National: 14 States Forgo Paper Ballots, Despite Security Warnings | Government Technology

Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas. Experts have urged states to have backup systems after officials from U.S. intelligence agencies and the Department of Homeland Security said that Russian entities scanned election systems in at least 21 states before the 2016 election in an attempt to breach. Seven states had their computer systems breached to various degrees, officials have said. Illinois has said its voter registration system was breached. But officials have said no votes were altered.

National: Rejection of mail-in ballots raises alarm ahead of election | Associated Press

Drawing on her years of military experience, Maureen Heard was careful to follow all the rules when she filled out an absentee ballot in 2016. She read the instructions thoroughly, signed where she was supposed to, put the ballot in its envelope and dropped it off at the clerk’s office in her New Hampshire town. She then left so she could return to a temporary federal work assignment in Washington, D.C. “I have learned over the years, many years in the military of filling out forms, how to fill out forms — and I was very intimidated by the process,” said Heard, who served in the Air Force and was a lieutenant in the U.S. Coast Guard. “I was like, ‘Oh my gosh, I have to make sure I get it absolutely right.’ And then it didn’t count.” Heard, 57, discovered last year that she was among roughly 319,000 voters across the country whose absentee ballots were rejected during the last presidential election. The reasons varied, ranging from missed deadlines to failure to sign the return envelope. Heard’s ballot was tossed out because her signature did not match the one on file at her local election office.

National: A threat to democracy: Republicans’ war on minority voters | The Guardian

It was a mystery worthy of crime novelist Raymond Chandler. On 8 November 2016, African Americans did not show up. It was like a day of absence. African Americans had virtually boycotted the election because they “simply saw no affirmative reason to vote for Hillary”, as one reporter explained, before adding, with a hint of an old refrain, that “some saw her as corrupt”. As proof of blacks’ coolness toward her, journalists pointed to the much greater turnout for Obama in 2008 and 2012. It is true that, nationwide, black voter turnout had dropped by 7% overall. Moreover, less than half of Hispanic and Asian American voters came to the polls. This was, without question, a sea change. The tide of African American, Hispanic and Asian voters that had previously carried Barack Obama into the White House and kept him there had now visibly ebbed. Journalist Ari Berman called it the most underreported story of the 2016 campaign. But it’s more than that. The disappearing minority voter is the campaign’s most misunderstood story. Minority voters did not just refuse to show up; Republican legislatures and governors systematically blocked African Americans, Hispanics and Asian Americans from the polls.

National: Are elections any more secure than in 2016? | GCN

To help shore up the nation’s election infrastructure, Congress repurposed $380 million of leftover funding from the 2002 Help America Vote Act into grant funding for states to improve election security. States collectively invested an additional $19 million in matching funds for the same purpose. States could use the grants to replace old voting machines, upgrade election-related computer systems to address vulnerabilities identified by the Department of Homeland Security, implement post-election audits, provide cybersecurity training for state and local election officials or other activities that are specifically tailored to addressing cybersecurity needs.According to the Election Assistance Commission, 41 states used 36.3 percent of those funds to directly improve election cybersecurity. An additional 27.8 percent of the funding went to purchase new voting equipment while another 13.7 percent went to upgrade voter registration systems. Only 5.6 percent of the funds were used to implement post-election audits. However, it’s important to understand that these upgrades and expenditures are expected to take place over the course of the next two to three years; relatively little of the work is being completed before the midterm elections.

National: Center for Internet Security looks to expand threat sharing program to political campaigns | CyberScoop

While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise. “Especially in the early phases of the campaign, it is not staffed by professional IT and certainly not cybersecurity people,” said John Gilligan, the executive chairman of the nonprofit Center for Internet Security (CIS). When a candidate decides to run, the campaign might acquire a few computers and start building databases without prioritizing cybersecurity, Gilligan said Tuesday at the Center for Strategic and International Studies. CIS, which runs a center for sharing threat data with state and local officials, is looking to extend its information-sharing initiative to campaigns. The goal is to chip away at the security-resource deficit facing candidates, as numerous tech companies are trying to do by offering free security services to campaigns.

National: The Amazing Disappearing Voter: Voter purges have become the right’s new voter suppression tool of choice | TPM

Houston photographer Lynn Lane has voted in every general election and primary over the last five years. He hasn’t changed his address, so he was stunned this year to receive an official letter warning him that he might soon be erased from the rolls. Lane was one of 4,000 voters whose registrations were personally challenged by a single Republican, Alan Vera, who chairs the Harris County GOP’s “Ballot Security Committee.” This sort of individual challenge is illegal in some states, but Texas law permits it. Republicans blamed the county’s election registrar, a Democrat, for automatically suspending the registrations of 1,700 of those voters — but not before Vera boasted on his Facebook page about what he was up to: Voters whose registrations were suspended for failure to return a confirmation postcard would have to cast provisional ballots, which are “reviewed by the Ballot board,” he wrote, “and I appoint all Republican members of that board.” His “project,” he added, “could make a big difference in the November election results.” Stories like Lane’s are becoming all too familiar to a growing number of American voters, who are being dropped from the rolls at a rapid clip, particularly in states with histories of voter discrimination. Such purges are the new face of voter suppression, civil rights advocates say. Unlike the Jim Crow laws of yore, which blocked access to the rolls with tests and taxes, voter purges take registered voters — often, voters of color — and make them disappear. And unlike voter ID laws, which at least give voters advanced warning, purges can be sudden, silent, untraceable, and irremediable.

National: Native Americans Voting In 2018 Are Confronting Barriers — And It’s Not Just Voter ID | Bustle

Voting rights organizations are making a final push to get out the vote with just a week to go until the midterm elections. In North Dakota, those efforts have taken on greater urgency because a new voter ID law will be in effect come Nov. 6. Tribes and advocacy groups are on a mission to overcome longstanding obstacles that have hindered Native Americans’ right to vote and ensure their communities have access to the ballot box. Earlier this month, the Supreme Court decided that it would allow North Dakota’s voter ID law to stand. That means voters will be required to present identification showing their street addresses when they vote at their polling place. There’s one glaring problem with that requirement: Native Americans who live on reservations in North Dakota don’t necessarily have street addresses. They typically use P.O. boxes instead, which are listed on their IDs.

National: EAC Commissioner Pushes for Standards, Reveals Spending on Election Security | MeriTalk

Thomas Hicks, commissioner of the U.S. Election Assistance Commission, said today that EAC has developed a set of voluntary voting system guidelines to aid local election authorities, but the commission currently lacks a quorum to vote on the standards and distribute the guidance to localities. EAC currently has two active commissioners of a possible four, but requires a quorum of three in order to vote. President Trump has nominated two people to serve on EAC, but there has been no movement in Congress to confirm the nominees. “I’m hoping the Senate Rules Committee and the Senate come together and vote those two folks up or down relatively soon,” Hicks said today at the Symantec Government Symposium.

National: 81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections | Forbes

The quarterly incident response (IR) threat report from Carbon Black isn’t usually such an exciting read, aggregating as it does data from across a number of partners in order to provide actionable intelligence for business leaders. The latest report, published today, is a politically charged exception. Not only does it reveal that nation-state politically motivated cyberattacks are on the up, with China and Russia responsible for 41.4% of all the reported attacks, but that voter databases from Alabama to Washington (and 18 others) are for sale on the dark web. These databases cover 21 states in all, with records for 81,534,624 voters that include voter IDs, names and addresses, phone numbers and citizenship status. Tom Kellerman, Carbon Black’s chief cybersecurity officer, describes the nation-state attackers as not “just committing simple burglary or even home invasion, they’re arsonists.” Nobody relishes their house burning down, even figuratively speaking. Which is why, according to another newly published report, this time from Unisys, suggests one in five voters may stay at home during the midterms as they fear their votes won’t count if systems suffer a cyberattack.

National: Blockchain voting too risky, cybersecurity expert says | Yahoo

 The future of voting should not involve your cellphone, according to a leading cybersecurity expert. In a first-of-its-kind pilot program, West Virginia will test blockchain encrypted mobile phone voting for members of the U.S. military. But Joe Hall, chief technologist and director of internet architecture at the Center for Democracy & Technology, warned that the plan presents a host of risks. “West Virginia has taken the ridiculous step of deciding that they’re going to not only vote on a mobile device, which in and of itself is just a bad idea, but use a blockchain mechanism, something associated with crypto-currency or bitcoin,” Hall told Grant Burningham, host of the Yahoo News podcast “Bots & Ballots.” In a September interview with Burningham, venture capitalist Bradley Tusk argued that his foundation’s plan to test cellphone voting was a way to boost voter participation in the U.S. However, Hall believes the risks outweigh the possible benefits.

National: Cyber Interference in Elections and Federal Agency Action | Harvard Law Review

Pop quiz: which part of the federal government is tasked with preventing cyber interference in our elections? Congress has refused to say. We have reached a point of a significant gap between an important federal need and existing federal power. And in the absence of that federal power, federal agencies have stepped into the gap and extended their authority into domains unanticipated by Congress. Of course, there is clear statutory guidance for some aspects of protecting election integrity. We can think about preventing campaign interference in our elections. Portions of that job fall squarely within the domain of the Federal Elections Commission, which enforces campaign finance laws. We can also think about prosecution or punishment of those who engage in either foreign campaign interference, like the Justice Department’s recent criminal indictment of a Russian woman with interference in the 2018 midterm elections, or foreign cyber interference, like actions from the Obama and Trump administrations to sanction those who interfere with election systems in the United States. But that’s focused on punishing election interference that has already occurred.

National: Paper Is Big Again, at Least for Elections. These States Don’t Have It | Roll Call

Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas.

National: Risk-Limiting Audits Can Support an Election’s Legitimacy | StateTech

The National Academy of Sciences report is blunt: “There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats.” But election officials can and should audit votes — rather than performing time-consuming full recounts — before election results are certified to confirm their legitimacy, the report states. Risk-limiting audits are a relatively new way to double-check the results of an election after the fact. First implemented in Colorado in 2017, the audits examine a randomly chosen, statistically significant number of paper ballots and compare the results in those ballots to the actual result.  They’re done no matter the margin of victory; suspicious results may trigger a full recount. “It’s an abbreviated recount, in a sense,” said Ronald Rivest, one of the inventors of the RSA public-key cryptosystem and a member of the NAS panel that wrote the report. 

National: Security researchers, voting vendors clash anew | Politico

A group of security researchers and voting technology vendors trying to hash out cybersecurity requirements for voting systems once again butted heads over whether to require vendors to let anyone test their products. The subject arose during a teleconference late last week of the Voluntary Voting System Guidelines cyber working group. When election security consultant Neal McBurnett suggested that the new guidelines require vendors to make products available for open-ended vulnerability testing, Joel Franklin of voting giant Election Systems & Software shot back with a question: “Is there other software tied to critical infrastructure software that’s open to public OEVT?” Franklin said he wasn’t dismissing the value of OEVT. “I’m just wondering if we’re putting an undue burden on voting systems when there are computers in nuclear security and every other critical infrastructure industry” that aren’t available for OEVT.

National: DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet

lection officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. … But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials. “So what we’ve seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward,” said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.

National: Closed polling places hit minority counties harder | USA Today

Election officials across the country have closed thousands of polling places and reduced the number of workers staffing them in recent years, citing cost savings and other new realities like increased early and absentee balloting. However, days from what many expect will be one of the busiest midterm elections in decades, the burden of Americans’ shrinking access to in-person voting options is falling more heavily on urban areas and minority voters, a USA TODAY analysis of national and state data shows. Voting rights advocates say the disappearance of polling sites could create confusion about where to vote, and thinner staffing of remaining sites could mean longer lines. Those problems, they fear, could shrink voter turnout in some neighborhoods.

National: Experts assess voting security as midterm elections approach | Princeton University

Since the adoption of electronic voting machines in the 1990s, election experts have argued that paper records are critical for auditing elections and detecting potential tampering with vote tallies. The issue gained new prominence following the 2016 elections, which spurred multiple investigations into allegations of Russian interference in the electoral process. In a panel discussion hosted by Princeton’s Center for Information Technology Policy (CITP), experts examined the state of U.S. election security. The moderator Ed Felten, the Robert E. Kahn Professor of Computer Science and Public Affairs and director of CITP, opened the discussion by noting that “Princeton has quite a bit of expertise in this area.” He cited two faculty members working in election technology and policy, Andrew Appel and Jonathan Mayer. Appel, the Eugene Higgins Professor of Computer Science, recently served as a member of the National Academies’ Committee on the Future of Voting, while Mayer, assistant professor of computer science and public affairs, recently developed bipartisan election security legislation as a staffer in the United States Senate. Also on the panel was Marian Schneider, a former Pennsylvania elections official and the president of Verified Voting, a nonprofit organization that aims to improve election security practices.

National: Think you’ll know who won on Election Night? Not so fast … | The Washington Post

Sometimes, it’s the scale. Hundreds of thousands of votes take longer to tally than just a few, so huge urban areas often lag behind smaller places. Other times, it’s the mail. California, for instance, where there are seven tight House races, is notoriously slow, in part because more than half of voters opt to use vote-by-mail ballots (a.k.a. “absentee” ballots in some places). California ballots postmarked on Election Day have three days to show up at county elections offices. A few other states allow a week or 10 days; Alaska will accept ballots from abroad up to 15 days later. “I’ve always speculated about a worst-case scenario where an Alaska Senate seat could determine control of the U.S. Senate, and there may still be ballots sitting at local ‘post offices,’” said Paul Gronke, director of the Early Voting Information Center at Reed College, in an email. “Post office,” he said, could actually mean a remote bait shop or grocery store from which ballots would need to be airlifted, validated and counted.

National: US election integrity depends on security-challenged firms | Associated Press

It was the kind of security lapse that gives election officials nightmares. In 2017, a private contractor left data on Chicago’s 1.8 million registered voters — including addresses, birth dates and partial Social Security numbers — publicly exposed for months on an Amazon cloud server. Later, at a tense hearing , Chicago’s Board of Elections dressed down the top three executives of Election Systems & Software, the nation’s dominant supplier of election equipment and services. The three shifted uneasily on folding chairs as board members grilled them about what went wrong. ES&S CEO Tom Burt apologized and repeatedly stressed that there was no evidence hackers downloaded the data. The Chicago lapse provided a rare moment of public accountability for the closely held businesses that have come to serve as front-line guardians of U.S. election security. A trio of companies — ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas — sell and service more than 90 percent of the machinery on which votes are cast and results tabulated. Experts say they have long skimped on security in favor of convenience, making it more difficult to detect intrusions such as occurred in Russia’s 2016 election meddling. The businesses also face no significant federal oversight and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.

National: DHS ‘more prepared’ than ever to secure midterm elections, Nielsen says | Politico

The Department of Homeland Security is “more prepared than we’ve ever been” to ensure the security of the Nov. 6 midterm elections, Homeland Security Secretary Kirstjen Nielsen said Sunday. “The goal here … is absolutely to assure Americans that their votes will count and their votes will be counted correctly,” Nielsen told “Fox News Sunday.” “We are constantly monitoring, constantly working with them, sharing information.” Among other measures , Nielsen said, her department will be establishing a “virtual situation room.” “We will be setting up a virtual situation rom on Election Day so we can very quickly support any incident response that’s needed and so we can share any information,” Nielsen said.

National: Under Attack: How Election Hacking Threatens the Midterms | PCMagazine

In March, officials from 38 states packed into a conference hall in Cambridge, Massachusetts, for a two-day election simulation exercise that was run like a war game. More than 120 state and local election officials, communications directors, IT managers, and secretaries of state ran drills simulating security catastrophes that could happen on the worst Election Day imaginable. The tabletop exercise began each simulation months before the Nov. 6 midterm elections, accelerating the timeline until states were countering attacks in real time as voters went to the polls. Organized by the Defending Digital Democracy (D3P) project at Harvard, a bipartisan effort to protect democratic processes from cyber and information attacks, the drills forced participants to respond to one nightmare scenario after another—voting machine and voter database hacks, distributed denial of service (DDoS) attacks taking down websites, leaked misinformation about candidates, fake polling information disseminated to suppress votes, and social media campaigns coordinated by nation-state attackers to sow distrust.

National: Researcher finds trove of political fundraising, old voter data on open internet | CyberScoop

A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday. Cybersecurity company Hacken says it discovered an unprotected network-attached storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine. With its contents publicly accessible, the NAS revealed details about Rice Consulting’s clients as well as details about “thousands of fundraisers,” Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details. Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said “There’s no one here who can tell you anything,” and hung up.

National: The 2018 midterm elections are already hacked. You just don’t know it yet. | Vox

One evening last May in Knoxville, Tennessee, during the night of the local primary election, Dave Ball, the assistant IT director for Knox County, settled into the Naugahyde chair of his dusty home office and punched away at his desktop computer. Ball’s IT staff had finished a 14-hour day, running dress rehearsals to prepare for the ritual chaos of election night. In a few minutes, at exactly 8 pm, the county’s incoming precinct results would become visible to the public online. Curious, Ball typed in the address for the Knox County election website. At 7:53, the website abruptly crashed. Staring back at Ball was a proxy error notice, a gray message plastered against a screen of purgatorial white. It read simply, “Service Unavailable.” Across East Tennessee, thousands of Knox County residents who eagerly awaited the results saw the same error message — including at the late-night election parties for various county candidates, where supporters gathered around computers at Knoxville’s Crowne Plaza Hotel and the nearby Clarion Inn and Suites. Ball was scowling at the screen when the phone on his table buzzed. It was a message from a staffer, still on duty at the IT department: “We’ve got a problem here,” it read. “Looks like a DDOS.” Ball still remembers his next, involuntary exclamation: “Oh, shit.”

National: Mitigating Election Security Risks Rely on System Resiliency, Auditability | Government CIO

A continuous increase of data breaches, the 2016 election interferences and financial security concerns are causing a riff in the public’s cybersecurity trust in government and industry, and could impact whether people show to vote. That’s according to global IT company Unisys’ annual security index, a look at global and national security concerns. The index is a calculated score out of 300 that measures consumer concerns over time across eight areas of security in four categories: national security, financial security, internet security and personal security. This year’s index is 173, same as last year, but 32 percent higher than 10 years ago, according to the report. And the highest security concerns people have are around identity theft and bankcard fraud. In fact, identity theft was one of the top eight security threats measured, coming before national security (including terrorism), disasters and epidemics, financial obligations, bankcard fraud, viruses and hacking, online transactions and personal safety.

National: Security firm finds county election websites lack cybersecurity protections | The Hill

Many county election websites are lacking basic cybersecurity measures that could leave voters vulnerable to misinformation, security firm McAfee said Wednesday. McAfee threat researchers looked at county websites in 20 states and found that many county sites used .com domains instead of .gov ones, which are required to be thoroughly vetted as being official sites by government officials. Researchers found that Minnesota had the highest percentage of non-.gov domains for county election sites at 95.4 percent, followed by Texas at 95 percent and Michigan with 91.2 percent. Steve Grobman, the senior vice president and chief technology officer at McAfee, noted in a blog post that .com and other domains can be bought by anyone, meaning that misinformation about elections could be more easily shared with potential voters.

National: Pipe Bombs Sent to Hillary Clinton, Barack Obama and CNN Offices | The New York Times

Pipe bombs were sent to several prominent Democrats, including former President Barack Obama and former Secretary of State Hillary Clinton, setting off an intense investigation on Wednesday into whether figures vilified by the right were being targeted. From Washington to New York to Florida to Los Angeles, the authorities intercepted a wave of crudely built devices that were contained in manila envelopes. In the center of Manhattan, the Time Warner Center, an elegant office and shopping complex, was evacuated because of a pipe bomb sent to CNN, which has its New York offices there. It was addressed to John O. Brennan, a critic of President Trump who served as Mr. Obama’s C.I.A. director. None of the devices harmed anyone, and it was not immediately clear whether any of them could have. One law enforcement official said investigators were examining the possibility that they were hoax devices that were constructed to look like bombs but would not have exploded.

National: Mega Millions is Safer than Our Election System | The Weekly Standard

Elections security experts say that it is too late to do much to protect our voting systems against tampering for the midterms. The Department of Homeland Security’s efforts to spur ballot integrity upgrades are focused on 2020, but being future-minded is only an illusion: The hackers will always be ahead. When you’re talking about a set of processes as varied as how different states and districts vote—whether they still use outdated and vulnerable machines that leave no paper trail, or store their registration data insecurely online—there’s really no way to either prevent—or detect—ballot interference with anything like absolute certainty. Russians allegedly hacked Illinois and Arizona’s voter databases mere months before the 2016 presidential election. When DHS first detected these attacks it was too late to prevent them, only soon enough to seal up the vulnerabilities. Except that, even if elections officials had wanted to secure their online voter registration rolls in response to the attack, the law wouldn’t have let them.

National: Voting machines are totally hackable. But who’s going to pay to fix them? | NPR

The midterm elections are here. Early voting is already happening in some places. We’re spending the rest of the week on election security and technology, starting with voting machines. Candice Hoke, founding co-director of the Center for Cybersecurity and Privacy Protection at the Cleveland-Marshall College of Law, believes insecure voting machines are the biggest security threat to the midterm elections. And they’re definitely insecure. Last summer at the DefCon hacking conference, security experts hacked and whacked at a variety of voting machines and came away saying the machines were hopelessly vulnerable to even the most basic hacking, like the kind where the default password is still “password.” And lots of them don’t even create paper receipts to ensure the votes were counted correctly. “We have not required voting systems vendors to operate under the same kinds of rules as, say, pharmaceuticals as to the safe and effectiveness of their products,” Hoke said. “So safety, privacy, auditability, transparency, whatever word you want to use, these are all marketing terms in the voting systems arena rather than reflective of some kind of standards that are actually being enforced.”

National: Paper and the Case for Going Low-Tech in the Voting Booth | WIRED

In September 2017, barely two months before Virginians went to the polls to pick a new governor, the state’s board of elections convened an emergency session. The crisis at hand? Touchscreen voting machines. They’d been bought back in the early aughts, when districts across the country, desperate to avoid a repeat of the 2000 “hanging chads” fiasco, decided to go digital. But the new machines were a nightmare, prone to crashes and—worse—hacking. By 2015, Virginia had banned one of the dodgiest models, but others were still in use across the state. Now, with the gubernatorial election looming, officials were concerned that those leftover machines were vulnerable.

They had good reason. Evidence of Russian interference in the US democratic process was mounting. And at the DefCon security conference that summer, whitehat hackers had broken into every electronic voting machine they tried, some in a matter of minutes. (One model had as its hard-coded password “abcde.”) “That really triggered us to action,” recalls Edgardo Cortés, at the time Virginia’s top elections official. So, at the emergency session, he and his colleagues instituted a blanket ban on touchscreen machines. But what next? Virginia officials needed a superior voting technology. They settled on paper. When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source. You can tally ballots rapidly using low-tech scanners, and if it’s necessary to double-check the results (as was the case with several down-ticket contests in Virginia), you can do a manual recount. Paper isn’t perfect, but it’s better than the alternative.

National: Officials prepare for potential false claims of election interference | The Hill

State and federal officials say they are well prepared for the possibility of a cyberattack on American election systems Nov. 6, but experts warn that even a false claim of interference by foreign actors on Election Day could undermine the public’s faith in the voting process. The top cyber official at the Department of Homeland Security (DHS) said it’s a very real possibility that groups will announce they successfully hacked certain election results. That would require swift action from federal authorities to decisively refute any unsubstantiated declarations of election meddling, analysts say. “I could absolutely envision a scenario where someone claims to have had access or claims to have hacked” an election, Christopher Krebs, the undersecretary of the National Protection and Programs Directorate (NPPD), told reporters last week.