Editorials: Trump’s hostility to election security preparedness | Elaine Kamarck/Brookings

From the very beginning of his presidency, Donald Trump has denied or downplayed Russian interference in the 2016 campaign. He has, at various times, dismissed the whole idea as a hoax, as fake news, or as an excuse by Democrats for why they lost the election. At other times, he has proclaimed his innocence vis-à-vis Russian campaign interference. From the earliest days of his presidency when he fired FBI Director James Comey in an effort to stop the investigation, he has denigrated and dismissed the entire issue. In its place he has insisted that the real problem in 2016 was not Russian interference but rather illegal voting by immigrants. The president’s beliefs have put him at odds with his own government and his own appointees, creating some awkward moments as the machinery of the federal government comes into conflict with the tweets of the chief executive. In spite of the president’s antipathy towards the effort, the gears of government managed to grind on, even in the White House. On September 12, 2018, President Trump issued Executive Order 13848 titled “Executive Order on Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election.” The order requires a post-election audit by the intelligence community, under the direction of the ODNI (Office of the Director of National Intelligence) and mechanisms to place sanctions—such as confiscation of property—on those who take actions to interfere in U.S. elections.

Georgia: Mystery of missing votes deepens as Congress investigates Georgia | Mark Niesse/The Atlanta Journal-Constitution

To find a clue about what might have gone wrong with Georgia’s election last fall, look no further than voting machine No. 3 at the Winterville Train Depot outside Athens. On machine No. 3, Republicans won every race. On each of the other six machines in that precinct, Democrats won every race.The odds of an anomaly that large are less than 1 in 1 million, according to a statistician’s analysis in court documents. The strange results would disappear if votes for Democratic and Republican candidates were flipped on machine No. 3.It just so happens that this occurred in Republican Brian Kemp’s home precinct, where he initially had a problem voting when his yellow voter access card didn’t work because a poll worker forgot to activate it. At the time, Kemp was secretary of state — Georgia’s top election official — and running for governor in a tight contest with Democrat Stacey Abrams.The suspicious results in Winterville are evidence in the ongoing mystery of whether errors with voting machines contributed to a stark drop-off in votes recorded in the race for Georgia lieutenant governor between Republican Geoff Duncan, who ended up winning, and Democrat Sarah Riggs Amico.Even though it was the second race on the ballot, fewer votes were counted for lieutenant governor than for labor commissioner, insurance commissioner and every other statewide contest lower on the ballot. Roughly 80,000 fewer votes were counted for lieutenant governor than in other down-ballot elections. The potential voting irregularities were included among 15,500 pages of documents obtained by The Atlanta Journal-Constitution that have also been turned over to the U.S. House Oversight and Reform Committee, which is looking into Georgia’s elections. The documents, provided under the Georgia Open Records Act, offer details of alleged voting irregularities but no answers.

Iowa: Fearing Hackers, D.N.C. Plans to Block Iowa’s ‘Virtual’ Caucuses | Reid J. Epstein/The New York Times

The Democratic National Committee is preparing to block Iowa Democrats’ plans to allow some caucusgoers to vote by phone next year, bowing to security concerns about the process being hacked, according to four people with knowledge of the decision. The committee’s announcement, expected to come by Friday afternoon in the form of a recommendation to the party’s Rules and Bylaws Committee, serves as a major setback to Democrats who have long hoped to expand the caucus-state electorate beyond those voters able to attend a winter-night gathering for several hours. The Iowa Democrats’ plan would have allowed voters not attending a traditional caucus to register their preference during one of six “virtual caucuses” over the phone. But D.N.C. security officials told the rules committee at a closed-door session in San Francisco last week that they had “no confidence” such a system could remain safe from hostile hackers. The D.N.C.’s leadership concluded that the technology that exists is not secure and poses too large a risk of interference from a foreign adversary, according to officials with knowledge of the deliberations. Several presidential campaigns expressed concern to top party officials that Iowa’s results could be compromised, people familiar with the discussions said Thursday.

Maryland: Maryland was never in play in 2016. The Russians targeted it anyway. | Dana Priest/The Washington Post

Russia’s Twitter campaign to influence the 2016 presidential election in Maryland began in June 2015, 17 months before Election Day, when the St. Petersburg-based Internet Research Agency opened an account it called @BaltimoreOnline and began tweeting about local news events. Its third tweet was a retweet of a WBAL-TV story about a 5-year-old boy who’d shot himself in the foot in an alley on North Mount Street, the same street where 11 blocks away Freddie Gray encountered police who loaded him into a police van for a race across the city that left him fatally injured. The tweet fit neatly into what would become a pattern for Russian activities in Maryland, a solidly Democratic state that hadn’t favored a Republican presidential candidate since 1988 and wasn’t in play in 2016. Yet, the IRA, the Russian troll factory U.S. prosecutors blame for the massive disinformation campaign during the 2016 campaign, devoted enormous attention and preparation to its Maryland campaign, all in a likely effort, experts say, to widen racial divisions and demoralize African American voters.

Mississippi: ‘It’s a hell of a big mess:’: Malfunction allows improper party crossover voting | Sarah Fowler/Jackson Clarion Ledger

Voters who cast ballots for one party in the Aug. 6 primary may have improperly voted for a different party in Tuesday’s runoff due to machine malfunctions, according to the Hinds County GOP.  Pete Perry, Hinds County Republican Party chairman, said he was first alerted to an issue at Casey Elementary precinct around 9:15 a.m. Tuesday. The school is one of the 108 precincts in Hinds County. According to a poll worker, people who voted Democratic in the primary were allowed to vote in the Republican runoff, Perry said. A spokesperson for the Hinds County Election Commission could not be reached for comment. According to Perry, the “party lock” on machines provided by Election Systems and Software is not functioning. This means voters who cast a ballot for a Democratic candidate in the primary are being erroneously allowed to vote in the Republican runoff.  Mississippi has no party registration and is an open primary state. But if voters  vote for one party in the primary, they are only allowed to vote for that same party in a runoff. For example, if a voter voted on the Democratic ticket in August, they would not be allowed to vote in Tuesday’s Republican runoff for governor. However, Perry said, “we know that’s already happened.”

Mississippi: Video captures glitching Mississippi voting machines flipping votes | Lisa Vaas/Naked Security

“It is not letting me vote for who I want to vote for,” a Mississippi voter said in a video that shows him repeatedly pushing a button on an electronic touch-screen voting machine that keeps switching his vote to another candidate. Walker said in a comment that the incident happened in Oxford, Miss., in Lafayette County. A local paper, the Clarion Ledger, reported that as of Tuesday night, there were at least three reports confirmed by state elections officials of voting machines in two counties changing voters’ selections in the state’s GOP governor primary runoff. The machines were switching voters’ selections from Bill Waller Jr.- a former Supreme Court Chief justice – to Lt. Gov. Tate Reeves. Waller’s campaign told the Clarion Ledger it also received reports of misbehaving voter machines in at least seven other counties. Waller conceded to Reeves around 9 p.m. on Tuesday night. With Reeves leading 54% to Waller’s 46%, it looks unlikely that the glitches affected the outcome. Before the malfunctioning machine was discovered in Lafayette County, the machine – reportedly a paperless AccuVote TSX from Diebold – only recorded 19 votes, according to Anna Moak, a spokeswoman for the Secretary of State’s Office. A technician was dispatched, and the machine is being replaced, she said.

Nevada: DNC to recommend scrapping Iowa, Nevada virtual caucus plans | Associated Press

The Democratic National Committee will recommend scrapping state plans to offer virtual, telephone-based caucuses in 2020 due to security concerns, sources tell The Associated Press. The final choice whether to allow virtual caucuses in Iowa and Nevada is up to the party’s powerful Rules and Bylaws Committee. But opposition from DNC’s executive and staff leadership makes it highly unlikely the committee would keep the virtual caucuses, leaving two key early voting states and the national party a short time to fashion an alternative before the February caucuses. The state parties had planned to allow some voters to cast caucus votes over the telephone in February 2020 instead of showing up at traditional caucus meetings. Iowa and Nevada created the virtual option to meet a DNC mandate that states open caucuses to more people, but two sources with knowledge of party leaders’ deliberations say there are concerns that the technology used for virtual caucuses could be subject to hacking. The sources spoke on condition of anonymity because they were not authorized to disclose internal party discussions.

Pennsylvania: Election security, transparency and millions of dollars: Questions answered as Allegheny County looks to buy new voting machines. | J. Dale Shoemaker/PublicSource

If you’ve tuned into the news at any point over the past three years, chances are you’ve heard that the Russian government meddled in the 2016 presidential election. Russian interference, “in sweeping and systematic fashion,” was a key — and much publicized — finding of Special Counsel Robert Mueller’s report to the U.S. Attorney General earlier this year. But a less prominent finding was that Russia’s meddling also targeted state and county officials in an attempt to access voter rolls and voting systems. According to Mueller, Russia successfully accessed voter rolls in Illinois and even hacked one of the companies that sells election equipment to states and counties. The potential for future attacks, particularly during the 2020 presidential election, has worried some elections experts and advocates in Allegheny County and beyond. But now, as Allegheny County and many other Pennsylvania counties are in the process of buying new voting machines, there is an opportunity to select equipment that will maintain integrity at the polls. The state government, as part of a lawsuit settlement, has directed all counties to implement a voting system with a paper trail by the 2020 primaries. By 2022, counties must have a system in place to automatically audit election results to ensure they’re accurate. At present, a search committee comprised of 10 Allegheny County employees has issued a report assessing the cost and security protocols of nine different voting systems from four companies. Some are paper based, some are computer based.

Estonia: E-voting workgroup recommends more audits and observers | ERR

Experts put forward suggestions and recommendations at the second meeting of the e-election working group on Wednesday, commissioned by minister Kert Kingo (EKRE). Over the past month, committee members have submitted 30 suggestions for improvements. At the second meeting suggested proposals were put forward in three areas. Head of the working group Raul Rikk said that firstly more resources should be made available so that several independent auditors can check the processes of e-voting. He said this would increase their credibility in Estonia and around the world. The group is also proposing that the number of people involved in conducting and supervising elections should increase and to raise the number of independent observers at election counts. Rikk said this could be done, for example, by making it obligatory for a representative from each political party to attend the election counts. Experts could also be invited to follow the process or IT students could be encouraged to write reports. These changes would help to increase the number of people in society who have received training in the electoral process and understand the structure of the system, Rikk said.

Finland: Security agencies collaborate after cyber attacks | Gerard O’Dwyer/Computer Weekly

Finland’s National Bureau of Investigations (NBI) has joined forces with the National Cyber Security Centre (NCSC) to investigate a series of significant cyber attacks against state-run public services websites in the country in August. The most serious targeted attacks left the national police service and other public websites inaccessible to users. The NBI and the NCSC now plan to work more closely with public and private organisations to increase expertise and capability to better defend Finland’s critical IT infrastructure against cyber attacks. Hackers launched a sustained denial-of-service (DoS) assault on a number of popular public websites on 21 August that caused serious disruption to server functionality, connectivity and public services. The DoS strike was latest hostile cyber assault by hackers targeting high-profile public services websites in Finland. Previously, hackers had launched attacks against the City of Lahti’s municipal computer system and the IT system managing the official online results for the Finnish parliamentary elections in April.

Italy: The Five Star digital voting platform that could threaten a government deal in Italy | Franck Iovene/AFP

If Italy’s political parties can agree on a government deal, it would still need to clear a final hurdle: the online voting platform of the Five Star Movement (M5S), which has long championed so-called ‘digital democracy’.
The platform, named after the 18th-century French philosopher Jean-Jacques Rousseau, is supposed not only to empower ordinary citizens but guarantee transparency — but it has been slammed as secretive and vulnerable to cyber attacks. Launched in 2016, it currently has some 100,000 members, M5S chief Luigi Di Maio said in July. But critics have lamented a lack of official documentation or certification from a third party to attest that this figure is correct. The M5S’s blog says the number of people registered on “Rousseau” rose from 135,000 in October 2016 to nearly 150,000 in August 2017, before dropping to 100,000 a year later. But political analysts say it cannot be seen as representative of M5S supporters, as the membership numbers are a drop in the ocean compared to the 10.7 million Italians who voted for M5S in the 2018 general election.

National: FEC vice chairman resigns, leaving agency unable to vote | Maggie Miller/The Hill

The vice chairman of the Federal Election Commission (FEC) submitted his resignation letter to President Trump on Monday, leaving the agency without the necessary number of commissioners to vote on proposed actions. Matthew Petersen, a Republican who has served as a commissioner since 2008, wrote that he will formally step down on Aug. 31. “Throughout my service, I have faithfully discharged my duty to enforce the law in a manner that respects free speech rights, while also fairly interpreting the relevant statutes and regulations and providing meaningful notice to those subject to FEC jurisdiction,” Petersen wrote. “I am honored to have served the American people in this capacity and to have fulfilled the oath taken 11 years ago.” A spokesperson for the FEC confirmed Petersen’s resignation, declining to comment further. His departure leaves the agency with only three of the four members required to vote on proposed actions.

National: As Russia Eyes 2020, America’s Election Watchdog Is Out of Commission | Nicole Goodkind/Newsweek

The Federal Election Commission, an independent agency that enforces all campaign finance law and ensures the integrity of political campaigns, lost its vice chairman Monday evening, essentially rendering the agency useless. In order to take any official enforcement or regulatory action, the agency is required to have a quorum of four members on its board, but the resignation of Matthew Petersen, effective this week, leaves the commission with only three members, all of whom are still working even though their six-year terms of service have all expired. There were already three vacancies before this week’s kerfuffle. The FEC issued about $33.6 million in fines between 1999 and 2008, but over the last 10 years that dropped to $11.4 million. Yet, election security has become an increasingly important issue. Just last month, former special counsel Robert Mueller ominously warned Congress that Russia had lofty plans to interfere in the next election. “They’re doing it as we sit here and they expect to do it during the next campaign,” he said.

National: Ransomware threat raises National Guard’s role in state cybersecurity | Benjamin Freed/StateScoop

National Guard units already play a large role in state governments’ cybersecurity activities, such as protecting election systems, but the threat of ransomware to cripple a state or city organization is a growing concern for uniformed personnel, the top military official overseeing the National Guard across the United States said. While Americans are long used to seeing guardsmen and women roll into to disaster-stricken areas after a hurricane or wildfire, deployments following cyberattacks are increasingly common, Air Force Gen. Joseph Lengyel said Friday on a conference call with reporters, likening the recent ransomware incidents in Texas and Louisiana to a “cyber storm,” though not quite a “cyber hurricane.” “We’re seeing the whole of the first responder networks come to assist and mitigate the damage and get everything back up and running, and the National Guard is part of that response,” he said.

National: U.S. officials fear ransomware attack against 2020 election | Christopher Bing/Reuters

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. “We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet. The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta. “Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

National: Federal officials working with states to protect elections | Andrew Selsky/Associated Press

Huddled in small groups in a remote town in Oregon, county and state elections officials tried to overcome hacking attempts, power failures and other problems as election day approached and finally arrived. It was a tabletop exercise, held as federal officials work to bolster defenses against interference in the 2020 elections, with states being a main line of defense against attempts by Russia or others to disrupt the elections. Officials from the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency traveled to La Grande, a town located in ranching country in northeast Oregon, for Wednesday’s exercise with county and state officials. During the event held on the campus of Eastern Oregon University, the officials had to work through various scenarios, like official websites being hacked, disinformation being spread on social media and electrical power and communications going down, Oregon Elections Director Stephen Trout said in a telephone interview. Disinformation involves deliberately spreading falsehoods and rumors, while misinformation — another election security threat that experts point to — entails simply disseminating incorrect or misleading information.

Editorials: Prediction: 2020 election is set to be hacked, if we don’t act fast | Adam K. Levin/The Hill

Since 1993, hackers have traveled to Las Vegas from around the world to demonstrate their skills at DefCon’s annual convention, and every year new horrors of cyber-insecurity are revealed as they wield their craft. Last year, for example, an eleven-year-old boy changed the election results on a replica of the Florida state election website in under ten minutes. This year was no exception. Participants revealed all sorts of clever attacks and pathetic vulnerabilities. One hack allowed a convention attendee to commandeer control of an iPhone with a non-Apple-issue charging cord, one that is identical to the Apple version. Another group figured out how to use a Netflix account to steal banking information. But for our purposes, let’s focus on election security because without it democracy is imperiled. And if you think about it, what are the odds of something like DefCon being permitted in the People’s Republic of China? Speaking of China (or Russia or North Korea or Iran or…) will the 2020 election be hacked? In a word: Yes.

National: Groups push lawmakers for hearings on voting machine security | Maggie Miller/The Hill

Voting rights and election security groups on Monday urged two House and Senate committees to hold hearings on the security of voting machines. The groups, which include the National Election Defense Coalition, Electronic Privacy Information Center, R Street Institute and Public Citizen, asked the House Administration Committee and the Senate Rules and Administration Committee in a letter to schedule election security hearings that include testimony from voting machine vendors and election security experts. “The security of our nation’s elections is acutely dependent on the vendors that supply our computerized voting systems,” the groups wrote. “The voting system vendors have operated with little oversight and no regulation for decades.” “Given the gravity and urgency of this issue, we write to you to urge the committees to hold a hearing on election system security featuring sworn testimony from officers of the voting system vendors to shed more light on their practices which directly impact the security of the nation,” they added. The groups cited reports in recent months that certain voting systems rely on outdated Windows 7 operating systems, that one major election machine vendor installed remote access software on its election systems and concerns about a lack of transparency from voting machine vendors.

Florida: Election security audit complete but details unclear | Mike Vasilinda/WIXT

A security audit of all 67 Florida counties ordered by Gov. Ron DeSantis has been completed, but once a report is published, it’s not going to advertise what problems were found.  “The secretary, basically, reported to us they had visited all 67 counties already,” said Okaloosa County Supervisor of Elections Paul Lux, who is the former president of the Florida State Association of Supervisors of Elections. “And they are in the process of producing a remediation report and we’ll go from there.” Lux added he was not aware of how much remediation has been ordered. DeSantis ordered the security audit in May after Special Counsel Robert Mueller’s report said Russians successfully hacked two Florida counties in 2016. “There was no manipulation. It didn’t have any effect,” DeSantis said in May. But he said the FBI would not let him name the counties, partly because the FBI said it would help the hackers learn how they were detected.

Iowa: Secretary of State raises concerns of cyber threats to elections | Rod Boshart/The Courier

Iowa Secretary of State Paul Pate on Wednesday likened the ongoing struggle against forces trying to hack the state’s election network to a “war.” “It’s a war for public opinion, and it’s a war, if you will, for minds rather than a physical one,” Pate said in pointing to efforts by Russians, North Koreans, Chinese and others trying to disrupt the U.S. election process and weaken the American public’s trust. “Their manipulation of the social media, their manipulation of certain types of probes that they’re doing is to try to create doubt, to make Americans question their elections process,” Pate told reporters. “So, yes, I consider that a war. I consider it something we need to push back and not tolerate.” Pate raised concerns about challenges to Iowa’s election process during a breakfast meeting with members of the Westside Conservative Club. He also shared his worries that any snafu in the upcoming 2020 Democratic “virtual” caucuses could have a “devastating” impact and jeopardize Iowa’s starting position in the presidential selection process every four years.

Florida: Russian hackers likely to target Florida again in 2020 election, experts warn | Peter Stone/The Guardian

Florida’s record as a vital swing state made it a target for meddling in the 2016 election when Russians breached two county voting systems and a software vendor and now concerns are being raised about voting security in the state for the 2020 ballot, say election and cyber security experts, federal reports and Democrats. With FBI director Christopher Wray and other intelligence officials predicting more Russian and possibly other foreign interference in the next elections, experts say Florida is again a likely target for Russian hackers, or others bent on disrupting voting, which potentially could alter tallies and create other problems. “Obviously, Florida will be a critical state in 2020 and Florida election officials should assume they will be targeted again,” said Larry Norden, who runs the election reform program at the Brennan Center for Justice. Election security experts are concerned about several potential problem areas, including software that stores sensitive voter registration data, the short timetable for any post-election audits and Florida’s history of voting snafus. Some of Florida’s election problems in 2016 were highlighted in April by special counsel Robert Mueller’s report about Russian interference and in a July Senate intelligence committee study on Russian meddling and election security issues nationwide.

Montana: ExpressVote Voting Machines Could Debut In Montana This November | MTPR

The Montana Secretary of State’s office plans to sign-off on a new touchscreen voting system designed for voters with disabilities that could be used at county polling sites as early as this November. The ExpressVote system resembles a touchscreen desktop computer or ATM. Voters insert a ballot, scroll through pages of candidates or initiatives and make their picks, and then hit print. The system includes audio, visual, and other aids designed to help individuals with disabilities vote. A separate machine does the vote counting. The Secretary of State’s Office and system developer ES&S ran demonstrations of the device Monday in the state Capitol ahead of an official certification event scheduled Tuesday. Staff with the Secretary’s office say the ExpressVote system is replacing an outdated device from the early 2000s that was also designed for people with disabilities. The state is using $750,000 of a $3 million federal grant to buy the equipment, with counties chipping in matching funds if they want to take part in the upgrade.

North Carolina: State certifies barcode ballot voting systems despite security concerns | Jordan Wilkie/Carolina Public Press

Amid threats of litigation from all sides, the North Carolina State Board of Elections voted 3-2 Friday afternoon to certify a voting system that experts say is insecure, voting rights groups advocated against and many public comments opposed.Chairman Damon Circosta, a Democrat, in his first meeting after being appointed by Gov. Roy Cooper, voted against a motion to make voting system certification requirements more stringent. The board’s two Republican members, David Black and Kenneth Raymond, voted with Circosta.The new certification requirements, proposed by Dr. Stella Anderson and supported by fellow Democrat Jeff Carmon III, would have precluded one voting-machine vendor, Election Systems and Software (ES&S), from having its system certified.The room for Friday’s meeting was packed with voters and advocates from civil rights and voting rights organizations, such as Democracy NC, which seeks to improve voter turnout in elections.“This is disappointing,” Democracy NC executive director Tomas Lopez said. “But the decision on what ultimately gets purchased is with the counties, and with the county boards of elections in particular.” Two counties, Davie and Transylvania, submitted letters to the board asking that existing certification requirements not be changed. Both counties use voting-machine-for-all systems, using old technology that the state will decertify on Dec. 1.

North Dakota: New election equipment going out to counties | Jack Dura/Bismarck Tribune

Burleigh County has received new election equipment being distributed to North Dakota counties over the next few weeks by state election officials. Auditor/Treasurer Kevin Glatt said the county on Monday received 50 ballot scanners, 50 accessibility devices for voters who may have difficulty marking ballots and one central scanner for tabulating absentee ballots. The equipment vendor is now testing the devices after delivery before formal training in September.  “We’re excited that we have them,” Glatt said. Morton County Auditor Dawn Rhone said she expects the new machines, including 18 ballot scanners, this week, likely on Thursday after the old machines are taken away Wednesday from the courthouse in Mandan. The secretary of state’s office in 2015 pressed the Legislature for new election equipment, but funding priorities didn’t favor the request, especially during deep budget cuts in 2017.

Rhode Island: Protecting elections in Rhode Island | Providence Journal

Secretary of State Nellie Gorbea’s most important job is to make sure Rhode Island elections are on the up-and-up. Unfortunately, she has unilaterally blocked the public from obtaining information that was previously available in digital form to check on the accuracy of the voter lists she maintains. (In this year’s session, the legislature balked at Ms. Gorbea’s attempt to deny the public such information by law.) And now it turns out that she bought voting machines that could be liable to hacking. The issue came to light recently through a Vice.com investigation, which found that, for a period of time, Rhode Island’s elections system was connected to the internet. The public had been assured the machines were walled off from potential hacking. Researchers were able to find online the reporting system for results from the entire state. Not good. The problem is striking a balance between quick reporting of results — which in itself helps protect our elections from fraud — and making sure machines are free from tampering. Modems in the voting machines Ms. Gorbea bought transmit election results quickly to the state Board of Elections after the polls close.

International: Governments risk cyber attacks if they continue to demand encryption backdoors | Sara Barker/Security Brief

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals. With election time looming, backdoors are perfect targets for cyber attackers who look to target election infrastructure. It was only last year with ‘Five Eyes’ nations (United States, Canada, United Kingdom, Australia, and New Zealand) were lobbying for technology providers to build backdoors into their solutions. According to 384 IT professionals polled at Black Hat USA 2019, 74% believe that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. Furthermore, many professionals believe that backdoors won’t make countries any safer – 72% believe laws that allow governments to access encrypted personal data will not make countries safer from terrorists.

Australia: Where’s the proof internet voting is secure? | Vanessa Teague/Pursuit

Victoria’s Electoral Commissioner, Warwick Gately AM, says that Victoria should legislate to allow Internet voting because “there is an inevitability about remote electronic voting over the internet.” According to Mr Gately, the NSW iVote system has, “proven the feasibility of casting a secret vote safely and securely over the internet”. The key word here is “proven”. Anyone can claim that their system is secure and protects people’s privacy, but how would we know? Elections have special requirements. Ballot privacy is mandated by law. And elections must demonstrate that the result accurately reflects the choice of the people. So, what has iVote proven? In 2015, our team found that the iVote site was vulnerable to an internet-based attacker who could read and manipulate votes. The attack wouldn’t have raised any security warnings at either the voter’s or the NSW Electoral Commission (NSWEC) end, but it should have been apparent from iVote’s telephone-based verification. When the NSWEC claimed that “some 1.7 per cent of electors who voted using iVote® also used the verification service and none of them identified any anomalies with their vote,” we took that as reasonable evidence that the security problem hadn’t been exploited. But it wasn’t true.

Canada: Cyber-risk ramps up during elections | Allan Bonner and Brennen Schmidt/Winnipeg Free Press

It’s almost federal election time — that means many Canadian voters will be trying to guess whether political parties will do what they say they will if elected. That’s a difficult guess. But what about judging a political party’s credibility on a policy issue by seeing whether it practises what it preaches? Here’s an easy example: cybersecurity is in the news. It’s in the budget, too. A while ago, the federal government devoted hundreds of millions of dollars to the threat. And every day there’s news from the U.S. about past and present meddling in the political process. There are also serious worries about future elections, and even the need for paper ballots to ensure the meddling isn’t in cyberspace or a cloud somewhere. Fans of detective novels and movies enjoy the denouement at the end when the culprit is exposed.

Russia: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken | Sugandha Lahoti/Security Boulevard

Russia is looking forward to its September 2019 elections for the representatives at the Parliament of the city (the Moscow City Douma). For the first time ever, Russia will use Internet voting in its elections. The internet-based system will use blockchain developed in-house by the Moscow Department of Information Technology. Since the news broke out, security experts have been quite skeptical about the overall applicability of blockchain to elections. Recently, a French security researcher Pierrick Gaudry has found a critical vulnerability in the encryption scheme used in the coding of the voting system. The scheme used was the ElGamal encryption, which is an asymmetric key encryption algorithm for public-key cryptography. Gaudry revealed that it can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. The main problem, Gaudry says is in the choice of three cyclic groups of generators. These generators are multiplicative groups of finite fields of prime orders each of them being Sophie Germain primes. These prime fields are all less than 256-bit long and the 256×3 private key length is too little to guarantee strong security. Discrete logarithms in such a small setting can be computed in a matter of minutes, thus revealing the secret keys, and subsequently easily decrypting the encrypted data. Gaudry also showed that the implemented version of ElGamal worked in groups of even order, which means that it leaked a bit of the message. What an attacker can do with these encryption keys is currently unknown, since the voting system’s protocols weren’t yet available in English, so Gaudry couldn’t investigate further.

Verified Voting Blog: Verified Voting’s Policy on DREs and BMDs

Download VerifiedVoting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices On November 21, 2019 we revised Verified Voting’s Policy on Direct Recording Electronic Voting Machines and Ballot Marking Devices to remove a reference to parallel testing on page 8 of the original document. Although the concept of parallel testing has been discussed…