Canada: Online voting in Northwest Territories election questioned as recounts set to take place | Hilary Bird/CBC

With two recounts set to take place in the next 10 days, one candidate in Tuesday’s Northwest Territories election says he has some concerns with how online votes will be recounted. Under the Elections and Plebiscite Act of the Northwest Territories, races that won with a margin of less than two per cent must have judicial recounts within 10 days of the official results being released. That means ballots cast in the Frame Lake and Yellowknife North ridings will all need to be recounted by a judge. Rylund Johnson won in Yellowknife North by just five votes over incumbent Cory Vanthuyne. Johnson got 501 votes; Vanthuyne received 496. In Yellowknife’s Frame Lake riding, incumbent Kevin O’Reilly won by a slim margin with 357 votes. The riding’s only other candidate, former minister Dave Ramsay, received 346 votes. Ramsay told CBC News Wednesday that he has already seen discrepancies between unofficial numbers reported by Elections NWT Tuesday evening and numbers reported Wednesday morning after returning officers double-checked the polls.

India: Election Commission releases new cybersecurity guidelines | Samaya Dharmaraj/OpenGov Asia

The Election Commission of India (ECI) recently released a document outlining cybersecurity guidelines for the upcoming Assembly elections. All Indian states have received detailed cybersecurity guidelines, which include a special audit of all ICT applications hosted by the chief electoral officer, cyber hygiene for the electoral staff, and detailed application/infrastructure level guidelines. According to the document, ECI has taken several steps to ensure cyber safety for the Lok Sabha (House of the People) Elections. ECI has created clear regulations for cybersecurity and educated its entire electoral staff through several workshops. One of its major initiatives was to revamp old applications, reduce the number of applications, and consolidate them into a few manageable ones. Furthermore, all applications have been built with cybersecurity measures in design by default. The core principles are to reduce the attack surface area, deploy defence-in-depth, and to fix security issues correctly.

Mexico: Mexicans living abroad could cast their vote online for the first time in 2021 | Alexandra Mendoza/The San Diego Union-Tribune

Mexicans living abroad could cast their vote online as soon as the 2021 midterm elections. For almost 15 years, voters wanting to participate in Mexican elections from outside the country voted by mail. The new process of voting online will have to go through several tests to make sure it is error free, according to Enrique Andrade, a counselor with Mexico’s National Electoral Institute (INE). “It’s not something simple,” he said during a recent visit to San Diego. “It’s going to depend a lot on the trust in the system”. In the 2018 elections, about 182,000 Mexicans registered to vote from abroad and 54 percent cast their ballots. In 2012, almost 60,000 Mexicans registered to vote, with 69 percent participating in the election. Last year was the third time that Mexicans were allowed to vote from abroad, but the first one in which they could apply for the credential to vote in the consulate.

National: Hacker conference report details persistent vulnerabilities to US voting systems | Maggie Miller/The Hill

U.S. voting systems remain vulnerable to cyberattacks three years after documented efforts to penetrate election machines, according to a report released Thursday. The report is based on the findings of the white-hat hacker DEF CON Voting Village, an annual gathering of hackers that uses election machines to find vulnerabilities that could allow someone to interfere with the voting process. This year’s event allowed hackers to test voting equipment, including e-poll books, optical scan paper voting devices and direct recording electronic voting machines — all certified for use in at least one U.S. voting jurisdiction. “Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room in ways that could alter stored vote tallies, change ballots displayed to voters, or alter the internal software that controls the machines,” the report said. Despite the “disturbing” findings of the report, the authors wrote that the findings were “not surprising,” particularly in light of the fact that many of the election equipment cyber vulnerabilities found were “reported almost a decade earlier.” Equipment that was tested included those made by leading voting machines companies Election Systems and Software (ES&S) and Dominion Systems.

National: Some Voting Machines Still Have Decade-Old Vulnerabilities | Lily Hay Newman/WIRED

In three short years, the Defcon Voting Village has gone from a radical hacking project to a stalwart that surfaces voting machine security issues. This afternoon, its organizers released findings from this year’s event—including urgent vulnerabilities from a decade ago that still plague voting machines currently in use. Voting Village participants have confirmed the persistence of these flaws in previous years as well, along with a raft of new ones. But that makes their continued presence this year all the more alarming, underscoring how slow progress on replacing or repairing vulnerable machines remains. Participants vetted dozens of voting machines at Defcon this year, including a prototype model built on secure, verified hardware through a Defense Advanced Research Projects Agency program. Today’s report highlights detailed vulnerability findings related to six models of voting machines, most of which are currently in use. That includes the ES&S AutoMARK, used in 28 states in 2018, and Premier/Diebold AccuVote-OS, used in 26 states that same year.

National: Hacking 2020 voting systems is a ‘piece of cake’ | Lisa Vaas/Naked Security

It’s still child’s play to pick apart election systems that will be used in the 2020 US presidential election, as ethical hackers did, once again, over the course of two and a half days at the Voting Village corner of the DefCon 27 security conference in August. The results are sobering. This is the third year they’ve been at it, and security is still abysmal. On Thursday, Voting Village organizers went to Capitol Hill to release their findings, in an event attended by election security funding boosters Sen. Ron Wyden and Rep. Jackie Speier. In a nutshell: in August, hackers easily compromised every single one of the more than 100 machines to which they were given access, many with what they called “trivial attacks” that required “no sophistication or special knowledge on the part of the attacker.” They didn’t get their hands on every flavor of voting system in use in the country, but every one of the machines they compromised is currently certified for use in at least one voting jurisdiction, including direct-recording electronic (DRE) voting machines, electronic poll books, Ballot Marking Devices (BMDs), optical scanners and hybrid systems.

National: With Sanctions on Russians, U.S. Warns Against Foreign Election Meddling | Lara Jakes/The New York Times

The United States issued new economic sanctions on Monday against seven Russians linked to an internet troll factory in what Secretary of State Mike Pompeo called a warning to foreigners who seek to interfere in American elections. The penalties were announced as Congress is investigating whether President Trump tried to enlist Ukraine’s leader in a political smear campaign against one of his top Democratic challengers in 2020, former Vice President Joseph R. Biden Jr. “We have been clear: We will not tolerate foreign interference in our elections,” Mr. Pompeo said in a sharp statement. “The United States will continue to push back against malign actors who seek to subvert our democratic processes,” Mr. Pompeo continued, “and we will not hesitate to impose further costs on Russia for its destabilizing and unacceptable activities.” The Treasury Department said the sanctions sought to punish attempts to influence the 2018 midterm elections, in which Democrats won control of the House. Early last year, the Justice Department indicted 13 Russians and companies linked to the Internet Research Agency on charges of meddling in the 2016 presidential election.

National: Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election | Shane Harris, Josh Dawsey and Ellen Nakashima/The Washington Post

President Trump told two senior Russian officials in a 2017 Oval Office meeting that he was unconcerned about Moscow’s interference in the 2016 U.S. presidential election because the United States did the same in other countries, an assertion that prompted alarmed White House officials to limit access to the remarks to an unusually small number of people, according to three former officials with knowledge of the matter. The comments, which have not been previously reported, were part of a now-infamous meeting with Russian Foreign Minister Sergei Lavrov and Russian Ambassador Sergey Kislyak, in which Trump revealed highly classified information that exposed a source of intelligence on the Islamic State. He also said during the meeting that firing FBI Director James B. Comey the previous day had relieved “great pressure” on him. A memorandum summarizing the meeting was limited to a few officials with the highest security clearances in an attempt to keep the president’s comments from being disclosed publicly, according to the former officials, who spoke on the condition of anonymity to discuss sensitive matters. The White House’s classification of records about Trump’s communications with foreign officials is now a central part of the impeachment inquiry launched this week by House Democrats. An intelligence community whistleblower has alleged that the White House placed a record of Trump’s July 25 phone call with Ukraine’s president, in which he offered U.S. assistance investigating his political opponents, into a code-word classified system reserved for the most sensitive intelligence information.

Georgia: Under Court Order, Georgia Rolls Out New Voting System | Daniel Jackson/Courthouse News

The plastic film protecting the screens of four tablets used to mark ballots were not yet peeled off, though they were growing dog-eared on the edges, when residents of Catoosa County became some of the first voters in the state to test Georgia’s new voting machines. About 50 residents of Catoosa County sipped on fruit punch in the building that houses the Catoosa County Elections & Voter Registration Department Monday evening. In a few moments, they were about to cast ballots in a demonstration election that asked questions such as the name of Georgia’s state bird (the brown thrasher). Georgia announced in July that it had chosen a new method of conducting elections after a contentious 2018 gubernatorial election left voting rights activists questioning the integrity of the state’s voting system. A ballot-marking system that allows voters to fill out their votes on a screen, which prints out a ballot, which the voter then feeds into a scanner produced by Dominion Voting Systems was the winning bid, costing the state $107 million. Most Georgia voters will continue to use the old system, which records votes digitally, one last time in November elections this year. Catoosa County, a short drive from the Tennessee city of Chattanooga, is one of six counties piloting the new system, which include Carroll, Bartow, Decatur, Paulding and Lowndes counties. It’s a voting system that, according to its critics, failed to solve the problems of the old voting system.

Illinois: McHenry County officials requesting Board of Elections support during 2020 elections | Drew Zimmerman/Northwest Herald

Over the past few years, McHenry County has been subjected to multiple election errors, including technology failures and incorrect ballots. To ensure these problems don’t crop up in the 2020 primary and general elections – which are shaping up to have record turnouts – McHenry County officials are looking toward the Illinois Board of Elections for assistance to ensure a smooth and accurate process. On Monday, McHenry County Board member Michael Vijuk sent a letter to IBOE Executive Director Steve Sandvoss requesting any support and resources the agency could bring to ensure the entire voting process is secure. “My plea is not one based on a hasty reaction to a comment or two, but to the problems that I have observed as an election judge, McHenry County Board member and citizen of the county,” Vijuk wrote. “The McHenry County Clerk’s Office has had [sobering] problems that may have directly and indirectly deprived the rights of voters in the 2016 election, the 2018 election, and the 2019 consolidated election. My faith has been shaken in the office’s ability to prevail over these deficiencies without your office’s assistance.”

Indiana: State Putting $10 Million Toward Election Security | Kevin Green/Greensburg Daily News

By the next election, one in 10 direct recording electronic (DREs) voting machines in Indiana will have a small black box attached to them that will let voters see a printout of their ballot, providing a paper trail that can be used in post-election audits. Secretary of State Connie Lawson held one-on-one interviews with reporters to discuss the new voting equipment as well as the other steps her office is taking to assure Hoosiers that every ballot cast in an election will be accurately counted. “I still believe that the most important concern for us is voter confidence,” Lawson said Wednesday. “We want voters to know that the vote they cast is counted the way it was cast and that elections are safe and secure.” Lawson will go to the State Budget Committee Friday to ask for the release of $10 million that had been budgeted during the legislative session for election security. The committee is meeting at Purdue University.

Louisiana: Early voting errors prompt paper ballots | Robb Hays/WAFB

A small number of errors with Louisiana’s early voting machines has led to some voters having to use a paper ballot, election officials said Tuesday, Oct. 1. Louisiana Secretary of State spokesman Tyler Brey says, as of late Tuesday afternoon, the error has only occurred 20 times among the nearly 120,000 votes cast statewide thus far. At least one of the errors occurred with an early voting machine at the Coursey Boulevard location in Baton Rouge. In that case, the machine displayed an error message after the voter had made his selections for all races and tried to submit his ballot, that voter reported. Brey says the paper ballots are counted on election night after being verified by the Board of Elections Supervisors in each parish.

Michigan: State officials move to secure voting systems ahead of 2020 elections | Quinn Klinefelter/Michigan Radio

Michigan is taking steps to secure the state’s voting systems from potential cyberattacks during the 2020 elections. Federal officials warn that hackers are targeting the upcoming elections — plotting everything from obtaining voter information to spreading disinformation by planting stories online that ballots had been changed. To help combat that, Michigan has hired its first-ever election security specialist. Secretary of State Jocelyn Benson says it’s just one in a series of moves designed to safeguard the sanctity of the voting booth. “Well, we are far better than other states in that we have optical scan machines. So we have hand-marked paper ballots and our machines, for the most part, are not connected to the Internet or transmitting over the Internet,” says Benson.

New York: With Under a Month To Go, Board of Elections Mum on Shift to Electronic Poll Books | Ethan Geringer-Sameth/Gotham Gazette

With just one month before New York rolls out early voting for the first time, it is unclear exactly where the city’s Board of Elections stands on acquiring and readying new technology considered essential to the new voting system. BOE commissioners and staff have been discussing the acquisition of electronic poll books at board meetings since January, when the State Legislature passed and Governor Andrew Cuomo signed a law establishing early voting and authorizing counties to purchase the new tech, which enables implementation of early voting. In June, the State Board of Elections approved three vendors that counties could contract with, and the same month the city BOE appeared to have chosen one. But as of late September, the city board has been silent on its progress toward purchasing the 10,000 e-poll books it says it requires, much less loading them with the voter rolls and training staff to use them.

North Carolina: State election officials stand by voting machine decisions | Travis Fain/WRAL

State Board of Elections staff on Tuesday stood by the process used to certify new election machines. For weeks, activists, reporters and board members have asked for more information about the tests run on machines that were approved in August, which was a long-awaited step required before counties could buy new machines to use in the 2020 elections. On Tuesday, Elections Director Karen Brinson Bell and key staff presented a 10-page response that boils down to this: The process laid out in state code was followed, and the systems can be used in the coming elections. The issue may still bring a lawsuit from activists who have questioned the process for more than a month as part of a broader push to require hand-written ballots in North Carolina instead of allowing touchscreen voting machines that spit out a paper ballot and record votes in a bar code. At least one board member left Tuesday’s three-hour-plus board meeting unsatisfied. “My concerns, my misgivings … largely remain,” Stella Anderson said as the meeting wrapped.

Oregon: Hackers Stymied by Vote-by-Mail in Oregon | Governing

Oregon has an advantage over many other states because voters here decided to go to a vote-by-mail system in 1998, said Jackson County Clerk Chris Walker, who oversees local elections. That eliminated the need for voting machines at polling places. “I think we’re one of the leaders in election security,” Walker said of Oregon. The Jackson County Elections Division does have tally equipment to count all those votes that come in by mail. But Walker said the equipment isn’t connected to the internet — a setup that thwarts would-be hackers. Jackson County’s tally equipment is only two years old, she said. “We try to keep up on the technology to make sure the votes are tallied the way the voter intended and to give confide once in the system,” Walker said.

West Virginia: FBI investigating attempted breach of Voatz mobile voting app | Mark Albert/WTAE

One or more people tried to penetrate West Virginia’s mobile voting system during the Midterm election, the Hearst Television National Investigative Unit has confirmed, leading to new worries about the security of certain election platforms ahead of next year’s general election. The Mountain State was the first to use mobile voting for military and overseas voters. Tuesday’s announcement in the state capital of Charleston by state and federal authorities of the attempted breach came on the first day of National Cybersecurity Awareness Month. The U.S. Attorney for the Southern District of West Virginia, Mike Stuart, says the case has now been turned over to the Federal Bureau of Investigation for investigation. Sources tell the National Investigative Unit the attempted intrusion of the mobile voting app is believed to have come from inside the U.S., not from overseas. At a news conference Tuesday afternoon at the federal courthouse in Charleston, Stuart delivered a warning to anyone who may attempt to breach an election system. “Don’t do it. Don’t even think about it. We’re serious about maintaining the integrity of our election system and we will prosecute those folks who violate federal law,” Stuart said.

Afghanistan: Biometric machines in Afghan vote improve after last year’s glitches | Rod Nikel/Reuters

Biometric machines aimed at preventing fraud in Afghanistan’s presidential election performed better than in a poll last year but still left voters waiting a long time to cast their ballots, election observers said on Saturday. The machines were used for the first time in the October parliamentary poll, when many malfunctioned or failed to work altogether. Chaos during that vote was blamed on the machines’ performance, along with incomplete voting lists and delays in holding the election. The Independent Election Commission (IEC) decided to use the machines during the presidential election but gave staff more training and issued spare batteries for the devices at each of the polling centers in a country with chronic power shortages. Polling stations, which each had one device, had paper registration forms as backup in case biometric verification failed.

Canada: ‘It’ll be something new’: Canadian election interference likely in unexpected places | Penny Daflos/CTV

The upcoming Canadian election is the first test for new laws and social media policies, and while online activity suggests they’re being effective in curbing disinformation, experts are already warning that those seeking to manipulate the election or create chaos among voters have moved on to new tactics. Analysis from Twitter, Facebook and academics suggests that malicious, manufactured and “fake news” content is not as widespread as in previous years, largely due to efforts to zero in on and remove that kind of material as quickly as possible. SFU public communication professor Ahmed Al-Rawi is one of many academics across the country scrutinizing online activity for signs of foreign or domestic interference; he hasn’t found any. “I’ve downloaded over a million tweets and analyzed the ‘canpoli’ hashtag and I could not find any large activity of bots (automated re-tweeting accounts),” said Al-Rawi, who is continuing to assess those tweets throughout the campaign.

China: Beijing’s Online Manipulation and Interference During the Election | Marcus Kolga/Epoch Times

Over the past three years, a growing din of alarm bells have warned us about the threat of Russian foreign influence campaigns against our elections, our media, and our democracy. Other malign totalitarian regimes have engaged in similar operations to manipulate our perceptions in efforts to polarize debate and divide us. China is no exception. Over the past weeks, a massive “state-backed information operation” targeting the Hong Kong pro-democracy movement and activists was detected and exposed by major social media platforms Twitter, Facebook, and Google. Twitter identified some 200,000 accounts, many of which “were deliberately and specifically attempting to sow political discord in Hong Kong, including undermining the legitimacy and political positions of the protest movement on the ground.” According to Twitter’s research, most of the accounts and their subversive activity has been “state-backed.” Based on a tip from Twitter, Facebook suspended several China-based accounts, groups, and pages that exposed thousands of Facebook users to disinformation aimed at undermining support for the pro-democracy movement in Hong Kong.

National: Democrats seize on whistleblower report to push for election security | Maggie Miller/The Hill

Democrats renewed their push for election security legislation after a stark warning from acting Director of National Intelligence Joseph Maguire and the release of a whistleblower complaint about President Trump’s call with Ukraine’s leader. Maguire on Thursday warned that the “greatest challenge” the U.S. is facing is “maintaining the integrity of our election system” and said “there are foreign powers that are trying to get us to question the validity of whether or not our elections are valid. “The intelligence official made the comment during testimony before the House Intelligence Committee on Thursday about a whistleblower complaint alleging that Trump tried to persuade Ukraine to mount a corruption investigation against former Vice President Joe Biden, the current front-runner for the Democratic nomination. Democrats also highlighted a section in the whistleblower complaint that Trump’s actions could pose “risks to U.S. national security and undermine the U.S. Government’s efforts to deter and counter foreign interference in U.S. elections.” The two events have bolstered the need for election security legislation, these Democrats argued, not long after former special counsel Robert Mueller’s report highlighted Russia’s efforts to interfere in the 2016 elections. “The President again, just [as] he did in 2016, sought out assistance from a foreign power to help in his reelection,” House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) said in a statement on Thursday. “This is election interference, plain and simple. The President has continually and persistently undermined the integrity of our elections and our democracy.”

National: Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report | Zak Doffman/Forbes

The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.” With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.” None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against. The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”

National: After Resisting, McConnell and Senate G.O.P. Back Election Security Funding | Carl Hulse/The New York Times

Facing mounting criticism for blocking proposals to bolster election security, Senator Mitch McConnell on Thursday threw his weight behind a new infusion of $250 million to help states guard against outside interference in the 2020 voting. Mr. McConnell, Republican of Kentucky and the majority leader, has been under regular attack from both Democrats and a conservative group for refusing to allow the Senate to vote on various election security proposals, some of them bipartisan, despite dire warnings from the intelligence community that Russia is already trying to replicate the elaborate meddling campaign it carried out during the 2016 presidential contest. The additional funding, Mr. McConnell said in announcing his support, “will bring our total allocation for election security — listen to this — to more than $600 million since fiscal 2018.” The money was quickly approved by the Appropriations Committee later Thursday. Though Mr. McConnell has embraced other seemingly derogatory nicknames over the years, he was incensed at being called “Moscow Mitch” by those who claimed his opposition showed he was willing to accept foreign election interference because it had benefited his own party by helping to elect President Trump, despite the senator’s long record of taking a hard line against Russia.

National: For latest election security moves, the devil is in the details | Derek B. Johnson/FCW

Last week it looked like a logjam was cleared on election security. The Senate approved $250 million in funding to states to secure election infrastructure ahead of 2020. Microsoft announced it would continue supporting Windows 7, the soon-to-be-obsolete operating system used on voting machines in thousands of jurisdictions, throughout the 2020 election cycle. Additionally, the Election Assistance Commission met to discuss its latest security standards for voting machines. While new federal dollars for election security are welcome, experts caution that more money might be required and more direction is needed on how to spend the money in the form of new legislation to put smart policy behind congressional outlays. The Brennan Center for Justice estimates the cost of replacing all paperless voting machines in the country at $734 million over five years. When added to the costs estimated to tackle other problems like protecting voter registration data, implementing post-election audits and extending cybersecurity assistance to state and local governments, the total price comes out to more than $2.1 billion. According to research from the OSET Institute, software licenses, maintenance fees and other costs to support voting machines past their first year are hard to quantify and can end up costing more than the initial equipment purchase. Contract language tends to leave the timing, nature and additional costs of such updates at the discretion of voting machine manufacturers.

National: McConnell’s support for election security funding is just the start of a big fight | Joseph Marks/The Washington Post

Senate Majority Leader Mitch McConnell (R-Ky.) partially relented yesterday in the fight over election security by throwing his support behind a $250 million infusion of cash for state election officials. But that concession is likely just the start of what could be a battle royal in Congress. Democrats, who have derided McConnell as “Moscow Mitch” for blocking progress on election security after the Russian interference in the 2016 election, were already arguing the majority leader had only embraced a half measure. McConnell signed on to a measure, which is expected to be approved as part of a must-pass spending bill, to provide cash to states to upgrade their election systems, but it doesn’t mandate how it should be spent. Senate Minority Leader Chuck Schumer (D-N.Y.) took to the Senate floor to bemoan the language supported by McConnell for not requiring changes such as paper ballots and post-election security audits experts say are vital to thwart hackers from Russia and elsewhere. “It doesn’t include a single solitary reform that virtually everyone knows we need, but it’s a start,” Schumer said. A bill that delivers money for election security but doesn’t mandate any particular fixes is a good bargain for McConnell and many Republicans who are wary of expanding federal authority over state and local-run elections — and who fear blowback from President Trump if they talk too much about Russia’s 2016 hacking and influence operation aimed at helping Trump’s election.

National: Senate’s Election Security Funding Bill Leaves Election Assistance Commission Strapped for Cash | Courtney Buble/Government Executive

he cash-strapped, understaffed federal agency responsible for promoting voting machine security standards and best practices for election administration will receive very little new funding under a Senate appropriations bill aimed at bolstering election security. Bowing to pressure from Democrats and some Republicans, Senate Majority Leader Mitch McConnell last week reversed course and said he would support legislation aimed at preventing foreign interference in U.S. elections. On Sept. 19, the Senate Appropriations Committee reported out the “Financial Services and General Government Appropriations Act of 2020” (S.2524), which includes funding for $250 million in election security grants for state and local election administrators. But the bill includes almost no new funds for the Election Assistance Commission, the severely understaffed and underfunded agency that serves as a clearinghouse for information about voting machine security standards and administrative best practices. Under the Senate legislation, EAC would receive $11,995,000 in 2020, about $2 million more than it received in 2019, however $1.5 million of that would be transferred to the National Institute for Standards and Technology to develop voluntary state voting system guidelines, and another  $2.4 million is designated for the EAC’s relocation to new offices.

National: States try to combat election interference as Washington deadlocks | Evan Halper/ Los Angeles Times

With the White House and Congress paralyzed over how — or even whether — to act on intelligence agency warnings about foreign interference in U.S. elections, Maryland opted to take matters into its own hands. The state adopted transparency rules for political advertising on Facebook, Twitter and elsewhere online. The pioneering move drew praise from election reformers as a blow against foreign meddling. Then came the backlash. And it wasn’t from Russia. Newspaper publishers hauled the state into federal court. The new rules ran afoul of the 1st Amendment and created burdens on media organizations that could push struggling local papers under, they protested. Even one of the world’s most vocal advocates for transparency, the Reporters Committee for Freedom of the Press, joined the objectors. Along with the Washington Post, Associated Press and others, they successfully blocked the state’s effort in federal court.

National: EAC says it won’t de-certify voting systems running old versions of Windows | Sean Lyngaas/CyberScoop

The U.S. Election Assistance Commission has told lawmakers that it will not de-certify certain voting systems that use outdated Microsoft Windows systems, a disclosure that highlights the challenge of keeping voting equipment secure after a vendor ceases offering support for a product. While a voting system would fail certification if it were running software that wasn’t supported by a vendor, the act of de-certifying the system is cumbersome and “has wide-reaching consequences, affecting manufacturers, election administration at the state and local levels, as well as voters,” EAC commissioners wrote in a letter to the Committee on House Administration that CyberScoop obtained. To pass certification, voting vendors must meet a series of specifications outlined in the Voluntary Voting Systems Guidelines (VVSG), a set of standards that the EAC has been slow to update. In response to questions from the committee’s staff, EAC commissioners said the laborious de-certification process can be initiated if there is credible information that a voting system no longer complies with the guidelines. However, in the case of Election Systems & Software, the country’s largest voting vendor, for example, the EAC said it didn’t have “grounds to decertify any ES&S product that uses software that is no longer supported by a third-party vendor.” The commissioners also said that there is no stipulation for how far into the future operating systems must support security patches for them to be certified.

National: EAC parting ways with embattled top staffer | Eric Geller/Politico

The embattled executive director of the Election Assistance Commission, whose tenure has been marked by internal turmoil, will not serve another term, two government employees with knowledge of the decision told POLITICO. While the departure of Brian Newby will remove a controversial figure from one of the federal agencies charged with helping states secure their election systems, the shakeup will likely further hamper its mission ahead of the 2020 election, which intelligence officials say hackers working for Russia and other U.S. adversaries will once again attempt to disrupt. EAC commissioners voted over the weekend of Sept. 7-8 not to reappoint Newby for four more years, according to an agency staffer and a House aide, who declined to be named because of the sensitivity of the issue. The commissioners also voted not to retain Cliff Tatum, the agency’s general counsel. Both men joined the EAC on Oct. 22, 2015. The vote on the two appointments was 2-2, splitting the Democratic and Republican commissioners, said the House aide. A decision to reappoint them would have required a majority. The vote came three months after a POLITICO story about how Newby has faced extensive criticism from inside and outside the EAC for undermining its election security work and ignoring, micromanaging and mistreating staff.

National: Microsoft will offer free Windows 7 support for election officials through 2020 | Sean Lyngaas/CyberScoop

Microsoft said Friday it will offer state and local election officials free security support for Windows 7 operating systems used in voting systems through 2020. “We want to make sure that Windows 7 end-of-life doesn’t…become a barrier to having a secure and safe election,” Jan Neutze, head of Microsoft’s cybersecurity and democracy team, said in announcing the news, which CyberScoop was first to report. “It’s the right thing to do,” he said at a conference hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Microsoft has long planned to stop providing security updates for Windows 7 users in general in January 2020, but was allowing users to pay for those updates through January 2023. But the offer of free services through next year’s U.S. presidential election is an additional effort to make it easier to update operating software used in voting systems, such as the election management systems that format ballots. Some systems that support voting in the U.S. still rely on Windows 7, which is not nearly as straightforward to update on those machines as it is on a personal computer. Patches require installation and testing to verify that they will not disrupt a voting system.