National: Experts: States need help to protect voting machines from Russians | USA Today

Congress needs to boost funding to states to help them buy secure voting machines to prevent Russia and other hostile nations from hacking U.S. elections, election experts told a House panel Wednesday. “This is a critical need, and must be addressed immediately (to have an impact on the 2018 election),” said Edgardo Cortés, commissioner of the Virginia Department of Elections, which held statewide elections earlier this month. Experts also recommended that states stop using touchscreen voting machines and replace them with paper-based systems such as optical scanners that tabulate paper ballots and provide tangible evidence of election results. “In many electronic voting systems in use today, a successful attack that exploits a software flaw might leave behind little or no forensic evidence,” warned Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This can make it effectively impossible to determine the true outcome of an election or even that a compromise has occurred.”

National: Are states prepared to protect the next election from hackers? | GCN

A Nov. 29 House hearing on the cybersecurity of voting infrastructure highlighted warnings about some machines used to cast votes and the software used to tally them, but officials were positive about the progress being made and the low likelihood that an attack could actually switch any votes. Several experts who testified at the hearing, held by the House Oversight Committee’s subcommittees on information technology and intergovernmental affairs, recommended that states should begin switching — if they haven’t already — away from direct-recording electronic voting machines. Matt Blaze, a computer science professor at University of Pennsylvania, said the complexity of DRE machines makes them very hard to secure. The vote tallies stored in internal memory, ballot definition parameters displayed to voters and electronic log files used for post-election audit are all subject to alteration.

National: The time to hack-proof the 2018 election is expiring — and Congress is way behind | Politico

Lawmakers are scrambling to push something — anything — through Congress that would help secure the nation’s voting systems ahead of the 2018 elections. But it might already be too late for some critical targets. By this point during the 2016 election cycle, Russian hackers had already been in the Democratic National Committee’s networks for at least three months. Members of both parties insist they can get something done before Election Day 2018, but concede that the window is rapidly closing. Voters in Texas and Illinois will take to the polls in the country’s first primaries in just over three months — a narrow timeline for implementing software patches, let alone finding the funds to overhaul creaky IT systems, swap out aging voting machines or implement state-of-the-art digital audits. “Not a lot of time, no question,” Senate Intelligence Chairman Richard Burr (R-N.C.), who is leading an investigation of Russia’s election-year meddling, told POLITICO.

National: Court Order Barring RNC From Voter Intimidation Set to Expire Friday | Bloomberg

A 35-year-old federal court order prohibiting the Republican National Committee from engaging in voter verification and other “ballot security” measures is set to expire Friday, something the GOP says is long overdue but voting rights advocates argue is still needed to prevent intimidation at the polls. Lawyers for the Republican National Committee said in court filings that the organization has been in compliance for years, even going beyond what is outlined in the consent decree. It opts against participating in poll-watching activities, for example, even though they are allowed under the order. “The RNC has worked hard to comply with its obligations under the Consent Decree,” lawyers wrote in documents filed with the court.

National: Trump Pressed Top Republicans to End Senate Russia Inquiry | The New York Times

President Trump over the summer repeatedly urged senior Senate Republicans, including the chairman of the Senate Intelligence Committee, to end the panel’s investigation into Russia’s interference in the 2016 election, according to a half dozen lawmakers and aides. Mr. Trump’s requests were a highly unusual intervention from a president into a legislative inquiry involving his family and close aides. Senator Richard Burr of North Carolina, the intelligence committee chairman, said in an interview this week that Mr. Trump told him that he was eager to see an investigation that has overshadowed much of the first year of his presidency come to an end. “It was something along the lines of, ‘I hope you can conclude this as quickly as possible,’” Mr. Burr said. He said he replied to Mr. Trump that “when we have exhausted everybody we need to talk to, we will finish.”

National: Senate GOP campaign arm stole donor data from House Republicans | Politico

Staffers for Senate Republicans’ campaign arm seized information on more than 200,000 donors from the House GOP campaign committee over several months this year by breaking into its computer system, three sources with knowledge of the breach told POLITICO. The unauthorized raid on the National Republican Congressional Committee’s data created a behind-the-scenes rift with the National Republican Senatorial Committee, according to the sources, who described NRCC officials as furious. It comes at a time when House Republicans are focused on preparing to defend their 24-seat majority in the 2018 midterm elections. And it has spotlighted Senate Republicans’ deep fundraising struggles this year, with the NRSC spending more than it raised for four months in a row. Multiple NRSC staffers, who previously worked for the NRCC, used old database login information to gain access to House Republicans’ donor lists this year.

National: DHS official says ‘trust’ with states prevents sharing cyber threats to election with Congress | InsideCyberSecurity

The Department of Homeland Security’s Christopher Krebs told House lawmakers that a “trust” relationship with state officials has prevented the department from sharing specific details about cyber threats to the 2016 presidential election with Congress. Krebs said “we don’t have statutory authority to compel” states to report cyber incidents to the federal government, while expressing concern that the level of trust needed to get states to share with DHS could be undermined by passing along that information to lawmakers. Krebs, who is the senior official performing the duties of the DHS under secretary for the National Protection and Programs Directorate, testified Wednesday at a joint hearing by the House Oversight and Government Reform information technology and intergovernmental affairs subcommittees on the “cybersecurity of voting machines.”

National: Vote-Hacking Fears Help State Officials Get Security Clearances | Bloomberg

Three months before some U.S. states host primary elections, the Department of Homeland Security has begun offering security clearances to state officials to more easily share classified information as the threat of cyberattacks looms over next year’s polls. The federal government is “clear-eyed” that threats to election systems remain an ongoing concern after Russia’s meddling in the 2016 election, according to Chris Krebs, the DHS senior official performing the duties of under secretary for the National Protection and Programs Directorate. We’re offering security clearances initially to senior election officials, and we’re also exploring additional clearances to other state officials,” Krebs told a House Oversight and Government Reform subcommittee hearing on Wednesday. “These relationships are built and sustained on trust. Breaking that trust will have far-ranging consequences in our ability to collaboratively counter this growing threat.”

National: Privacy advocates cite Russian hacking in court arguments over election data security | InsideCyberSecurity

Lawyers for the Electronic Privacy Information Center told circuit judges last week that attacks on the nation’s election system by Russia underscore the risks to voter data being collected by a presidential commission, in a case that could determine the federal government’s role in securing voter rolls managed by the states. “This data, voter data, is the most sensitive data in our form of government. And we know on record it was also the target of a foreign adversary during the 2016 election,” Marc Rotenberg, president and executive director at EPIC, told a panel of judges at the U.S. Circuit Court of Appeals for the District of Columbia on Nov. 21. EPIC, a nonprofit advocate of online privacy and digital rights, is asking federal courts to block the presidentially appointed commission from collecting the voter data. His comments are a reference to the intelligence community’s conclusion that the Russian government interfered in the 2016 presidential election, which has prompted a number of congressional investigations that could lead to legislation setting new security requirements for voter data.

National: Ethics watchdog: Trump voter fraud commission official may have violated law | The Hill

An ethics watchdog group is alleging that the vice chairman of President Trump’s election voter fraud commission may have violated a federal conflict of interest law. The left-leaning group, Citizens for Responsibility and Ethics in Washington (CREW), filed the complaint Tuesday with the Department of Justice regarding Kansas Secretary of State Kris Kobach. CREW said Kobach is paid to write columns for Breitbart News. One column  — which Kobach later brought up during a New Hampshire meeting of the Presidential Advisory Commission on Election Integrity — made claims about voter fraud in New Hampshire, according to the group.

National: 6 Months In, There’s No End In Sight: Who’s Who In The Vast Russia Imbroglio | NPR

Special counsel Robert Mueller’s investigation into Russian election interference has passed the six-month mark, and President Trump’s staff is painting a picture of a process nearing its end. “We still expect this to conclude soon,” White House spokeswoman Sarah Huckabee Sanders has told reporters. Ty Cobb, the outside attorney brought in to help the White House in its response to the probe, told NPR’s Tamara Keith that Mueller’s interviews with Trump campaign officials would be completed “ideally by Thanksgiving.”

National: Virginia Elections Official to Testify Before Congress About Concerns of Electronic Voting Machine Vulnerabilities | NBC

Congress will question Virginia’s top elections official Wednesday about a decision he made weeks before this year’s election to prevent votes from being hacked. Virginia Department of Elections Commissioner Edgardo Cortes recommended removing all touchscreen voting machines and using paper ballots over concerns the electronic machines could be vulnerable to hackers trying to infiltrate Virginia’s election system. The U.S. House Oversight Committee called Cortes to testify and explain his decision Wednesday as part of a hearing on voting system vulnerabilities.

National: Gerrymandering opponents turn to ballot initiatives to redraw lines | The Hill

Advocates of radically overhauling partisan gerrymandering are increasingly looking to ballot initiatives to reform the redistricting process, in hopes of circumventing recalcitrant legislatures. Supporters of a proposal to create a nonpartisan redistricting commission in Michigan say they will turn in more than 400,000 signatures by the end of the year. They need 315,000 of those signatures to be valid in order to qualify for next year’s ballot. In Ohio, a coalition of organizations is in the process of collecting the 305,591 valid signatures they need to get a constitutional amendment on the ballot. And in Colorado, another coalition plans two ballot initiatives — one that would reform congressional redistricting, and another to reform legislative redistricting.

National: Russian hacking: FBI failed to tell US officials their email was targeted | The Guardian

The FBI failed to notify scores of US officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year, an investigation found. The Associated Press dedicated two months and a small team of reporters to go through a hit list of targets of Fancy Bear, a Russian government-aligned cyberespionage group, that was provided by the cybersecurity firm Secureworks. Previous investigations based on the list had shown how Fancy Bear worked in close alignment with the Kremlin’s interests to steal tens of thousands of emails from the Democratic party. The hacking campaign disrupted the 2016 US election and cast a shadow over the presidency of Donald Trump, whom US intelligence agencies say the hackers were trying to help. The Russian government has denied interfering in the American election. The special counsel Robert Mueller is leading an investigation into alleged collusion between Trump aides and Russia. Indictments have been made.

National: FBI gave heads-up to fraction of Russian hackers’ US targets |Associated Press

The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin’s crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting. “It’s utterly confounding,” said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. “You’ve got to tell your people. You’ve got to protect your people.”

National: Older Voters Stymied by Tighter ID Requirements | The New York Times

In February 2016, Anita Johnson met a woman in Milwaukee fretting that, although she had voted faithfully for decades, she would be unable to cast a ballot in the presidential election. Her Wisconsin driver’s license was about to expire, and since she was 90 and no longer drove, she wouldn’t renew it. But she had heard about the state’s strict new voter ID law, requiring official photo identification. Without a license, she worried she was out of luck. Maybe not, said Ms. Johnson. The state coordinator for VoteRiders, a nonprofit, nonpartisan organization that helps citizens vote, Ms. Johnson pointed out that the state Department of Motor Vehicles could issue a photo ID. Poll workers would accept that as proof of identity. On the very last day the would-be voter had a valid license, Ms. Johnson drove her to the agency, which issued the necessary state card. So did she get to vote for president, at 91? “She did,” Ms. Johnson said. “I know, because I drove her to the polls.”

National: What are voting machine companies doing about cyber? | FCW

In October 2017, Sen. Ron Wyden (D-Ore.) sent letters to five of the top voting machine companies in America asking how their organizations were structured and what steps they have taken to ensure their machines are protected from cyber threats. “As our election systems have come under unprecedented scrutiny, public faith in the security of our electoral process at every level is more important than ever before,” Wyden said. “Ensuring that Americans can trust that election systems and infrastructure are secure is necessary to protecting confidence in our electoral process and democratic government.” The questions touched on a wide range of topics related to cybersecurity, such as whether the companies had experienced a recent data breach, whether they employ a chief information security officer and how frequently their products have been audited by third-party evaluators.

National: Democrats call for states to get $400M election security upgrades | The Hill

Two House Democrats are pressing their colleagues to allot $400 million for states to upgrade outdated voting equipment and secure their election systems. Democratic Reps. Bennie Thompson (Miss.) and Robert Brady (Pa.) made the appeal in a letter to leaders of the House Appropriations Committee released on Monday. “We know that Russia launched an unprecedented assault on our elections in 2016, targeting 21 states’ voting systems, and we believe this money is necessary to protect our elections from future attack,” wrote the lawmakers.  “When a sovereign nation attempts to meddle in our elections, it is an attack on our country,” they wrote. “We cannot leave states to defend against the sophisticated cyber tactics of state actors like Russia on their own.”

National: Judge: Trump voter fraud commission on ice till next year | Politico

A commission that President Donald Trump tasked with investigating his own unsubstantiated claims of voter fraud won’t meet again this year, according to court records, fueling more questions about the panel’s future and its viability. In an order Monday, U.S. District Court Judge Colleen Kollar-Kotelly said a Justice Department attorney told the court Friday that the President’s Advisory Commission on Election Integrity “will not meet in December.” Federal rules require such committee meetings to be announced 15 days in advance, except for emergencies, so no meeting seems feasible this month, Asked about the lawyer’s reported statement Monday, the White House declined to comment on the record. However, an administration official acknowledged that a meeting of the commission before the end of the year was “unlikely.”

National: Culling Voter Rolls: Battling Over Who Even Gets to Go to the Polls | The New York Times

On its face, the notice sent to 248 county election officials asked only that they do what Congress has ordered: Prune their rolls of voters who have died, moved or lost their eligibility — or face a federal lawsuit. The notice, delivered in September by a conservative advocacy group, is at the heart of an increasingly bitter argument over the seemingly mundane task of keeping accurate lists of voters — an issue that will be a marquee argument before the Supreme Court in January. At a time when gaming the rules of elections has become standard political strategy, the task raises a high-stakes question: Is scrubbing ineligible voters from the rolls worth the effort if it means mistakenly bumping legitimate voters as well? The political ramifications are as close as a history book. Florida’s Legislature ordered the voter rolls scrubbed of dead registrants and ineligible felons before the 2000 presidential election. The resulting purge, based on a broad name-matching exercise, misidentified thousands of legitimate voters as criminals, and prevented at least 1,100 of them — some say thousands more — from casting ballots.

National: Bipartisan Harvard project issues election hacking recommendations | The Hill

A panel led by former Hillary Clinton and Mitt Romney campaign officials has released a slate of recommendations for future election operations to guard themselves against cyberattacks. The final report from Harvard’s Defending Digital Democracy project comes roughly a year after the 2016 November presidential election, ahead of which the Democratic National Committee and Clinton campaign chairman John Podesta were successfully targeted by cyberattacks. The U.S. intelligence community has tied the hacks to a broader campaign by Russia to interfere in the election. Robby Mook and Matt Rhoades, former campaign managers to Clinton and Romney, respectively, positioned the project as an effort to help future campaign operations be more secure against cyber threats, regardless of their party affiliation. 

National: Judges question privacy watchdog’s right to sue Trump election commission | The Washington Post

Federal judges questioned Tuesday whether privacy advocates have the right to sue President Trump’s election-integrity commission to try to block its planned collection of millions of voter records. A three-judge panel of the U.S. Court of Appeals for the D.C. Circuit seemed skeptical of the specific harm to a privacy watchdog group trying to protect voter data the commission is seeking from 50 states and the District, including individual birth dates, political affiliations and partial Social Security numbers. Judge Stephen F. Williams asserted that the commission’s powers appeared limited to requesting — not demanding — the information from states and said its “potency seems very low.” Judge Douglas H. Ginsburg suggested the commission would have access only to publicly available voter data. “Isn’t this information already public?” he asked the attorney for the Electronic Privacy Information Center (EPIC).

National: Leading Trump Census pick causes alarm | Poitico

The Trump administration is leaning toward naming Thomas Brunell, a Texas professor with no government experience, to the top operational job at the U.S. Census Bureau, according to two people who have been briefed on the bureau’s plans. Brunell, a political science professor, has testified more than half a dozen times on behalf of Republican efforts to redraw congressional districts, and is the author of a 2008 book titled “Redistricting and Representation: Why Competitive Elections Are Bad for America.” The choice would mark the administration’s first major effort to shape the 2020 census, the nationwide count that determines which states lose and gain electoral votes and seats in the House of Representatives.

National: Appeals court skeptical of privacy-focused suit against Trump fraud panel | Politico

An appeals court gave a skeptical reception Tuesday to a lawsuit claiming that President Donald Trump’s voter fraud commission violated federal law by failing to study the privacy impact of a demand for voter rolls and other personal data on millions of Americans. During oral arguments, a three-judge panel from the D.C. Circuit Court of Appeals didn’t say much about the possibility that the President’s Advisory Committee on Election Integrity violated a requirement Congress created in 2002 that federal agencies conduct a “privacy impact assessment” before embarking on collection of data on individuals. Instead, the judges repeatedly questioned whether the organization pressing the suit — the Electronic Privacy Information Center — had legal standing to pursue the case.

National: Bipartisan Harvard Panel Recommends Hacking Safeguards for Elections | Associated Press

A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook shown to Reuters ahead of publication calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year. Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton’s campaign chair, John Podesta, have succeeded because basic security practices were not followed.

National: Crooked lines: How technology, data have changed political boundaries | WTSP

With gerrymandering being one of the highest-profile cases to go before the U.S. Supreme Court this session , the issue has taken center stage as lawmakers prepare for another round of redistricting based off the 2020 census. Lawmakers across the country re-draw political district boundaries every decade, but gerrymandering happens when those lines are drawn to give themselves an unfair advantage. Redistricting is a normal and important element of U.S. government, but the line between redistricting and gerrymandering can be fuzzy. With technology drastically improving mapping software and the data behind it, there are more tools to effectively gerrymander districts than ever before. “Redistricting has always been a controversial issue because it’s political,” said Dr. Susan MacManus, a political science professor at the University of South Florida. “You really have to go back, some of the odd-shaped districts are the result of, actually, an order of the U.S. Supreme Court years ago.”

National: Top Russian Official Tried to Broker ‘Backdoor’ Meeting Between Trump and Putin | The New York Times

A senior Russian official who claimed to be acting at the behest of President Vladimir V. Putin of Russia tried in May 2016 to arrange a meeting between Mr. Putin and Donald J. Trump, according to several people familiar with the matter. The news of this reached the Trump campaign in a very circuitous way. An advocate for Christian causes emailed campaign aides saying that Alexander Torshin, the deputy governor of the Russian central bank who has been linked both to Russia’s security services and organized crime, had proposed a meeting between Mr. Putin and Mr. Trump. The subject line of the email, turned over to Senate investigators, read, “Russian backdoor overture and dinner invite,” according to one person who has seen the message.

National: A Year After Trump’s Victory, Our Elections Aren’t Much More Secure | Buzzfeed

The halfway point between the election of President Donald Trump and the 2018 midterms has come and gone, and it still isn’t fully clear what Russian hackers did to America’s state and county voter registration systems. Or what has been done to make sure a future hacking effort won’t succeed. US officials, obsessed for now with evidence that Russia’s intelligence services exploited social media to sway US voters, have taken solace in the idea that the integrity of the country’s voting is protected by the system’s acknowledged clunkiness. With its decentralized assortment of different machines, procedures, and contractors, who could possibly hack into all those many systems to change vote totals? … Most states’ elections officials still don’t have the security clearances necessary to have a thorough discussion with federal officials about what’s known about Russian, or others’, efforts to hack into their systems.

National: States Start Using Statistical Methods to Check Voter Count Accuracy | eWeek

In the face of overwhelming evidence that the Russians meddled in the 2016 U.S. presidential election, states are adopting auditing measure to detect any possible direct ballot fraud and give voters confidence in the results. After clear evidence emerged that Russia attempted to influence the results of the 2016 U.S. presidential election by social media, and more directly by hacking election systems, state governments are embarking on a variety of efforts to use statistical auditing to verify election results. On Nov. 15, Colorado kicked off its first statewide statistical audit of its most recent election by using a statistical technique known as risk-limiting audits to establish the integrity of the vote. Because of mail-in ballots from voters serving in the military, the state had to wait eight days to receive all votes and initiate the audit. Risk-limiting audits, or RLAs, allow election officials to verify the outcome of an election by sampling a much smaller subset of ballots compared to a full recount. Verifying the results of presidential elections in each state from 1992 to 2008, for example, only requires an average of 307 ballots per state. The number of ballots required to verify the vote, however, increases as the contests become closer and eventually defaults to a full recount, in the case of an extremely close race. Colorado’s legislature voted to adopt an election-wide audit in 2010, and election officials began piloting RLA in 2013.

National: How Can an Election be Hacked? | Pacific Standard

It’s been almost a year since Election Day 2016, but the campaign news hasn’t stopped. October 30th brought the first indictments in special counsel Robert Mueller’s investigation into possible collusion between the Russian government and the Trump campaign. On Tuesday and Wednesday, representatives from Facebook, Google, and Twitter faced congressional grilling over widespread Russian influence on their platforms. Also on Wednesday, the Wall Street Journal reported that the Department of Justice is considering charging Russian government officials for crimes related to the Democratic National Committee hack. Amid the flurry, it’s easy to blur these conversations—especially because they all seem to feature Russia. But the election-hacking conversation desperately needs to be untangled. Whatever other revelations may come, it helps to remember that election hacking is really about three separate threats: hacking voters, hacking votes, and causing disruption or chaos.