On November 7th, in Washington, D.C., after delivering a speech to the Campaign for the Fair Sentencing of Youth, Eric Holder grabbed his Blackberry in search of results from the Virginia elections. As the former Attorney General scrolled backward through a long e-mail thread, he quickly learned just how stunning a night it had been for the Democrats. He also understood that, after this triumph, it might be a little harder to keep his party focussed on gerrymandering. “The system didn’t become more fair as a result of what happened last night,” Holder told me the next day. “The system appears to be more fair in spite of the reality that those Democratic candidates faced. The job that I have is to make sure people don’t become complacent.”
Russian trolls used Twitter to challenge the validity of the U.S. presidential election months before it took place, according to new NBC News analysis. In apparent expectation of a Trump loss, the trolls began sowing seeds of doubt to make voters question a win by Hillary Clinton. But when Donald Trump’s victory began rolling in, they changed their tune and began tweeting about the Trump success. Kremlin propaganda tweets using the “VoterFraud” hashtag first appeared in August 2016 and slowly ramped up to an Election Day blitz, according to the NBC News analysis of some 36,000 archived tweets from a single anonymous source with knowledge of social media data.
Donald Trump said on Saturday he believes Vladimir Putin’s denials of Russian involvement in the manipulation of the 2016 presidential election. However, he appeared to contradict himself on Sunday when he said he was “with our agencies” on the question of Russian interference. Speaking at a news conference in Hanoi on Sunday, he was asked about his comments that he believed Putin’s reassurances given by the Russian president on the sidelines of Saturday’s Asia-Pacific Economic Cooperation (Apec) summit in Vietnam. “As to whether I believe it or not, I’m with our agencies, especially as currently constituted,” Trump told a news conference in Vietnam. “As currently led, by fine people, I believe very much in our intelligence agencies.” The president’s comments were criticised by senator John McCain who said in a tweet that there was “nothing America First about taking the word of KGB colonel [Putin]” over the US intelligence community.
The recent death of one member, the child pornography arrest of a key staffer and a blizzard of lawsuits have paralyzed the work of the federal Election Integrity Commission, according to Secretary of State Bill Gardner, who serves on the controversial panel. “There is so much inertia because the powers that be worry about whether there will be a lawsuit in response to whatever we do,” Gardner said during a telephone interview. “They have really tied this commission up pretty well with all the different lawsuits in all kinds of different directions.” But Gardner, a Democrat, said he’s got no evidence to confirm fellow member and Maine Secretary of State Matt Dunlap’s claims that some on the commission have been communicating only among themselves.
Just before the stroke of midnight on September 20, 2016, at the height of last year’s presidential election, the WikiLeaks Twitter account sent a private direct message to Donald Trump Jr., the Republican nominee’s oldest son and campaign surrogate. “A PAC run anti-Trump site putintrump.org is about to launch,” WikiLeaks wrote. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?” (The site, which has since become a joint project with Mother Jones, was founded by Rob Glaser, a tech entrepreneur, and was funded by Progress for USA Political Action Committee.) The next morning, about 12 hours later, Trump Jr. responded to WikiLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on September 21, 2016. “Thanks.”
For years, Barbara Simons was the loneliest of Cassandras—a technologist who feared what technology had wrought. Her cause was voting: Specifically, she believed that the electronic systems that had gained favor in the United States after the 2000 presidential election were shoddy, and eminently hackable. She spent years publishing opinion pieces in obscure journals with titles like Municipal World and sending hectoring letters to state officials, always written with the same clipped intensity. Simons, who is now 76, had been a pioneer in computer science at IBM Research at a time when few women not in the secretarial pool walked its halls. In her retirement, however, she was coming off as a crank. Fellow computer scientists might have heard her out, but to the public officials she needed to win over, the idea that software could be manipulated to rig elections remained a fringe preoccupation. Simons was not dissuaded. “They didn’t know what they were talking about and I did,” she told me. She wrote more articles, wrote a book, badgered policy makers, made “a pain of myself.” Though a liberal who had first examined voting systems under the Clinton administration, she did battle with the League of Women Voters (of which she is a member), the ACLU, and other progressive organizations that had endorsed paperless voting, largely on the grounds that electronic systems offered greater access to voters with disabilities.
When Logan Lamb visited the website of Georgia’s Center for Election Systems in Aug. 2016, what he found left him speechless. Although the cybersecurity researcher had no password or special authorization, he was able through a Google search to download the state’s voter registration list, view files with Election Day passwords, and access what appeared to be databases used to prepare ballots, tabulate votes, and summarize vote totals. He also discovered a vulnerability that would allow anyone to take full control of a server used for Georgia’s elections. It was everything a Russian hacker – or any malicious intruder – might need to disrupt the vote in Georgia. “Had the bad guys wanted to just completely own the central election system, they could have,” Mr. Lamb told the Monitor in an interview … There are only a handful of states in the US that are currently performing audits that start with voter-verified paper ballots. Many counties in California have conducted pioneering work with such audits. New Mexico hires an independent CPA to oversea an audit of a few key races in that state. And Rhode Island recently enacted a law to develop a voter-verified audit system. But the single most important development in this area is about to take place in Colorado.
National: State election boards’ hands are sometimes tied when it comes to voting machine security. | Slate
Voting in the United States is highly decentralized—and in many ways that’s a good thing when it comes to security. Having different regions operate their own elections and count their own votes makes it harder for someone to forge, compromise, or change a large number of votes all at once. But that decentralization also means that individual states, counties, or districts are also often free to make bad decisions about what kind of voting technology to use—and it’s surprisingly hard to stop them. Earlier this week, North Carolina’s state elections board made a last-ditch attempt to convince a judge to prohibit counties in the state from using voting software manufactured by VR Systems on the grounds that the board hadn’t officially certified the software since 2009. On Monday—the day before Election Day—that attempt failed when Superior Court Judge Paul Ridgeway declined to intervene.
National: Trump fraud commission sued by one of its own members, alleging Democrats are being kept in the dark | The Washington Post
President Trump’s voter fraud commission was sued Thursday morning by one of its Democratic members, who alleged that he has been kept in the dark about its operations, rendering his participation “essentially meaningless.” Maine Secretary of State Matthew Dunlap said in a complaint filed in federal court that the 11-member panel is in violation of a federal law that requires presidential advisory commissions to be both balanced and transparent in their work. “The Commission has, in effect, not been balanced because Secretary Dunlap and the other Democratic commissioners have been excluded from the Commission’s work,” says the complaint, filed in the U.S. District Court for the District of Columbia. “The Commission’s operations have not been open and transparent, not even to the commissioners themselves, who have been deprived access to documents prepared by and viewed by other commissioners.”
National: Rep. Debbie Dingell’s bill would require paper voting, recounts in close elections | The Hill
A new bill would require states to use voting machines with paper backups and conduct audits in close elections. Rep. Debbie Dingell (D-Mich.) introduced the Safeguarding Election Infrastructure Act on Wednesday, which aims to increase elections security by requiring voting machines funded by the federal Help America Vote Act print a paper receipt of each vote. “Our democracy depends on free and fair elections, and we must do everything we can to protect the security and integrity of that process,” said Dingell in a written statement. “The reality is, many of our voting machines have not been updated in nearly two decades and are susceptible to cyberattacks. We know that foreign adversaries pay very close attention to our elections, and until we address these vulnerabilities, our democratic process is at risk,” she said.
U.S. Sen. Amy Klobuchar introduced legislation to automatically register voters, a news release from her office stated Wednesday. The Register America to Vote Act would ensure every state develops and implements a secure process to automatically register eligible citizens to vote when they turn 18. Minnesota is among the 32 states where automatic voter registration bill have been introduced. Last year, Minnesotans turned out to vote at the highest rate of any state in the country with 81 percent of registered voters casting a ballot. Klobuchar is the ranking member of the Senate Rules Committee with oversight jurisdiction over federal elections.
One late morning in May 2016, the leaders of the Democratic National Committee huddled around a packed conference table and stared at Robert Johnston. The former Marine Corps captain gave his briefing with unemotional military precision, but what he said was so unnerving that a high-level DNC official curled up in a ball on her conference room chair as if watching a horror movie. At 30, Johnston was already an accomplished digital detective who had just left the military’s elite Cyber Command, where he had helped stanch a Russian hack on the US military’s top leadership. Now, working for a private cybersecurity company, he had to brief the DNC — while it was in the middle of a white-knuckle presidential campaign — about what he’d found in the organization’s computer networks. Their reaction was “pure shock,” Johnston recalled. “It was their worst day.”
After Virginia, the Democratic Party is breathing a sigh of relief. The rather easy victory for Governor-elect Ralph Northam stems the tide of recent hemorrhaging of key positions across the United States to Republicans, and continues Democrats’ control over a blue-ish state. Northam’s victory, and that of Justin Fairfax, the second black official elected in a statewide race in Virginia, also offers a sign that virulent and race-baiting white-identity politics—politics that characterize the Trump era and the late portion of Republican Ed Gillespie’s campaign—are beatable, even in the cradle of the old Confederacy. Those signs are reason enough for Democrats to celebrate. But the true national significance of Northam’s victory, as well as of major gains by the party in the General Assembly, might not be in the message they send, but the fact that those gains constitute the first big victory for Democrats in the political mapmaking game in at least a decade.
A year before the midterm elections, state election administrators are racing to plug vulnerabilities and update software ahead of an expected wave of cyberattacks from foreign actors. In interviews, state officials and elections experts said they are working to bolster internal security at both the state and local levels. At the same time, many said they hope Congress will act to update federal election law, in part to provide them with the resources they need to secure the democratic process. “No matter what steps we take today, cybersecurity and the cyber risk evolves and changes daily, and we just have to be vigilant and diligent going forward,” said Vermont Secretary of State Jim Condos (D). “Anybody that thinks, ‘today I’ve got it covered,’ and washes their hands of it is fooling themselves.”
Maine Secretary of State Matt Dunlap has filed a lawsuit against the Republican-led presidential voter fraud commission, claiming that he and other members of the panel are being shut out of the process. Dunlap, who is a Democrat, says GOP leaders on the commission are excluding him from discussions aimed at shaping the group’s agenda. Dunlap says he has heard nothing about the activities of the Presidential Advisory Commission on Election Integrity for nearly two months. After his repeated attempts to contact the commission’s leadership, Dunlap says he decided to file a complaint in the U.S. District Court for the District of Columbia. Dunlap says the Republican-led freeze-out is a clear violation of federal transparency laws. “I guess the real question for me is: Why I didn’t do it sooner,” he says.
National: CIA director ‘stands by’ belief Russia hacked DNC after meeting skeptic at Trump’s urging | Washington Examiner
CIA Director Mike Pompeo still believes Russia was responsible for hacking the Democratic National Committee, the agency said Tuesday amid reports that Pompeo met a skeptic at President Trump’s urging. William Binney, who worked more than three decades at the National Security Agency before stepping down as technical director in 2001, met with Pompeo on Oct. 24 to discuss a July report he co-authored suggesting DNC emails were leaked, rather than hacked. “I thought it was a pretty good hourlong meeting,” Binney told the Washington Examiner. “He said that the president said I should talk to you for facts.” Binney believes U.S. spy agencies “took a wild ass guess” in January when they blamed Russia for hacking the DNC and that “if they had any evidence, they would show it.” The report he co-authored says download speeds make it likely someone leaked DNC files after downloading them locally, rather than hacked them over the internet.
National: Where hackers haven’t directly influenced polls, they’ve undermined our faith in democracy | The Register
What a difference a year makes. This time last year, Twitter pooh-poohed any suggestion that Russian agents ran accounts on its platform for purposes of subverting the US election. A month ago, it was forced to eat its words, owning up to maybe just a few paltry 201. Last week, in the course of a Congressional grilling, that estimate ticked upward a magnitude to more than 2,700. Facebook, too, upped the ante, admitting that Russian-backed content may have reached not 10 million users, as previously claimed, but 126 million. Some of this, as analysis of the @TEN_GOP Twitter account suggests, was influential. But did it influence the election? That is the $64,000 question. Or, given how much Donald Trump appears to be profiting from his election as US president, perhaps the $64m question. Not to be outdone, the UK may, finally, be asking some of the same questions. A petition politely asking the UK government to “investigate covert foreign interference in the EU referendum” was cancelled earlier this year when the general election was called. Now it is back and has hit 10,000 signatures, an official (written) response is required. 100,000 signatures means the petition will be considered for debate in Parliament.
As the Supreme Court considers Gill v. Whitford, a challenge to the practice of partisan gerrymandering that may rewrite the rules used to draw congressional districts, a team of computer scientists has come up with a new algorithmic approach to redistricting that’s less political and more mathematical. In a paper posted on arXiv.org, the researchers describe a computerized method for dividing state populations evenly into compact polygonal districts that average six or fewer sides. The neatly arrayed districts are a stark contrast to gerrymandered districts, which are stretched and contorted to provide an overall congressional advantage for one political party or another. “What we’re trying to do is come up with a system that makes it hard to engineer districts for political gain,” said Philip Klein, a computer scientist at Brown University and a coauthor of the paper. “It doesn’t give the user much freedom in deciding how the lines are drawn, which we view as a good thing because that freedom can be abused.”
Gerrymandering is a disgraceful national tradition that should have no place in our electoral system, irrespective of the political party in control. It doesn’t take a constitutional scholar to recognize that this isn’t how democracy is supposed to work but, with a case from my home state of Wisconsin pending before the U.S. Supreme Court, that’s exactly who is going to decide whether our representative democracy will work for everyone, regardless of political affiliation or racial distinctions. Both political parties have engaged in it over the years during the redistricting process but, most recently, gerrymandering has become an effective tool in the GOP’s nationwide campaign to suppress the votes of their opposition. Republicans, for instance, took control of approximately 17 seats in Congress in 2016 solely through gerrymandering according to analysis from the Brennan Center for Justice, NYU Law School’s nonpartisan law and policy institute.
As voters head to the polls on Tuesday, state and local officials are working with the federal government to monitor any potential cybersecurity issues on the first major Election Day since the 2016 election. While experts do not believe any interference with actual voting occurred last year, Russian efforts to meddle in the election — in part through hacking emails and some probing of election-related systems at the state level — have fueled a national conversation about the cybersecurity of elections. The Department of Homeland Security has taken the lead for the federal government in helping shore up election systems, which are managed at the state and local level. “We are working closely with officials in Virginia and New Jersey and other states and will have cybersecurity advisers embedded with state officials and with direct lines to DHS’ National Cybersecurity Communications Integration Center throughout the day today,” spokesman Scott McConnell told CNN in an email. “We continue to offer state and local governments our cybersecurity services, including cyber hygiene scans of Internet-facing systems and onsite risk and vulnerability assessments.”
National: Hacking the vote: Threats keep changing, but election IT sadly stays the same | Ars Technica
The outcome of the 2016 presidential election is history. But allegations of voter fraud, election interference by foreign governments, and intrusions into state electoral agencies’ systems have since cast a pall over the system that determines who makes the laws and enforces them in the United States. Such problems will not disappear no matter what comes out of a presidential commission or a Congressional hearing. “Amazon will not go out of business because one percent of its transactions are fraudulent,” said David Jefferson, a visiting computer scientist at Lawrence Livermore National Laboratory and chairman of the Verified Voting Foundation, a non-governmental organization working toward accuracy, integrity, and verifiability of elections. “That’s not the case for elections.” Jefferson’s words came during his talk at the latest edition of DEFCON, the annual infosec event. Election hacks naturally became something of an overarching theme within the Caesar’s Palace convention center this summer. In fact, there was an entire room dedicated solely to testing the reliability of US electronic voting systems. Called “Voting Village,” the space was filled with more than 25 pieces of electoral hardware—voting machines and other electronic election-management equipment—in various stages of deconstruction. Any curious conference attendee, no matter where they fell within the conference’s wide technical skill spectrum, could contribute to the onslaught of software and hardware hacks targeting the machines in this de facto lab.
If you were spammed this weekend by a local political campaign, you weren’t alone. Polls are now open in local elections around the country, where state legislatures and mayoral races around the US will be decided after months of unrelenting campaigning. But as political candidates fight for every vote, some campaigns have taken to aggressive, last minute tactics — like blasting their constituency districts with spammy text messages. ZDNet has seen reports and tweets of screenshots of text messages from several New York-based candidates in the past few days, pushing local residents to vote for a particular candidate or calling for campaign donations. …For years, state and federal election candidates have used text messages as a way to solicit votes or contributions from their constituents. Use of text messaging first rocketed during the 2008 presidential campaign, and has only escalated in size and scale — no more so than during last year’s election. But the law is clear: it’s illegal for companies to send text messages to individuals who haven’t given prior consent.
Alabama Secretary of State John Merrill didn’t mince words when addressing opponents of his state’s voter ID law, which requires voters show a government-approved photo ID at the polls. “People are entitled to their own opinions. But they’re not entitled to their own facts,” Merrill told Business Insider. “Everybody in Alabama that wants a voter ID has one.” Voting rights activists, who have long dismissed voter ID laws as discriminatory tactics that disenfranchise minority voters, disagree. They say the time it takes people to travel to the office where they need to pick up their IDs and the added cost for the underlying documents required to get the ID in the first place are just too burdensome for many voters. This will discourage many people from voting, civil rights defenders say, in upcoming elections across the country, including the governor’s race in Virginia on Tuesday and the special election for the US Senate seat in Alabama on December 12. Voting rights activists say the landmark 2013 Shelby v. HolderSupreme Court decision — which struck down parts of the 1965 Voting Rights Act (VRA) and helped pave the way for Virginia’s voter ID law — is perhaps the most blameworthy culprit.
It’s been almost a year since Election Day 2016, but the campaign news hasn’t stopped. Oct. 30 brought the first indictments in special counsel Robert Mueller’s investigation into possible collusion between the Russian government and the Trump campaign. On Tuesday and Wednesday, representatives from Facebook, Google, and Twitter faced congressional grilling over widespread Russian influence on their platforms. Also on Wednesday, the Wall Street Journal reported that the Department of Justice is considering charging Russian government officials for crimes related to the Democratic National Committee hack. Amid the flurry, it’s easy to blur these conversations—especially because they all seem to feature Russia. But the election-hacking conversation desperately needs to be untangled. Whatever other revelations may come, it helps to remember that election hacking is really about three separate threats: hacking voters, hacking votes, and causing disruption or chaos. … The second threat is of manipulated votes—essentially, that voting machines will be hacked. The Department of Homeland Security found no evidence that malicious actors successfully compromised any vote-tallying machines in 2016. However, a leaked NSA document from this summer shows that Russian hackers targeted and compromised a Florida-based voting-equipment vendor and then used the stolen credentials to target local election officials. Thankfully, the compromised vendor, VR Systems, doesn’t run any vote-tabulation equipment. However, its digital access and proximity to local election officials—who work with those who do program voting machines—is worrying.
Richard Gabbay says he wasn’t trying to suppress anyone’s vote. He simply wanted to organize fellow Republicans for the upcoming 2016 presidential election in Florida’s Broward County. To help in his political organizing, he obtained a list of all registered voters in his precinct. But when he started to compare the names and addresses of his actual neighbors against the names and addresses listed on the official voting roll, he found major discrepancies. Ultimately, Mr. Gabbay identified 629 voters who he believed were no longer eligible to vote. They included seven individuals who had passed away and 570 who appeared to have moved away. In all, his list comprised 14 percent of all registered voters in his precinct. Gabbay and other critics charge that Broward County is failing to keep its voter rolls current and accurate. They say the county’s list of 1.2 million registered voters is grossly inflated with deceased or otherwise ineligible voters.
It was just before noon in Moscow on March 10, 2016, when the first volley of malicious messages hit the Hillary Clinton campaign. The first 29 phishing emails were almost all misfires. Addressed to people who worked for Clinton during her first presidential run, the messages bounced back untouched. Except one. Within nine days, some of the campaign’s most consequential secrets would be in the hackers’ hands, part of a massive operation aimed at vacuuming up millions of messages from thousands of inboxes across the world. An Associated Press investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee. It wasn’t just a few aides that the hackers went after; it was an all-out blitz across the Democratic Party. They tried to compromise Clinton’s inner circle and more than 130 party employees, supporters and contractors.
A U.S. intelligence assessment earlier this year reported that Russian Twitter accounts began backing Donald Trump as early as six months into his bid for the presidency, but new data shows pro-Trump and anti-Hillary Clinton activity started within weeks of him entering the race. In the three-month period after Trump announced his candidacy on June 16, 2015, tweets from Russian accounts pushed praise for him over criticism by close to a 10-to-1 margin, according to a Wall Street Journal analysis of 159,000 deleted tweets from 2,752 accounts named during congressional hearings last Wednesday on Russian interference in the election. The accounts, which Twitter identified as run by the Kremlin-backed Internet Research Agency, by equal or greater margins criticized Clinton and early Republican frontrunner Jeb Bush. “BOOM! DOWN GOES @jebbush,” tweeted @DorothieBell, claiming to be an American “Conservative wife, mother,” three weeks after Trump announced his bid. The account wanted to “take this once great country back!!!,” and provided a link to a Breitbart News story on Trump attacking Bush for soft immigration policies.
Last November, election officials in a small Rhode Island town were immediately suspicious when results showed 99 percent of voters had turned down a noncontroversial measure about septic systems. It turned out an oval on the electronic ballot was misaligned ever so slightly and had thrown off the tally. The measure actually had passed by a comfortable margin. The scary part: The outcome might never have raised suspicion had the results not been so lopsided. … States vary widely in what they are doing to tighten security. Colorado and Rhode Island have adopted more rigorous statistical methods for double-checking the votes, while others are making or weighing changes to their voting technology. “Always, there’s been a hypothetical. But clearly, now it is a real threat,” said Noah Praetz, election director for Cook County, Illinois. “The fact that we now have to defend against nation-state actors — Russia, China, Iran. It’s a very different ballgame now.”
Russia’s intervention in the 2016 presidential election yielded an unexpected result for officials at the Department of Homeland Security (DHS): it has put them in the driver’s seat for protecting future elections from cyberattacks. Since January, officials at the agency have grappled with how to work with state and local election officials to share information on imminent threats and develop response plans for when things go awry. The effort has spawned tensions with state officials, who are wary of a “federal takeover” of elections and have panned the slow pace at which the federal government offered up details on the Russia threat. Homeland Security has pressed forward, standing up a special council in October to engage with election officials on potential threats and how to defend against and respond to them.
The election commission set up to investigate President Trump’s charges of voter fraud seems to have gone dark in recent weeks. The commission last met on Sept.12 in New Hampshire, and it’s unclear — even to commission members — when or where the next meeting will be. Groups suing the commission for more information about its activities also have no clue. “There’s not a lot of information out there,” said Kristen Clarke, president and executive director of the Lawyers’ Committee for Civil Rights Under Law. “It’s been chaotic from day one and remains chaotic. I think that they don’t know what they’re doing. I think this commission was poorly structured and poorly conceived.” The Lawyers’ Committee and several other civil rights and voting rights groups, including the American Civil Liberties Union, have sued the commission, arguing it hasn’t been transparent and hasn’t conducted enough of its business in the open.