Editorials: Florida must do better than ‘Trust us’ to instill confidence in 2020 elections | The Palm Beach Post

The 2020 elections are just around the corner, and government officials responsible for ensuring the upcoming vote occurs without a hitch are asking a lot from the public — trust. Florida Secretary of State Laurel Lee said late last month that the state’s voting systems are adequately prepared for electronic attacks — a pressing concern since the specter of Russian hacking haunted the last presidential election. Securing Florida’s voting systems is long overdue. Unfortunately, Lee undermined her message by refusing to provide any details that might convince the public that these latest efforts to stem cyber-attacks on Florida’s elections systems would work. “The Department of State stands here in 2019 with an incredible amount of information we never previously had,” said Lee, who is Florida’s top elections official, without a word of specifics about that incredible amount of information. “I believe that should inspire a level of confidence that we have access to far more information than we had at any prior point.” Not really. Ever since the Mueller report on the 2016 presidential election determined that hacking efforts by Russian intelligence were successful in “at least one” Florida county, Floridians wanted to know where they’re vulnerable. Compounding the anxiety, Gov. Ron DeSantis said in May that he learned from the FBI that Russians hacked two counties — their voter-information files, not systems involved in vote tallying. But state officials, saying they’ve been muzzled by federal investigators, still refuse to say which counties were hacked in 2016. And although they just conducted a review of state and county election systems, they won’t say what kind of security weaknesses were uncovered — if any. Nor will they promise to tell us about any future breaches.

Editorials: Averting a voting-machine disaster: New York must stay far away from election devices with a proven record of failure | Ritchie Torres/New York Daily News

Imagine spending millions of taxpayer dollars for brand-new voting technology. Then imagine the first time the machines are used in an election, they fail catastrophically. That’s what happened this month across the state line in one Pennsylvania county. How bad was it? Widespread and alarming were failures of this machine, an Election Systems & Software (ES&S) product called ExpressVote XL. Hypersensitive touchscreens picked candidates without voters actually touching the screens. Tick-marks next to selected candidates randomly disappeared. Some machines were unable to tabulate “yes/no” questions at all. In some races, there were “severe undercounts,” including one judicial candidate who received an implausible zero votes, according to the machine’s false reporting. Another candidate won by roughly 1,000 votes, but the ExpressVote XL machine reported 15 votes cast total. Amid the chaos that ensued in this low-turnout election, poll workers were forced to physically pry open the machines, pull out ballot papers and wait for scanners to arrive from outside the state to recount the votes. Weeks later, ES&S has still “has not determined root cause” of the malfunctions, and now reports indicate that lawsuits are likely to be filed against the company and the county. If this sounds like a nightmarish but distant scenario with no practical relevance to us, think again. In fact, if New York City Board of Elections Executive Director Mike Ryan gets his way, the voting technology that catastrophically failed in Pennsylvania will be heading to polling places in the five boroughs for next year’s presidential elections, when turnout will be through the roof.

Editorials: Hand-marked Paper Ballots: How this Tried-and-True Method Makes Us More Secure | Bennie J. Smith/Memphis Commercial Appeal

In 2016, Facebook CEO Mark Zuckerberg shared a photo on Instagram (owned by Facebook) to celebrate Instagram’s historic milestone of reaching 500 million users. Though Zuckerberg was excited to share his company’s success, headlines instead focused on the unintended revelation that his laptop’s webcam and mic were covered with tape. As one of the greatest high-tech inventors, he knows the dangers of modern technology and reveals his simple low-tech method of protection from hackers. One thing is clear, he doesn’t blindly trust technology, and neither should you.We’ve blindly trusted voting technology until it recently came under intense scrutiny. Many technologists, concerned citizens and others now want to replace voting machines with hand-marked paper ballots to record our votes. Combined with post-election audits, these low-tech methods provide evidence that voters’ choices were counted correctly when tabulated. If you think about it, paper marked by a human is immune to any virus since no computer is involved. It’s your starting line in an election, with its most important fact (true voter intent) undeniably created by you. Your available choices and who you chose are both verifiable and documented. Voters unable to mark a ballot by hand will need ballot-marking device choices.

Editorials: Restoring Trust And Security In U.S. Elections | Earl Matthews/Forbes

There was a time when we didn’t think twice about the security of our election systems. We trusted that when we cast our votes, they would be accurately counted. That has changed. During the 2016 election, a powerful threat appeared from outside our own borders – the shadow of other governments hacking and attempting to unduly influence our election systems. If we care about voting and election security, and if we still believe that every voter and every vote counts, then there is a big existential question that we must be willing to address: Is cybersecurity fundamental to the health, if not the very existence, of a democracy today? I say absolutely yes. The issue is not significantly different from the challenges that businesses face as they try to protect their data and digital assets. It’s the ramifications that are so much bigger.

Editorials: An Inconclusive 2020 Election Night Is Already Looming | Jonathan Bernstein/Bloomberg

We’re one year from the 2020 presidential election. And I hope that the folks who run newsrooms at the broadcast and cable news networks, as well as at any other major media outlets, are arriving at a plan to deal with one of the trickiest parts of Election Day coverage: The slow vote count in western states. We know it’s going to happen. In several states where voting by mail is either the only or a major form of casting ballots, and where those ballots take time to collect, the Election Day counts are — not can be, but are — highly misleading. We know that millions of votes will be counted after election night. And we know that those votes will tilt toward Democrats. Therefore, we know that the count on election night will be better for Republicans than the eventual total count. One of the states involved, Arizona, is likely to be an important swing state in 2020, so it’s possible that election night will end with Arizona seemingly giving Republicans the presidency, only to flip to the Democrats a few days later. After all, in the 2018 Arizona Senate contest, Republican Martha McSally led after Election Day, but Democrat Kyrsten Sinema won when all the ballots were counted and it wasn’t all that close; Sinema prevailed by 2.4 percentage points, or 55,900 votes. The late-count tilt to Democrats isn’t just found in the vote-by-mail states. One study after 2012 found that it had become a national phenomenon, with Democrats typically gaining ground after the initially reported election-night totals. In most states, however, it’s a relatively small effect, and not entirely consistent (that is, even though Democrats usually gain a bit, sometimes Republicans do). But in a few states, the effect is predictable and large enough that ignoring it really misses the story. After election night in 2016, Hillary Clinton’s advantage in the nationwide popular vote was just over 100,000; she eventually won by 2.9 million votes. Those are very different stories, and reporting correctly requires picking the right one while everyone is still watching.

Editorials: Cities like Philadelphia are sitting ducks for cyber attacks | David Morris/The Philadelphia Inquirer

According to a new report, during President Donald Trump’s inauguration, Romanian hackers used ransomware to seize control of two-thirds of the Beltway’s police security cameras – a stunning feat only slightly diminished by the fact that they went on to order pizza from an email account linked to the attack, then used hijacked police computers to run an easily traceable Amazon scam. That combination – a successful, high-profile ransomware attack executed by thumb-fingered amateurs – shows the challenges now faced by local governments. It no longer takes a genius to hack municipal computer systems: Anyone can log onto the dark web and buy email lists and the malware needed to lock police officers, hospital workers, and government officials out of their computers. One ransomware program dubbed “Philadelphia,” available online for just $400, is specifically designed to help inexperienced hackers take victims’ data hostage. Such attacks are devastating. Without the hackers’ digital key, it’s impossible to unlock hacked files, leaving cities unable to access not just cameras, but 911 systems, hospital records, communication tools, and even water and power systems. That’s why cities make enticing targets: You can’t put public services on hold, so hackers can charge a premium when extorting government entities. Hacked companies pay an average of $36,295 to retrieve their data, but public entities pay an average of $338,700, or almost 10 times as much, according to a Coveware study.

Editorials: Northampton County voting system flunks a crucial first test | Rudy Miller/Lehigh Valley Live

What now? In the run-up to the most consequential election in modern American history — as counties throughout the U.S. are arming themselves with tamper-proof voting machines — Northampton County proved last week that you don’t need Russian interference to bungle an election, seriously damaging public confidence in the process. No, you can do it all by yourself. In Tuesday’s balloting, Northampton County’s all-new machines were plagued by hypersensitive push-buttons that confused voters, sometimes requiring them to go back and re-hit buttons to correct the machines. But that was just the beginning of the troubles. Incredibly, some of the electronic machines couldn’t handle registering simple “yes-no” voting on judge retentions, and displayed severe undercounts in contests with cross-filed candidates. Most incredibly, one judge candidate, Abe Kassis, ended up with zero votes at the end of the day. Some voters were confused by the paper readout they are asked to inspect before they leave the booth (voters don’t actually get a printout in hand), to make sure the electronic machine got it right. Long story short: Northampton County’s new ExpressVote XL machines failed their first crucial test in Tuesday’s election. The county paid $2.8 million for the voter-verifiable paper trail system, an upgrade required by state law.

Editorials: Empower the FEC to Fight Election Crime – A depleted commission faces threats from Russia and beyond | Bloomberg

Igor Fruman and Lev Parnas, two Soviet-born associates of Rudolph Giuliani, are charged with funneling $325,000 in foreign money into a super-PAC supporting President Donald Trump’s 2020 reelection campaign. Their indictment should serve as a warning about the threat of foreign manipulation of U.S. elections. It also proves the need for a functioning Federal Election Commission. After a resignation in August, the six-seat commission is down to only three members. The commission needs four for a quorum, and requires a quorum to authorize investigations by its office of general counsel. So FEC lawyers can work on cases previously authorized, but they can’t investigate new ones until the president nominates, and the Senate confirms, at least one new commissioner. Trump has nominated Texas lawyer James “Trey” Trainor III — but Senate Majority Leader Mitch McConnell, who has fast-tracked dozens of federal court nominees, has dragged his feet on this one, failing to schedule a hearing or a vote. McConnell’s antipathy to campaign regulation appears to be trumping his duty to voters.

Editorials: Could Matt Bevin steal the Kentucky governor’s election? | Richard Hasen/Salon

Will the Kentucky Legislature assist Matt Bevin in stealing the governor’s race from Democrat Andy Beshear, who appeared to have won Tuesday’s election by about 5,000 votes? Ordinarily, I would consider the possibility preposterous. We do not live in ordinary times, though, and on Wednesday Kentucky Senate President Robert Stivers raised the prospect that his institution, not the voters, could determine the outcome of the race. If Stivers and Republican Kentucky legislators were to make such a hardball move without good evidence that there were major problems with the vote count, the election would likely end up in federal court, where it is anyone’s guess what would happen. Either way, that we’re even discussing this potentiality one year before Donald Trump—who has repeatedly challenged the vote totals in his 2016 election victory—is set to face reelection is a wrenching sign for our already-damaged democracy.

Editorials: A simple step every state could take to safeguard elections | The Washington Post

Election security is a complex challenge. One essential step, however, is so simple it can be carried out with a pen and paper. Pennsylvania officials have announced that Philadelphia and Mercer County will conduct a post-election pilot next month of what’s called a risk-limiting audit. The procedure is new to most of the country, but 12 states are experimenting with it — because it’s that much of a no-brainer. Currently, 17 states are not required by law to verify the accuracy of their vote tallies at all. Those that are mostly do so the “traditional” way, which in this case means the wrong way. The process auditors typically use — manually recounting votes in a predetermined percentage of precincts — tells officials whether a particular machine or group of machines is working, but it doesn’t actually answer the essential question: Did the declared winner actually win? Risk-limiting audits instead do what any mathematician . They hand-count a statistically meaningful sample of all votes to determine whether the original tally was correct. The required sample increases as the margin of victory narrows. It’s easy, and it’s time-consuming only in the tightest elections, or when something actually has been tampered with. Of course, that’s when it’s most worth investing the time. So why isn’t everyone doing it?

Editorials: Democrats Must Act Now to Deter Foreign Interference in the 2020 Election | Thomas Wright/The Atlantic

Democrats face a national-security problem without parallel in the annals of American democracy. The president of the United States, Donald Trump, has made clear not only that he will remain passive in the face of foreign interference in the 2020 U.S. election—a threat his current and former directors of national intelligence have called the most serious facing the country—but also that he will actually solicit such interference if it serves his interests. We know of at least one case—when he asked President Volodymyr Zelensky of Ukraine to launch an investigation into former Vice President Joe Biden as a personal favor—but there may well be others. Parts of the U.S. government, such as the Department of Homeland Security and the FBI, as well as state authorities, are working to prevent foreign interference in American elections, but even with a Herculean effort, the country’s defenses against political warfare, especially in the cyber domain, are weak and porous. Such attacks are easy to execute, but difficult and expensive to thwart. The threat is evolving and will be different than it was in 2016. There are many targets.

Editorials: Voting machines pose a greater threat to our elections than foreign agents | Lulu Friesdat/The Hill

As the election security conversation widens beyond Russia, to include countries like Iran and China, it’s important to examine how security flaws in our country’s voting equipment increase the vulnerability of our elections. In 2010 a university cyber team conducted a test attack on an internet voting pilot project in Washington, D.C. The team successfully picked the winner of the election remotely from its Michigan lab. Writing about the attack, computer science professor J. Alex Halderman said, “Within 36 hours of the system going live, our team had … the ability to change votes.” In follow-up testimony, Halderman offered some chilling details: “While we were in control of these systems, we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.” Security experts have long warned that short passwords provide easy targets, but hackers at DEF CON, an annual security convention, recently found U.S. election systems with no passwords at all.  How did the security bar get set so low?

Editorials: Cyber attacks threaten security of 2020 election | Ray Rothrock/San Jose Mercury-News

Following the 2016 elections, investigators found evidence that Russian hackers successfully infiltrated the computerized voting systems of several states. Hackers also stole data from campaigns and weaponized social media polarizing the electorate against and for certain candidates.  All of this undermines the trust we all place in the United States’ election system. There is nothing more powerful in a democratic country than a legitimate election.  Unchecked, these actions and future similar future actions against our elections are a significant danger to our democracy.  It’s clear we’ll be facing similar threats in the 2020 election cycle. Elections have become a new target in asymmetrical cyber warfare, allowing smaller groups to launch targeted attacks that have an outsized impact. To ensure our democracy is resilient in the face of these bad actors and nation-states, Congress must take action to adequately fund our election system’s cyber defenses and implement programs that bring about greater digital resilience in our government systems and in candidate’s campaigns. More importantly, something so fundamental to the country – trust in our elections – must be pursued with vigor on a bipartisan basis and in a manner that makes our systems more resilient.

Editorials: Election security isn’t that hard – We can have safe elections if we follow these three steps. | Kevin Shelley and Wayne Williams/Politico

Intelligence experts warn that hostile nation-states, criminals and political partisans are preparing attacks on our election systems in 2020. We’ve set ourselves up for this: In the course of modernizing our voting systems, our country has introduced computers into many layers of our election process, including the recording and tallying of our votes. In fact, 99 percent of votes cast in 2020 will be counted either by the computerized voting machines on which the voters cast their ballots or – in the case of voter-marked paper ballots – by scanners, which also are computers. As former secretaries of state from both parties, we know that it’s possible to devise tangible solutions needed to validate our elections. In fact, we can tell you how to do it. That’s not to say that it’s easy, particularly given the decentralized nature of our election administration system. Most states administer elections locally and only a few states have uniform equipment in each locality. For many years, election administration has been woefully underfunded, leading to wide variability in capacity and resources. But, as long as the equipment incorporates a voter-marked paper ballot, officials can adjust existing processes to instill confidence in elections, regardless of the equipment in place.

Editorials: We need our elections protected. A weakened FEC only invites attack. | The Washington Post

IF THE Securities and Exchange Commission stopped acting, the nation would feel vulnerable to securities fraud. If the Federal Trade Commission were paralyzed, or the Federal Communications Commission, there would be a crisis of confidence in fields they regulate. Why, then, are the nation’s political leaders so complacent about the Federal Election Commission, the independent regulatory agency charged with being the watchdog over the political process and protecting the integrity of U.S. democracy? As of this month, the six-member commission is down to three commissioners, although it needs four for a quorum. Without a quorum, the FEC cannot hold hearings, make rules, initiate litigation, issue advisory opinions, launch investigations or approve enforcement actions and audits, among other things. The FEC chairwoman, Ellen L. Weintraub, has put on a brave face, noting that the commission’s “most important duties will continue unimpeded,” such as shining a spotlight on campaign finance and performing the staff work when it receives complaints. She insists that the “United States’ election cop is still on the 2020 campaign beat” and that she will “remain vigilant to all threats to the integrity of our elections.”

Editorials: A bipartisan idea to secure elections: paper backup of electronic votes | Dallas Morning News

Our elections must be secure. And just as important as the integrity of our ballot boxes is voter trust in that integrity. In an age of political division, this is something we agree on across political lines here in Texas. We know that’s true because the Texas Lyceum’s annual poll, just released, showed that 84% of respondents said it is important to ensure ineligible voters are prevented from voting, and 92% said it’s important to ensure that all eligible voters are permitted to vote. We would like to see both of those numbers at 100%, but this is an imperfect world, and we accept these powerful majorities as a statement that Texans understand the importance of the ballot box. A troubling element did emerge from the poll. Just 62% of respondents say they are confident that the voting system in Texas is secure from hacking and other technological threats. Here again, Texans get it right. Few of us are naive enough now to think that electronic ballots are not vulnerable.

Editorials: Why is the Russian medding in 2016 such a big secret? I’m not allowed to say. | Stephanie Murphy/The Washington Post

In May, other members of Florida’s congressional delegation and I were briefed for 90 minutes in the U.S. Capitol by officials from the FBI and the Department of Homeland Security regarding Russia’s interference in the 2016 election. I sought the briefing after then-special counsel Robert S. Mueller III’s report showed Russia had probed and even pierced election networks in Florida, among the most closely contested states in U.S. politics. Although our briefers supplied new details, much remained unknown. What I do know, I can’t talk about. Why that’s the case is itself a mystery. The Mueller report noted that Moscow’s meddling involved three lines of effort, and Florida was a target of each. First, a Russian entity conducted a social media campaign to sow discord and help then-candidate Donald Trump, including by organizing pro-Trump rallies in Florida. Second, a Russian intelligence agency — the GRU — hacked computer accounts connected to Hillary Clinton’s campaign. As part of this effort, it published Florida-related data stolen from House Democrats’ campaign arm. Finally, Mueller reported, the GRU sought to infiltrate computer networks involved in the administration of elections, which could enable Russia to alter voter registration databases or perhaps vote tabulation systems. That would be tantamount to an act of war, with malware rather than missiles as the weapon of choice. While Russian cyber actors cast a wide net, Florida’s county-based election supervisors were a focal point.

Editorials: Paper ballots are essential to securing our elections and our democracy | Lee C. Bollinger and Michael A. McRobbie/The Hill

Public confidence in the integrity and security of our elections is essential for democracy to be a trusted means of governing, and that very confidence is now under unprecedented attack by foreign adversaries. A newly released report from the Senate Select Committee on Intelligence, as well as recent congressional testimony by Special Counsel Robert Mueller, indicated that in 2016 Russia attempted intrusions into the election infrastructure of all 50 states. In one of the most dramatic moments of his testimony, Mueller said that Russia is at it again “as we sit here.” With just 15 months until the next round of major state and federal elections, and as Congress continues to debate the sources of and steps to combat the cyberattacks, it is sobering to consider the effect that a deep erosion of public confidence in the election process could have. It would be devastating to Americans’ faith in our democracy and the legitimacy of our elected government. For these reasons, state and federal leaders must act with urgency to secure our elections. As co-chairs of the committee convened in 2016 by the National Academies of Sciences, Engineering and Medicine to address voting security, we concluded that the nation should immediately take three actions to strengthen the safeguards for election systems against the mounting cyberthreats.

Editorials: Federal Election Commission is now out of commission — that’s downright scary | Kim Wehle/The Hill

Republican Matthew S. Petersen announced his resignation from the Federal Election Commission (FEC) this week. Ho hum news this is not. What it means is that the government agency charged with overseeing compliance with the federal campaign finance laws has been gutted. It now lacks the ability to meaningfully function in the run-up to the 2020 presidential election. There are two primary takeaways here. The first is that this is not unwelcome news for conservatives — such as Senate Majority Leader Mitch McConnell (R-Ky.) — who believe that government oversight of federal campaigns is bad in general. McConnell led the years-long charge to kill the Bipartisan Campaign Reform Act of 2002 (BCRA), a feat that was largely accomplished by the Supreme Court with its 2009 decision in Citizens United v. Federal Election Commission. That case overruled on First Amendment grounds the statutory bans on soft or “issue-ad” money spent by corporations and unions close to presidential primaries and general elections. With the FEC now out of commission, there is no longer a cop on the block to enforce the remaining rules-of-the-game aimed at enhancing fair and free elections in the United States. If no cop is around to pull over speed-demon drivers, the speed limits become meaningless. Translation? It’s the Wild West in federal-campaign-land, and individual voters are the ones who will suffer for it. The second takeaway is that, once again, Congress is to blame for this travesty.

Editorials: When It Comes to Voting, You Can’t Phone It In | Stephen L. Carter/Bloomberg

A lot of people are excited about recent research suggesting that mobile voting would mean more voters casting ballots. No doubt the premise is correct. If you lower the cost of an activity, you get more of it. Still, there are reasons to be skeptical. In the third place, the security risks are obvious. In the second place, as regular readers know, I’ve long questioned whether higher turnout leads to better results. But in the first place, even if mobile voting resulted in a greater number of votes cast, we shouldn’t refer to the result as higher “turnout.” Whatever we might call it, that’s the wrong word. The notion of voter turnout has long conjured images of crowded polling places, neighbors chatting as long lines shuffle forward.  Not all traditions are valuable, but here a bit of etymology teaches an important lesson about democracy.

Editorials: Putin’s Nightmare: The Ballot Box | Michael Khodarkovsky/The New York Times

On Sept. 8, Russians will vote in municipal and regional elections, and the authorities are afraid. Not of any foreign power’s interference in Russia’s elections — there have been no fair elections in decades — but of Russia’s own people and opposition candidates, who are far more popular than the official nominees. Moscow’s old bag of electoral tricks survives — for example, moving elections from December to early September so that summer vacations would leave challengers little time to organize. The authorities have resorted to new tricks too, like clogging the electoral system with fake candidates and putting party loyalists on the ballot as independent candidates. This year’s election will also see a new mobile digital voting system that allows people to vote online from any location. Critics say it is yet another trick to help the authorities. Leaving nothing to chance, Moscow’s electoral commission found bogus reasons to disqualify all unapproved candidates from running in the elections. And to intimidate those would-be candidates, their homes were raided and many of them were detained, brought to Police Headquarters and interrogated in the middle of the night. Yet none of that worked: Thousands of people took to the streets, beginning on July 28, to protest the election committee’s decisions. In response, the authorities deployed an overwhelming force of local and federal police who detained most opposition leaders and nearly 1,400 demonstrators.

Editorials: Why November 4, 2020 could be a very bad day | Chris Cillizza/CNN

Since almost the moment Donald Trump won the White House in 2016, people have had November 3, 2020 — aka Election Day — circled on their calendars. For Trump haters, that first Tuesday in November next year is the moment when they can put an end to what they believe is a colossal mistake. For Trump backers, Election Day 2020 is their chance to prove that 2016 was no fluke — and that they want another four years of the billionaire businessman in the White House. But what if the vote on November 3, 2020 doesn’t actually settle anything? There’s been polling evidence for some time that Americans are losing faith in the ability of Americans elections to be conducted fair and squarely. In an NPR/Marist University poll conducted just before the 2018 midterm elections, almost half — 47% — of respondents said that they lacked faith that all votes cast would be counted fairly. That number was even higher among non-white voters — of whom almost 6 in 10 said it was likely not all votes would be counted. Two in 5 voters said they did not believe American elections were fair in that same poll. Other more recent data suggests there is no slackening in the doubts about fair elections. And after the events of the last three years, it’s not hard to see why there’s rising doubt among the public about fair elections.

Editorials: Trump’s hostility to election security preparedness | Elaine Kamarck/Brookings

From the very beginning of his presidency, Donald Trump has denied or downplayed Russian interference in the 2016 campaign. He has, at various times, dismissed the whole idea as a hoax, as fake news, or as an excuse by Democrats for why they lost the election. At other times, he has proclaimed his innocence vis-à-vis Russian campaign interference. From the earliest days of his presidency when he fired FBI Director James Comey in an effort to stop the investigation, he has denigrated and dismissed the entire issue. In its place he has insisted that the real problem in 2016 was not Russian interference but rather illegal voting by immigrants. The president’s beliefs have put him at odds with his own government and his own appointees, creating some awkward moments as the machinery of the federal government comes into conflict with the tweets of the chief executive. In spite of the president’s antipathy towards the effort, the gears of government managed to grind on, even in the White House. On September 12, 2018, President Trump issued Executive Order 13848 titled “Executive Order on Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election.” The order requires a post-election audit by the intelligence community, under the direction of the ODNI (Office of the Director of National Intelligence) and mechanisms to place sanctions—such as confiscation of property—on those who take actions to interfere in U.S. elections.

Editorials: Prediction: 2020 election is set to be hacked, if we don’t act fast | Adam K. Levin/The Hill

Since 1993, hackers have traveled to Las Vegas from around the world to demonstrate their skills at DefCon’s annual convention, and every year new horrors of cyber-insecurity are revealed as they wield their craft. Last year, for example, an eleven-year-old boy changed the election results on a replica of the Florida state election website in under ten minutes. This year was no exception. Participants revealed all sorts of clever attacks and pathetic vulnerabilities. One hack allowed a convention attendee to commandeer control of an iPhone with a non-Apple-issue charging cord, one that is identical to the Apple version. Another group figured out how to use a Netflix account to steal banking information. But for our purposes, let’s focus on election security because without it democracy is imperiled. And if you think about it, what are the odds of something like DefCon being permitted in the People’s Republic of China? Speaking of China (or Russia or North Korea or Iran or…) will the 2020 election be hacked? In a word: Yes.

Editorials: The malware election: Returning to paper ballots only way to prevent hacking | Lulu Friesdat/The Hill

The key takeaway of special counsel Robert S. Mueller’s report on Russian interference in the 2016 election was that “There were multiple, systematic efforts to interfere in our election … and that allegation deserves the attention of every American.” But with so much attention on what happened in 2016, we have lost much of the time available to protect the 2020 election. This was immediately apparent recently at DEF CON, one of the largest hacker conventions on the planet. The conference, where tens of thousands of hackers descend on the pseudo-glamourous “pleasure pit” that is Las Vegas, includes the Voting Village, a pop-up research lab with an array of U.S. voting equipment available for security researchers to compromise. They were terrifyingly successful. High school hackers and security professionals united to take control of almost every voting system in the room, most of it currently in use around the U.S. They found systems with no passwords, no encryption, and operating systems so old that young hackers often had no previous experience with them. That did not prevent them from completely dominating the machines. They accessed USB, compact flash and ethernet ports that were glaringly unprotected, and then proceeded to play video games and run pink cat graphics across the screens of ballot-marking devices and voter registration database systems.

Editorials: Rage against the voting machines | Philadelphia Inquirer

The latest controversy over the city’s ongoing voting machines saga presents multiple choices of questions and concerns. Last week, City Controller Rebecca Rhynhart, while investigating the contract for new voting machines, found that the company, Election Systems & Software, failed to disclose that it had hired lobbyists and made campaign contributions to the reelection campaigns of two city commissioners who were in charge of selecting the vendor. These mistakes, which ES&S says were inadvertent, made the contract “voidable.” But so far the contract is moving ahead — 3,700 voting machines have already been delivered. ES&S has agreed to pay a $2.9 million fine for its failure to disclose. The Controller’s Office is withholding payment on the contract until it completes its investigation sometime next month. The choices for questions are multiple: Are the resulting disclosures (and fines) proof that the system is working, or A. An indictment of the city’s new best value procurement policy, initiated in 2017 when voters approved a change that allowed the city to award contracts on factors other than the lowest price? While overwhelmingly approved by voters, others (including this board) had concerns that the new policy opened the door to granting contracts to insiders and encouraging a pay-to-play culture, as well as more expensive contracts. The $30 million machine contract is the first major test of the new policy.

Editorials: Guess which ballot costs less and is more secure– paper or electronic? | Kevin Skoglund and Christopher Deluzio/PennLive

Pennsylvania’s counties are choosing new voting systems, with implications for the security, reliability, and auditability of elections across the commonwealth and beyond. Our organizations’ analysis of county selections reveals that several have decided to purchase expensive electronic machines with security challenges over the better option: hand-marked paper ballots. Pennsylvania—where vulnerable paperless machines have been the norm—needs new paper-based voting systems. But not all systems are the same. The main choice counties face is the style of voting and polling place configuration. They can have most voters mark a paper ballot with a pen and offer a touchscreen computer to assist some voters (a ballot-marking device or “BMD”). Or they can have all voters use touchscreen computers to generate a ballot (an all-BMD configuration). The hardware in each configuration is often the same, but this fundamental choice creates significant differences. In fact, our analysis shows that many counties have chosen the all-BMD configuration and are paying a hefty sum for it—twice as much per voter as counties that selected systems that rely principally on voters hand-marking their ballots. Pricier electronic systems also carry greater security risks and make it harder for voters to verify their ballots before casting.

Editorials: There’s no excuse for failing to secure election systems from Russian meddling | St. Louis Post-Dispatch

More than a dozen states are still using electronic ballot systems that leave no paper trail — an invitation to Russia and anyone else who wants to hack into and disrupt America’s next national election. This gaping security hole is being blamed on lack of money in state and local budgets, and a lack of urgency among some Republican officials. Both reasons are unacceptable. Americans may be divided about the veracity of some aspects of the report and testimony from special counsel Robert Mueller, but those who think that renders debatable his conclusions about Russian election interference are simply not paying attention. Mueller’s unambiguous warning that Russia hacked into the election systems of all 50 states in 2016 and is planning to do so again next year has been confirmed on both sides of the aisle. U.S. intelligence agencies have long insisted it happened and will happen again. Even the Republican-controlled Senate Intelligence Committee reached the same conclusion in a recent report. “Russian activities demand renewed attention to vulnerabilities in U.S. voting infrastructure,” the report found. “In 2016, cybersecurity for electoral infrastructure at the state and local level was sorely lacking. … Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary.”

Editorials: Trump is holding election security hostage | Brian Klaas/The Washington Post

President Trump is holding American election security hostage in a bid to suppress votes in his reelection campaign. On Tuesday, Trump tweeted that “No debate on Election Security should go forward without first agreeing that Voter ID (Identification) must play a very strong part in any final agreement. Without Voter ID, it is all so meaningless!” In other words, he is explicitly acknowledging that he will allow known vulnerabilities in American election security infrastructure to remain as inviting targets to foreign adversaries of the United States — unless he gets his way on a long-standing Republican priority. But the evidence is clear: Foreign attacks on American democracy are an urgent, ongoing threat to national security that could result in the entire democratic process being rigged or hacked. On the other hand, voter fraud — the problem that voter ID legislation is ostensibly trying to solve — has already been solved. It’s a minuscule problem that poses virtually no threat to American elections.

Editorials: Security improvements for South Carolina elections are welcome news | Charleston| Post and Courier

South Carolina’s new voting machines that leave a paper trail for audits and cannot be hacked remotely get their first workout Oct. 1 in a special election in Aiken County, and will be operable in all precincts around the state by November. But that’s not the only welcome improvement in the state’s election security. Others address training in cybersecurity for election workers and include frequent tests of the vulnerability of state systems to intrusion. These upgrades, a response to the ongoing threat posed by Russia and other foreign adversaries, are the product of a fruitful collaboration between the federal government and the states. The federal Election Assistance Commission provides an information clearinghouse for best practices and also certifies voting machines and associated hardware and software. The Department of Homeland Security keeps states up to date on the latest security threats. The states receive federal grants to help defray the added costs of enhanced security.