Concerns about the fragility of US electronic voting systems to cyberattacks go back to 2002 when the Help America Vote Act was passed mandating the replacement of lever-based machines and punchcards with more modern voting equipment. Those concerns have been greatly amplified this election season with reports of attacks on voter registration systems in some 20 states and intrusions into the Democratic National Committee’s computers by hackers believed to be out of Russia. The attacks have stirred considerable fears about foreign adversaries and nation-state actors somehow disrupting the elections and even manipulating the outcome of the voting to favor one of the two major party candidates. … In all states but five, a vast majority of the electronic voting equipment that voters use will have paper backups. Some voters will use what are known as Direct-Recording Electronic (DRE) voting systems to cast their votes electronically. Others will mark their choices on a paper ballot and feed it into an optical scanner that will do the ballot counting. In both cases, voters and election officials will have a so-called Voter Verifiable Paper Audit trail that will provide a reliable backup even if the machines fail or are somehow compromised.
Donald J. Trump has lashed out at fellow Republicans, calling them “disloyal” and “far more difficult” than Hillary Clinton. He has griped openly about a “rigged” political system, saying Wednesday he has “no respect” for the nonpartisan Commission on Presidential Debates and complaining about a “defective” microphone in the first debate. And on Monday, at a rally in Wilkes-Barre, Pa., he worried the election could be “stolen” from him and singled out Philadelphia, a city with a large African-American population, warning, “We have to make sure we’re protected.” Mr. Trump’s ominous claims of a “stolen election” — which he often links to black, urban neighborhoods — are not entirely new. But in recent days, he has been pressing the theme with a fresh intensity, citing everything from the potential for Election Day fraud to media bias favoring Mrs. Clinton to rigged debates.
For the first time in a half-century, Americans will go to the polls in November without the full protection of the Voting Rights Act. Following a 2013 U.S. Supreme Court ruling invalidating a key section of the 1965 law, the U.S. Department of Justice has had to curtail its federal observer program, under which trained monitors oversee access to ballot boxes in areas historically prone to discrimination. The shift comes just as Republican nominee Donald Trump has been exhorting his supporters to be vigilant about the supposed threat of voter fraud, which has been shown to be almost nonexistent in the U.S. “They’re letting people pour into the country so they can go and vote,” he said in an Oct. 7 meeting with the union representing U.S. Border Patrol agents. At a Pennsylvania rally on Oct. 10, he told the crowd, “So important that you watch other communities, because we don’t want this election stolen from us.” An online movement called Operation Red is encouraging Trump supporters to wear red to the polls so people “will have no choice but to acknowledge the visible truth in a sea of red,” according to the group’s website.
National: Elections at Risk in Cyberspace, Part II: Variety is the Spice of Hacking for Voting Machines | Signal Magazine
Election-day activities center on polling places and their voting machines, and this is where the public interest in vote security is most acute. Each state is in charge of acquiring and managing voting machines, and many states have different types of machines within their borders. The wide variety of voting machines used across the United States, rather than deterring hackers, actually helps empower them if they want to change the outcome of people’s votes, say many cybersecurity experts. Many voting machines are so old that modern security has not yet caught up to them. The differences among voting machines also mean that no single tactic could be employed to cause them to give misleading vote totals. Any coordinated effort to use the machines to affect voting outcomes would have to be tailored to each type of machine and would require an extensive network of operatives to be effective on a large scale. Some electronic voting machines still in use in the United States date back to the last millennium, according to a report by the Brennan Center for Justice, a liberal nonpartisan policy and law institute connected with New York University School of Law. The oldest machines have all the security of an ATM—which is to say, very little. Newer machines still are vulnerable because they provide access points for cybermarauders to inject malware that could change votes outright.
Direct-reporting voting machines that offer no paper backup are the most vulnerable, states Chuck Brooks, vice president of government relations and marketing for Sutherland Government Solutions. Also, the diversity of electronic voting machines precludes any easy security fix. Few have had software updates, he says.
While virtually every industry and domain is flourishing and being revolutionized by technological advances, more than three-quarters of U.S. citizens will vote for their next president on paper ballots this November. The main reason for this is concern over cybersecurity threats against the electoral system and process. In the wake of major breaches, such as the hacking of the Democratic National Convention and attacks against voter registration databases in at least two states, it is now feared more than ever that the presidential elections might be influenced or compromised by nation-states such as Russia. And that’s why any form of technology being used in elections is generally frowned upon and regarded as a potential attack vector for malicious actors. But is this a pattern that has to repeat itself every four years? Are we doomed to choose our leaders in settings that one expert described to me as reminiscent of the dark ages for fear of major hacks, or is it possible to see future elections leverage the full power of the newest tech without fearing cyber threats?
More states and local election boards have asked the Department of Homeland Security to help with cybersecurity, the department announced Monday night. The total, which has been steadily rising in recent weeks, has reached 33 state and 11 county or local election agencies, DHS said. More than two dozen states were known to have requested help before the updated tally. DHS has been urging states to take advantage of its resources, which include scanning systems for vulnerabilities and recommendations for improving cybersecurity on election and voter registration systems. The update from Secretary Jeh Johnson warned those on the fence to make a decision.
Hurricane Matthew brought utter devastation to Haiti and other islands in the Caribbean after it swept through the region early last week. In Haiti, the storm killed at least a thousand people; damaged infrastructure advancements the nation had made in its push to modernize; and delayed a presidential election originally scheduled for early October. While the problems it’s caused on the eastern United States have been less dire, the storm has nevertheless had serious consequences in many communities. And, as in Haiti, its aftereffects may have repercussions on the country’s upcoming presidential election as well. Efforts to calculate the political costs of a disaster—which are already ongoing in the case of Matthew—often generate callous, clinical results that don’t capture the length and breadth of those effects; they may focus on how displacement might benefit one candidate or the other, but can’t capture the human stories behind those missed votes. The most difficult exercise in a catastrophe’s aftermath is accounting for the things and people lost: the resulting health crises, the activities made difficult, the memories erased, and the strain of rebuilding. Worrying about political consequences can seem crass when people’s day-to-day lives are in ruins. Sometimes, though, the things victims have to lose are political in nature, making a discussion about politics unavoidable—and even necessary.
Kenneth Inniss, 56, has not voted in a U.S. election since 1984, when he first went to prison for a felony conviction. He is now out but will have to wait one more year until he is off parole to vote. “It’s a right that we take for granted until it’s taken from us,” he said. “And that’s when it really hit home for me. I don’t have a say in how those laws are keeping me incarcerated.” Inniss recently packed into a glossy black van with eight other formerly incarcerated New Yorkers and embarked on a road trip to Cleveland, Ohio. The group had a simple mission: Inform Ohio ex-prisoners of their right to vote.
“It’s not a question of if you’re going to get hacked—it’s when you’re going to get hacked.” Those were the words of Verizon CEO Lowell McAdam as he sought to assure investors last week that the company is still interested in purchasing Yahoo despite the massive data breach of Yahoo consumer accounts. Whether McAdam’s words ring true for the hodgepodge of election systems across the US is anybody’s guess. But in the wake of the Obama administration’s announcement that the Russian government directed hacks on the Democratic National Committee and other institutions to influence US elections, a senator from Oregon says the nation should conduct its elections like his home state does: all-mail voting.
National: Facebook Helped Drive a Voter Registration Surge, Election Officials Say | The New York Times
A 17-word Facebook reminder contributed to substantial increases in online voter registration across the country, according to top election officials. At least nine secretaries of state have credited the social network’s voter registration reminder, displayed for four days in September, with boosting sign-ups, in some cases by considerable amounts. Data from nine other states show that registrations rose drastically on the first day of the campaign compared with the day before. “Facebook clearly moved the needle in a significant way,” Alex Padilla, California’s secretary of state, said in an interview on Tuesday.
National: Democracy Live launches voting app to view election ballots on smartphones | Puget Sound Business Journal
Democracy Live launched its LiveBallot app and website Thursday to provide American voters with online access to their ballot ahead of Election Day. The LiveBallot social-balloting technology can offer every registered U.S. voter a digital replica of the ballot they’ll see at the polls, plus candidate bios, contact information and links to recent news articles about them. The information can be shared on social media. “LiveBallot is the only app that delivers a customized ballot to each of the 200 million voters in the U.S.,” Democracy Live President and CEO Bryan Finney said in an interview. “For the first time in election history, voters will have a virtual replica of their ballots on their personal devices, computers and in their hands ahead of Election Day.”
National: Obama Considers ‘Proportional’ Response to Russian Hacking in U.S. Election | The New York Times
President Obama is weighing a “proportional” response to Russia’s efforts to interfere with this fall’s election campaign through hacking, the White House announced Tuesday. “The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” Josh Earnest, the White House press secretary, told reporters traveling with Mr. Obama on Air Force One to Greensboro, where he was holding a town hall-style meeting with students and campaigning for Hillary Clinton. “There are a range of responses that are available to the president, and he will consider a response that is proportional,” Mr. Earnest said. Whatever the president opts to do would probably not be announced in advance and may never be acknowledged or disclosed if it is carried out, Mr. Earnest said. On Friday, the Obama administration publicly acknowledged for the first time that it believed that the Russian government was responsible for stealing and disclosing emails from the Democratic National Committee and a range of other institutions and prominent individuals, most recently Hillary Clinton’s campaign chairman, John D. Podesta. The emails were posted on the well-known WikiLeaks site and two newer sites, DCLeaks.com and Guccifer 2.0.
Most of the internet’s most popular voter registration sites make no promise to not turn and sell your information to advertisers, a Vocativ analysis has found. The findings shouldn’t be reason for anyone to avoid registering to vote in the 2016 election, though it may steer you to register through the government’s own standard, unadorned portal: vote.gov. Of the nine major voter registration sites surveyed, only vote.gov, maintained by the U.S. General Services Administration, explicitly promises to neither share hopeful voters’ raw personal information with third parties nor to use it for commercial purposes. Combined, the other sites, including Turbovote, RegisterToVote.org, and HeadCount.org, have reported that they’ve registered millions of voters in this and previous elections. Some work with other companies in order to increase exposure and increase registrations. Rock The Vote, an organization that has existed for 26 years, currently has 820 active partners, said Jen Tolentino, its Director of Civic Technology and Policy, and they include massively popular web services like Twitter and Tinder. None of this is to say that each of these sites actively mine their users’ information to sell to the highest bidder. Instead, it’s that they haven’t promised not to. “The thing about privacy policies is they’re written by lawyers to sound like they’re understandable to regular people, but intentionally so that they’re not,” Nate Cardozo, a senior staff attorney at the Electronic Frontier Foundation, told Vocativ. “I don’t know under what circumstances Rock The Vote will share my personal information.”
In his first remarks since WikiLeaks began releasing thousands of his hacked emails, John D. Podesta, Hillary Clinton’s campaign chairman, said Tuesday that Russian intelligence officials intent on swaying the election to Donald J. Trump had been responsible for the illegal breach into his account. “I’ve been involved in politics for nearly five decades,” Mr. Podesta told reporters aboard the Clinton campaign plane. “This definitely is the first campaign that I’ve been involved with in which I’ve had to tangle with Russian intelligence agencies,” he added, “who seem to be doing everything that they can on behalf of our opponent.” Without verifying the authenticity of the emails, Mr. Podesta said that he had spoken with the F.B.I. “as a victim” of hacking. The Obama administration, like Mr. Podesta, believes the Russian government has been trying to help Mr. Trump with its hacking, including the theft of emails of the Democratic National Committee this year. Mr. Podesta said Mr. Trump had “essentially adopted lock, stock and barrel” a foreign policy that would favor the interests of President Vladimir V. Putin.
Thirty-three states and 11 county and local election agencies have sought help from the Department of Homeland Security (DHS) to shore up their voting infrastructure against cyberattacks, according to the agency. The department urged other states to take advantage of its services — such as scanning internet-facing systems to identify vulnerabilities — noting that less than 30 days remain until Election Day. “Time is a factor,” the agency wrote in a notice sent late Monday. “It can take up to two weeks from the time we receive authorization to run the scans and identify vulnerabilities. It can then take at least an additional week for state and local election officials to mitigate any vulnerabilities on systems that we may find.” The alert comes amidst heightened fears that the Russian government is attempting to interfere in the U.S. election.
Amidst all the heat of the presidential debate on Sunday night, hackers surfaced for a brief moment. The two candidates clashed over a claim that hackers tied to the Russian state were trying to influence the election. Two days earlier, on Friday, the US director of national intelligence had pointed the finger at the highest levels of the Russian state for intrusions.
Critics of Russia have argued that any role would be part of a growing trend of not just stealing information but also weaponising it. The story begins in May, when the Democratic National Committee (DNC) became concerned about suspicious behaviour on its computer network. It called in the security firm CrowdStrike to take a look. Two hacker groups were found on the system, one that had just entered and another that had been there for nearly a year.
It’s not just the Democrats who are frustrated by Donald Trump’s “rigged election” talk. Republicans have started warning their increasingly ostracized nominee to stop stoking his supporters with claims that the 2016 election will be stolen, daring him to show proof or put a lid on it. “Somebody claiming in the election, ‘I was defrauded,’ that isn’t going to cut it,” said former Sen. Kit Bond, a Missouri Republican who earlier in the campaign endorsed Jeb Bush and then Marco Rubio. “They’re going to have to say how, where, why, when. I don’t think leading candidates for the presidency should undercut the process unless you have a really good reason,” Sen. Lindsey Graham, a South Carolina Republican who gained little support for his own 2016 White House run, told POLITICO. Trump and his running mate, Mike Pence, have been flogging for months the notion that Hillary Clinton supporters could tamper with voting to the point that they win the White House. Their campaign website is recruiting poll watchers, and longtime Trump adviser Roger Stone has been raising unlimited funds from corporations and individuals in a bid to “fight a rigged system” that purportedly benefits the Democrats.
Election officials say they’re ready with backup plans in case a natural disaster — like the recent flooding in Louisiana or another storm like Hurricane Matthew — threatens to keep voters away from the polls on Election Day. “We all may have different kinds of disasters, but you still have to hold elections,’’ said Meg Casper, spokeswoman for the Louisiana secretary of state’s office. “What we have done and what we tell folks is, as long as you’ve got a power source, even if it’s a generator, and a tent, you can hold an election. All of these things are mostly lessons learned from (Hurricane) Katrina.’’ Federal and state election officials said Superstorm Sandy, which struck the Northeast in late October 2012, also schooled them in holding elections following torrential rain, flooding and power outages. One lesson: Have paper ballots ready just in case. “We all have contingency plans,’’ Mississippi Secretary of State Delbert Hosemann said. “We just hope the good Lord doesn’t make us use them.’’ Most election officials also have prepared for potential cyber attacks, said Thomas Hicks, chairman of the federal Election Assistance Commission, which held a public meeting last month on Election Day contingency plans.
National: Hurricane victims face another challenge: exercising their right to vote | The Washington Post
In the wake of Hurricane Matthew, residents still struggling to return to their homes and assess the damage are facing another challenge: registering to vote before it’s too late. Nowhere is the issue more acute than in Florida, where a fight to extend that deadline has turned bitterly partisan and litigious. Some 1.5 million Floridians were placed under evacuation last week as the Category 4 hurricane bore down on the state’s coast, closing down county and state government services. After Gov. Rick Scott (R) refused to extend Tuesday’s deadline to register, a federal judge ruled against him, extending it at least until Wednesday and rebuking Scott’s decision as “irrational,” “nonsensical” and “poppycock.” “These voters have already had their lives (and, quite possibly, their homes) turned up-side down by Hurricane Matthew,” U.S. District Judge Mark E. Walker wrote. “They deserve a break, especially one that is mandated by the United States Constitution.”
Hurricane Matthew is significantly earlier in the election than Sandy was — early October vs. late October — and we still don’t know precisely how much it will affect Florida, Georgia and South Carolina. So it’s very early to talk about political implications. But given Florida’s status as a hugely important swing state (and even Georgia’s status as a surprising battleground), there will be plenty of debate about the political impact the storm could have come Nov. 8. And the political fight over it has already begun, with Florida Gov. Rick Scott (R) on Thursday declining the request of Democrats to extend voter registration in that state. Here are three ways in which storms like this can affect elections — along with whether there’s evidence they actually do.
The impact of Russian hacking on the upcoming presidential election was a topic in Sunday night’s debate, raising the question: Is the U.S. election hackable? Experts say at the national level, no. But there could be individual incidents that undermine faith in the system. There’s almost no danger the U.S. presidential election could be affected by hackers. It’s simply too decentralized and for the most part too offline to be threatened, according to the head of the FBI and several security experts. “National elections are conducted at the local level by local officials on equipment that they obtained locally,” so there’s no single point of vulnerability to tampering here, said Pamela Smith, president of Verified Voting, a non-partisan, non-profit organization that advocates for elections accuracy. … The biggest question in the mind of voting security expert Joseph Kiniry is whether the 2016 election will be Y2K or Pearl Harbor.
It’s been buried under news of Donald Trump bragging about his ability to grab women by their genitals, but Friday afternoon’s news dump included a stunning declaration by the Department of Homeland Security: the first direct accusation from the Obama administration that Russia is trying to interfere with our elections. “The U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations,” the statement said, concluding that “these thefts and disclosures are intended to interfere with the US election process.” After the Democratic National Committee hack and the scattered hacks of voting machines, and months of talk in the press and on Capitol Hill, the Obama administration has openly called out the Kremlin for meddling in the election. This was immediately followed by a new dump of documents from WikiLeaks, this time of Clinton campaign chair John Podesta’s emails, and news that the Russian ambassador to the United Nations lodged a formal complaint with the organization when another official criticized Trump. And all of this comes against the backdrop of Trump’s constant and effusive praise for Vladimir Putin, as well as a steady stream of revelations about his campaign’s shady ties to Russia.
National: Is there any practical way for Republicans to replace Trump at this point? Not really | Los Angeles Times
Donald Trump’s lascivious boasts about groping women, a common refrain emerged Saturday: The GOP nominee should withdraw from the ticket. The pleas to step aside came from many corners of the GOP universe, including Hugh Hewitt, the conservative radio host, and South Dakota Sen. John Thune, a member of the Republican congressional leadership. Trump has so far defiantly rejected calls to withdraw. But even if Republicans managed to persuade him to bow out, their political headache would not suddenly vanish. An attempt to replace Trump on the ticket would pose staggering logistical hurdles. For one thing, Trump’s name will undoubtedly remain on the ballot. Across the country, election officials have already prepped and printed voting materials. Overseas and military voters must receive their ballots 45 days prior to the election, a deadline that passed last month.
The US government’s accusation that Russian government-directed hacking aimed to disrupt the November election comes amid fears about the security of the voting process. The attacks have included breaches of emails of political organizations—blamed on Russia—as well as probes of state voter databases, for which US officials have said they cannot determine the source.
Here are some questions and answers: Can hackers affect the November election results? This is unlikely, voting experts say. There is no single, centralized hub to be hacked, and the system is comprised of over 100,000 precincts and polling places. “While no system is 100 percent hack-proof, elections in this country are secure, perhaps as secure as they’ve ever been,” David Becker of the Center for Election Innovation & Research told a recent congressional hearing. “There isn’t a single or concentrated point of entry for a hacker.” … Dan Wallach, a computer science professor at Rice University who studies voting systems, told lawmakers the biggest vulnerability is voter registration databases. Wallach testified at a House of Representatives hearing on election security that such an effort “can selectively disenfranchise voters by deleting them from the database or otherwise introducing errors.”
The Russian government’s cyber-espionage campaign against the American political system began more than a year ago and has been far more extensive than publicly disclosed, targeting hundreds of key people — Republicans and Democrats alike — whose work is considered strategically important to the Putin regime, official sources told NBC News. The targets over the past two years have included a Who’s Who of Hillary Clinton associates from her State Department tenure, the Clinton Foundation and her presidential campaign, as well as top Republicans and staffers for Republican candidates for president. Starting in earnest in 2015, Russian hackers used sophisticated “spearphishing” techniques to steal emails and other data from Capitol Hill staffers, operatives of political campaigns and party organizations, and other people involved in the election and foreign policy. That’s according to NBC News interviews with more than two dozen current and former U.S. officials, private sector cybersecurity experts and others familiar with the FBI-led investigation into the hacks.
National: Trump suggests illegal immigrants will vote as parties clash over voter access | The Washington Post
Donald Trump suggested without evidence Friday that the Obama administration was letting illegal immigrants into the country to vote — part of a series of unsubstantiated complaints by the GOP nominee that the election is “rigged” against him and that his backers should monitor polling locations in “certain areas.” Trump’s allegations were a dramatic escalation of the usual partisan warfare over ballot access issues and came as Florida Gov. Rick Scott (R) denied a request by Hillary Clinton’s campaign to extend voter registration because of Hurricane Matthew. The storm caused the extension of voter registration deadlines in South Carolina, while officials in Georgia have urged residents in storm-affected areas to register online instead of going to registration centers.
With the most volatile election in nearly 50 years about to take place in now less than 30 days, federal officials, voting modernization experts and civil rights activist are expressing enormous worry about the integrity of election systems on Nov. 8. Threats to voting systems and processes are not a new occurrence. Just less than 20 years ago, the Supreme Court ended up selecting the first American president of the 21st century after a hanging chad mishap in battleground state Florida put the nation in electoral suspense for months after the election. But there is considerable conversation among government officials on all levels, as well as cybersecurity experts and voting rights advocates that voting systems are facing multiple tracks of threats that could possibly shape outcomes on Election Day. The extent of those threats could also negatively impact Black and Latino voters in a number of key battleground states, including places like Arizona, Florida, Ohio and Pennsylvania. These are states where voters of color hold the key to determining who ends up in the White House. … U.S. voting infrastructure, according to the Brennan Center’s Christopher Famighetti, is woefully underfunded and dangerously outdated. “In November, 42 states will be using voting machines that are over 10 years old,” Famighetti warned in a conversation with the Tribune. “Thirteen states will be using machines 15 years or older. That’s close to the end of most voting systems life span. We wouldn’t expect our desktop or laptop to last for 10 years.”
Nine states have shortened the time still allowed for voters to register for the November election, in some cases designating as the last day to register the Columbus Day federal holiday when government offices are closed. Democratic Sens. Charles E. Schumer (N.Y.) and Patrick J. Leahy (Vt.) said that the states — Alaska, Arizona, Arkansas, Hawaii, Mississippi, Rhode Island, South Carolina, Utah and Washington — could be in violation of the National Voter Registration Act, which requires states to accept registration forms if they were postmarked 30 days before Election Day, because their deadline is on a weekend day without postal service or on a holiday. In a Sept. 30 letter to the federal Election Assistance Commission, the senators urged the EAC to take action to ensure that the states change voter-registration deadlines that fall before Oct. 11 to comply with federal law. The EAC was established in 2002 to help states run elections and to disseminate the federal online voting form. “We know that every day of voter registration in the month before the election is an opportunity for hundreds of thousands of Americans across the country to get registered to vote or update their voter registration information,” the senators wrote.
The US government has formally accused Russia of hacking the Democratic party’s computer networks and said that Moscow was attempting to “interfere” with the US presidential election. Hillary Clinton and US officials have blamed Russian hackers for stealing more than 19,000 emails from Democratic party officials, but Friday’s announcement marked the first time that the Obama administration has pointed the finger at Moscow. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities,” said the office of the director of national intelligence and the Department of Homeland Security (DHS)in a joint statement. The accusation marked a new escalation of tensions with Russia and came shortly after the US secretary of state, John Kerry, called for Russia to be investigated for war crimes in Syria.
With the U.S. presidential election just weeks away, questions about election security continue to dog the nation’s voting system. It’s too late for election officials to make major improvements, “and there are no resources,” said Joe Kiniry, a long-time election security researcher. However, officials can take several steps for upcoming elections, security experts say. “Nobody should ever imagine changing the voting technology used this close to a general election,” said Douglas Jones, a computer science professor at the University of Iowa. “The best time to buy new equipment would be in January after a general election, so you’ve got almost two years to learn how to use it.” … Some states conduct extensive pre-election tests of their voting equipment, but other tests are less comprehensive, said Pamela Smith, president of elections security advocacy group Verified Voting. Most jurisdictions conduct pre-election voting tests, but many “randomly select some machines” after ballot information, such as candidates’ names, is programmed in, Smith said. Testing all voting machines before an election would be more secure, she said.