National: Senator: Status quo on voting machine security is a ‘danger to our democracy’ | Alfred Ng/CNET

In the aftermath of the 2016 US presidential election, lawmakers have seen little change in security for voters. But if voting machine security standards don’t change by the 2020 presidential election, Sen. Ron Wyden warns, the consequences could be far worse than the cyberattacks of 2016. The Democrat from Oregon, who is a member of the Senate Intelligence committee, told the Defcon hacking conference that US voting infrastructure is failing to keep elections secure from potential cyberattacks. He made the comments in a Friday speech at the Voting Village, a special section of the Las Vegas conference dedicated to election security. “If nothing happens, the kind of interference we will see form hostile foreign actors will make 2016 look like child’s play,” Wyden said. “We’re just not prepared, not even close, to stop it.”  Election security has been a major concern for lawmakers since the 2016 election, which saw unprecedented interference by the Russians. Though no votes are believed to have been changed, the Russians targeted election systems in all 50 states, according to the Senate Intelligence Committee. Legislation to protect elections has been trudged along in Congress. Multiple members of Congress were at Defcon to discuss the issue, as well as to learn about cybersecurity policy.

National: DARPA’s $10 million voting machine couldn’t be hacked at Defcon (for the wrong reasons) | Alfred Ng/CNET

For the majority of Defcon, hackers couldn’t crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn’t because of the machine’s security features that the team had been working on for four months. The reason: technical difficulties during the machines’ setup. Eager hackers couldn’t find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn’t allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.  “They seemed to have had a myriad of different kinds of problems,” the Voting Village’s co-founder Harri Hursti said. “Unfortunately, when you’re pushing the envelope on technology, these kinds of things happen.” It wasn’t until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.

National: Why blockchain-based voting could threaten democracy | Lucas Mearian/Computerworld

Public tests of blockchain-based mobile voting are growing. Even as there’s been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through “wholesale fraud” or “manipulation tactics.” The topic of election security has been in the spotlight recently after Congress held classified…

National: Election Systems Are Even More Vulnerable Than We Thought | Louise Matsakis/WIRED

Hacker summer camp is here again! You know what that means: WIRED is back in Las Vegas for the annual Black Hat and Defcon security conferences, where we’re digging into the latest and greatest hacks on display. First, let’s talk about iPhones. A researcher found it’s possible to break into one just by sending a text message. To help uncover similar vulnerabilities in the future, Apple is handing out new, hacker-friendly iPhones to its favorite security researchers, and paying up to $1.5 million in bug bounties. Moving on to planes. Boeing’s 787 jets might not be very secure, it turns out—Andy Greenberg talked to a security researcher who found multiple serious flaws in the code for one of the plane’s components. (The 787 is distinct from the 737 MAX plane grounded earlier this year, although a recent test flight of that jet had its ups and downs, as WIRED’s transportation desk reports.) That’s not all that’s happening in Vegas. Safecrackers can unlock an ATM in minutes without leaving a trace. Apple pay buttons can make websites less safe. Have you heard of DDOS attacks? Kindly meet their cousin, the DOS attack. Lily Hay Newman also looked at two very old bugs that have continued to persist, one in desk phones and another in a ubiquitous encryption algorithm. Lastly, check out this very cool fake hospital, where real medical devices get hacked on purpose.

National: Top DHS cyber official calls paper ballot backups necessary for 2020 election | Kevin Collier and Caroline Kelly/CNN

The top cybersecurity official at the Department of Homeland Security said Friday that backup paper ballots would be a necessary part of 2020 election security. “Ultimately when I look at 2020, the top priority for me is engaging as far and wide as possible, touching as many stakeholders as possible, and making sure we have auditability in the system,” Chris Krebs, DHS’ top cyber official, said at a DEFCON cyber conference Friday when discussing election security. “IT, key tenant, can’t audit the system, can’t look at the logs, you don’t know what happened,” he added. “Gotta get auditability, I’ll say it, gotta have a paper ballot backup.” Krebs said that he doesn’t “have all the answers” on election security, adding that “a lot of these policy suggestions are not my job to answer — Congress has a role here.” The cyber head also called for state legislatures to pick up the slack along with federal lawmakers in addressing a lack of much needed funds to update different states’ election systems. “I don’t know where, for instance, the state of New Jersey is going to get their money to update their systems,” Krebs said. “I don’t know where some of these other states that have (paperless machines) without a paper trail associated with it — I don’t know where they’re going to get the money, but they need it.”

National: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials | Kim Zetter/Motherboard

For years, U.S. election officials and voting machine vendors have insisted that critical election systems are never connected to the internet and therefore can’t be hacked. But a group of election security experts have found what they believe to be nearly three dozen backend election systems in 10 states connected to the internet over the last year, including some in critical swing states. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections. Some of the systems have been online for a year and possibly longer. Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year. But at least 19 of the systems, including one in Florida’s Miami-Dade County, were still connected to the internet this week, the researchers told Motherboard. The researchers and Motherboard have been able to verify that at least some of the systems in Wisconsin, Rhode Island, and Florida are in fact election systems. The rest are still unconfirmed, but the fact that some of them appeared to quickly drop offline after the researchers reported them suggests their findings are on the mark.

National: You can easily secure America’s e-voting systems tomorrow. Use paper – Bruce Schneier | The Register

While various high-tech solutions to secure electronic voting systems are being touted this week to election officials across the United States, according to infosec guru Bruce Schneier there is only one tried-and-tested approach that should be considered: pen and paper. It’s the only way to be sure hackers and spies haven’t delved in from across the web to screw with your vote. “Paper ballots are almost 100 per cent reliable and provide a voter-verifiable paper trail,” he told your humble Reg vulture and other hacks at Black Hat in Las Vegas on Thursday. “This isn’t hard or controversial. We use then all the time in Minnesota, and you make your vote and it’s easily tabulated.” The integrity of the election process depends on three key areas: the security of the voter databases that list who can vote; the electronic ballot boxes themselves, which Schneier opined were the hardest things to hack successfully; and the computers that tabulate votes and distribute this information.

National: Here’s how the Justice Department wants to befriend ethical hackers – The Washington Post

The Justice Department’s relationship with the cybersecurity research community has historically been tempestuous, but Leonard Bailey is on a mission to improve it. That’s what brings him here, to the BSides cybersecurity conference. The head of the cybersecurity unit of DOJ’s computer crimes division is extending an open invitation today to ethical hackers to air some grievances and offer policy advice, in a talk called: “Let’s Hear from the Hackers: What Should DOJ do Next?” Bailey wants to ensure hackers are willing to work with government on improving cybersecurity — instead of staying away because they’re suspicious of government. “It’s about figuring out how to make sure that their ability to help us improve [the nation’s] cybersecurity is not taken off the playing field,” Bailey tells me. “They have a valuable resource and they can be helping everyone.” This marks a drastic change — in terms of both outreach and attitude — from previous years. Tensions have soared as ethical hackers accused DOJ of being too quick to prosecute them for benign research aimed at improving cybersecurity — and of not being transparent enough about the rules for what constitutes a digital crime.

National: The government’s relationship with ethical hackers has improved, security experts say | Joseph Marks/The Washington Post

The relationship between ethical hackers and the federal government is better now than it was in 2013, when then-National Security Agency chief Keith Alexander first spoke at the Black Hat cybersecurity conference — not long after Edward Snowden revealed the government’s sweeping surveillance programs. That’s the conclusion of 72 percent of experts who responded to an informal survey by The Cybersecurity 202 before the kickoff of this year’s conference in Las Vegas. The experts are part of the The Network, an ongoing survey of more than 100 cybersecurity experts from government, academia and the private sector. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.) When Alexander spoke in 2013, many security researchers were enraged about the newly disclosed surveillance programs, which they said ran roughshod over Americans’ privacy rights and made their jobs harder. Alexander’s defense of the programs fell especially flat, many survey respondents said, since at that time the U.S. government often failed to distinguish between ethical hackers, who tried to make the Internet safer by finding and patching computer bugs, and criminal hackers who tried to exploit those bugs to steal people’s money and information.

National: Black Hat 2019: What We Expect | Neil J. Rubenking and Max Eddy/PCMag

The annual DEF CON hacking conference started as an accident in 1993, and has been going and growing ever since. Black Hat, launched in 1997 by DEF CON founder Jeff Moss (aka Dark Tangent), is its more formal cousin. To paraphrase a welcome speech by Moss a few years ago, friends said to him, “Hey, why don’t you invite more people, charge them a lot of money, and make them wear suits?” The suits are gone, for the most part, but Black Hat gets bigger every year, with 19,000 attendees last year. Black Hat consists of two very different parts. From Saturday to Tuesday, security experts and aspiring experts pay thousands of dollars to participate in training sessions intended to hone their skills in a wide range of security tasks. The press is not invited. On Wednesday and Thursday, the conference switches to briefings, where security experts and academics from all over the world share their latest discoveries, new vulnerabilities, and cutting-edge research.

National: Def Con draws election officials to Las Vegas in effort to combat hackers | Miranda Willson/Las Vegas Sun

Ahead of the annual hacker and cybersecurity conference Def Con in Las Vegas this weekend, organizers anticipate that the part of the event devoted to election security will entice more local, state and federal election officials than ever before. Drawing tens of thousands of hackers, researchers, lawyers and others interested in cybersecurity every year to Las Vegas, Def Con has included a so-called “Voting Village” in its weekend-long programming for the past three years to address election security and how to protect elections from hacking. This is the first time that Def Con explicitly invited local and state election officials to attend, and many seem to be taking advantage of the opportunity, said Harri Hursti, co-founder of the Voting Village and founder of computer and network security company Nordic Innovation Labs. “We never intended this to be a main or big thing. It became a big thing because of popular demand,” Hursti said. Among those attending the conference are representatives from the Clark County Election Department and the Nevada Secretary of State’s Office.

National: Key House Republican demands answers on federal election security efforts | Maggie Miller/The Hill

Illinois Rep. Rodney Davis, the top Republican on the House Administration Committee, demanded answers from the Election Assistance Commission (EAC) on Monday regarding election security oversight issues. In a letter to the EAC, Davis posed a series of questions, citing the committee “Majority’s inadequate oversight of your Commission” during an EAC oversight hearing on May and the recent testimony by former special counsel Robert Mueller as key factors in sending the letter.  “I remain committed to ensuring that local election officials have every resource they need to provide for a secure election in 2020,” Davis wrote. “Effective and focused oversight over the EAC is critically important in this mission.” Questions included what steps the EAC is taking to ensure there is a plan in place to coordinate with the Department of Homeland Security in the event of a threat to election infrastructure in 2020, how the EAC is communicating its activities to the public, and details around the new Voluntary Voting Systems Guidelines 2.0, which are a national voluntary set of standards for voting systems. Davis gave the EAC until Sept. 2 to respond. A spokesperson for the EAC told The Hill the commission has “received the letter and will respond to Congress within the agreed upon deadline.”

National: Judge signals interest in removing Mueller report redactions | Darren Samuelsohn/Politico

A federal judge signaled Monday he’s considering removing the Mueller report’s redactions. During more than two hours of oral arguments in Washington, District Judge Reggie Walton appeared on several occasions to side with attorneys for BuzzFeed and the nonprofit Electronic Privacy Information Center, which are seeking to remove the black bars covering nearly 1,000 items in former special counsel Robert Mueller’s final 448-page final report. Walton didn’t issue an opinion from the bench on the case, which centers on a pair of consolidated lawsuits filed against the Justice Department under the Freedom of Information Act. But the judge, an appointee of President George W. Bush, sounded increasingly skeptical of the government’s arguments pressing him to leave the redactions untouched. “That’s what open government is about,” Walton said during one exchange, citing the resolution of a 2008 sex crimes case against financier Jeffrey Epstein as an example of how obfuscating the reasons behind not prosecuting high-profile people generates public distrust in the country’s criminal justice system.

National: Bipartisan Agreement on Election Security—And a Partisan Fight Anyway | Scott R. Anderson, Eugenia Lostri, Quinta Jurecic, Margaret Taylor/Lawfare

The good news is that national security bipartisanship in Congress lives. The bad news is that the only place it lives is in the pages of the Senate Intelligence Committee report on Russian election interference. The report, released on July 25, offers a thorough—if often redacted—assessment of Russian threats against U.S. voting infrastructure in 2016. It paints an alarming picture of the scope and scale of Russia’s efforts and an equally alarming picture of the degree of vulnerability that persists in U.S. election systems heading into the 2020 election. While it describes no evidence of vote tallies being manipulated or votes being changed, it does describe how “Russian government-affiliated cyber actors conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections.” The report is a serious work and reflects a level of bipartisan cooperation that is vanishingly rare in Washington these days. The committee and its staff should be commended for that. The problem is that while both sides appear to agree on the nature of the threat, Republicans and Democrats remain sharply divided over what, if anything, to do about it. And that division became painfully apparent the very day the committee released the report.

National: Former DHS, intelligence leaders launch group to protect presidential campaigns from foreign interference | Maggie Miller/The Hill

Two former Homeland Security secretaries, along with other former top intelligence officials, launched a non-profit group on Tuesday intended to protect presidential campaigns from foreign interference, such as cyber attacks, at no cost. The new U.S. CyberDome group’s Board of Advisors will be chaired by former Department of Homeland Security (DHS) Secretary Jeh Johnson, who served under former President Obama. Other members of the board will include former DHS Secretary Michael Chertoff, who served under President George W. Bush, former CIA Director Michael Morell, former Director of National Intelligence Lt. Gen. James Clapper, and Brig. Gen. Francis Taylor, the former DHS under secretary of Intelligence and Analysis. The former leaders put together the organization due to alarm over how exposed political campaigns were to cyber interference and the lack of protection available to campaigns and voters to protect against these threats. It will work with charities and other donors to provide funding for cyber protections for presidential campaigns.

National: Voting machines run on antiquated operating systems | Grant Gross/Washington Examiner

As the presidential election nears, lawmakers and security experts are raising questions about the security of electronic voting machines used in many parts of the country. The latest concerns focus on devices running Windows 7 and other older operating systems. The Associated Press reports that the “vast majority” of the nation’s 10,000 election jurisdictions use Windows 7 or older operating systems to create ballots, program voting machines, tally votes, and report counts. … Meanwhile, some election security experts say the use of old operating systems is only one concern of many. Electronic voting machines are vulnerable to security risks, claimed Marian Schneider, president of Verified Voting, a group pushing for paper audits of electronic voting machines.

“Software can present risks,” she said. “This is a software issue.”

Electronic voting machines should undergo regular security audits, suggested Jamie Cambell, a security consultant and founder of GoBestVPN, which is a site that reviews virtual private networks. Those security audits should be open-sourced so that multiple security experts can review them, he recommended.

“There are many things that can make electronic voting machines insecure,” Cambell added. “It’s not just the machines or operating systems. It can be the way that the machines store and transmit the data.”

National: 5 big takeaways from Politico’s national survey of election offices | Eric Geller/Politico

Paperless voting machines are a glaring weakness in U.S. election infrastructure. They are dangerous, experts say, because they lack paper voting records, making them vulnerable to malfunctions or intrusions that could undetectably change votes. With top U.S. intelligence officials predicting the return of Russian hackers in 2020, cybersecurity experts have urged state and local governments to replace their paperless machines as soon as possible. Since March, POLITICO has been tracking their progress. The nationwide picture is mixed: Some states and counties are moving quickly to buy paper-based machines and others are doing nothing at all. Here are the five big takeaways from POLITICO’s nationwide survey:

1) Many counties don’t have enough money to upgrade

In hundreds of small counties, election officials can’t afford to buy new voting machines, however insecure their current systems are. Between schools, infrastructure, police, environmental protection and emergency services, counties have enough on their plate without having to worry about their voting machines.

The fact that these machines are used so infrequently is another reason they often slip down the list of counties’ spending priorities. It’s hard to justify buying new voting machines when there are overcrowded schools or crumbling hospitals. “It is a huge expense for small rural counties,” said Cheri Hawkins, the clerk in Shackelford, Texas. “I would love to be able to update!”

National: Russian Election Hacking Could Be Much Worse in 2020 | Jonathan Chait/New York Magazine

What if Trump fails to win the Electoral College in 2020? Would he refuse to accept the results of an election? The first thing to remember is that he already has. Back when Hillary Clinton was viewed as 2016’s likely victor, one widely expressed fear was that Donald Trump would not abide by the outcome, threatening the tradition of peaceful transfer of power that has survived more than two centuries. What happened instead was something nobody anticipated: Trump won — and still refused to accept the election results. He has never stopped insisting that the national vote, which his opponent carried by nearly 3 million ballots, was stolen. He has periodically charged that millions of undocumented immigrants cast votes for Clinton and that this fraud was carried out, for some reason, in California, rather than in states where it might have had some bearing on the outcome. In a recent address to the Turning Point USA Teen Summit, Trump went further. “Don’t kid yourself, those numbers in California and numerous other states, they’re rigged,” he said to applause. “You got people voting that shouldn’t be voting. They vote many times, not just twice, not just three times. They vote — it’s like a circle. They come back; they put a new hat on. They come back; they put a new shirt. And in many cases, they don’t even do that. You know what’s going on. It’s a rigged deal.”

National: EAC plans Windows 7 confab | Tim Starks/Politico

The EAC will convene state and local election supervisors, federal officials and cyber experts to discuss the ramifications of Microsoft sunsetting support for Windows 7, which is still used in many voting systems. “It is essential that the election community and the EAC have a full appreciation not only for the scope of this specific software issue, but also the issues of patching and internet connectivity more broadly,” EAC Chairwoman Christy McCormick told Sen. Ron Wyden (D-Ore.) in a July 26 letter. Wyden had asked how the EAC was handling the issue, including whether it would decertify machines running Windows 7 before the Jan. 15, 2020, sunset. McCormick didn’t answer that question but noted that decertification “has wide-reaching consequences” and that the EAC has an established policy for when to initiate it. Election Systems & Software, one of the companies still selling Windows 7-based voting systems, has submitted new technology for certification that runs on Windows 10 and Windows Server 2016, McCormick told Wyden. “The test plan has been approved by the EAC,” she wrote, “and testing is underway.” Based on the EAC’s conversations with vendors, she said, “we are confident that they are working to address” the Windows 7 issue. The vendors “are in direct contact with Microsoft,” she added, and “have received commitments from Microsoft regarding software support.” She did not say whether Microsoft had promised free updates for these products; the company plans to charge everyone else for continued Windows 7 support.

National: DARPA wants help cracking the election security problem | Kelsey D. Atherton/Fifth Domain

If election security is an engineering problem, the Defense Advanced Research Projects Agency is heading to the right place to solve it. The Pentagon’s blue skies projects agency is taking its System Security Integrated Through Hardware and Firmware (SSITH) to the 2019 DEF CON hacking conference to demonstrate its capabilities before the dark lords and apprentices of the underground community. SSITH will be on display as part of the conference’s Voting Village, where researchers will explore what can and cannot be done to interfere with voting machines and, by extension, elections. “We expect the voting booth demonstrator to provide tools, concepts and ideas that the election enterprise can use to increase security; however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices and beyond,” said Dr. Linton Salmon, the program manager leading SSITH, in a release from DARPA. DARPA sees securing faith in the literal machinery of elections as a national security issue. To prove that faith in the security systems is warranted, they have prepped the “SSITH voting system demonstrator,” with processors mounted on programmable arrays and installed in a ballot box. To get to the system, hackers can enter via either an Ethernet port or a USB port, loading software to try and get past the system’s hardware gatekeeping and security functions.

National: Experts’ Views On NSA Launching New Cyber-Security Directorate | Sophanith Song/The Organization for World Peace

The National Security Agency (NSA) has announced its intention to create “cybersecurity directorate” in order to defend against foreign cyber interference. The cyber defense arm launch date is currently set to be this fall.  According to the NSA, Anne Neuberger, who is currently the Director’s Senior Advisor, will be leading the Cybersecurity Directorate. The advisor also used to serve as NSA assistant deputy director of operations, chief risk officer and head of the NSA/US Cybercom Election Security Small Group that involved in working to prevent foreign interference with 2018 US midterm elections. The launch of this initiative was believed to be motivated by the upcoming 2020 general election. The NSA continued by stating that this approach to this cybersecurity objective will prepare the NSA in a suitable state to corporate with a key partner across the United States government such as the US Cyber Command, Department of Homeland Security and Federal Bureau of Investigation. The initiative will also prepare the NSA to easily share information with the customer with equipped security measure against malicious attacks. According to the Wall Street Journal, the NSA recently concur with a “broader fusion” of intelligence agency’s offensive and defensive portfolio.

National: Congress’ fight over election security bills | Mary Clare Jalonick/Associated Press

While House Democrats are haggling over whether to consider impeachment of President Donald Trump, Senate Democrats are focusing on a different angle in former special counsel Robert Mueller’s report — securing future elections from foreign interference. Democrats have tried to pass several election security bills in recent weeks only to have them blocked by Republicans, who say they are partisan or unnecessary. The federal government has stepped up its efforts to secure elections since Russians intervened in the 2016 presidential election, but Democrats say much more is needed, given ongoing threats from Russia and other countries. Senate Majority Leader Mitch McConnell has seethed in response to criticism over the issue, including some Democrats’ new moniker for him: “Moscow Mitch.” In an angry floor speech on Monday, he noted that Congress has already passed some bills on the subject, including ones that give money to the states to try to fix security problems. McConnell also left the door open to additional action, saying “I’m sure all of us will be open to discussing further steps.” Senate Minority Leader Chuck Schumer predicted that Democrats’ “relentless pushing” will work. “We’re forcing his hand,” Schumer said. The top Democrat on the Senate intelligence committee, Virginia Sen. Mark Warner, said Thursday that he’s “much more optimistic than even 10 days ago” that the Senate will ultimately pass something on election security. Warner said he believes that in his home state, at least, the issue “has broken through” with voters more than other aspects of Mueller’s probe. But action will have to wait until at least September, with senators having scattered from Washington for the summer recess.

National: Inside the DEF CON hacker conference’s election security-focused Voting Village | Joe Uchill/Axios

The DEF CON hacker conference’s Voting Village event has become a testing ground for our national debate over voting security, referenced by Senate reports, several congressmen and even a presidential candidate (albeit incorrectly, see below). This year’s version, happening next week, comes with some upgrades. The big picture: Now in its third year, the event is traditionally one of the only places where many security researchers get a chance to audit the security of election systems.

Background: Voting Village burst onto the scene in 2017, when it took hackers only a matter of minutes to discover serious problems with machines. That was despite it being the first time many of the hackers had seen the systems.

National: Schumer predicts McConnell will take up election security | Burgess Everett/Politico

Mitch McConnell rarely budges in the face of political pressure. But Chuck Schumer thinks election security is an exception. The Senate minority leader predicted on Thursday that the majority leader will buckle and take up federal election security, a once-bipartisan issue. But though Democrats have continued their push in the House and Senate, McConnell (R-Ky.) has thus far resisted. “I predict that the pressure will continue to mount on Republican senators, especially Leader McConnell, and they will be forced to join us and take meaningful action on election security this fall,” Schumer said. “My prediction is our relentless push is going to produce results.” Though McConnell rarely rethinks opposition to legislation, he did allow criminal justice reform legislation on the Senate floor last year that he initially declined to take up. But that pressure came from President Donald Trump, not the party trying to oust him as majority leader.

National: DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking | Kelly Jackson Higgins/Dark Reading

US Defense Advanced Research Projects Agency (DARPA) researchers will set up three new smart electronic ballot-box prototypes at DEF CON’s famed Voting Village next week in Las Vegas, but they won’t be challenging hackers at the convention to crack them: They’ll be helping them do so. “We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices],” explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. “We’re not daring them but actually helping them break this.” DARPA’s smart ballot box is the Defense Department agency’s prototype, featuring a secure, open source hardware platform that could be used not only in voting platforms, but also in military systems. It’s part of a broader DARPA project called System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.

National: Will A Trump Trade Move Create An Election Mess For Overseas U.S. Voters? | Tierney Sneed/TPM

The Trump administration has supported plenty of moves to make it harder to vote. But an under-the-radar action President Trump took last year, as part of his trade war with China, may be a case of him just stumbling into that outcome, election experts fear. Trump is threatening to withdraw from the international body that oversees global mail delivery, putting at risk the stability and reliability of the current system of sending and receiving mail internationally. Any disruption to the international postal service, voter advocates say, could make an already difficult process of casting ballots for Americans abroad even more complicated. Among those who stand to be affected are members of the military overseas, whose ability to vote while serving their country has always been a politically sensitive issue.

National: Senator Feinstein introduces bill limiting use of voter data by political campaigns | Emily Birnbaum/The Hill

Sen. Diane Feinstein (D-Calif.) introduced a bill on Wednesday that would limit the use of voter data by political campaigns. The legislation is being touted as the first bill “directly responding to Cambridge Analytica,” the 2018 scandal that saw a right-wing political consulting firm use data on millions of American to target pro-Trump messaging at swing voters. Feinstein’s Voter Privacy Act seeks to give voters more control over the data collected on them by political campaigns and organizations. Under the legislation, voters would be allowed to access that data, ask political campaigns to delete it and instruct social media platforms like Google and Facebook to stop sharing personal data with those political entities. The legislation would intervene in the large and growing business around voter data, which campaigns increasingly use to direct their messaging.

National: Activists to Congress: Secure Elections or Risk a Repeat of 2016 | Gabriella Novello/WhoWhatWhy

The 2020 election could be vulnerable to another attack by hostile foreign actors if Senate Majority Leader Mitch McConnell (R-KY) continues to block election security legislation. Election integrity activists are urging Congress to take action after a bombshell report by the Senate Intelligence Committee found widespread attacks by the Russian government in the 2016 election. … Marian Schneider, president of Verified Voting, told WhoWhatWhy that the report proves that there can no longer be a dispute as to whether Russia actually interfered in the 2016 election. Schneider said that voting systems, the pieces that tabulate the vote, and voter registration databases need to be made resilient moving forward. “That means you have to be able to monitor the systems, detect that something has gone wrong, and recover,” she said, adding that voter-marked paper ballots are “the only way to do that.” Schneider also called for “uniform federal standards coupled with federal funding,” in light of the 2016 attack on US democracy.

National: A high-level Senate report confirms it: Our elections still aren’t safe | Michael McFaul/The Washington Post

In his congressional testimony last week, former special counsel Robert S. Mueller III once again confirmed the seriousness of Moscow’s attack on our democracy in the 2016 presidential election. Yet that wasn’t even the most important news for those of us who track Russian election interference. The Senate Intelligence Committee has just published the first section of its report on Russian efforts to influence the election. The bipartisan panel’s report has made headlines by showing that the Russians probably targeted elections systems in all 50 states in 2016. That calculated operation was designed not only to help Trump but also to undermine American democracy more generally. You’d think this report would give President Trump and Senate Majority Leader Mitch McConnell (R-Ky.) the perfect reason to support new legislation designed to enhance the security of our elections infrastructure in 2020. As the bipartisan report makes evident, enhancing cybersecurity for our election infrastructure is not a partisan issue — it’s an issue of national security. Department of Homeland Security representatives told the committee “there wasn’t a clear red state-blue state-purple state, more electoral votes, less electoral votes” pattern. So far, though, there is little sign that Trump and McConnell are paying attention.

National: Mitch McConnell just made sure election security will be key Senate campaign issue | Joseph Marks/The Washington Post

Senate Majority Leader Mitch McConnell, R-Ky., smacked back at critics who have accused him of leaving the 2020 election vulnerable to Russian hackers, accusing them of “modern-day McCarthyism.” McConnell offered an impassioned 25-minute defense of his election security record on the Senate floor as Democrats accuse him of consistently blocking their bills from coming up to a vote. “I’m not going to let Democrats and their water carriers in the media use Russia’s attack on our democracy as a Trojan horse for partisan wish list items that would not actually make our elections any safer,” McConnell said. “I’m not going to do that.” His stance ensures that election security will play a major role in Senate campaigns that are ramping up now — and Democrats are already seizing the moment to make McConnell look like the face of obstruction. Within minutes of the speech, Amy McGrath, a Kentucky Democrat and retired Marine lieutenant colonel who’s seeking McConnell’s seat, slammed the majority leader on Twitter. McGrath rattled off a list of election security provisions Democrats have sought to mandate, such as paper ballots and security audits for voting machines before asking: “Tell me again how that is partisan, @senatemajldr? Oh right, you can’t.”