Is it time to panic about Election Day? Not about the choices for president, but about whether the votes that millions of Americans will cast Nov. 8 will be secure. “My level of concern is pretty high,” said Thomas Hicks, chairman of the Election Assistance Commission, an independent, bipartisan group created to develop guidelines after the disputed 2000 presidential election. Experts are warning that in a year of unending political drama, still more might be in store, from Russian hackers to obsolete voting machines prone to breakdowns, all with the potential for causing considerable political chaos. … Nervousness over the apparatus by which the next president will be chosen seemed inevitable. Computer-security experts have long expressed concerns about the vulnerabilities of state voter-registration rolls and the frailties of older voting machines.
People have trouble prioritizing risk. For example, you often hear about the threat of voter fraud, when all evidence suggests that the risks of such fraud are inconsequential. In truth, hacked voting machines are much more likely to affect an election’s outcome. Why would an election fraudster try to herd a flock of criminal participants to the polls when one mildly talented hacker could cause far more trouble? On a state-by-state level, most presidential elections are decided by many thousands of votes. For example, in 2012, Barack Obama beat Mitt Romney by more than 166,000 votes in the swing state of Ohio. Even in the 2000 election, the closest presidential contest ever, what sort of Houdini could have marshaled the miscreants necessary to cast a few hundred fake votes to tip the balance without getting caught? A hack of a single voting machine could accomplish the same objective.
Although Champaign, Ill., native Judith Maltby has lived in Great Britain for 30 years, she returns to the United States regularly and follows U.S. presidential races. This year’s election is of particular concern to Maltby, a chaplain at England’s Oxford University who hopes “the U.S. remains a serious partner with democratic Europe and continues to be outward looking.” She said she is backing Democratic candidate Hillary Clinton because Republican “Donald Trump’s campaign is about isolationism of the most destructive kind.” Maltby is one of approximately 8 million Americans living abroad, a group large enough to tip elections in close presidential and state contests. They could not vote until 1975, when the Overseas Citizens Voting Rights Act became law. Since then, non-partisan organizations, including Vote From Abroad and Overseas Vote Foundation, have offered help, such as how to register from abroad.
Following an official invitation to observe the US general election in November and an in-country assessment in May, the Organization for Security and Cooperation in Europe (OSCE) plans to deploy 100 long-term and 400 short-term observers to the US this fall. The mission will also include a media monitoring element and will be complimented by a core team of analysts. While the long-term observers are slated to follow the election process across the country already before election day, the short-term observers are tasked with monitoring the polls on election day only. Election observers are usually seconded for the mission by OSCE participating states. Four years ago the OSCE deployed 44 short-term observers across the country as well as a core team of 13 experts to monitor the 2012 US election. No short-term contingent was sent for what was considered a “limited mission.”
Brace for a stream of digital leaks and shenanigans by Election Day. Whether it’s newly disclosed Democratic Party emails or someone tampering with voting machines, this year’s presidential election could come with hacking intrigue like none before it. Consider messages stolen from the Democrats by suspected Russian-linked hackers and posted online in the summer by the self-described…
The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts. “Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level of either potential disruption, change in voting, or even just political fodder to add the hype cycle,” says Malcolm Harkins, chief security and trust officer at network security firm Cylance. Growing concern that hackers sponsored by Russia or other countries may be attempting to disrupt the presidential election is certainly not far-fetched, given the recent data breach at the Democratic National Committee headquarters. In fact, hacking an election is shockingly easy, according to a report by the Institute for Critical Infrastructure Technology, a cybersecurity think tank. In most cases, electronic voting systems “are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security,” according to the report. Security vulnerabilities are discussed every four years, but little attention is given to the problem. “It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security,” the report concludes.
National: National Association of Secretaries of State names members of election security group | FCW
After reports of possible hacks by foreign entities on U.S. voting systems and massive data theft from political party databases, the Department of Homeland Security is assembling a group of state and federal officials who will explore ways to protect the integrity of U.S. election systems. On Aug. 31, the National Association of Secretaries of State named four representatives to DHS’ Election Infrastructure Cybersecurity Working Group: Denise Merrill, Connecticut’s secretary of state and the association’s president; Connie Lawson, Indiana’s secretary of state and the association’s president-elect; and NASS Elections Committee Co-Chairs Alex Padilla, California’s secretary of state, and Brian Kemp, Georgia’s secretary of state. Other participants in the group include the Election Assistance Commission, the National Institute of Standards and Technology, the Justice Department, the FBI and the Defense Department’s Federal Voting Assistance Program, the official said.
National: Intelligence community investigating covert Russian influence operations in the United States | The Washington Post
U.S. intelligence and law enforcement agencies are probing what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said. The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation. The effort to better understand Russia’s covert influence operations is being spearheaded by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”
National: Trump’s ‘rigged election’ rhetoric could inspire voter intimidation, say experts | The Guardian
Donald Trump’s claims that if he loses in November it will be due to a “rigged” election have sparked strong bipartisan criticism from election lawyers, donors and a former member of Congress who warn that the Republican candidate’s words are dangerous, fueling doubts about the election’s legitimacy and potentially leading to voter intimidation. As his poll numbers have weakened and his high-decibel spats with critics escalated, Trump has raised the specter of rigged elections and suggested that if he loses it might well be because of voter fraud. “The only way we can lose, in my opinion, I really mean this, Pennsylvania, is if cheating goes on,” Trump told a largely white rally last month in Altoona, Pennsylvania. “Go down to certain areas and watch and study [to] make sure other people don’t come in and vote five times. “We’re going to have unbelievable turnout, but we don’t want to see people voting five times,” Trump added, saying that he had “heard some stories about certain parts of the state and we have to be very careful”.
National: Without conservative Supreme Court majority, voter-law challengers make gains | The Washington Post
A coalition of civil rights groups, Democratic lawyers and the Obama administration has scored significant victories in overturning strict voting laws, highlighting how the death of Justice Antonin Scalia has removed the Supreme Court as a crucial conservative backstop for such measures. With the presidential election approaching, the challengers have rung up wins against their two top targets. Texas and North Carolina are now under judicial order to shelve comprehensive voting laws, passed by Republican legislators, that appeals courts said discriminated against African Americans and Hispanics. In Wisconsin, federal courts restored some early-voting opportunities — seen as beneficial to African American voters, who overwhelmingly vote Democratic — that had been scotched by the state legislature. And a federal judge has been tasked with overseeing the state’s efforts to make it easier for those without the documentation required by the state to cast ballots.
Since 2010, 25 states passed laws making it harder to vote. Some required voters to present photo ID at the polls; others restricted early voting or the re-enfranchisement of ex-felons. In 17 of the states, Republicans control the legislature and the governorship. Liberals have scrambled to get the laws repealed or overturned in court. But with exceptions such as the July decision by a federal appeals court to block several new voting restrictions in North Carolina, most of the new laws remain on the books and will be in effect in November. Now some of the bluest states are passing laws to make voting easier. Since the start of 2015, five states have approved automatic voter registration measures, in which government agencies such as the Department of Motor Vehicles add qualified citizens to the voter rolls unless they opt out. “The question should be, Why would we ever have a barrier?” says Democrat Jennifer Williamson, state house majority leader in Oregon, where the nation’s first AVR measure was signed into law in March 2015. “We should be constructing a system where the default is voting.”
We’ve heard a lot in recent weeks about the potential for Russian meddling in the presidential election. A lot of circumstantial evidence – and the fact that Russia has the means, motive and opportunity to conduct these attacks – suggests an important Russian role in the leaks of confidential emails from the Democratic National Committee, the release of opposition research on Donald Trump compiled by the DNC and personal contact details of many prominent Democrats. And just this week, news broke that the FBI has found evidence of foreign penetrations of voter registration databases in Arizona and Illinois and warned officials in every state to improve the cybersecurity of election-related systems. We also know that most citizens will cast their ballots on electronic voting machines; in 43 states those machines are more than a decade old. These are the computers that were introduced immediately after the Bush-Gore election in 2000, to correct the problems with balloting that had cast doubt on the actual choices of many Florida voters. Over the last decade or so, it has been conclusively demonstrated that at least some models of electronic voting machines are vulnerable to hacking by people with the skills of graduate students in computer science. No one knows how secure the other machines are, because many vendors have asserted their intellectual property rights to prevent the security of their machines from being examined by independent parties.
National: Cybersecurity firm finds evidence of Russian tie to hacks of vote systems in Arizona and Illinois | McClatchy DC
The Russian internet nodes used to hack into voting systems in Illinois and Arizona were also used in recent penetrations of Turkey’s ruling party, the Ukrainian Parliament and a political party in Germany, a U.S. cybersecurity firm said Friday. Individuals using Russian infrastructure “are looking to manipulate multiple countries’ democratic processes,” said an alert from ThreatConnect, an Arlington, Virginia, firm that tracks digital intrusions. The company said, however, that it still did not have enough information to attribute the attacks to any individual or country. Russian President Vladimir Putin, meanwhile, told the Bloomberg news agency that a public leak of more than 19,000 emails siphoned from computers at the Democratic National Committee earlier in the summer was for the public good. He denied, however, that Russia had perpetrated the hack. “Listen, does it even matter who hacked this data?’’ Putin told Bloomberg in Vladivostok, the Pacific port. “The important thing is the content that was given to the public.”
Tens of thousands of Americans with disabilities have lost their voting rights. It usually happens when a court assigns a legal guardian to handle their affairs. Now, some of those affected are fighting to get back those rights.
David Rector recently went to Superior Court in San Diego, Calif., to file a request to have his voting rights restored. Rector lost those rights in 2011 when his fiance, Rosalind Alexander-Kasparik, was appointed his conservator after a brain injury left him unable to walk or speak.
Alexander-Kasparik says he was still able to communicate his wishes to a court clerk.
Tens of thousands of Americans with disabilities have lost their voting rights. It usually happens when a court assigns a legal guardian to handle their affairs. Now, some of those affected are fighting to get back those rights. David Rector recently went to Superior Court in San Diego, Calif., to file a request to have his voting rights restored. Rector lost those rights in 2011 when his fiance, Rosalind Alexander-Kasparik, was appointed his conservator after a brain injury left him unable to walk or speak. Alexander-Kasparik says he was still able to communicate his wishes to a court clerk. “He did manage to say through his electronic voice on his eye-tracking device, ‘I, David Rector, want my voting rights restored, immediately,'” she told supporters outside the courthouse. That’s crucial, because under a new California law, individuals with guardians have to express a desire to vote to be able to do so. Rector, who used to work as a producer for NPR, is believed to be one of more than 30,000 Californians — and an unknown number of others in the U.S. — who’ve lost their voting rights under state guardianship laws. “The problem with those laws is that a determination of guardianship or competence really has nothing to do with someone’s ability to vote,” says Jennifer Mathis, director of policy and legal advocacy at the Judge David L. Bazelon Center for Mental Health Law in Washington DC . “They have to do with someone’s ability to ensure their basic health and safety needs.” She says just because someone can’t do one thing, doesn’t mean they can’t do another.
Voting machine vulnerabilities go well beyond what most voters know, warns Dan Zimmerman, a computer scientist who specializes in election information technology. There probably is not time to fix all of those vulnerabilities by November. But there are still things election officials could do to reduce the hack-ability of the U.S. presidential election. Here are his five steps for making the U.S. election less hackable.
1. More federal oversight (and not just on Election Day)
This week’s report sophisticated actors in Russia trying to penetrate voter databases sounded alarm bells about the U.S. election being hacked. Zimmerman, who works with Free & Fair, a company that provides election-related IT services, says that because most electronic voting machines are not connected to the internet, the threat of remote hacking from Russia is small. The machines are far from secure, however.
The U.S. election system will likely face a significant trial this year, thanks to a summer of startling revelations including nation-state-linked attacks targeting the Democratic National Committee and state voter databases, along with a statement of no-confidence by the Republican nominee. The result has been a slew of media stories positing how the election could be hacked. The ongoing cyber-attacks and raised doubts will put states’ choice of voting technology under the microscope, with a focus on the security of voting systems and the ability to audit the results produced by those balloting systems, according to election security experts. Unfortunately, while all but five states now have at least some systems with a verifiable paper trail, more than half do not have meaningful post-election audits, according to Verified Voting, a group focused on improving election-system integrity and accuracy. “We would like to see post-election audits everywhere,” Pamela Smith, director of the group, told eWEEK. “There is actual research showing that being able to conduct a robust audit in a public way brings confidence in the election. A voter-verifiable paper ballot is a tool to instill confidence that the election has come to true result.”
A suspected Russian hacker probed a voter registration database in Arizona and another unidentified attacker gained entry to one in Illinois this summer, election officials said, prompting the FBI to warn states their election boards should conduct vulnerability scans. The systems that count votes in elections were not compromised, officials said, and the hacks don’t appear to be politically motivated. Still, the breaches add to concerns such attacks could exploit the personal data of millions of voters for monetary or political gain. Those worries have been running high after July reports that the Democratic National Committee’s email system had been hacked, a breach U.S. intelligence officials believe was perpetrated by the Russian government. “We’re all very aware that it’s less than 80 days before an important election,” said Pamela Smith with Verified Voting, a non-partisan, non-profit organization that advocates for election transparency.
As Democrats in the U.S. Congress call for the Federal Bureau of Investigation to investigate concerns that Russia may be trying to manipulate the November general election with cyberattacks, government officials are wrestling with new challenges to ensure accurate results. In a letter dated Saturday to FBI Director James Comey, Senate Minority Leader Harry Reid of Nevada said the threat of Russia tampering with the elections “is more extensive than widely known.” “The prospect of a hostile government actively seeking to undermine our free and fair elections represents one of the gravest threats to our democracy since the Cold War,” Reid added. Reid’s letter was followed by one from four Democrats who asked the FBI to investigate whether officials of Republican presidential nominee Donald Trump’s campaign may have conspired with Russia to carry out recent hacks against the Democratic National Committee and Democratic Congressional Campaign Committee to “interfere with the U.S. presidential election.”
Reports this week of Russian intrusions into US election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology – and leave old-fashioned paper tallies behind – created new sets of vulnerabilities that have taken years to fix. “There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”
Soon after the 2000 presidential elections went to a recount, Americans got acquainted with an exotic new vocabulary – hanging chads and butterfly ballots – and what lawmakers saw as a modern solution to the nightmare of punchcard voting systems: electronic voting machines. In 2002, Congress passed the Help America Vote Act, pouring nearly $3 billion into an effort to get states to adopt those machines. More than a decade and a half later, those same electronic machines are still around in many states. And the system arising from the 2002 congressional fix is now at the heart of growing concerns over the integrity of this year’s elections, with cybersecurity experts suggesting that it is an easy target for hackers. Federal authorities are beginning to get involved. But the best insurance for election integrity – a system that uses paper to back up electronic results – may require new federal funding. Not all of the country is on equally precarious footing. Partly because of bad experiences with glitches in electronic voting machines, some localities have been shifting in recent years toward paper-backed systems.
Wednesday’s Supreme Court deadlock ensured that North Carolina’s restrictive voting law won’t be in force for the November election. But it also underlined that the court’s four conservatives appear wedded to a strikingly limited approach to protecting access to the ballot. And it made clearer than ever that the future of voting rights in America will likely be determined by the court’s ninth justice—and therefore by the winner of the presidential election. In a 4-4 ruling that included no explanation, the high court rejected North Carolina’s bid to reinstate its photo ID requirement, its cuts to early voting, and its elimination of a popular pre-registration program for high-school students. All those provisions of the state’s voting law, and others, were blocked by a federal appeals court panel in July. The decision wasn’t a surprise. More notable was that three of the court’s conservatives—Chief Justice John Roberts, and Justices Anthony Kennedy and Samuel Alito—would have granted North Carolina’s request to put the ID requirement and the early voting cuts back into effect. The fourth conservative, Justice Clarence Thomas, would have done so for all three provisions at issue.
The Federal Election Commission has a few questions for God, Satan, and the Ghost of Ronald Reagan, all of whom have filed paperwork to run for office this election cycle. This implausible scenario is part of a policy aimed at dealing with an influx of suspicious-sounding presidential candidate names. It’s relatively easy to register as a presidential candidate, and during the 2016 election plenty of people seem to be taking advantage of that. As a result, the federal agency is now asking whoever filed paperwork to run for president under the names “God,” “Satan,” and “Ronald Reagan’s Ghost” to prove they actually exist. “It has come to the attention of the Federal Election Commission that you may have failed to include an accurate candidate name,” a letter sent by the commission to “H. Majesty Satan Lord of Underworld Prince of Darkness!” in College Station, Texas dated August 31, 2016 reads. “The Commission requires the filing to be true, correct and complete,” the letter warns, adding that “knowingly and willfully making any materially false, fictitious, or fraudulent statement or representation to a federal government agency, including the Federal Election Commission, is punishable.”
Online volunteers seeking to help Donald Trump by making phone calls might be signing up for more than they bargained for. To sign up on Trump’s website, potential volunteers must agree to a 2,271-word non-disclosure agreement in which they also promise they won’t compete against or say anything bad about Trump, his company, his family members or products – now and forever. The agreement is a required part of the sign-up process for Trump Red Dialer, an online call system that connects volunteers for the Republican presidential candidate with potential voters. Earlier this year, volunteers for Trump in New York had to sign non-disclosure agreements in person before making phone calls at Trump Tower. But the website requirement is the first indication that online volunteers must also sign the form, even if they’ll never meet a Trump family member, attend a Trump rally, meet a campaign staffer in person or step inside a Trump campaign office.
National: Controversial anti-voter fraud program risks disenfranchising voters through racial bias, report finds | Facing South
Back in 2005, Kansas Secretary of State Kris Kobach — who as chair of his state’s Republican Party championed an illegal voter suppression technique called “caging” — launched a program called Interstate Crosscheck to compare voter registration data across states and ferret out evidence of double voting. The program has since expanded to 30 states, according to the National Conference of State Legislatures (NCSL), but it’s been controversial from the start. For one thing, it’s resulted in very few actual cases of fraud being referred for prosecution, as alleged cases of double voting in multiple states turned out to be clerical and other errors. One tally found that while the program has flagged 7.2 million possible double registrants, no more than four have actually been charged with deliberate double registration or double voting. Meanwhile, some states including Florida dropped out of the program due to doubts about the reliability of its data — though others, including the swing state of North Carolina, joined despite those issues.
The FBI has responded to recent concerns about U.S. voting systems being targeted for cyberattacks as Election Day approaches, saying the agency takes the threat “very, very seriously” and is working to “equip the rest of our government with options.” FBI Director James Comey addressed the issue while speaking to government and private-industry experts attending the Symantec Government Symposium in Washington, D.C. “We take very seriously any effort by any actor,” he said, “to influence the conduct of affairs in our country, whether that’s an election or something else.” His comments come one day after news surfaced about FBI warnings to the states that hackers had infiltrated one state board of election and targeted another.
When an FBI alert to state election authorities warning them of hacking leaked to the media this week, the result was one of studied panic. Two voter registration databases in Arizona and Illinois had been penetrated, and some experts saw it as confirmation that Russia had escalated its campaign of hacking U.S. political organizations. Russian President Vladimir Putin just “unleashed the hounds” on the U.S. election system, one industry executive declared. So far, there is scant evidence that hackers working on behalf of Russian intelligence penetrated two fairly inconsequential voter databases in Arizona and Illinois. The FBI told election authorities in Arizona that Russian hackers were responsible for stealing a set of user credentials but provided no details about whether it was a criminal or state-sponsored group. In a letter to the FBI on Monday, Senate Minority Leader Harry Reid asked the bureau to investigate whether Russia is attempting to manipulate results of November’s elections. Russian efforts to do so are “more extensive than is widely known and may include the intent to falsify official election results,” he wrote.
The committee traditionally has advised the DNI on foreign attempts to thwart U.S. intelligence through trickery. But in the cyber era, the committee has increasingly looked at how nation states use computer attacks to conduct espionage and spread propaganda. Russia, China, North Korea, Iran are primary subjects, the officials said. The consensus among U.S. intelligence analysts is that Russia is seeking to undermine confidence in the U.S. system, using the hacks into the Democratic National Committee, state election systems and other targets that have yet to be made public, as part of a larger campaign. Whether Russia can directly manipulate voting machines or “hack” into election systems, they say, is not clear and is mainly outside the jurisdiction of U.S. intelligence. Intelligence analysts are uncertain about the Russian government’s intentions relating to U.S. politics, but they don’t believe Russia is actively trying to favor Republican Donald Trump, as some have suggested. Instead, Russia may be trying to foment chaos. “Let’s just throw some spaghetti on the wall, and whatever sticks, sticks,” said one senior Congressional aide briefed on intelligence, describing a likely scenario.
Reports this week of Russian intrusions into U.S. election systems have startled many voters, but computer experts are not surprised. They have long warned that Americans vote in a way that’s so insecure that hackers could change the outcome of races at the local, state and even national level. Multibillion-dollar investments in better election technology after the troubled 2000 presidential election count prompted widespread abandonment of flawed paper-based systems, such as punch ballots. But the rush to embrace electronic voting technology – and leave old-fashioned paper tallies behind – created new sets of vulnerabilities that have taken years to fix. “There are computers used in all points of the election process, and they can all be hacked,” said Princeton computer scientist Andrew Appel, an expert in voting technologies. “So we should work at all points in that system to see how we make them trustworthy even if they do get hacked.”
Top House Democrats are asking the FBI to investigate whether connections between Donald Trump’s campaign aides and Russian interests led to the cyberattacks at the Democratic National Committee and Democratic Congressional Campaign Committee. “We are writing to request that the FBI assess whether connections between Trump campaign officials and Russian interests may have contributed to these attacks in order to interfere with the U.S. presidential election,” the lawmakers wrote in a letter sent to FBI Director James Comey on Tuesday. The letter was signed by Rep. Elijah Cummings, D-Maryland, ranking member on the House Oversight and Government Reform Committee; Rep. John Conyers, D-Michigan, ranking member on the House Judiciary Committee; Rep. Eliot Engel, D-New York, ranking member on the House Foreign Affairs Committee; and Rep. Bennie Thompson, D-Mississippi, ranking member on the Homeland Security Committee.
Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned. The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitri Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks. Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.