Georgia: The power to vote – literally – carries a cost in Georgia | Jessica Waters/Connect

For Stephens County, that cost just increased by $30,500, as county commissioners, at the Feb. 11 regular meeting, unanimously approved the expenditure in order to rewire the Stephens County Senior Center – the county’s sole polling location – so that it is able to handle the electrical draw of the state-mandated new voting machinery. “We have to rewire the Senior Center to handle the amps needed by the new voting equipment. This is a problem all over the State of Georgia, I know of another county that had to spend $68,000 on rewiring. Everyone is having the same problem, and we’ve been jumping through hoops to resolve it,” County Administrator Phyllis Ayers told ConnectLocal.News Tuesday afternoon, Feb. 11. A part of the reason the new voting system has a higher electrical draw than the old system is that there are now several components, instead of the single-machine system previously in use. “You’ve got more machines that need to be plugged in. You’ve got your voting machines, the printers, the scanners, and you’ve got the cyber-power battery packs,” Ayers said. “If my Buildings and Grounds Director had not been here, unloading the equipment, and could see what the amps were – and he was calculating it up in his head as he was going by and he come down here and said ‘where’s the power coming from?’” The $30,500 bid to complete the rewiring of the Senior Center, submitted by local electrical contractor Henry Hayes, will be paid out of contingency funds, along with funding for pouring a concrete pad to hold the generator used to power the equipment and a few other minor related expenditures. “There is a grant where the state will consider reimbursing you back those expenses,” she said. “So we’re trying to keep up with that, and will apply for the grant.”

National: Is technology consistent with electoral integrity? The hard lessons of Iowa | Sarah E. Hunt/Salon

In the modern era, much of American greatness is derived from the conception that the United States maintains the integrity of its elections, thus ensuring the fair representation of its citizens in the halls of government. Such elections brought about the suffragist and civil rights movements, which marked evolutionary tectonic shifts in American democracy that aligned the nation more closely with the ideals set forth in its Constitution. When revolutionary action is called for, our country has the ability and will to better itself and defend its values. The chaos surrounding the 2020 Iowa caucus two weeks ago was a bellwether, heralding another transformational moment. Our willingness to take action will define America’s trajectory. The events unfolding in the heartland of our country are a wake-up call to the entire nation. They highlight the importance of protecting the security and integrity of our electoral system.

National: The Simple Lessons from a Complicated Iowa Caucus | Gowri Ramachandran and Susannah Goodman/Just Security

The very high-profile failure of a new app that was supposed to help report Iowa Caucus results has generated some important lessons. Even though the New Hampshire primary was not plagued by the same kinds of gross technical failures, it would be a mistake to just quickly move on and forget the lessons of the first debacle. As the Nevada Caucus approaches, it’s clear some lessons have been learned, but not all. As is widely known now, the Iowa app technology was designed to help record results from rounds of caucusing and pull together the results from across the state. But the app didn’t work, and results were not delivered, raising questions about not just the technology but the implementation process for the system. Massive frustration and even conspiracy theories ensued. Fortunately, Iowa had paper records and was able to turn to those in the face of the tech failure to help confirm the results. The media, candidates, and the public had to be patient, but without the paper records, results wouldn’t have been just delayed; they would have been impossible to obtain. The first lesson is clear: Anything computerized can fail for a slew of reasons, from hacking to software defects to inadequate training of election workers. This includes tablets, voting machines, ballot scanners, electronic poll books, and apps on phones and tablets.

National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

California: Los Angeles County built its new voting machines from scratch. Will they be ready? | Kevin Monahan, Ben Popken, Rich Schapiro and Cynthia McFadden/NBC

Los Angeles County has spent the last 10 years creating what it hopes is the voting system of the future, a $300 million fleet of cutting-edge machines built from scratch. But as it prepares to roll out the new equipment for the first time when early voting in California’s Democratic primaries kicks off next week, the county is in a race against the clock to shore up critical vulnerabilities highlighted in an alarming third-party assessment. The technical report commissioned by the California secretary of state identified a wide variety of security flaws and operational issues, including insecure ballot boxes and exposed USB ports that rogue actors could exploit to alter votes. “At first reading, it’s terrifying,” said Richard DeMillo, a computer science professor at the Georgia Institute of Technology who specializes in voting security. “There are things that are clear security vulnerabilities in the system that are brushed aside.” L.A. County Registrar Dean Logan, who is in charge of the system, said the majority of the security flaws have been fixed, and the county has complied with the requirements set out by California Secretary of State Alex Padilla. Padilla just last month approved the system for use in the Democratic primaries so long as certain conditions are met.

Connecticut: Voting security in Connecticut: Not another Iowa, but other threats persist | Westfair

If you ask Connecticut’s Secretary of the State Denise Merrill if the state is in danger of repeating the infamous Iowa caucus debacle when tallying its primary and general election results this year, you will get a hearty laugh. “That’s not going to happen here,” she said. The reason, Merrill said, is simple: Connecticut’s voting process relies on paper ballots “that undergo a rigorous post-election audit and (is) run by election professionals at the state and local level. Although it may take a little longer to report results, Connecticut’s reliance on paper is our best defense against threats to our cybersecurity.” The Feb. 3 Iowa Democratic caucus, whose victor, Pete Buttigieg, wasn’t finalized until Feb. 9, was marred by the use of a vote tabulation app called Shadow, whose enormous technical errors contributed significantly to a three-day delay in reporting results. The Shadow app was distributed through mobile app testing platform TestFairy, instead of official app stores on Android and iOS, which boast higher security and performance requirements. The poor performance has already caused other states that had contracted Shadow to tally their results, like Nevada, to cancel those plans, and has resulted in any number of late-night TV hosts’ wisecracks.

Florida: Palm Beach County elections ransomware attack raises security questions | Anthony Man and Skyler Swisher/South Florida Sun-Sentinel

From Tallahassee to Washington, D.C., officials and citizens voiced concern Thursday over an until-now undisclosed ransomware attack on the Palm Beach County elections office during the 2016 election season. The bombshell disclosure about the attack came from Supervisor of Elections Wendy Sartory Link, who said Wednesday she learned in November about the ransomware attack. Link, who took office in January 2019, said some of the agency’s data was corrupted, but the problem apparently was corrected and didn’t affect the November 2016 elections. The picture was muddied by the response from Susan Bucher, the supervisor of elections at the time, who said it never happened. The current county elections chief said she wasn’t trying to alarm the public — but the disclosure heightened concerns for some, coming just five weeks before Florida’s presidential primary and the local government elections for 20 cities, towns and villages in Palm Beach County.

Kansas: Democrats sue over Kansas delay in start of ‘vote anywhere’ | John Hanna/Associated Press

Kansas and national Democratic Party groups on Friday sued the Republican official who oversees the state’s elections, accusing him of violating voters’ rights by delaying the implementation of a law designed to make voting on Election Day more convenient. The lawsuit was filed in state district court in Topeka after Secretary of State Scott Schwab said his office would need another year to draft regulations needed for counties to take advantage of a 2019 state “vote anywhere” law. The law permits counties to allow voters to cast their ballots at any polling place within their borders on Election Day, rather than only at a single site. Some officials in Sedgwick County, home to the state’s largest city, Wichita, believe it is ready to allow voters to choose their polling sites. They note that it has allowed voters to cast their ballots in advance at multiple locations for more than a decade, with the county’s entire electronic voter registration database accessible to workers at each one. It also deployed new voting machines in 2017 that allow a “vote anywhere” system.

Minnesota: From disinformation to hackers, new ‘cybernavigator’ racing to protect Minnesota’s 2020 elections | Stephen Montemayor/Minneapolis Star Tribune

Bill Ekblad spent nearly three decades as a naval cryptologist, working from ships and planes stationed in the Middle East and Germany to fight cyberattacks coming from around the world. Now, the Minnesota native is back home and facing a uniquely tall order. Ekblad is the state’s first “cybernavigator,” hired by the secretary of state’s office to help local election workers guard against an increasingly expanding set of threats, from disinformation campaigns to foreign actors trying to penetrate election networks. “It’s a tale of surprises: I mean, I think that nobody really saw realistically the potential for foreign adversaries to meddle in elections prior to 2016,” Ekblad said in an interview from his office near the State Capitol. “And then in 2018, the game changed. It became less about the hard computer network operations and more about the soft skills of influence and hacking the mind of the voter.” Ekblad, hired through a federal election security grant, is now drawing on that history to pose a new question to the scores of local officials in Minnesota’s 87 counties who are in charge of running this year’s elections: “Why do we think 2020 will be something predictable?”

Nevada: Democrats Say They’ll Replace Their Caucus App With iPads And A Google Form | Kaleigh Rogers/FiveThirtyEight

In just two days, Nevadans will begin early voting in the state’s Democratic caucuses. For the past few weeks, it’s been unclear how those votes would be integrated into the overall vote tallies after Nevada Democrats were spooked by the chaos in Iowa’s Democratic primary and decided to toss a previous plan to use an app. But today, the state Democratic party revealed how it intends to incorporate those early votes into the live caucuses on Feb. 22: “a simple, user-friendly calculator.” What that means, exactly, is still a bit unclear. In a memo sent to campaigns Thursday and shared with FiveThirtyEight, the party wrote that “the caucus calculator will only be used on party-purchased iPads provided to trained precinct chairs and accessed through a secure Google web form.” The memo didn’t provide any specifics about whether the calculator would be accessed through the Google form, or whether the Google form itself is the calculator. It’s also not clear if early-vote tallies will live on the web, or if they’ll be pre-loaded onto each district’s iPad. The state party did not immediately respond to our request for further comment.

Nevada: First test of Nevada Democrats’ new caucus plan arrives as early vote begins | Megan Messerly/Nevada Independent

Nevada Democrats will head to early voting sites across the state on Saturday — from the Old Post Office in Fallon to the Chinatown Plaza Mall in Las Vegas — to begin casting their presidential preferences ahead of the state’s Feb. 22 caucus. In some ways, it’s an exciting moment for Democrats here in the Silver State: Never before have they been able to participate early in the state’s presidential caucus, as they will over a four-day period. In others, it’s a nerve-wracking one: No one quite knows if the new process the party has quickly re-designed in the wake of Iowa’s problem-plagued contest earlier this month is going to work. What they do know is that beginning Saturday, Nevada Democrats, or those wishing to re-register as a Democrat, will show up at roughly 80 sites across the state to cast their early caucus votes. Once voters are there, a volunteer will check a PDF voter roll to confirm their registration, or direct them to fill out a voter registration form if they aren’t, since Democrats here allow same-day registration for the caucus. From there, they’ll check in on an iPad through Google Forms and be given a paper scannable ballot, similar to a Scantron, where they will be asked to mark a minimum of three and up to five presidential preferences in order. Once they’re done, that ballot and a paper voter card, both of which contain a unique voter PIN to match the ballot to the person, will be placed into a secure ballot box, which will be taken to a designated ballot processing hub to be scanned.

Ohio: Millions spent to safeguard Ohio elections: What’s really going on | Chris Stewart/Dayton Daily News

Officials say Ohio’s elections are safe despite worries fueled by 2016 foreign meddling, thousands of uncounted Miami County ballots in 2018 and this month’s collapse of a Democratic Party vote-counting app at the Iowa caucuses. Ballot-casting and counting infrastructure — fresh off an exhaustive update of security software, hardware and office procedures to fend off cyber attacks — is sound and secure, say state and local elections officials.“Your vote is safe, and it will be counted as it has always been counted, if it’s countable,” said Jan Kelly, director of the Montgomery County Board of Elections. But as millions of dollars are spent to guard against malicious computer attacks, it’s harder to thwart bad actors resorting to disinformation campaigns to diminish people’s confidence in the vote, said Ohio Secretary of State Frank LaRose, a Republican. “What our foreign adversaries have tried to do instead of actually tampering with elections, is tried to tamper with our own perception of elections,” he said. “They’ve tried to cause Americans to lose faith in elections.” “The really damaging part of that is it would cause the average person to start to wonder or worry that maybe their vote wasn’t going to be counted accurately,” he said.

Editorials: Paper ballots still the best election system | Medford Mail Tribune

Sometimes, the old ways are still the best ways. We would argue that especially applies to election systems, despite continuing pressure to offer voters the option of casting ballots using smartphones or other devices. Jackson County is one of two Oregon counties that experimented with a smartphone app that allowed county residents overseas — most of them in the military — to vote in the Nov. 5, 2019, special election. Of 213 Jackson County voters eligible to participate, only 27 did. One reason could have been that the November ballot had only one item on it — a proposed bond levy to upgrade the county’s emergency communications system. Maybe a full ballot would have enticed more county voters stationed overseas to use the smartphone app. Maybe not. But the turnout isn’t the primary concern here. Anything that gives voters more options to participate is a good thing, in theory. In practice, voting systems that use the internet to transmit votes are inherently more vulnerable to hackers seeking to manipulate the outcome. They are also more likely to simply fail to perform as designed.

International: Tech-augmented democracy is about to get harder in this half-baked world | Chris Duckett for Null Pointer/ZDNet

For the wondrous benefits the internet has brought, it is not without its drawbacks. This has manifested itself in two ways when it comes to democracy: A headlong rush into internet voting and a shattering of the polity. As a scientific critique on the act of voting, associate professor Vanessa Teague discussed electronic voting in her recent keynote at Linux.conf.au 2020. Teague has more than enough experience in this area, and has been involved in finding flaws in the iVote system that is increasingly used in New South Wales, as well as the Scytl system used in Swiss elections that iVote is based on. “I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation [via] software bugs,” Teague said last month. The issue Teague sees with remote voting is subtle bugs, such as those involved in shuffling and verifying votes, which can undermine the security of the whole system. “That’s a little bit different from the occasional problems that happen in paper-based systems because you don’t as a result of one little subtle problem hand over a capacity for total manipulation of all of the votes to one entity,” she said. “In summary, I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation on software bugs.”

Bulgaria: Buying voting machines will cost about 15 Million Euro | The Sofia Globe

Preliminary government estimates are that buying voting machines will cost about 30 million leva (about 15.3 million euro), Bulgarian Deputy Prime Minister Tomislav Donchev told reporters on February 14. Donchev was speaking two days after Prime Minister Boiko Borissov said that the government would buy voting machines for all polling stations. Bulgaria is due to go the polls twice in 2021, in parliamentary elections in the spring and presidential elections in the autumn. A voting machine cost about the same as a mid-range laptop, less than 2000 leva, and 15 000 to 20 000 machines would have to be ordered, Donchev said. There were a few details that could change the price, he said. “Since autumn last year we have been looking into the market, which is not very easy. Because there is no European experience that we can take into account. Further the situation is complicated by the situation in China,” Donchev said, saying that whatever the components, some were made in China.

Dominican Republic: Voting Machine Failure Suspends Dominican Republic Elections | The St Kitts Nevis Observer

Dominican Republic’s nationwide municipal elections were suspended on Sunday due to a glitch in the electronic voting system, Central Electoral Board (JCE) announced, adding that they will convene a new date promptly. Following the suspension, four hours after they started, due to automated voting failures, the opposition party People’s Power (FP) said that the problem was provoked. “We are going to initiate a thorough investigation of what happened and why those ballot papers did not load correctly,” the President of the JCE Julio Cesar Castanos said in a press conference. The electronic system was used in 18 of the 158 municipalities and focused on cities and regions with high population density, accounting for 62.4 percent of the electorate. Paper ballots were due to be used elsewhere. The decision was made after members of the JCE met with the delegates of the political parties accredited to that institution, trying to find a solution to the long delays that have arisen at the beginning of the municipal election.

New Hampshire: Why did the primary go smoothly with record turnout? Low tech is good tech | Geoff Forester and David Brooks/Concord Monitor

A nationally known computer hacker, a term he wears proudly, helped keep an eye on New Hampshire’s primary Tuesday but says you didn’t need computer smarts to see that it went well. “One big thing is no lines. When you go around the United States, usually the first thing you see if there are problems are long lines of people who can’t get to vote,” said Harri Hursti, a cybersecurity analyst who founded DefCon, the nation’s best-known gathering of people interested in computer security. Hursti has worked with the New Hampshire Secretary of State’s office since about 2005, when he met Secretary of State Bill Gardner at a conference. His presence here for Tuesday’s primary was of particular importance because of the meltdown of the Iowa caucuses caused largely by the use of an untested app. During a discussion Wednesday morning as election officials completed counting votes from around the state he was almost effusive about how things went.

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

National: Researchers Find Security Flaws in Voatz Mobile Voting App | Andrea Noble/Route Fifty

A mobile voting app used by West Virginia and several local governments in the 2018 midterm elections contains vulnerabilities that could allow hackers to determine how someone voted or even change their vote, according to a report released Thursday by security researchers. Researchers from the Massachusetts Institute of Technology found the security flaws in the Voatz voting app, which was originally designed as a way for overseas service members to cast ballots. The researchers said their findings underscore prior security recommendations that the internet not be used for voting. “Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” said Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. “Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.” In addition to West Virginia, several local governments, including ones in Washington state, Colorado, Utah and Oregon, have conducted their own pilots with the Voatz system. Additional states are also considering whether to use the app to assist absentee voters in upcoming elections.

National: MIT researchers find vulnerabilities in Voatz voting app used in multiple states | Maggie Miller/The Hill

A voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found. In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned. The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast. The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions. The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

National: ‘Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws | Kim Zetter/VICE

A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday. The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system. The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, principal research scientist with the lab. Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.

National: Senate GOP blocks election security bills as intel report warns of Russian meddling in 2020 | Igor Derysh/Salon

en. Marsha Blackburn, R-Tenn., blocked Democratic efforts to unanimously pass three bills related to election security despite warnings that Russia will interfere in the 2020 election. Sen. Mark Warner, D-Va., and Sen. Richard Blumenthal, D-Conn., tried to pass a bill that would require campaigns to report offers of foreign election assistance to the FBI, and another that would require campaigns to report such offers to the Federal Election Commission. “The appropriate response is not to say thank you, the appropriate response is to call the FBI,” Warner said, according to The Hill. “There is no doubt that [Trump] will only be emboldened in his efforts to illegally enlist foreign governments in his reelection campaign,” Blumenthal added. Sen. Ron Wyden, D-Ore., also tried to pass the Securing America’s Federal Elections Act (SAFE Act), which would provide additional funding to the Election Assistance Commission and would ban voting machines from being connected to the internet as well as machines that were manufactured in foreign countries. “America is 266 days away from the 2020 election, and Majority Leader McConnell has yet to take any concrete steps to protect our foreign elections from hacking or foreign interference,” Wyden said.

National: CISA leans into facilitator role in election security plan | Derek B. Johnson/FCW

Officials from the Cybersecurity and Infrastructure Security Agency often describe their role in election security as helping to coordinate and advise the larger ecosystem of election stakeholders. In a newly released strategic plan, the agency lays out its strategy for protecting the 2020 elections by largely leaning into that facilitator role, breaking down its coordination activities across four lines of effort: elections infrastructure, campaigns and political infrastructure, the American electorate and warning and response. To help protect digital and physical elections infrastructure, such as voting machines, election software systems and polling places, CISA views its role as largely complementary to that of states and localities, vendors and others on the front lines of election administration. Thus, getting those organizations to adopt better security practices through outreach and offers of federal resources are its prime tools.

Editorials: Why Companies Need to Help Ensure Election Integrity | Daniel Dobrygowski/Harvard Business Review

The Iowa Democratic caucus, the first election of the 2020 cycle in the U.S., seems to have played into experts’ most dire concerns about election integrity. Rather than a harbinger of disaster to come, we need to recognize this as a warning that it’s all hands on deck to ensure election security. It’s well past time to activate everyone who has a stake in trustworthy elections — not only campaigns, government officials, and voters, but also private companies as well. To borrow a meme, the best time to work together on securing the vote was 2010, the second-best time is right now. Much of the conversation around election security to date has focused on hacking, and it remains a serious concern. In 2016, Russian hackers targeted election infrastructure in more than two dozen U.S. states and compromised the email servers of Hillary Clinton’s presidential campaign. Adversaries have already begun targeting the 2020 presidential campaigns. Personal information about voters has also leaked from campaigns and political parties who store and analyze it online.

Editorials: Election hacking: is it the end of democracy as we know it? | Nick Ismail/Information Age

Since the 2016 US election, there have been murmurs about hacking elections. There are reports of hacktivists trying to compromise the ballot and rogue governments trying to control the outcome. But in a post-truth world, how much of this is legitimate? How much can we brush aside as fake news? If the recent controversial Iowa caucuses are anything to go by, we are definitely at risk. Sometimes bad actors also hack other criminals to use their network and hide their true identity. Recently, this was the case when a group of hackers from Eastern Europe compromised the network of elite Iranian hackers. In this scenario, governments and private companies in the Middle East and Britain were attacked while Tehran was set up to take the blame. So it begs the question, in the current threat landscape, what does it mean to hack an election?

Colorado: MIT study: voting app that Denver used could be hacked | Matt Mauro/KDVR

An app that some Denver voters used in 2019 has significant security issues, according to a new study from the Massachusetts Institute of Technology. The study that was released Thursday said hackers could potentially block or change a vote and steal a voter’s personal information from the app Voatz. The Denver Elections Division used Voatz in the May and June municipal elections for about 300 military and overseas voters. The Division did not report any security issues. “We were very happy with it,” said Director of Elections Jocelyn Bucaro. Burcaro said voter turnout increased significantly with Voatz. Traditionally, military members and others who are overseas and vote electronically would have to print a ballot, sign an affidavit, scan the documents and email them. Voatz allowed the voters to submit their ballots by just using a smartphone. Also, the division used a three-step process to ensure the app and votes were secure. “We are really grateful for the MIT researchers and releasing that report because we’ve been wanting more security review of the Voatz application and other vendors in this space,” Bucaro said.

Florida: DHS preparing report on 2016 Palm Beach election ransomware | David Smiley and Nicholas Nehamas/Miami Herald

Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link. Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted the FBI in November after a veteran IT employee told her that the office had been infected by a ransomware virus only a few weeks prior to the 2016 election. The virus was not publicly disclosed in 2016. Link said the FBI referred her to DHS, which sent a team of a half-dozen employees to her office late last month to do a “deep dive” into her department’s network. She said a report of their findings and recommendations is expected shortly. “We’ve had the top experts in the country here and they spent a lot of time with our system. When we get the report, we’ll be able to take care of everything we can take care of,” Link said in an interview Thursday. “I wanted this done before March if at all possible.”

Florida: Key Florida Elections Office Endured Cyberattack Ahead of 2016 Election | Miles Parks/NPR

The elections office of Florida’s third-most populous county was breached by a crippling cyberattack in the weeks leading up to the 2016 election, NPR confirmed on Thursday. There is no indication that the ransomware attack was connected to Russian interference efforts leading up to the last presidential race, but the revelation about it now shows how election officials are preparing for this year’s election without knowing all the details of what happened before. The attack on Palm Beach County came to light during a Palm Beach Post editorial board interview with county elections supervisor Wendy Sartory Link. “Have we been hacked in Palm Beach County? Yeah, we have,” Link told the paper. A spokesperson for the elections office also confirmed the attack to NPR. “It was in 2016, and as soon as Wendy found out about it, we went and did the necessary precautions to make sure that we were going to be 100% secure and safe,” said Judy Lamey, an assistant public information officer for the elections office.

Iowa: Caucus Meltdown Proved Transparency Is Essential, Election-Watchers Say | Miles Parks/NPR

As the Democratic primary season rolls on, one big lesson already is sinking in from the party’s caucus-night meltdown in Iowa: Secrecy isn’t a strategy. State Democratic chair Troy Price declined to answer questions a month ago about what sorts of tests were conducted on the smartphone app the party was planning to use on caucus night or detail backup plans should it fail. But he did promise some sort of transparency. “We’ll be able to give a preview to the press of what the app will look like in the days leading up to the caucuses,” Price said in mid-January, in his first interview about the app, with NPR and Iowa Public Radio. That preview never happened. And the reporting system then failed in a major way. The state party announced over the weekend that it was still adjusting results for 3 percent of the state’s total precincts, and updating its projected national delegate allocations.