National: Hackers at Def Con break into voting machines to identify security flaws | Tech2

Def Con, one of the world’s largest security conventions, served as a laboratory for breaking into voting machines on 10 August, extending its efforts to identify potential security flaws in technology that may be used in the November US elections.Hackers will continue to probe the systems over the weekend in a bid to discover new vulnerabilities, which could be turned over to voting machine makers to fix.The three-day Las Vegas-based “Voting Village” also aimed to expose security issues in digital poll books and memory-card readers. “These vulnerabilities that will be identified over the course of the next three days would, in an actual election, cause mass chaos,” said Jake Braun, one of the village’s organizers. “They need to be identified and addressed, regardless of the environment in which they are found.”

National: Campaigns and candidates still easy prey for hackers | Politico

Some bathrooms have signs urging people to wash their hands. But at the Democratic National Committee, reminders hanging in the men’s and women’s restrooms address a different kind of hygiene. “Remember: Email is NOT a secure method of communication,” the signs read, “and if you see something odd, say something.” The fliers are a visible symptom of an increased focus on cybersecurity at the DNC, more than two years after hackers linked to the Russian military looted the committee’s computer networks and inflamed the party’s internal divides at the worst possible time for Hillary Clinton. But the painful lessons of 2016 have yet to take hold across the campaign world — which remains the soft underbelly for cyberattacks aimed at disrupting the American political process.

National: Election officials say money, training needed to improve security | Las Vegas Review-Journal

Regional U.S. election officials attending a hacker conference Friday in Las Vegas said they need more money and training to enhance cybersecurity of their election infrastructure. The thousands of local election officers around the U.S. have neither the cyber-knowledge nor resources to stand up to attacks from adversarial nations and need the support of state and federal governments, they said. But they warned that focusing too much on the vulnerabilities could backfire by undermining citizens’ confidence in the system. “There has never been such a spotlight and emphasis (on election hacking) as there has been since 2016. That is our new reality,’’ California Secretary of State Alex Padilla told an audience attending the annual Defcon computer security conference at Caesars Palace. “If it gets into the mind of anybody that maybe my vote isn’t going to matter, so why should I go vote — that is a form of voter suppression,” he said.

National: US officials hope hackers at Defcon find more voting machine problems | CNET

This election day, US officials are hoping for a vote of confidence on cybersecurity. Hackers at the Defcon cybersecurity conference in Las Vegas on Friday took on voting machines again, after showing how easy it was to break into election machines at last year’s gathering. This time around, officials from the US Department of Homeland Security were on hand to learn directly from hackers who find problems with election security. “We’ve been partners with Defcon for years on a lot of various different issues, so we see a lot of value in doing things like this,” Jeanette Manfra, the DHS’s top cybersecurity official, said at Defcon. In her speech, Manfra invited hackers at Defcon to come find her after to talk more about election security. “We’d love it if you worked for us, we’d love it if you worked with us,” she said.

National: House Intel lawmakers introduce bipartisan election security bill | The Hill

Four lawmakers on the powerful House Intelligence Committee, including two Republicans, are introducing legislation to help states secure the nation’s digital election infrastructure against cyberattacks following Russian interference in the 2016 election. The bill, which is a companion to a measure in the upper chamber spearheaded by Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.), is a direct response to the effort by Moscow’s hackers to target state websites and other systems involved in the electoral process in the run-up to the 2016 vote. “Although the Russian government didn’t change the outcome of the 2016 election, they certainly interfered with the intention of sowing discord and undermining Americans’ faith in our democratic process,” said Rep. Tom Rooney (R-Fla.) in a statement Friday. “There’s no doubt in my mind they will continue to meddle in our elections this year and in the future.” 

National: Voting Rights Advocates Used to Have an Ally in the Government. That’s Changing. | The New York Times

A new voter ID law could shut out many Native Americans from the polls in North Dakota. A strict rule on the collection of absentee ballots in Arizona is being challenged as a form of voter suppression. And officials in Georgia are scrubbing voters from registration rolls if their details do not exactly match other records, a practice that voting rights groups say unfairly targets minority voters. During the Obama administration, the Justice Department would often go to court to stop states from taking steps like those. But 18 months into President Trump’s term, there are signs of change: The department has launched no new efforts to roll back state restrictions on the ability to vote, and instead often sides with them. Under Attorney General Jeff Sessions, the department has filed legal briefs in support of states that are resisting court orders to rein in voter ID requirements, stop aggressive purges of voter rolls and redraw political boundaries that have unfairly diluted minority voting power — all practices that were opposed under President Obama’s attorneys general.

National: Group Files Lawsuit to Challenge Electoral College | Roll Call

A group is suing two red states and two blue states to change the Electoral College system. Former Massachusetts Gov. William Weld, Harvard Law professor Lawrence Lessig and David Boies, who served as former Vice President Al Gore’s lawyer in Bush v. Gore, make up the group according to the Boston Globe. The group is suing two predominantly Democratic states (California and Massachusetts) and two predominantly Republican states (Texas and South Carolina.) They argue the winner-take-all format of the Electoral College disenfranchises numerous voters and that it violates the principle of “one person, one vote.” Boies said the Electoral College system leads to candidates only campaigning to certain groups of voters and ignoring others.

National: At DEF CON ’18, kids as young as 5 challenged to hack election results websites, voting machines | ABC

At DEF CON, one of the world’s largest hacking conferences, hackers clad in black hoodies made headlines last year when they exposed an array of structural vulnerabilities in voting technology, successfully hacking into every voting machine they attempted to breach. This year’s DEF CON kicks off Friday in Las Vegas, and hackers will again have access to dozens of pieces of equipment — voting machines and pollbooks widely used in U.S. elections, including several models they haven’t previously attempted to crack. Children as young as 5 will compete to hack election results websites, and DEF CON has partnered with children’s hacking organization r00tz Asylum to award prizes to the first and youngest kids to breach the sites and hack equipment.

National: Advocates Say Paper Ballots Are Safest | Bloomberg

In June, voting security advocate Marilyn Marks bought four used optical scanners online from the Canadian government for about $2.50 apiece. Her purchase was meant to make a point: The state of Georgia doesn’t have to spend a lot to replace computerized voting machines considered the most vulnerable in the U.S. And it could do so in time for the midterm elections. Marks’s advice: Don’t listen to lobbyists for vendors pushing unnecessarily fancy and expensive voting equipment. Go back to paper ballots. Buy cheap used scanners to read them. Get it done now. “The Department of Homeland Security has said it. Every cyber expert says it,” she says. Voting machines like Georgia’s “are a national security risk.” As government officials warn of continuing cyberattacks intended to disrupt U.S. elections, Georgia is among 14 states heading into Election Day using touchscreen, computerized machines that don’t meet federal security guidelines because they produce no paper record—so voters can’t verify their choices and officials can’t audit the results.

National: Hackers at convention to ferret out election system bugs | Reuters

Def Con, one of the world’s largest hacker conventions, will serve as a laboratory for breaking into voting machines this week, extending its efforts to identify potential security flaws in technology that may be used in the November U.S. elections.  The three-day “Voting Village,” which opens in Las Vegas on Friday, also aims to expose vulnerabilities in devices such as digital poll books and memory-card readers. Def Con held its first voting village last year after U.S. intelligence agencies concluded the Russian government used hacking in its attempt to support Donald Trump’s 2016 candidacy for president. Moscow has denied the allegations.

National: Def Con steps out of the shadows to fight election cyber threat | Financial Times

Hacking democracy was as easy as abcde. When Carsten Schurmann sat down to hack one of the voting machines used instead of paper ballots in the state of Virginia, he used a simple online tool to discover a flaw in the machine that had been public — and remained unfixed — for 14 years. And he already knew the password, because he had found that on the internet, too. The password was abcde. Wearing a short-sleeved shirt and wire-framed glasses, the Danish computer science professor described how simple it had been to get in to the WINvote machine, after which he was able to tamper with the vote tally. “The machines are all vulnerable,” he said. “I’m not a hacker but I tried the first thing and it worked.”

National: Many states are purging voters from the rolls – On election day, stay away | The Economist

In 1965 President Lyndon Johnson signed the Voting Rights Act. Among other things, this required places with a history of discriminating against non-white voters to obtain federal approval before changing the way they conducted elections. In the ensuing decades it narrowed, and in some cases reversed, racial gaps in voting. Congress repeatedly reauthorised the Act, most recently in 2006 for 25 years. But in 2013 the Supreme Court gutted the pre-clearance provision. Since then states that had been bound by it have purged voters from their rolls at a greater rate than other states. That is part of a dramatic rise in voter purges in recent years. Many on the right say such purges and other policies are essential to ensuring electoral integrity. Others see a darker purpose.

National: More Government Websites Encrypt as Google Chrome Warns Users Non-HTTPS Sites are ‘Not Secure’ | Goverment Technology

Google Chrome, the most widely used Internet browser, has officially started warning users that unencrypted Web pages are “not secure.” Among those “not secure,” as of Aug. 9: The front pages of the official government websites for 14 states and four of the nation’s 10 most populous cities. Encryption — most easily represented with an “HTTPS” rather than “HTTP” in front of a site’s Web address — is the practice of encoding data traveling between a website and its visitor so that any third parties who are able to peek into the data don’t know what’s happening. With encryption, users can reasonably expect that their connection is private. Without it, bad actors can do things like steal information and change a Web page’s content without the user realizing it. It has become more or less the standard for the Internet. According to Google, 93 percent of Web traffic on Chrome takes place on encrypted pages. The tech giant started labeling non-HTTPS pages as “not secure” to push laggards toward encryption.

National: U.S. census citizenship question panned by scientists, civil rights groups | Reuters

As the U.S. government closed a public comment period on Wednesday on its plans for the 2020 census, scientists, philanthropists and civil rights groups used the occasion to again criticize plans to include a question about U.S. citizenship. The comment period gave any member of the public a chance to comment on aspects of the census which is a mandatory, once-a-decade count of the U.S. population that next occurs in April 2020. The comments have not yet been published, but some groups and individuals reinforced their opposition to the Trump administration’s plan to ask census respondents whether they are U.S. citizens.

National: Michael McCaul presses Senate to pass critical bipartisan cyber and election security legislation | Washington Times

Warning of continuing threats to U.S. interests across cyberspace, House Homeland Security Chairman Rep. Michael McCaul on Wednesday again urged the Senate to pass legislation intended to rename and reorganize the Department of Homeland Security’s primary cyber protection wing. The proposal, which the House passed in December, would streamline DHS’s primary operation currently overseeing the defense of federal networks and U.S. critical infrastructure from cyber threats, known as the National Protection and Programs Directorate (NPPD). The bill creates a stand-alone organization for that mission with a more logical name, the Cybersecurity and Infrastructure Security Agency (CISA).

National: Trump team isn’t doing enough to deter Russian cyberattacks, according to our panel of security experts | The Washington Post

The White House insists that it’s mounting a robust response to digital offensives against election systems and other critical infrastructure. We asked The Network, a panel of more than 100 cybersecurity leaders from government, academia and the private sector, to share their opinions in our ongoing, informal survey. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.) Our survey revealed broad doubts among experts about the country’s deterrence strategy, after President Trump chose not to back the U.S. intelligence community’s conclusions that Moscow directed the cyberattacks aimed at disrupting the 2016 presidential election at a July press conference with Russian President Vladimir Putin.

National: “A Horrifically Bad Idea”: Smartphone Voting Is Coming, Just in Time for the Midterms | Vanity Fair

Almost a year ago, the Department of Homeland Security alerted roughly half of all U.S. states that their election systems had been the targets of hackers linked to Russia. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, later confirmed the attacks. “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,” she told NBC News in February. Even worse, experts have warned that Russia’s attempts at meddling did not end in 2016. “They’re still very active—in making preparations, at least—to influence public opinion again,” Feike Hacquebord, a security researcher at Trend Micro, told the Associated Press in January. The Trump administration, meanwhile, is doing painfully little to prevent future attacks. The president’s repeated denials of Russian meddling is another form of malign neglect. With less than three months to go until Americans return to the polls en masse, the United States remains deeply vulnerable to any hackers who might like to cast a vote of their own.  Enter Voatz. With a name reminiscent of a plot device in Idiocracy, Voatz is a mobile election-voting-software start-up that wants to let you vote from your phone. In the upcoming midterm elections, West Virginians serving overseas will be the first in the U.S. to be able to vote via a smartphone app using Voatz technology, CNN reported Monday. The Boston-based company raised $2.2 million earlier this year, helped along by buzzwords such as “biometrics” and “blockchain,” which it claims allows it to secure the voting process. Its app reportedly requires voters to take and upload a picture of their government-issued I.D., along with a selfie-style video of their face, which facial-recognition technology then uses to ensure the person pictured in the I.D. and the person entering a vote are the same. The ballots are anonymized and recorded on the blockchain.

National: States have a lot of work to do on cybersecurity, and they shouldn’t wait for kids to find the problems | Washington Examiner

Today in Michigan, Ohio, Kansas, Washington, and Missouri, voters head to the polls to vote in primaries. But how safe are state websites with voter information? If you ask the organizers of the kids’ program at DEFCON, the answer is, so unsafe that a kid could probably figure out how to hack it. DEFCON, a top tier cybersecurity conference, has a program for kids called “r00tz,” and this year, part of the agenda is to have them hack replicas of state elections websites. The goal of the event is to both teach the participants basics of hacking, but also scare states into taking action to safeguard web security.

National: Hackers Already Attacking Midterm Elections, Raising U.S. Alarms | Bloomberg

The U.S. midterm elections are at increasing risk of interference by foreign adversaries led by Russia, and cybersecurity experts warn the Trump administration isn’t adequately defending against the meddling. At stake is control of the U.S. Congress. The risks range from social media campaigns intended to fool American voters to sophisticated computer hacking that could change the tabulation of votes. At least three congressional candidates have already been hit with phishing attacks that strongly resemble Russian sabotage in the 2016 campaign. Among them was Senator Claire McCaskill, a Missouri Democrat in one of the year’s most hotly contested races.

National: Cyberattacks Haven’t Stopped but Neither Have Bills to Fight Them | Nextgov

When they took the podium at Thursday’s White House press briefing, national security and intelligence chiefs had one resounding message for the American people: The country is still under attack. “Russia attempted to interfere with the last election and continues to engage in malign influence operations to this day,” said FBI Director Christopher Wray. “This is a threat we need to take extremely seriously and to tackle and respond to with fierce determination and focus.” Wray was joined by Director of National Intelligence Dan Coats, Homeland Security Secretary Kirstjen Nielsen, National Security Agency chief Gen. Paul Nakasone and National Security Adviser John Bolton, all of whom reiterated their commitment to defending against foreign influence campaigns. The briefing came the day after internet researchers urged the government to take more targeted actions against online misinformation campaigns at a Senate Intelligence Committee hearing.

National: Amid cybersecurity fears, tech firms are offering to help secure the U.S. elections for free or at a discount | Fast Company

American democracy is under attack, with foreign spies and trolls throwing wrenches into the workings of U.S. elections—be it attempts to hack candidate websites, scramble voter rolls, or spread fake news on social media platforms. While Washington bickers about whether it’s spending enough on security upgrades ($380 million has been allocated, with Democrats repeatedly asking for more), the overtaxed cities and counties that actually run the polls are scrambling to catch up. Although Silicon Valley has come under fire for its role in recent elections around the world, enabling the social media vandalism of 2016, for instance, several tech firms are now stepping up to boost election security with free or discounted services. “We saw that tech was being used to undermine elections. And the question was, could we be a tech company that was helping to provide our services to help support those elections?” says Matthew Prince, CEO of the content-delivery network and security service Cloudflare.

National: The 2020 census could be a prime target for hackers | The Washington Post

The Census Bureau is trying to quell concerns that it’s not prepared to protect Americans’ data from cyber intrusions when it conducts the first fully digital census in 2020. Kevin Smith, the Census Bureau’s chief information officer, used a little-publicized quarterly meeting Friday to explain how the agency is working with the Department of Homeland Security and using tools such as encryption to safeguard the troves of information it will gather in the next population count. “I want to stress that protection of the data we collect is census’s highest priority,” he said. Smith outlined some fairly basic steps, which are unlikely to satisfy a growing group of critics who say the bureau has for months avoided answering questions about its cybersecurity preparations. These critics, including members of the House Oversight Committee and former senior national security officials, argue the bureau, which is part the Commerce Department, has fallen behind on important equipment tests and left the public in the dark about whether it had implemented even minimal cybersecurity practices. They want more transparency at a time when Russian election hacks and other data breaches are increasingly putting Americans’ personal information at risk.

National: Judge Shuts Down Multimillion-Dollar Loophole In Election Law | NPR

A widely used loophole for funneling secret “dark money” into political ads closed quietly last weekend, as a federal judge concluded it thwarted Congress’ intent to have broad disclosure of political money. Chief Judge Beryl Howell, of the U.S. District Court for the District of Columbia, threw out a regulation adopted by the Federal Election Commission in 1980. The rule said that “non-political” groups, such as 501(c) nonprofit organizations, could ignore a disclosure law if donors’ contributions were earmarked for specific advertisements — an exception that wasn’t in the law passed by Congress. Howell’s decision was issued Friday evening.

National: Kris Kobach used flawed research to defend Trump’s voter fraud panel, experts say | The Washington Post

After Matthew Dunlap, one of the members of President Trump’s disbanded voting fraud panel, released documents from the commission showing that it had failed to turn up any evidence of widespread voter fraud last week, the panel’s vice chair, Kansas Secretary of State Kris Kobach, made his case for the commission’s existence. One of the foremost proponents of stricter voter identification laws, Kobach, who is running in the primary Tuesday for the Republican nomination for the state’s governorship, has been undeterred since a federal judge struck down a restrictive voting law he had advocated for in the state. And in a statement sent to The Washington Post, Kobach accused Dunlap of being “willfully blind to the voter fraud in front of his nose,” pointing to studies from two conservative groups about the supposed voter fraud that he has been so vocal about: a database from the Heritage Foundation that found 983 convictions in state, local and federal elections dating back decades, and a study from the Government Accountability Institute, a nonprofit founded by Stephen K. Bannon and another Breitbart editor, that purported to find 8,400 instances of double voting in the 2016 election.

National: Homeless Americans Can Vote, But It Isn’t Easy | HowStuffWorks

If voting is the cornerstone of American democracy, then why does it have to be such a pain? Election Day in the U.S. is always a Tuesday, smack in the middle of the work week. If you move to a new state or county, you need to re-register. State voter ID requirements change all the time, so you could show up to a polling station, wait in line and still get blocked from voting. Now imagine that you’re homeless in America. You move so frequently that it’s nearly impossible to maintain a stable mailing address. You’ve never had a driver’s license and your Social Security card was lost years ago. You can’t afford transportation to the county elections office or your local polling place. And frankly, you have a lot more pressing problems than registering to vote. So, while homeless people have every right to vote in U.S. elections (and may want to if only to influence policy on housing and poverty), the obstacles to successfully registering and voting while homeless can be insurmountable.

National: Local Officials Call Federal Election Funds ‘A 10-Cent Solution To A $25 Problem’ | WGBH

States across the country are in the process of receiving grants from the federal government to secure their voting systems. Earlier this year Congress approved $380 million in grants for states to improve election technology and “make certain election security improvements.” But how states use that money is up to them. In Texas, officials say they want to use the bulk of their grant to secure the state’s voter registration database. According to federal officials, Russians tried to hack a Texas election website in 2016. Dana Debeauvoir, who runs elections in Austin, Texas, as the Travis County clerk, says running elections has become increasingly more expensive and technologically complicated. She says she cast her first ballot on a lever machine — a big metal box with a bunch of tiny metal handles voters crank to select the candidate of their choice. These machines, and others, were banned by Congress when lawmakers passed the Help America Vote Act in 2002. “So they are now no longer used — also right along with punch card voting,” Debeauvoir says.

National: Trump’s ‘bizarre’ voter fraud panel found none, former member Matthew Dunlap says | The Washington Post

Maine Secretary of State Matthew Dunlap, one of the 11 members of the commission formed by President Trump to investigate supposed voter fraud, issued a scathing rebuke of the disbanded panel on Friday, accusing Vice Chair Kris Kobach and the White House of making false statements and saying that he had concluded that the panel had been set up to try to validate the president’s baseless claims about fraudulent votes in the 2016 election. Dunlap, one of four Democrats on the panel, made the statements in a report he sent to the commission’s two leaders — Vice President Pence and Kobach, who is Kansas’s secretary of state — after reviewing more than 8,000 documents from the group’s work, which he acquired only after a legal fight despite his participation on the panel. Before it was disbanded by Trump in January, the panel had never presented any findings or evidence of widespread voter fraud. But the White House claimed at the time that it had shut down the commission despite “substantial evidence of voter fraud” due to the mounting legal challenges it faced from states. Kobach, too, spoke around that time about how “some people on the left were getting uncomfortable about how much we were finding out.” 

National: Trump’s voter fraud claim untrue, election official says | USA Today

There’s no proof to support President Donald Trump’s repeated claims of widespread voter fraud during the 2016 election, according to a member of the disbanded commission set up to examine abuse at the ballot box. Maine Secretary of State Matthew Dunlap, who sat on the Presidential Advisory Commission on Election Integrity, wrote Friday that a review of documents shows the panel’s evidence of voter fraud is “glaringly empty.” Dunlap said the documents confirmed the commission’s “troubling bias” that assumed widespread fraud going into the review before any data had been collected.

National: Red state and GOP efforts to purge voter rolls have been stymied | Salon

As a key deadline approaches next week on updating statewide voter rolls before the November election, it appears a controversial data-mining operation mostly used by red states to purge legitimate voters is withering, or at least dormant, in 2018. The Interstate Voter Registration Crosscheck program, known as Crosscheck, has been blasted in the press, academia,legal briefs, and federal court rulings for sloppy analytics that generate tens or hundreds of thousands of suspected duplicate voter registrations in member states. (It uses few data specifics, including common names, producing false positives.) Some of those states have used Crosscheck’s analyses to turn a bland voter roll bookkeeping process (removing dead people, people who moved) into a partisan cudgel. This June, a federal district court issued a restraining order against Indiana election officials to not use Crosscheck to prematurely purge its voter rolls.

National: Democratic House candidate claims Russians tried to hack campaign website | The Hill

The Democrat challenging Rep. Martha Roby (R) for her Alabama House seat says that her campaign website faced more than 1,400 hacking attempts, most of them from Russia. Tabitha Isner told Business Insider that the attempts were first brought to her attention when the company that she uses to host her website advised her to upgrade her services because of a spike in traffic. That’s when she had her web administrator examine the uptick, she told the news outlet. The web administrator, Kristopher Vilamaa, said that when he looked into it, he discovered that many Russian IP addresses had been blocked from the site.