National: Russia’s efforts to target U.K. elections a stark warning for 2020 | Joseph Marks/The Washington Post

An alleged Russian influence campaign to undermine this week’s British elections shows how tough it will be to keep foreign influence out of the 2020 U.S. contest. Russian-backed accounts on Reddit actively worked to boost the trove of documents appearing to detail key U.S.-U.K. trade negotiations that have been gaining traction over the internet for months, the social sharing site revealed Saturday. It’s not clear whether the documents were leaked or hacked, but Britain’s opposition Labour Party, has been using the seemingly genuine documents to slam the ruling conservative party for considering giving U.S. companies far more influence over Britain’s popular state-run National Health Service as part of a post-Brexit trade deal. It’s yet another example of Russia’s powerful digital army allegedly seeking to influence the outcome of a Western election — and it offers a stark reminder of how influence operations can be highly effective even before they’re identified. This dramatically undermines government and industry efforts to blunt their power or hold off their spread.

National: Multistate voter database suspended in lawsuit settlement | Roxana Hegeman/Associated Press

A much-criticized database that checks whether voters are registered in multiple states has been suspended “for the foreseeable future” until security safeguards are put in place as part of a settlement of a federal lawsuit, a civil rights group said Tuesday. The Interstate Crosscheck program was the subject a class-action lawsuit by the American Civil Liberties Union of Kansas on behalf of 945 voters whose partial Social Security numbers were exposed by Florida officials through an open records request. Kansas has operated the multistate program since 2005, although the program hasn’t been used since 2017 when a Homeland Security audit discovered security vulnerabilities. The settlement includes a list of safeguards the state has agreed to implement to protect voter’s personal information before the program can resume, the ACLU said in a news release.

Editorials: Election security: Oversight of vendors is lacking | Pittsburgh Post-Gazette

Well-documented Russian meddling in U.S. elections demands keen concern for the protection of election integrity. This concern should rise to the level of immediate action in light of a new report verifying the lack of federal oversight of the private companies that make voting equipment. The Brennan Center for Justice, which is based at New York University School of Law, reported that three companies provide more than 80% of the voting systems in the U.S., yet they lack meaningful oversight, leaving the electoral process vulnerable to attack. A cyberattack against any of these companies could have deep consequences for elections across the country. Other systems that are essential for free and fair elections, such as voter registration databases and electronic pollbooks, also are supplied and serviced by private companies. Yet these vendors, unlike those in other sectors that the federal government has designated as critical infrastructure, receive little or no federal review, the Brennan Center found. Oversight is needed. Federal standards must be set. Congress should establish a framework for certification of election vendors.

Kentucky: Officials Say Online Voting Not Coming Soon | Jacob Mulliken/Government Technology

The discussion about a digitized polling system has election officials and experts throughout the nation stepping up to avoid a potentially crippling move for the American electoral system, said Kentucky Secretary of State-elect Michael Adams. “I think concerns, especially surrounding hacking, are well-founded right now,” he said. “People want to confirm that their vote can’t be hacked and that the machine tallies the votes offline and that they are collected and processed, offline. The most secure elections are cast in person because there are checks and balances requiring some sort of identification and oversight. When you see fraud, and we have it, it most often happens outside of the purview of election officials. “An online method system out west may work where there is less history of election fraud, but not in places like Kentucky where fraud is still endemic. Internet voting in Kentucky is not anywhere near ready for primetime.”

Pennsylvania: What went wrong with Northampton County’s voting machines? The analysis is done. | Kurt Bresswein/Lehigh Valley Live

Election night, Nov. 5, came and went in Northampton County without any word on who had won and who had lost. County elections officials had to count ballots through the night, after apparent problems with electronic tabulation on the new Election Systems & Software (ES&S) ExpressVote XL machines in use for the first time. ES&S has now completed its analysis into what went wrong, and the results are set for release during a news conference Thursday afternoon at the county courthouse in Easton, county officials said Tuesday. County Executive Lamont McClure and Adam Carbullido, senior vice president of product development at Omaha-Nebraska-based ES&S, are scheduled to discuss the analysis. McClure’s administration and a representative of ES&S declined to detail any of the findings in advance of Thursday. “A team of experts from ES&S began examining Northampton County voting machines on Dec. 5 after the court-ordered impoundment was lifted,” ES&S said in a statement Tuesday. “During this examination, ES&S applied to Northampton machines the work it conducted at its main facility over the last several weeks to replicate and correct the human errors that caused the Northampton issues. After having the opportunity to review the machines in person, we look forward to sharing our diagnoses on the Election Day issues during Thursday’s meeting.”

Pennsylvania: State warns Dauphin County over defying voting machine edict | Marc Levy/Associated Press

A Pennsylvania county is being told it would lose out on millions of dollars in aid and almost certainly be sued by the state if it refuses to take action to buy new voting machines before Dec. 31, county officials said Monday. Dauphin County Commissioner Mike Pries said that was the message delivered to him during a meeting with Gov. Tom Wolf’s top elections officials last week, a message strong enough to change his mind. “Certainly the message from the state has been received loud and clear,” Pries said. In addition to the threat of a state lawsuit, Dauphin County would be unable to share in state and federal aid to help with a purchase that could exceed $5 million, county officials said. That aid could account for roughly 70% of each county’s tab. As a result, Pries said he has decided to vote to buy new voting machines, seeing it as the best option for the county’s residents and taxpayers. It is just a question of settling on which machine to buy, he said. A spokeswoman for Wolf’s Department of State declined comment Monday. Dauphin County’s other two commissioners have yet to meet with Department of State officials.

Rhode Island: Elections board discusses voter-system security | Katherine Gregg/Providence Journal

Voting by email. Upgrading the modems used to transmit election-day vote tallies.  Unmasking the donors hiding behind names like “The Coalition to Make Our Voices Heard” who pour money into campaigns. On a day Russian interference in past U.S. elections again made news, Rhode Island election officials waded into this quagmire without making any final decisions on what to do next. For example, they briefly weighed the pros and cons of allowing overseas voters — such as members of the military — to cast their R.I. election ballots from afar by email. The idea was shelved — at least for now — pending more study, after one member after another of the state Board of Elections voiced concern about the security of ballots cast in this fashion, despite assurances the ballots would be sent to a dedicated “address.” “I think we need to look very carefully at the security issues,” said the vice chairman, Stephen P. Erickson. It was unclear who authored the email-voting proposal that appeared on the board’s agenda, alongside a proposal to upgrade from 3G to 4G the modems the state uses on election-day to transmit results to state Board of Elections headquarters. That proposal too was put on hold — until next week — amid warnings from Brian Tardiff, the information security officer for the state’s Division of Information Technology, that making public all of the findings of a cybersecurity analysis of Rhode Island’s election system could put the system at risk.

Texas: Ahead Of 2020, Voting Group Warns Most County Election Websites In Texas Are Not Secure | Ashley Lopez/KUT

Almost 80 percent of county election websites in Texas are not secure ahead of the 2020 presidential primary, according to a report from the League of Women Voters of Texas. Before every major election, the nonpartisan voting group says, it looks through the state’s 254 county election websites to make sure they have the information they are legally required to have, that the information is easy to find and that it’s easy to read. League of Women Voters of Texas President Grace Chimene said as the group conducted this review, it found a glaring issue. “One of things that stood out to us is that there is a definite problem with website security,” she said. “I was really surprised. I was totally shocked that this is a problem.” In particular, Chimene said, 201 of the 254 sites don’t have https in their URLs, signaling the website is secure. “This is just the most simple thing to fix and it hasn’t been fixed,” she said.

New Zealand: Much awaited report on combatting foreign interference in elections delivered | Charlie Dreaver/Radio New Zealand

Parliament’s Justice Select Committee has released its results of its inquiry into the 2017 General and 2016 Local elections. The report covers a number of areas including allowing spy agencies to vet potential political candidates. Ahead of the 2017 general election the GCSB and the SIS drew up a protocol for managing foreign and cyber-security threats but they didn’t need to use it. But the Justice Select Committee said that was no reason to be complacent. It’s suggesting intelligence agencies should give advice about a particular candidate if the party asks for it. It wanted the agencies to be giving more advice in general about possible foreign interference. The committee’s deputy chairperson, National MP Nick Smith, pointed to the risks of what’s called “astroturfing” on social media.

Nigeria: National Electoral Commission says electronic voting not yet feasible | Eric Ikhilae/The Nation Newspaper

The National Electoral Commission (INEC) has said electronic voting systems could only be introduced into the nation’s electoral process when the nation was sure of the appropriate technologies, provide infrastructure, to address cyber security, among other challenges. According to INEC Chairman, Prof Mahmood Yakubu, the country was not there yet. He was however confident that his agency could achieve electronic collation of results (e-collation) and electronic transmission of results (e-transmission) during the next election circle in 2023. Mahmood spoke in Abuja on Monday at the Nigeria Civil Society Situation Room (NCSSR) stakeholders’ forum on elections. NCSSR is a coalition of civil society organisations, led by Clement Nwankwo, the Executive Director, Policy and Legal Advocacy Centre (PLAC). The INEC Chairmen, Deputy Senate President, Snetor Ovie Omo-Agege and the Minister of Justice and Attorney General of the Federation (AGF), Abubakar Malami were unanimous on the need to review the nation’s Electoral Act before the next election season and particularly, the importance of creating the much-requested Electoral Offences Commission.

United Kingdom: Britain’s Spies Probe Russian Election Meddling | Jamie Dettmer/VoA News

Britain’s cybersecurity agency is investigating whether state-sponsored Russian hackers were behind the leaks of British government documents used by opposition politicians to embarrass Boris Johnson’s ruling Conservative Party ahead of Thursday’s general election. The official probe into the origin of the leaked material — which included documents detailing discussions between British and U.S. negotiators on a possible post-Brexit transatlantic trade deal — comes days after the social media site Reddit announced it had blocked 61 accounts linked to the dissemination of the documents after investigating suspect activity bearing similarities to previous Russian online influence operations. The leaked documents were used by Jeremy Corbyn, leader of Britain’s main opposition Labour Party, as “evidence” that the Conservatives might include the country’s public health service in any future trade deal with the United States — a claim firmly denied by British Prime Minister Johnson. Corbyn, other Labour leaders, as well as Scottish nationalists, have contended that the Conservatives will “sell off” the National Health Service to American companies in order to secure a trade deal.

United Kingdom: Poll Hacks: How Cybercriminals Aim To Disrupt Elections | David Warburton/Information Security Buzz

The UK general election is almost upon us, and it is already turning into one of the most divisive and analysed political events in the country’s history. Discourse and debate are reaching fever pitch, from parliamentary benches and constituency doorsteps, to every conceivable media platform in play. It is no surprise then that an air of online volatility persists more than usual. At this moment in time, every new election is likely the most tech-enabled and at risk addled yet. Labour was most recently under the cybersecurity cosh, enduring what it termed as “sophisticated and large-scale” attempt to knock out its digital systems earlier in the month (it turned out to be a set of distributed denial-of-service (DDoS) attacks). Just the other day, Labour candidate Ben Bradshaw also claimed to be a victim of a suspected cyber-attack when he received an email with sophisticated malware attachments. These are politically unprecedented times and the UK’s National Cyber Security Centre knows it. Last year, the government-backed organisation issued a direct warning ahead of local elections, citing potential “insider activity” attempting to “manipulate or compromise electoral information.” Similar warnings are in place for 2019. There are many ways to knock an election off course. Below are some of the main existing and emerging cyber threats to bear in mind as we head to the polls this week.  It is, however, worth noting that variations of these methods are possible throughout the year as hackers opportunistically hijack political developments in real-time.

North Carolina: Bait and switch by ES&S in North Carolina? | Jordan Wilkie/Carolina Public Press

A voting system certified and tested earlier this year for use in North Carolina’s March 2020 primaries won’t be available, according to manufacturer Elections Systems and Software, so the company’s lobbyists have suggested the state quickly approve one of its other systems instead. While the N.C. Board of Elections director has recommended going along with the vendor on the substitution, others see the move as a deceptive bait and switch. One Board of Elections member, Stella Anderson, has objected to the situation, thereby forcing the board to convene a special meeting on the issue. She and others have questioned the integrity of the company and suggested both ES&S and board staff have used language that understates the significance of the difference between the two systems and misrepresents federal government requirements for approving such modifications to voting systems. ES&S has been trying to get its EVS voting system certified in North Carolina since 2017. Litigation between the Republican legislature and the Democratic governor, the 9th Congressional District ballot fraud scandal in 2018, and the resignation of the former Board of Elections chairman delayed certification of the new system until the 11th hour.

National: Top U.S. Cybersecurity Officials to Depart as Election Season Enters Full Swing | Byron Tau and Dustin Volz/Wall Street Journal

Two top government officials with broad cybersecurity and election-integrity portfolios have announced they are stepping down this month, a loss of expertise in a critical area less than a year before the 2020 presidential election. Amy Hess, the executive assistant director of the Criminal, Cyber, Response, and Services Branch of the Federal Bureau of Investigation will depart for a job as the chief of public services in Louisville, Ky. Jeanette Manfra, the most senior official dedicated exclusively to cybersecurity at the Department of Homeland Security, will leave her post at year’s end for a job in the private sector. Both women have announced their departure in recent weeks. Senior U.S. intelligence officials have warned the elections are likely to be targeted online by Russia and other foreign adversaries following Moscow’s success in disrupting the 2016 race. The FBI and DHS are two of the primary agencies responsible for combating foreign influence operations online, along with intelligence agencies including the National Security Agency. The FBI established a Foreign Influence Task Force in 2017 and has made investments to deepen its cybersecurity capabilities. DHS is the lead federal partner for state and local election officials with a focus on safeguarding voting systems from hackers.

Editorials: This is our last chance to ensure the 2020 election is not rigged | Myrna Pérez/The Guardian

On Friday the House of Representatives showed the country that it will not tolerate racial discrimination at the polls. It passed the Voting Rights Advancement Act, a bill that would restore the 1965 Voting Rights Act to its full strength. Our country needs that reform and others to make the 2020 election free and fair for all. Since its founding, America has moved slowly towards granting suffrage to more and more Americans, bringing more people into the electoral process. The Voting Rights Act of 1965 has been instrumental to that progress. But in 2013 the supreme court dramatically weakened that law. In Shelby county v Holder, the court disabled the act’s provision that required states and localities with histories of racial discrimination in voting to “pre-clear” new voting regulations. The pre-clearance system had allowed federal authorities to vet proposed voting rules for racial discrimination before they could cause injury. From 1965 right up until the Shelby decision, this safeguard blocked many restrictions that would have made it more difficult for black and brown people to participate and vote.

Georgia: Groups Claim New Voting Machines Will Cost Counties Millions Extra, Georgia Secretary Of State’s Office Disagrees | Emil Moffat and Emma Hurt/WABE

A new study warns that Georgia’s new voting system could cost counties more than $80 million over the next ten years. The study was compiled by three groups: Fair Fight Action, a group founded by former Democratic gubernatorial candidate Stacey Abrams; The National Election Defense Coalition, which declares itself bi-partisan; and Freedom Works, a conservative group. That cost estimate, for some counties, includes the purchase of additional voting machines for this coming election to meet requirements under a new law that passed this year. The law, House Bill 316, mandates that each precinct has one voting station for every 250 registered voters. The estimates for the additional machines gathered in the study varied from hundreds, such as in Fulton County, to no additional machines, such as in DeKalb County. The state of Georgia agreed to a $107 million contract with Dominion Voting Systems in July. The groups who compiled the election cost study argue that the terms of the contract don’t cover warranty and licensing costs in the future, as well as printing costs like paper and toner, leaving the counties to foot the bill.

Ohio: Deadline looming for Ohio’s county elections boards to complete new state security requirements for 2020 | Andrew J. Tobias/Cleveland Plain Dealer

While Ohio’s 88 county boards of elections are at various stages of completing a mandatory pre-election security check-list, Ohio Secretary of State Frank LaRose said Friday that he’s confident Ohio will have a secure 2020 election. During a security briefing in Columbus on Friday, LaRose, a Republican, urged local elections officials to get working on the security directive his office issued last June. Counties are required, among other things, to install a device that can automatically detect hacking attempts, and to conduct criminal background checks on elections workers who hold sensitive jobs. LaRose’s office, which oversees state elections, set a Jan. 31 deadline to get everything done. LaRose’s office emphasized that 52 of Ohio’s 88 counties are at least half done completing the security check-list. But that means 36 aren’t. And a handful are far behind, LaRose said. Only 13 counties have installed the devices that detect hacking attempts. LaRose drew chuckles and whispering from local elections officials when he said the current period — after last November’s election and before the Dec. 17 filing deadline for the March primary election — could be a slower time where elections board can get caught up.

Ohio: Few county boards of elections have adopted digital alarm used to detect hacks | Rick Rouan/The Columbus Dispatch

The vast majority of Ohio’s county boards of elections haven’t installed the digital burglar alarm that Secretary of State Frank LaRose says helped his office detect a hacking attempt of his office’s website on Election Day. With less than two months to go before the deadline LaRose imposed for installation of the so-called Albert systems, just 13 out of Ohio’s 88 county boards of elections have operational alarms. The remaining 75 have until Jan. 31 to install them. “The most important consequence is not being prepared,” LaRose said Friday after the start of a daylong security conference for county elections officials in Columbus. “This is too important to take lightly.” Franklin County has had an Albert sensor in place since May 2018, with other network sensors in place at the Franklin County data center before that. But even with the threat of digital attacks, LaRose said Ohio’s election procedures are secure. None of the equipment used to cast or tally ballots is connected to the internet. Doing so would violate Ohio law.

Oklahoma: State increases election security efforts | Addison Kliewer/NonDoc

With the end-of-the-year deadline to pass election security measures in Congress quickly approaching, Sen. James Lankford (R-OK) said Oklahoma has already taken steps to secure elections from foreign interference. Lankford, who has been pushing election security to keep American democracy from foreign interference, said there is “no question” that Russia tried to meddle in the 2016 election. “We were one of the 21 states that were identified early by the FBI that the Russians tried to get into, but they couldn’t get into our system in 2016, so they moved along to others,” Lankford said. In 2017, this information was brought to the Oklahoma State Election Board, encouraging the board to partner with numerous federal and state agencies to address the issue of election security. “We met regularly to discuss risks and plan for contingencies. We arranged for unclassified briefings and security training for county election officials, and shared ‘best practices’ with state and county election employees,” said Election Board Secretary Paul Ziriax in a June congressional testimony.

Pennsylvania: Voting-Machine Upgrade Stirs a Partisan Clash in Pennsylvania | Alexa Corse/Wall Street Journal

A partisan clash is unfolding over an effort to upgrade voting systems in Pennsylvania, after Republicans accused the Democratic governor of rushing the deployment of new voting machines, some of which malfunctioned in November. The rift in Pennsylvania—a key battleground state for the 2020 elections—is an example of how election security is becoming a political flashpoint across the country. A spokesman for Pennsylvania Gov. Tom Wolf said this week that the state has made significant security improvements and is continuing such efforts. “These inaccurate, political claims only serve to undermine confidence in our election,” said spokesman J.J. Abbott. Election-security efforts elsewhere have attracted controversy as well. On Capitol Hill, congressional Republicans and Democrats have clashed on election-security bills and on whether to give more funding to the states to improve their systems. Complaints at the state level are significant because of Pennsylvania’s potential importance as a battleground state in the 2020 election, and because state and local governments have the primary responsibility for administering elections. At issue in Pennsylvania are reports that some voting machines malfunctioned during a statewide election on Nov. 5. In Northampton County, election workers counted paper records all night. Another glitch was blamed for causing long lines in York County.

Pennsylvania: Philadelphia’s voting machines challenged in federal court | The Philadelphia Sunday Sun

A federal court was asked last Tuesday to force Pennsylvania to rescind its certification of a voting machine newly purchased by Philadelphia and at least two other counties in the state ahead of 2020’s presidential election. The filing casts doubt on how 17% of Pennsylvania’s registered voters will cast ballots in the April 28 primary election, as well as next November, when the state is expected to be one of the nation’s premier presidential battlegrounds. Court papers filed by former Green Party presidential candidate Jill Stein and several supporters accuse Gov. Tom Wolf’s administration of violating their year-old agreement in Philadelphia’s federal court by certifying the ExpressVote XL touchscreen system made by Omaha, Nebraska-based Election Systems & Software. The plaintiffs say certifying the system violates their agreement, in part because the machine does not meet the agreement’s requirements “that every Pennsylvania voter in 2020 uses a voter-verifiable paper ballot.” For one, the ExpressVote XL counts votes by counting machine-printed barcodes on paper, a format that is neither readable nor verifiable by an individual voter, they wrote in court papers. Second, the ExpressVote XL does not use a “paper ballot” and relies on software to record the voter’s choice, they wrote. Third, it is not capable of supporting strong pre-certification auditing of election results because its paper records may not accurately reflect voters’ intent, they wrote.

Texas: District Judge approved petition to open Midland County ballot boxes | Brandi Addison/Midland Reporter-Telegram

Midland County Attorney Russell Malm filed a petition Friday morning for permission to open ballot boxes from this election season. The petition was approved by Judge David Lindemood of the 318th District Court, and ballot boxes are set to be opened at 9 a.m. Thursday in the Commissioners’ Court located at the Midland County Annex on “A” Street. The request comes after a manual paper-ballot recount, on Midland ISD’s $569 million bond on Nov. 22, showed an 820-vote discrepancy from what the electronic machines tabulated on Nov. 5 and 12. The opening of ballot boxes is just part of an ongoing process of investigation, Malm said. Under the guidance of the Secretary of State, this was the suggested step that should help determine whether the large gap was due to incorrect tallying during the recount or if the electronic voting machines duplicated votes. The Elections Office will open the boxes to see if there was anything misplaced – specifically a tally sheet – and if so, Elections Administrator Deborah Land will make a copy and place it in an original sealed envelope. From there, all ballots will be run through the electronic machines to count the number of votes cast. This will not tabulate how many votes were “for” or “against,” but rather if the numbers match the tallies from the recount or match the votes tabulated on the electronic machines.

China: Fear of China’s election meddling triggers reforms across Pacific | Fumi Matsumoto & Kensaku Ihaha/Nikkei Asian Review

From Taiwan to Australia, governments across the Pacific are launching new laws and organizations to guard against possible Chinese interference in upcoming elections. A slew of reports alleging Chinese attempts to influence local politics have fueled concern throughout the region. Beijing denies these claims, but other countries in Asia-Pacific could follow suit. Taiwan’s ruling Democratic Progressive Party unveiled a bill at the end of November to curb “hostile” external influence in the island’s elections, which it aims to pass by the end of the year. The legislation would impose a sentence of up to five years for those who campaign, make political donations, or spread fake news under the instructions of a hostile power — a veiled reference to Beijing. Many Taiwanese worry that Beijing is covertly steering their island toward reunification with the mainland. A June rally against Chinese intervention drew more than 100,000 attendees. Recent reports of a self-proclaimed Chinese spy, who said he was part of operations to meddle with Taiwan’s local elections last year and is now seeking asylum in Australia, have further stoked concerns.

United Kingdom: Leak of classified papers ahead of UK election tied to Russian operation: Reddit | Jack Stubbs/Reuters

The leak and distribution of classified UK-U.S. trade documents online is tied to a previous Russian disinformation campaign, social media site Reddit said on Friday, fuelling fears that Moscow is seeking to interfere in Britain’s upcoming election. Britain’s opposition Labour Party seized on the leaked documents on Nov. 27, saying they showed the ruling Conservatives were plotting to offer the state-run National Health Service (NHS) for sale in trade talks with Washington. The NHS is much loved by Britons and has become an important issue in the country’s election campaign, in which Labour trails the Conservatives despite cutting its lead in some polls. But researchers told Reuters on Monday that the way the documents were first shared on Reddit and then promoted online closely resembled a disinformation campaign uncovered earlier this year. That operation — known as Secondary Infektion — attempted to spread false narratives across at least 30 online platforms, and stemmed from a network of social media accounts which Facebook said “originated in Russia.”

National: The voting machine certification process is making it harder to secure elections | Chris Iovenko/Slate

A judicial election in Northampton County, Pennsylvania, in November produced a literally unbelievable result. About 55,000 votes were cast on newly purchased electronic voting machines, but only 164 votes were registered for the Democratic candidate. Luckily, the touch-screen machines produced a backup paper trail, which allowed for an accurate recount. Ultimately, the Democrat won by some 5,000 votes. The root cause of this systemic vote switching is still under investigation. Whatever the case, though, the mass malfunction of these machines highlights the reliability and security issues around electronic voting systems that are mostly already primed for use in the 2020 elections. As disturbing as the Northampton County miscount is in its own right, it throws into relief a grave general issue that applies to voting systems across the country. One would hope that whatever glitch or virus, once identified, that caused the massive malfunction will be quickly and easily fixed, patched, or updated so that those machines can be relied upon to work properly going forward. Further, one would also assume that other vulnerable voting systems around the country will be updated prophylactically to prevent similar malfunctions in next year’s elections. However, neither of those things is very likely to happen. Our current regimen for certifying electronic voting systems makes changing or updating election systems in the run-up to an election very difficult—and as Election Day 2020 gets closer, that maintenance becomes virtually impossible.

National: Just How Regulated Are Our Nation’s Elections? | Hadley Hitson/Fortune

The U.S. federal government subjects nearly every industry to a slew of operational rules and regulations. Defense contractors are prohibited from utilizing certain Chinese telecommunications companies like Huawei in order to prevent theft of the nation’s military technology. Power companies must abide by mandatory reliability standards and report any attempted or successful breaches of their systems to a federal commission. National banks implement federally required security procedures to prevent robberies. These sectors are meticulously managed with hundreds of requirements specifically because the Department of Homeland Security considers them so vital that their incapacitation would have a “debilitating effect” on the country as a whole.  But when it comes to elections, a cornerstone of American democracy, the vendors whose voting equipment is used throughout the country largely lack the level of federal oversight and direction that protect other critical infrastructure industries from domestic and foreign interference.

National: What Is Election Hacking, and Can It Change Who Wins? | Kartikay Mehrotra & Andrew Martin/Bloomberg

Americans have relied on computers to tally votes since at least 1964, when two Georgia counties used them to count punch-card ballots in a primary election. Over time, high-tech election systems largely supplanted paper ballots and gear-and-lever machinary, a trend hastened by the contested 2000 presidential election between George W. Bush and Al Gore. (Remember hanging chads?) But ever-greater reliance on digital voter registration, electronic voting and computerized tabulation have created the opportunity, at least, for hackers to sabotage elections, and Americans aren’t the only ones who are fearful.

1. What is meant by ‘election hacking’?

It’s sometimes used as a catch-all phrase to encompass all sorts of underhanded efforts to subvert elections, including the type of social media disinformation campaign undertaken by Russia to taint elections in the U.S., Europe and Africa. But in its most literal form, election hacking refers to computer breaches that are intended to manipulate voter data, change a vote tally or otherwise discredit tabulated results.

National: In a bid for better security, elections are going analog | Christian Buckler/Marketplace

ary Scott can tell you a lot about the internet. Or rather, how little of it his machines are connected to. “There’s always some barrier between these machines and any online systems,” said Scott, the general registrar and director of elections for Fairfax County, Virginia. Standing next to one of several DS200 voting machines set up for training purposes in the Office of Elections in Fairfax County, he emphasized that none of the fleet of voting machines he oversees have ever been connected to the internet. Neither have any of the computers used to program them, nor the machines that will receive the final vote count. The most surprising piece of technology involved in Fairfax’s voting approach might well be the oldest one: paper. “We got a lot of resistance from the public because they wanted to know why we were going ‘backwards’ to paper, but it’s a much more secure method of doing it,” Scott said.  Fairfax County initiated a move toward paper ballots years before Virginia decertified paperless voting machines across the state, aligning with the latest shifts in thinking about election security—both in the U.S. and abroad. The embrace of paper by districts like Fairfax marks a change in the nationwide trend toward electronic voting infrastructure that can be traced back to the Help America Vote Act of 2002.

National: Ukraine claims threaten Senate consensus on Russian hacking | Joseph Marks/The Washington Post

A tenuous Senate consensus on the dangers of Russian election hacking is being threatened by the GOP’s embrace of President Trump’s debunked argument that Ukraine also interfered in 2016. Numerous Senate Republicans promoted that argument this week, bucking the conclusion of U.S. intelligence officials and ignoring warnings the claims are part of a Kremlin-backed effort to muddy the waters on Russia’s own interference. “There’s no question in my mind Ukraine did try to influence the election,” Sen. John Neely Kennedy (R-La.), one of Trump’s most vocal supporters on the issue, said yesterday. Senate Democrats also struck back. “The only people who are advancing the discredited theory about Ukraine and intervention are part of the continuing Russian disinformation campaign,” Sen. Mark R. Warner (Va.), ranking Democrat on the Senate Intelligence Committee, said. The conflict is a sea change for the Senate, which has generally maintained a bipartisan consensus on the singular damage caused by Russia’s 2016 hacking and disinformation campaign and the danger of a repeat in 2020 — even as House GOP lawmakers have proved far more willing to follow Trump’s lead in questioning Russia’s role in the attacks and embrace conspiracy theories. The shift could prove especially damaging as the legislative clock ticks down to 2020. The Senate is still considering election security measures, including providing more money for states to upgrade their voting systems and to impose new transparency requirements on political advertisements.

National: Email Infrastructure Seen as Lingering Vulnerability for Elections | MeriTalk

New research shows that email is still a weak link in U.S. election infrastructure, with only five percent of the nation’s largest counties protecting election officials from impersonation attempts. The latest research from Valimail finds that an “overwhelming majority of cyberattacks can be traced to impersonation-based phishing emails,” with 90 percent of attacks involving phishing, and 89 percent of phishing involving impersonation. Valimail looked at Sender Privacy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC) status for 187 domains that were used by election officials in each state’s three largest counties. The researchers then sought to determine whether each domain is protected from impersonation attacks by a correctly configured DMARC record with a policy of enforcement.