National: US officials hope hackers at Defcon find more voting machine problems | CNET

This election day, US officials are hoping for a vote of confidence on cybersecurity. Hackers at the Defcon cybersecurity conference in Las Vegas on Friday took on voting machines again, after showing how easy it was to break into election machines at last year’s gathering. This time around, officials from the US Department of Homeland Security were on hand to learn directly from hackers who find problems with election security. “We’ve been partners with Defcon for years on a lot of various different issues, so we see a lot of value in doing things like this,” Jeanette Manfra, the DHS’s top cybersecurity official, said at Defcon. In her speech, Manfra invited hackers at Defcon to come find her after to talk more about election security. “We’d love it if you worked for us, we’d love it if you worked with us,” she said.

National: House Intel lawmakers introduce bipartisan election security bill | The Hill

Four lawmakers on the powerful House Intelligence Committee, including two Republicans, are introducing legislation to help states secure the nation’s digital election infrastructure against cyberattacks following Russian interference in the 2016 election. The bill, which is a companion to a measure in the upper chamber spearheaded by Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.), is a direct response to the effort by Moscow’s hackers to target state websites and other systems involved in the electoral process in the run-up to the 2016 vote. “Although the Russian government didn’t change the outcome of the 2016 election, they certainly interfered with the intention of sowing discord and undermining Americans’ faith in our democratic process,” said Rep. Tom Rooney (R-Fla.) in a statement Friday. “There’s no doubt in my mind they will continue to meddle in our elections this year and in the future.” 

National: Voting Rights Advocates Used to Have an Ally in the Government. That’s Changing. | The New York Times

A new voter ID law could shut out many Native Americans from the polls in North Dakota. A strict rule on the collection of absentee ballots in Arizona is being challenged as a form of voter suppression. And officials in Georgia are scrubbing voters from registration rolls if their details do not exactly match other records, a practice that voting rights groups say unfairly targets minority voters. During the Obama administration, the Justice Department would often go to court to stop states from taking steps like those. But 18 months into President Trump’s term, there are signs of change: The department has launched no new efforts to roll back state restrictions on the ability to vote, and instead often sides with them. Under Attorney General Jeff Sessions, the department has filed legal briefs in support of states that are resisting court orders to rein in voter ID requirements, stop aggressive purges of voter rolls and redraw political boundaries that have unfairly diluted minority voting power — all practices that were opposed under President Obama’s attorneys general.

National: Group Files Lawsuit to Challenge Electoral College | Roll Call

A group is suing two red states and two blue states to change the Electoral College system. Former Massachusetts Gov. William Weld, Harvard Law professor Lawrence Lessig and David Boies, who served as former Vice President Al Gore’s lawyer in Bush v. Gore, make up the group according to the Boston Globe. The group is suing two predominantly Democratic states (California and Massachusetts) and two predominantly Republican states (Texas and South Carolina.) They argue the winner-take-all format of the Electoral College disenfranchises numerous voters and that it violates the principle of “one person, one vote.” Boies said the Electoral College system leads to candidates only campaigning to certain groups of voters and ignoring others.

Arizona: Judge to decide legality of Arizona law prohibiting collection of mail-in ballots | Arizona Daily Star

Attorneys for a Democratic activist told a federal judge Friday that there is a legal and constitutional right for her and others to deliver someone else’s ballot to polling places. And Spencer Scharff asked Judge Douglas Rayes to immediately quash the law and allow what’s known as “ballot harvesting” to once again be legal in time for the Aug. 28 primary. Scharff argued that federal law specifically allows individuals to deliver “mail” — and essentially compete with the U.S. Postal Service — as long as they don’t charge for the service. In these cases, he told Rayes, people like his client, Rivko Knox, who have been collecting early ballots for years, are doing that simply as a service.

California: Software incompatibilities cited in review of missing Los Angeles County voter names | Los Angeles Times

Los Angeles County’s election software was unable to process a formatting change in state voter data, contributing to 118,500 names being omitted from eligible-voter rosters on election day in June, according to an executive summary of an independent review released Wednesday. There was no evidence of a security breach, the summary said. The county paid IBM Security Services $230,000 to investigate the foul-up, which officials said affected roughly 2.3% of registered voters across the county and 35% of voting locations. L.A. County elections chief Dean Logan said in June that the problem had no impact on voter eligibility and that poll workers were instructed on election day to give provisional ballots to people whose names did not appear on rosters. But the omissions prompted elected officials and civil rights groups to demand that the county review its election process.

Florida: An 11-year-old changed election results on a replica Florida state website in under 10 minutes | PBS

An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said. Thousands of adult hackers attend the convention annually, while this year a group of children attempted to hack 13 imitation websites linked to voting in presidential battleground states. The boy, who was identified by DEFCON officials as Emmett Brewer, accessed a replica of the Florida secretary of state’s website. He was one of about 50 children between the ages of 8 and 16 who were taking part in the so-called “DEFCON Voting Machine Hacking Village,” a portion of which allowed kids the chance to manipulate party names, candidate names and vote count totals.

Florida: Facebook Fight Over Florida Felon Voting Rights Restoration Ends in Shooting | Associated Press

A political argument on Facebook led to a 44-year-old Florida man driving to the home of a stranger he’d been arguing with and shooting and wounding him. Now Brian Sebring faces felony charges of aggravated battery with a deadly weapon and carrying a concealed gun. Sebring told the Tampa Bay Times he “just snapped and let primal rage take over” when he left work early on Monday, went home to get his gun and headed to the home of Alex Stephens. Sebring and Stephens, 46, had never met, though they live in the same neighborhood. “I’m not a bad guy,” Sebring told the newspaper, “but I mean, this guy threatened to hurt my family, and I went off the deep end.” Sebring said he’s probably going to see a therapist now because it scares him that “I could lose my temper like that and do something so stupid.”

Georgia: Election Security Becomes A Political Issue In Georgia Governor’s Race | NPR

In the fall of 2016, as reports of Russian-backed hacking of state election systems were surfacing, Georgia’s Secretary of State, Brian Kemp, rejected federal offers of help to secure his state’s voting systems. “The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security,” Kemp told a technology website. Now, Kemp is the Republican nominee to be Georgia’s next governor, and in another election season where cyber-attacks are in the air, his record securing the state’s elections is becoming a campaign issue. This past week, the Georgia Democratic Party called for Kemp’s resignation, citing in part his response to Russian-backed hacking attempts of state voting systems in 2016.

Kansas: Local officials wield power as Colyer vs. Kobach undecided | The Kansas City Star

Local officials spread across Kansas’ 105 counties will exercise an incredible amount of power this week when they determine whether thousands of ballots should count in the closest primary race for governor in Kansas history. The roughly 9,000 provisional ballots, awaiting rulings from county officials across the state, will likely decide whether Gov. Jeff Colyer or Secretary of State Kris Kobach emerges as the GOP’s standard-bearer in the fall. More than 40 percent of the provisional ballots were cast in the state’s two most populous counties, Johnson and Sedgwick. The ballots have the power to swing the Kansas race in Colyer’s favor or solidify a victory for Kobach. Kobach’s role as the state’s chief election official has heightened the scrutiny of the vote-counting process in the contentious race. After a backlash this week, Kobach announced Friday that Assistant Secretary of State Eric Rucker will oversee the process in his stead.

Kentucky: State wants to replace voting machines. Some counties aren’t sure why | Louisville Courier Journal

In November, Kentuckians in 22 counties will cast their votes on electronic voting machines that were broken into in less than two days at the annual DEFCON hackers conference last year. Secretary of State Alison Lundergan Grimes said the state Board of Elections is coordinating with county officials to build hacker-proof voting systems, making use of nearly $6 million it received from Washington D.C. in March when Congress authorized a $380 million state grant program for election security following concerns about election fraud in the 2016 election. The Kentucky Board of Elections set aside the majority of that money — $4.6 million — to upgrade electronic voting machines across Kentucky to paper-trail machines, which experts say are less susceptible to hacking and can be audited to detect fraud. Grimes said she hopes to have the updated equipment in place in time for the 2020 election.

Louisiana: Voting machine allegations could impact campaign | Associated Press

With the contract lucrative and available only once every decade or two, vendors were expected to aggressively fight for Louisiana’s contract to replace thousands of voting machines. But the latest search for a company to provide Louisiana’s voting equipment attracted more than just intense competition, also drawing allegations the secretary of state’s office mishandled parts of the bid process and attempted to manipulate the outcome for the winning bidder. The questions of impropriety come at the worst time for Secretary of State Kyle Ardoin, the state’s chief elections official. Ardoin, a Baton Rouge Republican who took over the job after a sexual harassment scandal ousted his boss Tom Schedler, is running for the elected position on the Nov. 6 ballot.

Michigan: Wayne County Board of Canvassers will dig into election night website issues | Michigan Radio

The Wayne County Board of Canvassers wants to know what went wrong with the county’s election website during last week’s primary. The board is expected to meet Monday with the CEO of ElectionSource, the Grand Rapids-based company that runs the county’s election results reporting website, to try and get answers. As returns started coming in Tuesday night, it was clear the website was having problems. Some initial results were reported incorrectly, causing inexplicable fluctuations and leading many to doubt whether the numbers could be trusted at all. And the website shut down altogether for several hours during the night, before coming back online Wednesday morning. County elections officials insist the vote count was always accurate. ElectionSource blamed the problems on software glitches that resulted from too-large data files, and too much web traffic overwhelming data uploads.

Australia: Flaws in ACT election systems could reveal voters’ votes | ZDNet

Two newly revealed flaws in the Australian Capital Territory (ACT) electronic voting systems could have allowed voters to be linked to their votes, breaking the core democratic concept of the secret ballot. The vulnerabilities were disclosed in a detailed technical write-up on Monday by independent security researcher T Wilson-Brown, who originally discovered and confirmed the flaws in early January. Elections ACT had agreed in March to public disclosure on April 9, but on April 10 it pulled out. Four months later, Wilson-Brown has published them, to allow time for changes to be made before the next ACT election in 2020. The first vulnerability stems from Elections ACT publishing online the individual, and their preference allocations under the ACT’s preferential voting system, for later analysis.

Mali: Votes in runoff election amid heavy security presence | The Guardian

Millions of Malians are voting in an unprecedented runoff presidential election that has been overshadowed by widespread allegations of fraud and the threat of Islamist extremist violence. The current president, Ibrahim Boubacar Keïta, is the favourite, having won 41% of the vote in the first round two weeks ago while the challenger, Soumaïla Cissé, took only 18%. Extra security forces have been deployed after about 250,000 people, 3% of the electorate, were unable to vote because of insecurity during the first round. Armed attacks and other incidents were recorded at about a fifth of polling stations. Mali is key in the battle against Islamic extremism in the Sahel region and and is central to efforts to restrict illegal immigration to Europe.

United Kingdom: Ministers urged to abandon Voter ID as rollout at general election estimated to cost up to £20m | The Independent

Ministers are facing calls to ditch plans for nationwide voter ID checks as it emerged introducing them at a general election could cost up to £20m – even though there were only 28 cases of polling station impersonations alleged in 2017. The government has been urged to abandon the contentious proposals, with the Electoral Reform Society (ERS) pointing out that at this rate, the cost could equate to £700,000 per fraud allegation. Labour has claimed the moves are in danger of locking people out of the democratic process, and critics fear it could disproportionately affect ethnic minorities and the poorest.

Zimbabwe: Chamisa challenges election result; inauguration halted | Reuters

Zimbabwe’s main opposition leader, Nelson Chamisa, filed a court challenge on Friday against President Emmerson Mnangagwa’s election victory, halting Mnangagwa’s planned Sunday inauguration. The first election since Robert Mugabe was forced to resign after a coup in November had been expected to end Zimbabwe’s pariah status and launch an economic recovery but post-election unrest has reminded the country of its violent past. Chamisa’s lawyer Thabani Mpofu said he had asked the Constitutional Court to nullify the July 30 vote and that his court application meant Mnangagwa’s swearing-in had been halted.

Verified Voting in the News: Smartphone Voting Is Happening, but No One Knows if It’s Safe | WIRED

When news hit this week that West Virginian military members serving abroad will become the first people to vote by phone in a major US election this November, security experts were dismayed. For years, they have warned that all forms of online voting are particularly vulnerable to attacks, and with signs that the midterm elections are already being targeted, they worry this is exactly the wrong time to roll out a new method. Experts who spoke to WIRED doubt that Voatz, the Boston-based startup whose app will run the West Virginia mobile voting, has figured out how to secure online voting when no one else has. At the very least, they are concerned about the lack of transparency. “From what is available publicly about this app, it’s no different from sending voting materials over the internet,” says Marian Schneider, president of the nonpartisan advocacy group Verified Voting. “So that means that all the built-in vulnerability of doing the voting transactions over the internet is present.”

National: At DEF CON ’18, kids as young as 5 challenged to hack election results websites, voting machines | ABC

At DEF CON, one of the world’s largest hacking conferences, hackers clad in black hoodies made headlines last year when they exposed an array of structural vulnerabilities in voting technology, successfully hacking into every voting machine they attempted to breach. This year’s DEF CON kicks off Friday in Las Vegas, and hackers will again have access to dozens of pieces of equipment — voting machines and pollbooks widely used in U.S. elections, including several models they haven’t previously attempted to crack. Children as young as 5 will compete to hack election results websites, and DEF CON has partnered with children’s hacking organization r00tz Asylum to award prizes to the first and youngest kids to breach the sites and hack equipment.

National: Advocates Say Paper Ballots Are Safest | Bloomberg

In June, voting security advocate Marilyn Marks bought four used optical scanners online from the Canadian government for about $2.50 apiece. Her purchase was meant to make a point: The state of Georgia doesn’t have to spend a lot to replace computerized voting machines considered the most vulnerable in the U.S. And it could do so in time for the midterm elections. Marks’s advice: Don’t listen to lobbyists for vendors pushing unnecessarily fancy and expensive voting equipment. Go back to paper ballots. Buy cheap used scanners to read them. Get it done now. “The Department of Homeland Security has said it. Every cyber expert says it,” she says. Voting machines like Georgia’s “are a national security risk.” As government officials warn of continuing cyberattacks intended to disrupt U.S. elections, Georgia is among 14 states heading into Election Day using touchscreen, computerized machines that don’t meet federal security guidelines because they produce no paper record—so voters can’t verify their choices and officials can’t audit the results.

National: Hackers at convention to ferret out election system bugs | Reuters

Def Con, one of the world’s largest hacker conventions, will serve as a laboratory for breaking into voting machines this week, extending its efforts to identify potential security flaws in technology that may be used in the November U.S. elections.  The three-day “Voting Village,” which opens in Las Vegas on Friday, also aims to expose vulnerabilities in devices such as digital poll books and memory-card readers. Def Con held its first voting village last year after U.S. intelligence agencies concluded the Russian government used hacking in its attempt to support Donald Trump’s 2016 candidacy for president. Moscow has denied the allegations.

National: Def Con steps out of the shadows to fight election cyber threat | Financial Times

Hacking democracy was as easy as abcde. When Carsten Schurmann sat down to hack one of the voting machines used instead of paper ballots in the state of Virginia, he used a simple online tool to discover a flaw in the machine that had been public — and remained unfixed — for 14 years. And he already knew the password, because he had found that on the internet, too. The password was abcde. Wearing a short-sleeved shirt and wire-framed glasses, the Danish computer science professor described how simple it had been to get in to the WINvote machine, after which he was able to tamper with the vote tally. “The machines are all vulnerable,” he said. “I’m not a hacker but I tried the first thing and it worked.”

National: Many states are purging voters from the rolls – On election day, stay away | The Economist

In 1965 President Lyndon Johnson signed the Voting Rights Act. Among other things, this required places with a history of discriminating against non-white voters to obtain federal approval before changing the way they conducted elections. In the ensuing decades it narrowed, and in some cases reversed, racial gaps in voting. Congress repeatedly reauthorised the Act, most recently in 2006 for 25 years. But in 2013 the Supreme Court gutted the pre-clearance provision. Since then states that had been bound by it have purged voters from their rolls at a greater rate than other states. That is part of a dramatic rise in voter purges in recent years. Many on the right say such purges and other policies are essential to ensuring electoral integrity. Others see a darker purpose.

National: More Government Websites Encrypt as Google Chrome Warns Users Non-HTTPS Sites are ‘Not Secure’ | Goverment Technology

Google Chrome, the most widely used Internet browser, has officially started warning users that unencrypted Web pages are “not secure.” Among those “not secure,” as of Aug. 9: The front pages of the official government websites for 14 states and four of the nation’s 10 most populous cities. Encryption — most easily represented with an “HTTPS” rather than “HTTP” in front of a site’s Web address — is the practice of encoding data traveling between a website and its visitor so that any third parties who are able to peek into the data don’t know what’s happening. With encryption, users can reasonably expect that their connection is private. Without it, bad actors can do things like steal information and change a Web page’s content without the user realizing it. It has become more or less the standard for the Internet. According to Google, 93 percent of Web traffic on Chrome takes place on encrypted pages. The tech giant started labeling non-HTTPS pages as “not secure” to push laggards toward encryption.

National: U.S. census citizenship question panned by scientists, civil rights groups | Reuters

As the U.S. government closed a public comment period on Wednesday on its plans for the 2020 census, scientists, philanthropists and civil rights groups used the occasion to again criticize plans to include a question about U.S. citizenship. The comment period gave any member of the public a chance to comment on aspects of the census which is a mandatory, once-a-decade count of the U.S. population that next occurs in April 2020. The comments have not yet been published, but some groups and individuals reinforced their opposition to the Trump administration’s plan to ask census respondents whether they are U.S. citizens.

California: Code, Software, Servers Bedeviled Marin County Election Website | Techwire

Old code, software problems and server configuration in Marin County, combined with heavy traffic, caused the blooper that made it impossible for the public to view results on election night June 5, county officials said this week. “We determined that it was a combination of three things,” said Liza Lowery Massey, director of Marin County’s Department of Information Services and Technology. The Registrar of Voters website, which had been redesigned to feature more graphs and other visual elements to make the data more accessible to the general public, remained inaccessible most of the night. Specifically, Massey said there was some antiquated legacy software code in some of the county’s Web pages.

Florida: State building defenses against Russian hack attack in 2018, but is it too late? | Tallahassee Democrat

Vladimir Putin winks at Mark Earley while the Leon County Elections Supervisor works. The photo of the Russian president was a gift from the Capital Tiger Bay Club to celebrate Earley’s 2016 election victory. “I put some horns on it and keep it on my desk as a reminder that none of this is fake,” said Earley, after a tour of his central office in Tallahassee where Leon County stores information on more than 207,000 voters. The idea Russia conducted an expeditionary probe of the nation’s election infrastructure two years ago for a later attack on democracy keeps Earley and other elections supervisors up at night and on their toes at work. “It’s all real – a clear and present danger,” said Earley.

Georgia: Companies asked to submit paper-based voting systems for Georgia | Atlanta Journal Constitution

Voting machine companies will submit proposals this month to replace Georgia’s touchscreens with hand-marked paper ballots or ballot-marking devices. The Secretary of State’s Office posted a request for information Wednesday to review companies’ voting systems and their costs, which could range from roughly $30 million to $150 million. A competitive bidding process could begin next year. Georgia has used electronic touchscreens since 2002, a voting system that lacks a verifiable paper backup to ensure accuracy. Election integrity advocates say electronic voting computers could be hacked.

Indiana: Federal judge rejects Attorney General’s attempt to scrap early voting decree | The Herald Times

A federal judge Thursday rejected Attorney General Curtis Hill’s attempt to unravel the consent decree reached earlier this summer requiring Marion County to establish satellite voting sites in November and in future elections. Senior Judge Sarah Evans Barker said Hill’s objections to the consent decree reached between the county election board and Common Cause of Indiana and the local branch of the NAACP are without merit. Common Cause and the NAACP sued last year to require Marion County to provide more than one location for voters to cast ballots in advance of the election. The consent decree requires the election board to have six satellite voting sites in November.

Iowa: Voter ID Law Argued; November Election At Stake | Iowa Public Radio

Attorneys for Iowa Secretary of State Paul Pate were at the Iowa Supreme Court today, arguing for reinstatement of parts of Iowa’s new Voter ID law. Requiring an ID at the polls doesn’t take effect until next year, but new rules for absentee ballots went into effect this year. Last month, a district court judge issued a temporary injunction halting those parts of the law. The Secretary of State wants the injunction lifted so the new absentee ballot rules can be in effect for the November election.