National

As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their states’ infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica’s inquiries. Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security.

National: Private Equity Controls the Gatekeepers of American Democracy | Bloomberg

Millions of Americans will cast votes in Tuesday’s midterm elections, some on machines that experts say use outdated software or are vulnerable to hacking. If there are glitches or some races are too close to call — or evidence emerges of more meddling attempts by Russia — voters may wake up on Wednesday and wonder: Can we trust the outcome? Meet, then, the gatekeepers of American democracy: Three obscure, private equity-backed companies control an estimated $300 million U.S. voting-machine industry. Though most of their revenue comes from taxpayers, and they play an indispensable role in determining the balance of power in America, the companies largely function in secret. Devices made by Election Systems & Software LLC, Dominion Voting Systems and Hart InterCivic Inc. will process about nine of every ten ballots next week. Each of the companies is privately held and at least partially controlled by private equity firms. Beyond that, little is known about how they operate or to whom they answer. They don’t disclose financial results and aren’t subject to federal regulation. While the companies say their technology is secure and up-to-date, security experts for years have raised concerns that older, sometimes poorly engineered, equipment can jeopardize the integrity of elections and, more importantly, erode public trust.

National: Hackers targeting election networks across country in lead up to midterms | The Boston Globe

Hackers have ramped up their efforts to meddle with the country’s election infrastructure in the weeks leading up to Tuesday’s midterms, sparking a raft of investigations into election interference, internal intelligence documents show. The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe. The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.” The recent incidents, ranging from injections of malicious computer code to a massive number of bogus requests for voter registration forms, have not been publicly disclosed until now. Federal agencies have logged more than 160 reports of suspected meddling in US elections since Aug. 1, documents show. The pace of suspicious activity has picked up in recent weeks — up to 10 incidents each day — and officials are on high alert.

National: Ready or not, states are about to find out if their election security investments worked | StateScoop

Last month, election officials in Vermont disclosed that the state had notified the U.S. Department of Homeland Security that it had detected a computer with an internet protocol address leading back to Russia snooping around its voter registration database in August. While the state said no data was altered , the incidentwas a reminder that the foreign cyberthreatis still out there, nearly two years after it dominated the conversation about the 2016 campaign. This election cycle, state and local officials who supervise elections have scrambled to add cybersecurity to portfolios that long consisted mostly of registering voters and tabulating ballots. The inflectionpoint came in September 2017, when DHS said that Russian hackers attempted to penetrate the voter registration systems in at least 21 states in 2016 and did so successfully in Illinois. With all that in mind, those state officials have becomeactive partners with the federal government, whileupgrading computer systems, replacing equipment and sharing threat information.On Tuesday, they and their voters will find out if their efforts were worthwhile.

National: Concerns about voter access dominate final stretch before Election Day | The Washington Post

n Saturday, voting rights advocates alerted lawyers for the Georgia secretary of state, as well as the FBI, of a potential vulnerability in the state’s election system that they said could allow hackers to obtain and alter private voter information. On Sunday, Republican Brian Kemp, who as secretary of state controls the state’s election process even as he runs for governor, responded by accusing Democrats of possessing software that could have extracted personal voter data, and his office opened an investigation into what it described as “a failed attempt to hack the state’s voter registration system.” Kemp’s campaign called Democrats “power-hungry radicals” who should be held to account for “their criminal behavior.” Democrats called the probe “an abuse of power.”

National: ‘They Don’t Really Want Us to Vote’: How Republicans Made It Harder | The New York Times

Damon Johnson is a 19-year-old sophomore studying chemical engineering at historically black Prairie View A&M University. He’s learning a lot about voting, too. Mr. Johnson is one of the plaintiffs in a lawsuit filed last month by the NAACP Legal Defense and Educational Fund alleging that rural Waller County has tried to disenfranchise students at the university over decades, most recently by curtailing early voting on campus. The polling station at the university’s student center was restricted to three days of early voting, compared with two weeks in some other parts of the county — and two weeks at majority-white Texas A&M in a nearby county. “I don’t want this to be the reason, but it looks like we’re PVAMU in a predominantly white area and they don’t really want us to vote,” Mr. Johnson said recently.

National: Watch out for vote suppression, other tricks on Election Day | McClatchy

Don’t be surprised by mischief on Election Day. That’s the advice experts give about last-minute text messages, robocalls or emails purporting to instruct people (falsely) on where or when to vote. Bogus text messages have already popped up in Florida, one of many states afflicted by attempts to skew the vote in the run-up to Tuesday’s midterm elections. Early voting has been fraught with problems, including an investigation into alleged hacking of Georgia voter registration systems on Sunday and court battles in the state over who should be allowed on voter rolls, and snafus with antiquated voting machines in Texas. In Kansas, a federal judge upheld Dodge City’s decision to move the only polling place to what one resident called “the middle of nowhere” outside of town. There are tougher ID rules for voters in North Carolina and Kansas, passed by Republican office-holders who want to keep their majorities.. In North Dakota, where officials require a residential address in order to vote, thousands of Native Americans faced a scramble to obtain new state-issued or tribal IDs with street addresses, rather than P.O. boxes, even though their homes often lack numbers and their streets lack names.

National: Homeland Security’s biggest election concern is what comes after you vote | CNET

The biggest concern for election security isn’t about Election Day — it’s about the day after, Department of Homeland Security Secretary Kirstjen Nielsen said. “My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York. The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference. That includes assisting election officials in all 50 states, creating its own center toprotect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about.

National: Could Hackers Give Us Another Bush v. Gore? | Washingtonian

The scenario would go like this. On Tuesday, November 6, Americans tune to television sets and radio broadcasts, unlock their phones and keep an eye on their desktop screens, all waiting for the same thing: A definitive account of who has won what in the midterm elections. Throughout the night, election numbers shoot across their screens—live, preliminary return data pumped in from congressional and Senate races across the country, and key gubernatorial races, too. Then, around 10 PM EST, CNN anchors announce the network’s call: The Democrats have taken control of the House, winning 31 of the necessary 24 seats to successfully wrest control from Republicans. On camera, Van Jones and Anderson Cooper waste no time as they begin discussing the implications of the victory and how the midterm results have placed the Trump presidency in a new chapter of turmoil. But there’s a problem. Fox News analysts have just announced the opposite result: In an extraordinary turn of events, Republicans have managed to hang on to their majority by a single seat, retaining control of the House. It’s a major political upset, says Bret Baier, and a replay of Trump’s surprise victory in 2016. And yet for clients of the newswire Reuters, the results are simply opaque—with political analysts there reporting that control of the House, and several nail-biter gubernatorial and Senate races, still remain too close to call.

National: Has US voter suppression become systematic? | Deutsche Welle

Audrey Calkins, a 33-year-old lawyer, had already voted in two elections in her county in the US state of Tennessee when she showed up to vote in the Republican presidential primary on March 1, 2016. That morning, she showed up at the polls bright and early, presented her ID and her voter registration card to the election official, who looked her up in the system. “They told me I wasn’t on the list,” Calkins said. “I said, ‘Check that you’re spelling my name right.'” The official turned his computer screen around so that Calkins could see he was spelling her name correctly, and indeed, she was not on the list. “They said I wasn’t a registered voter,” Calkins said. “I was blown away, because obviously I had just voted a couple of months before in both October and November.” Calkins was turned away from voting.

National: Voting machine errors already roil Texas and Georgia races | Politico

Glitchy paperless voting machines are affecting an untold number of early voting ballots in Texas and Georgia, raising the specter that two of the most closely watched races could be marred by questions about whether the vote count is accurate. Civil rights groups and voters in both states have filed complaints alleging that the ATM-style touchscreen machines inexplicably deleted some people’s votes for Democratic candidates or switched them to Republican votes. The errors — which experts have blamed on outdated software and old machines — would appear to work to the advantage of Republican Texas Sen. Ted Cruz over Democratic challenger Beto O’Rourke, and that of Georgia GOP gubernatorial candidate Brian Kemp over Democrat Stacey Abrams. It’s unclear how many times the errors have happened or whether they could be enough to change the outcome of either race, both of which appear to be tight. But the latest episodes come after at least a decade and a half of warnings from election security groups about the dangers of relying on voting machines that don’t produce a paper trail — saying they’re insecure and produce results that are impossible to audit.

National: Securing voting machines means raising funds | The Parallax

There likely isn’t a quick fix for complex U.S. election integrity challenges such as social-engineering interference on Facebook. Experts say there is a straightforward response, however, to vulnerable voting-machine software. The problem is that it involves cooperation in Congress. When the Senate failed to move the Secure Elections Act forward in August because of White House concerns over states’ rights, coupled with funding concerns, the United States lost its best chance this year of taking steps toward patching voting machines. The most recent federal dollars devoted to improving elections came from the Help Americans Vote Act of 2002, which was itself flawed because its authors failed to predict cybersecurity standards for voting machines. The idea of hackers infiltrating computerized voting machines at the time was “completely ridiculous,” says Margaret MacAlpine, a voting-machine security researcher and a founding partner of cybersecurity consultancy Nordic Innovation Labs. “The cybersecurity threat was more than science fiction at that point,” she says. And even now, as knowledge that the machines are vulnerable to hackers spreads, there is still a lack of political will to allocate the funds needed to replace them and ensure that new machines are secured against attacks, she says.

National: A Voter’s Guide to Election Security | Associated Press

Americans are now voting in the first major election since Russians launched a broad assault on the 2016 presidential campaign. And while election officials and security experts remain vigilant through Election Day, voters have a critical role in the fight to keep elections safe and accessible. The average voter shouldn’t be too concerned about foreign interference in elections, said Maurice Turner, a senior technologist at the nonprofit Center for Democracy and Technology in Washington, D.C. But, he said, that doesn’t mean she should be passive about secure elections. By understanding the system, its flaws and what needs changing, voters can call for accountability from election officials and state policymakers. “I’m hoping for a quiet Election Day,” Turner said. “I’m hoping that we can focus on the issues that are on the ballot versus how we’re going to count the ballot.” Malicious actors might attack the midterms by manipulating voter registration rolls. While a May report from the Senate Intelligence Committee said the “U.S. election infrastructure is fundamentally resilient,” it also outlined Russian attempts in 2016 to scan election systems in 21 states and aggressively try to infiltrate six of them.

National: The Vulnerabilities of Our Voting Machines | Scientific American

A few weeks ago computer scientist J. Alex Halderman rolled an electronic voting machine onto a Massachusetts Institute of Technology stage and demonstrated how simple it is to hack an election. In a mock contest between George Washington and Benedict Arnold three volunteers each voted for Washington. But Halderman, whose research involves testing the security of election systems, had tampered with the ballot programming, infecting the machine’s memory card with malicious software. When he printed out the results, the receipt showed Arnold had won, 2 to 1. Without a paper trail of each vote, neither the voters nor a human auditor could check for discrepancies. In real elections, too, about 20 percent of voters nationally still cast electronic ballots only. As the U.S. midterm elections approach, Halderman, among others, has warned our “outmoded and under-tested” electronic voting systems are increasingly vulnerable to attacks. They can also lead to confusion. Some early voters in Texas have already reported votes they cast for Democratic U.S. Senate challenger Beto O’Rourke were switched on-screen to incumbent Republican Sen. Ted Cruz. There’s no evidence of hacking, and the particular machines in question are known to have software bugs, which could account for the errors.

National: Mystery of the Midterm Elections: Where Are the Russians? | The New York Times

Shane Huntley has seen every form of state-sponsored cyberattack, first as an Australian intelligence officer and now as director of Google’s most advanced team of threat detectors. So when he was asked what surprised him the most about the 2018 midterm elections, his response was a bit counterintuitive. “The answer is surprisingly little on the hacking front, at least compared to two years ago.” He paused, and added: “And that reassures some people, and it scares some people.” He is right. From the cyberwar room that the Department of Homeland Security runs round the clock in a bland office building in Arlington, Va., to Microsoft’s threat-assessment center at the other end of the country, in Redmond, Wash., every form of digital radar is being focused on Russia, especially its military-intelligence unit, formerly known as the G.R.U.

National: Campaign cybersecurity poses next major challenge for federal election officials | The Hill

Federal officials say they want to help political campaigns guard against against cyberattacks, but are struggling to figure out how. Election officials said this week that while much of the attention since 2016 has focused on protecting voting systems, campaigns remain highly susceptible to cyber intrusions. However, those same officials have no means of directly communicating with the hundreds, if not thousands, of candidates about how best to address cyber threats. Robert Kolasky, director of the Department of Homeland Security’s (DHS) National Risk Management Center, said DHS has resorted to contacting the Republican and Democratic national committees to try to reach campaigns. And even then federal officials aren’t able to reach everyone. Few campaigns reach out to DHS about cybersecurity issues, Kolasky told reporters on Tuesday, adding that candidates are more likely to contact the FBI or their national committees when they notice something has gone wrong.

National: Ahead of U.S. elections, fears of voter suppression – and efforts to fight back | Reuters

Clemente Torres has proudly cast his vote in person at Dodge City’s lone polling place in every election since he became a naturalized citizen 20 years ago. This year is different. After Republican officials said in September they would move the Hispanic-majority city’s only polling place to a remote spot outside the city limits, across railroad tracks and away from bus lines, Torres decided to vote by mail. “I wanted to be sure I could vote,” said Torres, 57, who works at a meatpacking plant in this western Kansas city best known for its history as a Wild West outpost. “I didn’t want to take any chances.” Torres and other voters interviewed by Reuters said they were worried voting would be more difficult at the new location. Some were skeptical of the official explanation: that construction will hinder access to the usual site. The move sparked an outcry from voting rights groups that say Republicans are trying to limit Hispanic votes. The American Civil Liberties Union asked the courts to force Dodge City to open another polling site – a request denied by a judge on Thursday.

National: Mail-In Ballot Postage Becomes a Surprising (and Unnecessary) Cause of Voter Anxiety | ProPublica

At the absentee ballot parties organized by assistant professor Allison Rank and her political science students at the State University of New York at Oswego, young voters can sip apple cider and eat donuts as they fill out their ballots. But the main draw is the free stamps. “The stamp was actually the thing I was concerned about,” one freshman told Rank after she explained the process of completing and mailing in a ballot. According to Rank, only one store on the rural upstate campus sells postage. It has limited hours and only takes cash, which many students don’t carry. It’s not only students who may be short a stamp this election. An increasing number of Americans vote by mail in an age when fewer of us have a reason to keep postage on hand. But it’s long been an open secret among election officials: Even though the return envelopes on many mail-in ballots say “postage required,” the U.S. Postal Service will deliver even without a stamp.

National: In the South, an Aggressive Effort to Purge Former Felons From Voting Rolls | Pacific Standard

In many parts of the country, it’s becoming easier than ever for former felons to vote. A growing number of states have loosened restrictions, such as allowing people to cast ballots while still on parole or probation. But there is one region that still has a penchant for purging felons from the rolls: the South. An APM Reports/Pacific Standard analysis of federal data shows that, in the past decade, the number of registered voters removed from the rolls across the South due to a conviction has nearly doubled. That trend comes at a time when overall crime rates have been declining. States with the largest voting-aged, African-American populations tend to have some of the strictest laws. And that’s created a disproportionate impact on minority voters. In fact, the laws were initially designed 150 years ago to suppress African-American political influence.

National: Electronic voting was going to be the future. Now paper’s making a comeback | CNET

You could call it buyer’s remorse. Five US states went all in on electronic voting machines, and four of those states are poised to get out. Delaware, Georgia, Louisiana, New Jersey and South Carolina are the only states relying solely on voting machines that produce no paper record of an individual voter’s ballot. All but Georgia are on the cusp of swapping those out for new machines that print out a paper record of each completed ballot — and Georgia is under pressure to do the same. None, though, will be ready for next week’s midterm elections. It’s the next step in voting systems since Florida’s infamous hanging chads and butterfly ballots determined the 2000 presidential election. … Hackers could also infiltrate the computers that tabulate results, as security experts found when they examined voting-related software at the annual Defcon hacking conference this year, and they could attack or alter the websites that announce winners. The Defcon experts also found half of US states are using voting machines that have known software vulnerabilities.

National: How Electronic-Voting-Machine Errors Reflect a Wider Crisis for American Democracy | The New Yorker

When reports began circulating last week that voting machines in Texas were flipping ballots cast for Beto O’Rourke over to Ted Cruz, and machines in Georgia were changing votes for the Democratic gubernatorial candidate Stacey Abrams to those for her Republican opponent, Brian Kemp, it would not have been unreasonable to suppose that those machines had been hacked. After all, their vulnerabilities have been known for nearly two decades. In September, J. Alex Halderman, a computer-science professor at the University of Michigan, demonstrated to members of Congress precisely how easy it is to surreptitiously manipulate the AccuVote TS, a variant of the direct-recording electronic (D.R.E.) voting machines used in Georgia. In addition, Halderman noted, it is impossible to verify that the votes cast were not the votes intended, since the AccuVote does not provide a physical record of the transaction.

National: Fewer than half of US states have undergone federal election security reviews ahead of midterms | ABC

With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking. Under the department’s National Protection and Programs Directorate, the agency branch that coordinates cyber protection of U.S. infrastructure, a team of DHS officials are prepared to examine statewide election systems. They can check for cybersecurity vulnerabilities and run in-person exercises like phishing tests to ensure election officials are prepared to guard against attempts to hack their email accounts. The Department of Homeland Security has already provided or is scheduled to provide the service, which is free for states that request it, to only 21 states, a department spokesman told ABC News, concerning election experts who fear some states may not be aware of potential vulnerabilities.

National: 14 States Forgo Paper Ballots, Despite Security Warnings | Government Technology

Just days before a pivotal midterm congressional election, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems. The shortfall comes despite nearly two years of warnings from cybersecurity experts that in the absence of a paper backup system, voters’ intentions cannot be verified in case of a cyberattack that alters election databases. Fourteen states will conduct the midterm elections where voters will register their choices in an electronic form but will not leave behind any paper trail that could be used to audit and verify the outcome. Delaware, Georgia, Louisiana, New Jersey and South Carolina have no paper backup systems anywhere in the state. Nine other states have several jurisdictions without a physical alternative to electronic records — Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee and Texas. Experts have urged states to have backup systems after officials from U.S. intelligence agencies and the Department of Homeland Security said that Russian entities scanned election systems in at least 21 states before the 2016 election in an attempt to breach. Seven states had their computer systems breached to various degrees, officials have said. Illinois has said its voter registration system was breached. But officials have said no votes were altered.

National: Rejection of mail-in ballots raises alarm ahead of election | Associated Press

Drawing on her years of military experience, Maureen Heard was careful to follow all the rules when she filled out an absentee ballot in 2016. She read the instructions thoroughly, signed where she was supposed to, put the ballot in its envelope and dropped it off at the clerk’s office in her New Hampshire town. She then left so she could return to a temporary federal work assignment in Washington, D.C. “I have learned over the years, many years in the military of filling out forms, how to fill out forms — and I was very intimidated by the process,” said Heard, who served in the Air Force and was a lieutenant in the U.S. Coast Guard. “I was like, ‘Oh my gosh, I have to make sure I get it absolutely right.’ And then it didn’t count.” Heard, 57, discovered last year that she was among roughly 319,000 voters across the country whose absentee ballots were rejected during the last presidential election. The reasons varied, ranging from missed deadlines to failure to sign the return envelope. Heard’s ballot was tossed out because her signature did not match the one on file at her local election office.

National: A threat to democracy: Republicans’ war on minority voters | The Guardian

It was a mystery worthy of crime novelist Raymond Chandler. On 8 November 2016, African Americans did not show up. It was like a day of absence. African Americans had virtually boycotted the election because they “simply saw no affirmative reason to vote for Hillary”, as one reporter explained, before adding, with a hint of an old refrain, that “some saw her as corrupt”. As proof of blacks’ coolness toward her, journalists pointed to the much greater turnout for Obama in 2008 and 2012. It is true that, nationwide, black voter turnout had dropped by 7% overall. Moreover, less than half of Hispanic and Asian American voters came to the polls. This was, without question, a sea change. The tide of African American, Hispanic and Asian voters that had previously carried Barack Obama into the White House and kept him there had now visibly ebbed. Journalist Ari Berman called it the most underreported story of the 2016 campaign. But it’s more than that. The disappearing minority voter is the campaign’s most misunderstood story. Minority voters did not just refuse to show up; Republican legislatures and governors systematically blocked African Americans, Hispanics and Asian Americans from the polls.

National: Are elections any more secure than in 2016? | GCN

To help shore up the nation’s election infrastructure, Congress repurposed $380 million of leftover funding from the 2002 Help America Vote Act into grant funding for states to improve election security. States collectively invested an additional $19 million in matching funds for the same purpose. States could use the grants to replace old voting machines, upgrade election-related computer systems to address vulnerabilities identified by the Department of Homeland Security, implement post-election audits, provide cybersecurity training for state and local election officials or other activities that are specifically tailored to addressing cybersecurity needs.According to the Election Assistance Commission, 41 states used 36.3 percent of those funds to directly improve election cybersecurity. An additional 27.8 percent of the funding went to purchase new voting equipment while another 13.7 percent went to upgrade voter registration systems. Only 5.6 percent of the funds were used to implement post-election audits. However, it’s important to understand that these upgrades and expenditures are expected to take place over the course of the next two to three years; relatively little of the work is being completed before the midterm elections.

National: Center for Internet Security looks to expand threat sharing program to political campaigns | CyberScoop

While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise. “Especially in the early phases of the campaign, it is not staffed by professional IT and certainly not cybersecurity people,” said John Gilligan, the executive chairman of the nonprofit Center for Internet Security (CIS). When a candidate decides to run, the campaign might acquire a few computers and start building databases without prioritizing cybersecurity, Gilligan said Tuesday at the Center for Strategic and International Studies. CIS, which runs a center for sharing threat data with state and local officials, is looking to extend its information-sharing initiative to campaigns. The goal is to chip away at the security-resource deficit facing candidates, as numerous tech companies are trying to do by offering free security services to campaigns.

National: The Amazing Disappearing Voter: Voter purges have become the right’s new voter suppression tool of choice | TPM