,” Little said.

 

Full Article: Idaho Gov. Little’s new Cybersecurity Task Force targets election integrity and security | ktvb.com

Maryland Elections Board, Blind Advocates Reach Agreement on Efforts to Improve Ballot Privacy for Voters with Disabilities | Danielle E. Gaines/Maryland Matters

The Maryland State Board of Elections has settled a longstanding dispute over ballot-marking devices that disability advocates say forced them to cast a segregated ballot. The terms of the settlement were publicly announced Tuesday by the National Federation of the Blind, which filed a lawsuit over ballot privacy in August 2019. At issue are the state’s ballot-marking devices, which allow voters who are blind or have other disabilities to use headphones, magnification, touchscreens and other features to independently cast ballots. But the machines also produce a ballot printout that’s a different size and shape than the paper ballots cast by a vast majority of Maryland voters. In recent elections, many precincts in the state saw only one single ballot cast using a marking device – making the voter’s identity and candidate choices entirely obvious and violating the right to a private ballot, advocates argued.

Full Article: Maryland Elections Board, Blind Advocates Reach Agreement on Efforts to Improve Ballot Privacy for Voters with Disabilities – Maryland Matters

North Carolina Officials say new voting audits offer trust and transparency in elections | Jordan Wilkie/Carolina Public Press

This fall, North Carolina will pilot a new kind of postelection audit, the gold-standard method to ensure the candidate declared the winner in a race actually received the most votes. The action is the first step in a likely yearslong process of improving the state’s postelection audit strategies.  Currently, the state uses a “sample audit,” whereby election officials hand-recount two random precincts to make sure the results are right. For most elections, North Carolina’s sample audits count far more ballots than is necessary to be confident that the election results are accurate, creating a significant and unnecessary burden on election officials. For very close elections, the state’s current sample audit may recount too few ballots to be highly confident in checking the results. Risk-limiting audits were designed to right-size this problem, what N.C. State Board of Elections Chair Damon Circosta referred to as an “optimization” of the system. A risk-limiting audit randomly samples ballots from across voting methods. Election officials hand-count the sample and then use an equation to see how likely it is that the paper ballots show a different outcome than the computer-counted results. If the ballots show a potentially different outcome, a bigger sample is pulled. The process is repeated using progressively larger samples. If it looks as if the paper ballots aren’t backing the electronic outcome, an entire recount occurs.

Source: Officials say new voting audits offer trust and transparency in elections – Carolina Public Press

Editorial: Exporting the fraudit to Pennsylvania would be disaster | Trey Grayson/Pittsburgh Tribune-Review

In July, Pennsylvania State Sen. Doug Mastriano announced his intention to bring the Arizona audit to Pennsylvania. County officials have rebuffed his requests for election data, and Mastriano is threatening subpoenas to fuel the investigation. This is going to be a mess. Strange circumstances aside, a Pennsylvania audit is a disaster in the making. If Mastriano is successful, his review will harm election integrity and undermine confidence in our electoral system. For evidence, look no further than the Arizona “audit” debacle. Aside from being rooted in the lie that Donald Trump won the 2020 election, the Arizona audit has been a technical nightmare on multiple levels. As a former two-term Kentucky Secretary of State, I know firsthand how elections are run. Along with my co-author, University of Wisconsin professor Barry Burden, I recently conducted an independent evaluation of the Arizona audit and found multiple key failures by the contractor, Cyber Ninjas. The firm and its subcontractors failed four major criteria that are the bedrock of safe and fair election reviews.

Full Article: Trey Grayson: Exporting the fraudit to Pa. would be disaster | TribLIVE.com

Wisconsin GOP lawmaker seeks to seize ballots and voting machines in Milwaukee and Brown counties | Patrick Marley Molly Beck Hope Karnopp Milwaukee Journal Sentinel

A Republican state lawmaker sought Friday to seize ballots and voting machines in Milwaukee and Brown counties as conservatives try to ramp up to review a presidential election that courts have already determined was decided properly. What happens next is unclear. A June memo from the nonpartisan Wisconsin Legislative Council suggests the subpoenas may not be valid because neither Assembly Speaker Robin Vos of Rochester or Assembly Chief Clerk Ted Blazel’s signatures appear on them. Republican Rep. Janel Brandtjen of Menomonee Falls, the chairwoman of the Assembly Elections Committee, issued the subpoenas as part of a wide-ranging examination of an election Joe Biden narrowly won over Donald Trump. The subpoenas are nearly identical to a letter issued last month by a Republican lawmaker in Pennsylvania.  “This is not something that we’re going to be doing just in 2020. We’re going to be doing it every year going forward,” Brandtjen told hundreds gathered on the Capitol steps Friday who were demanding an expansive review of the election. Election officials in the two counties did not say if they would comply with the subpoenas. Only Vos has the authority to issue legislative subpoenas to compel county officials in Wisconsin to testify or produce records, according to a legal analysis by the Legislative Council provided to Democratic Rep. Mark Spreitzer of Beloit.

Full Article: GOP lawmaker seeks to seize ballots and voting machines in Milwaukee and Brown counties