National: Security firm finds county election websites lack cybersecurity protections | The Hill

Many county election websites are lacking basic cybersecurity measures that could leave voters vulnerable to misinformation, security firm McAfee said Wednesday. McAfee threat researchers looked at county websites in 20 states and found that many county sites used .com domains instead of .gov ones, which are required to be thoroughly vetted as being official sites by government officials. Researchers found that Minnesota had the highest percentage of non-.gov domains for county election sites at 95.4 percent, followed by Texas at 95 percent and Michigan with 91.2 percent. Steve Grobman, the senior vice president and chief technology officer at McAfee, noted in a blog post that .com and other domains can be bought by anyone, meaning that misinformation about elections could be more easily shared with potential voters.

National: Pipe Bombs Sent to Hillary Clinton, Barack Obama and CNN Offices | The New York Times

Pipe bombs were sent to several prominent Democrats, including former President Barack Obama and former Secretary of State Hillary Clinton, setting off an intense investigation on Wednesday into whether figures vilified by the right were being targeted. From Washington to New York to Florida to Los Angeles, the authorities intercepted a wave of crudely built devices that were contained in manila envelopes. In the center of Manhattan, the Time Warner Center, an elegant office and shopping complex, was evacuated because of a pipe bomb sent to CNN, which has its New York offices there. It was addressed to John O. Brennan, a critic of President Trump who served as Mr. Obama’s C.I.A. director. None of the devices harmed anyone, and it was not immediately clear whether any of them could have. One law enforcement official said investigators were examining the possibility that they were hoax devices that were constructed to look like bombs but would not have exploded.

National: Mega Millions is Safer than Our Election System | The Weekly Standard

Elections security experts say that it is too late to do much to protect our voting systems against tampering for the midterms. The Department of Homeland Security’s efforts to spur ballot integrity upgrades are focused on 2020, but being future-minded is only an illusion: The hackers will always be ahead. When you’re talking about a set of processes as varied as how different states and districts vote—whether they still use outdated and vulnerable machines that leave no paper trail, or store their registration data insecurely online—there’s really no way to either prevent—or detect—ballot interference with anything like absolute certainty. Russians allegedly hacked Illinois and Arizona’s voter databases mere months before the 2016 presidential election. When DHS first detected these attacks it was too late to prevent them, only soon enough to seal up the vulnerabilities. Except that, even if elections officials had wanted to secure their online voter registration rolls in response to the attack, the law wouldn’t have let them.

Editorials: One Person, One Vote. Is It That Complicated? | Mary C. Curtis/Roll Call

I admit that voting is and has always been a celebratory ritual for me, even if the candidate is running unopposed, the office is state agriculture commissioner or my district’s makeup means my one vote won’t make much of a difference. I watched three older siblings march for civil rights, and I am well aware that many brave folks died protecting my right to cast that ballot. While a little rain or a busy schedule might provide an excuse to “sit this one out,” it’s never enough to outweigh the legacy left by a Medgar Evers, who served his country in World War II and was murdered in front of his Mississippi home for, among other civil rights activity, leading voter registration drives in the country he protected. Mine is not a controversial stand — in fact, it’s patriotic. You would think our country’s leaders, without regard to party or politics, would be on my side. You would be wrong.

Colorado: How Colorado voting became a cybersecurity leader long before Russians tried to hack it | TechRepublic

Colorado was one of 21 states targeted by Russian operatives during the 2016 election. But unlike many others, the state has spent years implementing top-tier cybersecurity measures and audits to prevent hackers from entering its systems and interfering with the election process. Colorado receives top marks in the three most important election security categories, according to a February report from the left-leaning Center for American Progress comparing the election security of all 50 states:

Adhering to minimum cybersecurity standards for voter registration systems
Carrying out elections with paper ballots
Conducting robust post-election audits

… In 2017, Colorado became the first state to carry out mandatory risk-limiting post-election audits, which are widely considered the gold standard, according to the Center for American Progress. Risk-limiting audits involve manually checking a sample of ballots, and providing statistical evidence that the election outcome is correct. They have a high probability of correcting a wrong outcome, according to the US Election Assistance Commission. A risk-limiting audit could lead to a full manual recount if there is not enough evidence to prove that the reported outcome is correct, the commission stated.

Colorado: 61,000 Adams County voters are still missing ballots (and other voting problems around Colorado) | The Colorado Sun

A quarter of voters in Adams County — a key 2018 battleground in Colorado — have yet to receive their ballots because one of four trucks carrying them to be mailed didn’t make it to a postal processing center last week. About 61,000 Adams County ballots — mostly for residents in Thornton, Brighton and Aurora — had yet to be sent as of Tuesday afternoon. “We’re waiting on the truck to pull up,” U.S. Postal Service spokesman David Rupert said. Julie Jackson, spokeswoman for Adams County Clerk and Recorder Stan Martin, said it was unclear why the ballots on the truck weren’t unloaded and ended up being returned to a secure location. She said the office is still investigating to find out what happened.

Georgia: Judge proposes injunction in Georgia absentee ballot case | Atlanta Journal-Constitution

A federal judge intends to issue an injunction barring Georgia election officials from tossing certain absentee ballots without giving would-be voters advance notice and a chance to rectify any issues. The implementation of the injunction — which U.S. District Court Judge Leigh Martin May plans to file Thursday — could complicate the work of election officials statewide, requiring the review of hundreds or thousands of ballot signatures with less than two weeks until Election Day. But civil rights groups whose lawsuits led to May’s decision have already declared victory in the battle, just one of many voting rights skirmishes to surface in what’s become a contentious Georgia election season. “We are pleased that the court has enforced the due process guarantees of the U.S. Constitution,” said Sean Young, legal director of Georgia’s branch of the American Civil Liberties Union. “Today’s ruling is a victory for democracy and for every absentee voter in the state of Georgia.”

Georgia: Old technology creating new problems with voting machines | WGCL

It’s a problem no one wants to have happen. You vote for one candidate but the machine claims you voted for someone else. Pamela Grimes was so excited to vote for her candidate for governor. So why did the voting machine in Bartow County show she had selected the other candidate? She went back to the previous page and had to re-do it three times. My thoughts were, oh my gosh. What just happened?” said Grimes. “Like, I know that I pushed the right box. And I had to press around the box. I did not press directly into that square. It was not removing that “x”.” She told a poll worker and then left.

Georgia: Mismatched info holds up registrations | Atlanta Journal-Constitution

When a Georgia voter registration form is filled out with the name “Jesus Christ” or “Badeye,” it’s pretty obvious why it wouldn’t be processed. Other registration applications stalled by state election officials might well be legitimate, such as those submitted by new U.S. citizens whose citizenship status hasn’t been updated in government computers. There are nearly 47,000 voter registrations pending in Georgia because of the state’s “exact match” law that flags a wide range of potential voters until they prove their eligibility, according to data the Secretary of State’s Office provided Wednesday. The number of pending registrations decreased from 53,000 last week after accounting for duplicate records. The list captures registration applications for hyphenated names, nicknames, typos, citizenship status, incorrect addresses and other information that doesn’t match government records.

North Carolina: Election Directors Urge Voters To Check Their Ballots After Touchscreen Mistakes | WFAE

County elections directors are urging voters to double-check their ballots after some early voters complained of mistakes. Some voters in Guilford County have found errors when reviewing their ballots before submitting them — namely that they meant to vote for a candidate of one party, but the machine marked their ballot for the other candidate. Elections Director Charlie Collicut said the problem comes from the election machines’ touch screens. As some voters touched the screen, it would select the name above or below the candidate they actually wanted. “It’s a machine that we have to calibrate — that a human being has to calibrate,” Collicut said, pointing out that the process isn’t perfect.

Pennsylvania: Council of governments opposes state mandate for new voting machines | PennLive

An 11-county council in central Pennsylvania has gone on record opposing the state mandate that counties to replace their voting machines. SEDA-Council of Governments, a public development organization, on Wednesday became the latest body to criticize the state requirement that by Dec. 31, 2019, all voting systems must create a verifiable paper trail. SEDA-COG’s resolution also calls on the state to provide full funding to any county that is required to replace its voting equipment. The estimated cost of replacing all voting machines in the state is $125 million.

Tennessee: Voter suppression lawsuit between activists and election commission continues | WREG

A legal battle between voting rights activists and the Shelby County Election Commission rages on. A key hearing in Chancery Court was postponed Wednesday afternoon. The subject of the hearing was a lawsuit accusing the Shelby County Election Commission of suppressing voters. “When you start talking about voter suppression, one suppressed vote is one too many,” Earle Fisher, with Up The Vote 901, said. The suit was filed against the commission by the NAACP Memphis chapter and the Tennessee Black Voter Project. It concerns 4,000 to 6,000 incomplete or rejected registration forms.

Brazil: Newspaper asks for probe of threats to election reporter | Associated Press

Brazil’s biggest newspaper said Wednesday that it has asked federal police to investigate threats against a journalist whose story alleged backers of the front-running presidential candidate bankrolled a fake news campaign. The request comes amid an increasingly heated atmosphere ahead of Sunday’s runoff between far-right candidate Jair Bolsonaro, who leads in opinion polls, and his leftist opponent, Fernando Haddad. The newspaper Folha de S. Paulo last week ran a report by Patricia Campos Mello saying businessmen linked to right-wing candidate Jair Bolsonaro had paid to spread fake news on the WhatsApp messaging service to benefit his candidacy. It said a blast message campaign also was planned for this week. Bolsonaro denied the report. Haddad called on Brazil’s electoral court to investigate.

Canada: Election night glitch points to the ‘wild west’ of online voting, says cybersecurity expert | Ottawa Citizen

Online voters in 51 Ontario municipalities had either a few more hours or an extra day to vote after a 90-minute computer portal slowdown on election night. Affected municipalities in Eastern Ontario included Renfrew, Laurentian Valley, Pembroke, Petawawa, Whitewater, Belleville and Kingston — all clients of Colorado-based Dominion Voting. Dominion is one of four companies that supplied Ontario municipalities with services in this municipal election. On Monday night, Dominion posted a statement saying the glitch was the result of a Toronto co-location provider that placed an unauthorized limit on incoming voting traffic of about one-tenth of the system’s designated bandwidth. The company was unaware of the glitch until it was alerted by the municipalities that are its customers. In those 90 minutes, voters experienced slow response time and system timeouts. This points to problems with the “wild west” of online voting in Canada, said a cybersecurity expert.

Congo: As Congo rolls toward election, voting machines a flashpoint | Associated Press

A deadly Ebola outbreak grows. Rebels kill civilians in the streets. And yet the arrival of voting machines in this troubled corner of Congo has some especially worried as a long-delayed presidential election promises further upheaval. The machines now arriving by the thousands in this Central African nation are of such concern that the U.N. Security Council has come calling, the United States has issued warnings and opposition supporters on Friday plan a national protest. As Congo faces what could be its first peaceful, democratic transfer of power, fears are high that the more than 100,000 voting machines will be ripe for manipulation. They also could pose a technical nightmare in a sprawling nation of more than 40 million voters where infrastructure is dodgy — just 9 percent of Congo has electricity — and dozens of rebel groups are active. “We cannot accept people inventing stories that trample our constitution,” said Clovis Mutsuva, a Beni resident with the LUCHA activist organization, which has tweaked the French term “machines a voter” into “machines a voler,” or “machines to steal.”

Mozambique: Opposition party suspends peace process over election dispute | AFP

The main opposition party in Mozambique, the Democratic Renewal of Mozambique also called Renamo, has announced suspension of its participation in peace negotiations initiated by the government to end recurrent violence in the country. Spokesman for Renamo, Andre Magibire said the party will now concentrate on electoral conflict. The moves follows several weeks of threat by the opposition and comes after the publication of local election results held on October 10. The results had announced the Frelimo ruling party as having won forty four municipalities, a decision contested by the opposition party which has also denounced fraud.

United Kingdom: Pencil and paper voting has thwarted Russian meddling – minister | The Guardian

It is “undoubtedly true” that there have been efforts by the Russian state to influence British elections, the culture secretary has told a committee of MPs, but the government has not seen evidence that those attempts have been successful. Speaking to the digital, culture, media and sport (DCMS) select committee, Jeremy Wright, the secretary of state at the department, said that the UK was defended against direct electoral interference by the simple fact that the UK uses pencils and paper to vote. “There are two types [of interference] you might attempt: one is with the process of the election itself, in other words, influencing the outcome of the election by means of interfering with voting machines etc, but we can’t do that here, we don’t have voting machines of that kind.

National: Voting machines are totally hackable. But who’s going to pay to fix them? | NPR

The midterm elections are here. Early voting is already happening in some places. We’re spending the rest of the week on election security and technology, starting with voting machines. Candice Hoke, founding co-director of the Center for Cybersecurity and Privacy Protection at the Cleveland-Marshall College of Law, believes insecure voting machines are the biggest security threat to the midterm elections. And they’re definitely insecure. Last summer at the DefCon hacking conference, security experts hacked and whacked at a variety of voting machines and came away saying the machines were hopelessly vulnerable to even the most basic hacking, like the kind where the default password is still “password.” And lots of them don’t even create paper receipts to ensure the votes were counted correctly. “We have not required voting systems vendors to operate under the same kinds of rules as, say, pharmaceuticals as to the safe and effectiveness of their products,” Hoke said. “So safety, privacy, auditability, transparency, whatever word you want to use, these are all marketing terms in the voting systems arena rather than reflective of some kind of standards that are actually being enforced.”

National: Paper and the Case for Going Low-Tech in the Voting Booth | WIRED

In September 2017, barely two months before Virginians went to the polls to pick a new governor, the state’s board of elections convened an emergency session. The crisis at hand? Touchscreen voting machines. They’d been bought back in the early aughts, when districts across the country, desperate to avoid a repeat of the 2000 “hanging chads” fiasco, decided to go digital. But the new machines were a nightmare, prone to crashes and—worse—hacking. By 2015, Virginia had banned one of the dodgiest models, but others were still in use across the state. Now, with the gubernatorial election looming, officials were concerned that those leftover machines were vulnerable.

They had good reason. Evidence of Russian interference in the US democratic process was mounting. And at the DefCon security conference that summer, whitehat hackers had broken into every electronic voting machine they tried, some in a matter of minutes. (One model had as its hard-coded password “abcde.”) “That really triggered us to action,” recalls Edgardo Cortés, at the time Virginia’s top elections official. So, at the emergency session, he and his colleagues instituted a blanket ban on touchscreen machines. But what next? Virginia officials needed a superior voting technology. They settled on paper. When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source. You can tally ballots rapidly using low-tech scanners, and if it’s necessary to double-check the results (as was the case with several down-ticket contests in Virginia), you can do a manual recount. Paper isn’t perfect, but it’s better than the alternative.

National: Officials prepare for potential false claims of election interference | The Hill

State and federal officials say they are well prepared for the possibility of a cyberattack on American election systems Nov. 6, but experts warn that even a false claim of interference by foreign actors on Election Day could undermine the public’s faith in the voting process. The top cyber official at the Department of Homeland Security (DHS) said it’s a very real possibility that groups will announce they successfully hacked certain election results. That would require swift action from federal authorities to decisively refute any unsubstantiated declarations of election meddling, analysts say. “I could absolutely envision a scenario where someone claims to have had access or claims to have hacked” an election, Christopher Krebs, the undersecretary of the National Protection and Programs Directorate (NPPD), told reporters last week.

National: New study scrutinizes time and effort it takes to vote in each state | Phys.org

Wide variations among the 50 states when it comes to the ease of casting a ballot are impacting the quality of democracy in the United States, a new study shows. Forget voter fraud. States are influencing who votes by making it easier or harder to cast a ballot, and that’s likely shaping election results, said study lead author Scot Schraufnagel, chair of the Department of Political Science at Northern Illinois University. He worked on the study with co-authors Michael J. Pomante II and Quan Li. Pomante II earned his doctorate from NIU in 2016 and works as a professor at Jacksonville University in Florida, while Li is a professor at Wuhan University in China. They created a “Cost of Voting Index”—using what is described in the study as “the largest assemblage of state election laws”—to rank each state according to the time and effort it took to vote in each presidential election year from 1996 through 2016. They analyzed the impact of 33 different variables dealing with registration and voting laws, with differences in registration deadlines carrying the most weight.

National: U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections | The New York Times

The United States Cyber Command is targeting individual Russian operatives to try to deter them from spreading disinformation to interfere in elections, telling them that American operatives have identified them and are tracking their work, according to officials briefed on the operation. The campaign, which includes missions undertaken in recent days, is the first known overseas cyberoperation to protect American elections, including the November midterms. The operations come as the Justice Department outlined on Friday a campaign of “information warfare” by Russians aimed at influencing the midterm elections, highlighting the broad threat the American government sees from Moscow’s influence campaign.

National: Google steps up security efforts as most campaigns use its email services | The Washington Post

Google has been stepping up its efforts to protect political campaigns against phishing attacks — one of the most pressing threats facing candidates as hackers continue to target them via email. U.S. political campaigns overwhelmingly use Google as their email provider, according to data collected by anti-phishing start-up Area1 Security. Of the 1,460 candidates the company is tracking who are running for the Senate, House of Representatives or governor, 65 percent use Google as their email provider. The 2018 midterms will be the first test of the security measures Google and other tech companies have adopted since Russian hackers successfully spear phished Hillary Clinton campaign chair John Podesta. Hackers stole more than 50,000 of his emails after a click on a “change password” button on an email disguised as a security alert from Google.

Editorials: Voter-Suppression Tactics in the Age of Trump | Jelani Cobb/The New Yorker

Decades ago, amid the most overt privations of Jim Crow, African-Americans used to tell a joke about a black Harvard professor who moves to the Deep South and tries to register to vote. A white clerk tells him that he will first have to read aloud a paragraph from the Constitution. When he easily does so, the clerk says that he will also have to read and translate a section written in Spanish. Again he complies. The clerk then demands that he read sections in French, German, and Russian, all of which he happens to speak fluently. Finally, the clerk shows him a passage in Arabic. The professor looks at it and says, “My Arabic is rusty, but I believe this translates to ‘Negroes cannot vote in this county.’ ” Old jokes have lately been finding renewed salience. Literacy tests, poll taxes, and grandfather clauses, once the most common mechanisms for disadvantaging minority voters, have been consigned to the history books, but one need look no further than the governor’s race in Georgia to see their modern equivalents in action. 

Editorials: Is the Assault on Voting Rights Getting Worse, or Are We Just Noticing It More? | Richard Hasen/

Over the weekend, President Donald Trump threatened prosecutions against nonexistent voter fraud, a message likely aimed at intimidating voters and stopping some from voting. With Trump’s heightened rhetoric and a seemingly increasing number of stories about voter suppression around the country, it is worth asking: Has voter suppression actually gotten worse in the 2018 midterm election season? Or are we just hearing about it more thanks to the hyperpolarized political environment? The truth depends on which state you are talking about. In many parts of the U.S., even in many Republican states, registering to vote and voting is becoming easier. But in some key Republican states, Supreme Court decisions have allowed states to put up new hurdles for voting. Just ask Native Americans in North Dakota, black voters in Georgia, or Latinos in Dodge City, Kansas. Whether or not these hurdles actually affect election outcomes, they are outrageous, unjustified, and a drain on state resources.

California: FBI investigating cyberattacks targeting California Democrat: report | The Hill

The FBI has opened up an investigation into cyberattacks that targeted a California Democrat who eventually lost a tight House primary race earlier this year, according to Rolling Stone, citing a source close to the campaign. The inquiry centers on distributed denial of service (DDoS) attacks against the campaign website for Bryan Caforio, who finished third in the June primary. He was running in California’s 25th Congressional District, which is represented by Republican Rep. Steve Knight and is considered a seat that Democrats could flip in November. The attacks involved creating artificially heavy traffic on his website that forced the hosting company to block access to bryancaforio.com four times before the primary, including during a crucial debate and in the week before the primary. No website data was accessed from the site during the attacks.

Missouri: Judge clarifies voter ID ruling ahead of key Senate contest | PBS

A Missouri judge on Tuesday made clear that local election workers cannot enforce a core requirement in a new voter photo identification law, taking away the teeth of the law in advance of a marquee U.S. Senate election on Nov. 6. At issue is a new law that had directed voters to present a valid photo ID or sign a sworn statement and present some other form of identification in order to cast a regular ballot. Senior Cole County Circuit Judge Richard Callahan earlier this month struck down the requirement that voters without proper photo ID sign a sworn statement. But Republican Secretary of State Jay Ashcroft, who supports a photo ID law, said the ruling caused “mass confusion” just weeks before the pivotal election between Democratic Sen. Claire McCaskill and her Republican rival, Attorney General Josh Hawley.

New Hampshire: ‘It’s a poll tax’: how New Hampshire became a battlefield for voting rights | The Guardian

Among the symmetrically mown lawns and grand homes of suburban New Hampshire, Garrett Muscatel was knocking on doors to talk about a subject that took many by surprise: voter suppression. At just 20 years old, this student at Dartmouth College is vying to become the youngest member of the state’s 400-person house of representatives in November’s midterm elections. But, so he told potential voters in this precinct, what is at stake was not just the beginning of his political career but the future of democracy in the Granite state. “Hi, my name is Garrett,” he told one woman in her 60s, tending to her barking dog. “I’m a student here at Dartmouth and I’m running for office. Did you know much about laws Republicans have passed that make it harder for people like me to vote?” She hadn’t heard much. But agreed that turning up to vote, even in a heavily Democratic precinct like this one, was important in the Trump era.

North Dakota: Voter ID Law Could Keep Rural Native Americans From Voting | WBUR

The Supreme Court declined this month to overturn a North Dakota law that requires voters to present an ID listing their residential address at the polls. The decision could have a negative impact on tens of thousands of rural voters — many of them Native Americans who live on one of the states five reservations, where residents are not required to have a street address. Native Americans have long faced unique challenges relating to voter suppression. They were the last to gain suffrage in 1924 and couldn’t vote in states like Arizona, New Mexico and Utah until 1948.

Texas: Students sue Waller County, allege voting rights violations | Associated Press

A group of students from a historically black university have filed a lawsuit alleging a southeast Texas county is suppressing the voting rights of its black residents. In a lawsuit filed in federal court in Houston on Monday, five Prairie View A&M University students allege Waller County election officials are violating the civil rights of black students and residents in Prairie View — which is predominantly African-American — by not providing any early voting locations on campus or anywhere in the city during the first week of early voting, which started Monday. In the second week of early voting, the county is providing five days in Prairie View, but two of them are off-campus and at a site that is not easily accessible to many students who lack transportation, according to the lawsuit.