Iowa: “Virtual Iowa Caucuses” Demand Cybersecurity Attention: 2020 Election Security Can’t Wait Till 2020 | Joshua Geltzer/Just Security
The past week featured stark reminders of the importance of election security as the 2020 presidential election swiftly approaches. First, former Special Counsel Robert Mueller testified to the House Intelligence Committee that the Russian government was interfering with American democracy “as we sit here.” Next, the Senate Intelligence Committee released a detailed report on election security, reciting the extensive malign cyber activity conducted by Moscow in the lead-up to America’s 2016 presidential election and concluding that “little has been done to prevent it from happening all over again.” Press coverage of both of these warnings has emphasized—understandably—the need to harden U.S. defenses against various forms of cyber interference that Russia—and now Iran, too—appear intent on carrying out in the 2020 election. While it’s true that 2020 election security is critical, it’s important to emphasize that protecting our elections can’t wait until 2020 is upon us. That’s because, if our foreign adversaries’ goal is (as the Senate Intelligence Committee report confirmed) to undermine American confidence in our own democracy, the opportunities to do so are already unfolding. Long before Election Day arrives, the release of internal campaign emails, the distortion of public polling data, the laundering to campaigns of money that originates from impermissible sources—all of this can contribute to advancing the objectives of Russia and other hostile foreign actors intent on undermining public confidence in American elections and, ultimately, our democracy.North Carolina: Board of Elections does a 180 on decision to delay certifying voting machines | Melissa Boughton/NC Policy Watch
The North Carolina State Board of Elections plans to move forward with certifying new voting machines ahead of the 2020 elections after a member mistakenly voted Monday night to delay the process to create stricter requirements out of concern for cyber security.The reversal of course came as a surprise to voting rights advocates and citizens who had praised Board members last night for postponing certification in the name of voter integrity. Board members had voted 3-2 for the postponement in order to adopt more stringent requirements for digital voting systems at a later meeting in mid-August (a meeting for which they would have provided 15 days’ notice to the public). However, another meeting notice sent out Tuesday by the Board stated that the group planned to consider a motion this Thursday morning to “rescind [the] decision to notice meeting to amend NC Election Systems Certification Program.” “Board Member David Black said he misunderstood the motion of Board Secretary Stella Anderson and was not aware it would stop the present certification in its tracks,” said Board Chairman Bob Cordle in an email. “He did not realize that, so he wants to set that vote aside and move ahead with certification. Some board members believe it’s not fair to try to change the requirements at this late date — more than two and a half years after the process started.”North Carolina: Another delay on voting machines, and a move toward hand-marked ballots | Travis Fain/WRAL
North Carolina moved toward a new requirement for hand-marked ballots Monday night when a divided, but bipartisan, State Board of Elections voted to rework the rules that govern what voting machines are allowed here. The board will have to gather again in about two weeks to make the change official, and Monday's decision delayed for the third time in two months a long-awaited decision to certify new voting equipment. But activists hailed the vote as a move toward more secure elections. The time to approve new machines ahead of the 2020 elections grows short. State law requires small test runs in actual elections before new machines can be fully deployed, meaning equipment would need to be in place for the November municipal elections to be ready for the March 2020 presidential primaries. The state legislature may change that law, allowing for simulated election tests instead. It may also delay the coming decertification of touchscreen voting systems that roughly a third of North Carolina counties use now.West Virginia: Internet Voting Experiment Criticized | Public News Service
Security experts are critical of a West Virginia experiment in Internet voting for military and overseas citizens. Last year the Secretary of State's office allowed 141 West Virginians in 31 counties to vote, using what's known as blockchain – the same distributed ledger system cryptocurrencies such as bitcoin use. In an article for Slate magazine, tech reporter Yael Grauer criticized the contractor for being secretive. Among other points, Grauer also questioned whether the use of blockchain really helped secure the voting, or if the experiment just used a fad technology as a kind of marketing. And Grauer pointed to a weak link. "Everybody who's sent email probably knows that they don't always go through,” she points out. “And after they receive it they're putting it on the blockchain, but there's no way for voters to be able to check whether what they voted on is in the blockchain the way that they voted on it."Australia: New South Wales iVote source code released for researchers to poke around in | Asha Barbaschow/ZDNet
Parts of the source code the New South Wales Electoral Commission (NSWEC) uses to conduct voting has been released, in a bid to prove it contains no vulnerabilities. Scytl, who was awarded a multi-year contract to refresh the NSW online and phone voting software also known as iVote, has on Tuesday made the code available to those that register, at the request of the NSWEC. "We have published the source code to allow independent researchers to review it in order to aid continuous improvement of the code base by finding and communicating any vulnerabilities they may find," Scytl Asia-Pacific GM Sam Campbell said. "The terms of use are published with the source code and stipulate that any vulnerabilities discovered must be reported to Scytl and the NSW Electoral Commission." In early March, a group of researchers found a flaw in the Swiss Internet voting system, which is the same system used by NSWEC. The flaw was found in the proof the SwissPost system uses to prevent electoral fraud. Later that month, researchers detailed a second flaw in the electronic voting system, discovering another method that could be exploited to result in a tampered election outcome.Switzerland: Cyber attack hits email users probing Russian intelligence | Sam Jones/Financial Times
One of the world’s most secure email services has been caught up in a sophisticated cyber attack aimed at investigative journalists and other experts who are probing Russian intelligence activities. Those targeted have used Swiss-based ProtonMailexternal link to share sensitive information related to their probes of Moscow’s military intelligence directorate, the GRU. Its agents have been accused of complicity in the downing of MH17 over Ukraine in 2014, and the attempted assassination of Sergei Skripal and his daughter last year in Britain. ProtonMail, which bills itself as the world’s most secure email platform, because of its cutting edge cryptography and protections against attack, became aware of the attempt to compromise its users on Wednesday. The company, founded in 2014 by a team of former scientists from the European particle research laboratory CERNexternal link, has been in touch with Swiss authorities to help shut down the web domains used to try to dupe its clients and has taken action to block phishing emails. Its own systems and servers have not been hit in any way, it emphasised.Iowa: Press 1 for Harris. Press 2 for Biden …’Tele-voting’ comes to the presidential race | Alex Seitz-Wald/MBC
You can phone it in. For the first time, Democrats in Iowa and Nevada will be able to participate in their states' crucial early presidential caucuses next year without actually having to show up. It's a major change from election years past and one designed to make the Democratic caucuses more democratic and boost participation since not everyone has the time or ability to spend several hours of a specific evening attending an in-person caucus meeting. "This has been one of the challenges and criticisms that people have had of the Iowa caucuses since they were created," Troy Price, the chairman of the Iowa Democratic Party, told NBC News. "So we've always been looking for ways to address this." Both Iowa and Nevada will now allow any Democrat who wants to to use a telephone to dial into a "virtual caucus," where they'll rank a handful of their choices for the presidency. Iowa will offer Democrats six chances to "tele-caucus" in the days leading up to its Feb. 3 first-in-the-nation caucus. "We wanted a process that would continue to allow the precincts to remain the central tenant of our caucuses, while allowing some people who might not otherwise be able to to participate," Price said.Australia: Electoral systems evade cyber-attack during federal poll | Justin Hendry/iTnews
The Australian Electoral Commission has revealed the nation’s core electoral systems experienced no successful cyber-attacks during the 2019 federal election campaign. But the agency, which has been increasingly worried by the prospect of external interference, won’t say whether any attempts to compromise the systems were detected. In a bid to guard Australia’s systems against the threat of compromise, the AEC introduced monitoring through a dedicated security operations centre in the lead up to the May 18 ballot. It follows what the agency has described as a worsening cyber environment in the years since the July 2016 election through events like Russia’s alleged cyber interference in the 2016 US election. Many of these concerns stem from the ageing nature of the country’s system for election and roll management, which have been in place since the early 90s and are in dire need of replacement.North Carolina: Board of Elections delays election machine vote | Will Doran/Raleigh News & Observer
North Carolina election officials cited lingering concerns over election hacking in explaining why they again delayed certifying new voting machines for the 2020 elections Monday. “Trust and confidence in the security of any voting system that we put in place in North Carolina is absolutely vital,” said Stella Anderson, the board member who proposed the delay Monday night. The five-member board has a majority of Democrats, but the vote was bipartisan — and not without controversy. Anderson and fellow Democrat Jeff Carmon voted with Republican member David Black to delay the decision. The board’s chairman, Democrat Bob Cordle, opposed the delay, as did Republican member Ken Raymond. Cordle and Raymond say the delay has them concerned about a time crunch. With Monday’s vote, a decision wouldn’t be made until at least mid-August, in order to provide the public ample notice of a new meeting. The voting machines used in about a third of North Carolina’s counties will be certified at the end of this year. Cordle and Raymond said any further delays will harm the counties that need to figure out which new machines they want to use in 2020.National: States Rush to Make Voting Systems More Secure as New Threats Emerge | David E. Sanger, Reid J. Epstein and Michael Wines/The New York Times
Amid growing warnings about the security of American voting systems, many states are rushing to address vulnerabilities exposed by the 2016 election, even as intelligence officials worry they are fighting the last battle and are not sufficiently focused on a new generation of threats headed into 2020. Delaware has replaced its voting machines to assure paper backup that would provide a record in case of a breach. South Carolina’s State Election Commission said this month that it would introduce a paper-based voting system in January and planned to “build additional layers of security designed to harden the new system.” Yet Florida, home of the United States’ best-known presidential balloting problems, like hanging chads in 2000 and still mysterious Russian activity in 2016, once again seems far behind. And the fear among American intelligence officials is that the federal government and the 50 states may be making the classic mistake of believing their adversaries will use the same techniques again. “No one expects the Russians will use their old playbook” in the next election, said Suzanne Spaulding, who oversaw election security at the Department of Homeland Security during the Obama administration and is now looking at how Russia is expanding its targets to undermine confidence in the American judicial system.National: Has Congress already missed its chance to strengthen election security ahead of 2020? | Bryan Lowry/The Kansas City Star
Congress may have already missed its window to shore up state election systems against foreign cyber-attacks ahead of the 2020 election. Former Special Counsel Robert Mueller’s testimony this week on his investigation into Russia’s role in the 2016 election has reignited calls for the passage of a bipartisan election security bill. But Republican Senate leaders have balked at approving any such measure prior to 2020. GOP leadership said Mueller’s testimony did little to persuade them of the need for legislation. Moreover, one of the only GOP lawmakers pushing election security reforms on Capitol Hill said states have effectively run out of time to implement changes ahead of the next presidential election. Sen. James Lankford, R-Oklahoma, told reporters Thursday that Congress should shift its focus to the 2022 mid-term election. “I’ve had folks say we need to hurry and get money out the door so they can buy new systems, that’s not going to happen for 2020. There’s no way to do it for 2020 because you can’t buy the equipment, get it in, test it, evaluate it, train your volunteers on it when the first primary is six months away,” Lankford said. “The discussion now is not about 2020. That’s already resolved. They’re not going to add new stuff unless it’s already currently in the pipeline. It’s really 2022 at this point.”National: State election offices made for an easy target for Russian hackers | Andrew Eversden/Fifth Domain
In the months before the 2016 presidential election, one U.S. state received a notification from a federally-backed cybersecurity group, warning about suspicious cyber activity directed at its networks. The state IT officials did not share the alert with other state government leaders and as late at January 2018, the same officials reported nothing “irregular, inconsistent, or suspicious" took place before the vote. In fact, GRU, Russia’s military intelligence agency, had scanned one of the state’s “election-related” domains, according to a new Senate report. In another state, leaders did not turn over to the Senate which of its systems had been targeted by Russians. Officials told Senate investigators they hadn’t seen evidence of scanning or attacks on its election infrastructure. Instead, they told the committee that they had seen a “probing” of its state systems. Again, DHS told the committee that GRU had scanned the state’s Secretary of State website. And in a third state, officials told Senate investigators they had not noticed a connection between their systems and the IP addresses listed in a warning from the federal government. And again, DHS told the committee that GRU scanned the state’s government domain.National: Bring Back Paper Ballots: Senate Intelligence Committee report shows how electronic voting systems are inherently vulnerable to hackers. | Fred Kaplan/Slate
Just hours after Senate Republicans blocked a vote on a bill to make elections less vulnerable to cyberattacks, the Senate Intelligence Committee released a 67-page report, concluding that, leading up to the 2016 election, Russians hacked voting machines and registration rolls in all 50 states, and they are likely still doing so. The heavily redacted document, based on a two-year investigation, found no evidence that the hackers altered votes or vote tallies, though it says they could have if they’d wanted to. However, three former senior U.S. intelligence officials with backgrounds in cybersecurity told me that the absence of evidence isn’t the same as the evidence of an absence. One of them said, “I doubt very much that any changes would be detectable. Certainly, the hackers would be able to cover any tracks. The Russians aren’t stupid.” Hacking individual voting machines would be an inefficient way to throw an election. But J. Alex Halderman, a computer scientist who has tested vulnerabilities for more than a decade, testified to the Senate committee that he and his team “created attacks that can spread from machine to machine, like a computer virus, and silently change election outcomes.” They studied touch-screen and optical-scan systems, and “in every single case,” he said, “we found ways for attackers to sabotage machines and steal votes.”National: Myriad election systems complicate efforts to stop hackers | Christina A. Cassidy and Colleen Long/Associated Press
A new Senate report on Russian interference in U.S. elections highlighted one of the biggest challenges to preventing foreign meddling: the limited powers and ability of the federal government to protect elections run by state and local officials. That has given fuel to those who argue that a larger federal role is needed. The Senate Select Committee on Intelligence issued the first part of its report into Russian interference in the 2016 election on Thursday, noting that Russian agents "exploited the seams" between federal government expertise and ill-equipped state and local election officials. The report also emphasized repeatedly that elections are controlled by states, not the federal government. It called for the reinforcement of state oversight of elections — a view blasted as inadequate by Sen. Ron Wyden, an Oregon Democrat on the committee. He called on Congress to establish mandatory cybersecurity requirements across the country. "We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army," Wyden wrote. "We shouldn't ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia's cyber army. That approach failed in 2016 and it will fail again."National: Mitch McConnell Received Donations from Voting Machine Lobbyists Before Blocking Election Security Bills | Nicole Goodkind/Newsweek
Senate Majority Leader Mitch McConnell squashed two bills intended to ensure voting security on Thursday, just one day after former special counsel Robert Mueller warned that Russians were attempting to sabotage the 2020 presidential elections "as we sit here." McConnell said he wouldn't allow a vote on the bills because they were "so partisan," but, as previously reported, earlier this year McConnell received a slew of donations from four of the top voting machine lobbyists in the country. "Clearly this request is not a serious effort to make a law. Clearly something so partisan that it only received one single solitary Republican vote in the House is not going to travel through the Senate by unanimous consent," said McConnell on the Senate floor. The plans would likely burden the two largest electronic voting machine vendors in the United States, Election Systems & Software and Dominion Voting Systems, with new regulations and financial burdens.Editorials: What Will It Take for Congress to Protect America’s Elections? | The New York Times
Testifying before Congress this week about his investigation of Russian interference in the 2016 elections, Robert Mueller, the former special counsel, seemed eager — desperate, even — to drive home one message: foreign adversaries are intent on undermining American democracy, and the United States is still vulnerable to them. Even as Mr. Mueller declined to elaborate on most of his findings, he was unequivocal in warning that Russia meddled in the 2016 presidential race, that it aims to do so again — “They’re doing it as we sit here,” he said — and that “many more countries” are developing similar capabilities. Declaring foreign interference “among the most serious” challenges to American democracy, he urged those with “responsibility in this area” to act “swiftly.” Mr. Mueller is right to be worried. While progress has been made in safeguarding the nation’s electoral system, partisan bickering has impeded Congress from enacting a range of important reforms, from improving coordination between state and federal authorities to upgrading election infrastructure to closing loopholes in campaign finance laws. As is often the case, the legislative bottleneck is in the Republican-controlled Senate, but both parties have done their part to politicize the issue.Editorials: Count every vote and count them all by hand | Tim Canova/South Florida Sun-Sentinel
The Florida advisory committee of the U.S. Commission on Civil Rights held a public hearing last week on voter disenfranchisement in downtown Fort Lauderdale. I was privileged to speak on the issues surrounding my two campaigns against Rep. Debbie Wasserman Schultz in Florida’s 23rd Congressional District.
First, voter disenfranchisement is a serious issue. Too many fellow citizens have been barred from voting for life because of non-violent felony convictions, even years after completing their sentences. The Florida legislature should implement Amendment 4, passed last year by nearly two-thirds of Florida voters, to restore voting rights to non-violent felons, without punishing them for unpaid bills or fines. We don’t need a poll tax to stop people from voting when they are struggling to provide for their families.
In my testimony to the commission, I also pointed out wider threats to the franchise of all voters. When voting in Florida, after filling out a paper ballot, we hand the ballot to an election official, who then feeds the ballot through an electronic scanning machine. Imagine if instead that election official were to tear up your ballot right in front of you on account of your race, religion, gender or party registration. Of course, we would all be demanding a criminal investigation and prosecution of that official for depriving us of our most fundamental right to vote and to have our vote counted.
Now suppose, instead, that official feeds your ballot through an electronic scanning machine that contains wireless cellular modems. Imagine further that the source code for the software has been altered through the wireless modems to count your vote for candidates you did not even vote for. And then, afterward, the election supervisor simply destroys your ballot and those of all voters.
According to election experts, such as Dr. David Bader, director of the Institute for Data Science at the New Jersey Institute of Technology, that’s what may well have happened in both of our 2016 and 2018 elections against Debbie Wasserman Schultz. Experts believe the source code was altered to cap our vote at the same low percentage, regardless of demographic group, an outcome that one leading expert in computational science said was “as unlikely as winning the lottery every day for a year.”
That’s why we filed a formal complaint challenging our election results in the U.S. House of Representatives. But the Democrats on the House Committee for Administration have simply ignored our complaint to cover for Wasserman Schultz. These Democrats demand that we trust the science of climate change, but apparently, they are happy to ignore computational science and basic mathematical laws and principles when considering election rigging complaints.
We have also called for a criminal investigation of the Broward Supervisor of Elections office for the illegal destruction of all the ballots cast in our 2016 primary against Wasserman Schultz. Brenda Snipes, then the Broward elections supervisor, admitted in sworn videotaped depositions to wrongfully destroying the ballots, and a Florida circuit court ruled that she thereby violated numerous state and federal criminal statutes, including some punishable as felonies by up to five years in prison for each violation.