National: Some election officials scrambling to address coronavirus concerns ahead of Super Tuesday | Kelly Cannon/ABC

With fears of the novel coronavirus spreading gripping Americans following the first death in the U.S. and just days before Super Tuesday — when voters in 14 states and one territory head to the polls — election officials in some areas are scrambling to assure voters and make sure disruptions are minimized. The Super Tuesday primaries — where nearly a third of delegates are up for grabs — are run at the state and local level, and currently, a uniform national response to voter disruptions does not exist. When asked about contingency plans, the communications director for the National Association of Secretaries of State said she’d “defer to states,” as each may administer its own “specific plans” for emergency preparedness. “Whether that’s a hurricane, power outage, et cetera,” Maria Benson told ABC News in a statement.

National: Coronavirus Is Already Making It Harder for Americans Living Abroad to Vote in the 2020 Primaries | Abigail Abrams/Time

Americans living in China and South Korea have been told that due to the coronavirus outbreak they won’t be able to vote in person for the Democratic presidential primary next month and should instead vote online. As more cases of COVID-19 appear around the world, Americans living countries such as Italy and Japan could soon see their ability to cast ballots affected, according to Democrats Abroad, the group that manages U.S. citizens voting overseas. While more than 82,000 cases of COVID-19 have been confirmed worldwide and hobbled global markets, the new restrictions mark the first example of the virus impacting the 2020 election. The development comes as the Centers for Disease Control and Prevention this week identified the first potential case of the virus spreading within a U.S. community and warned that cities, businesses and schools should prepare for a larger outbreak. It also comes just days before Super Tuesday, when 14 states will hold primaries and Democrats who live overseas begin casting their ballots.

National: States and Federal Government Must Help Local Cybersecurity Efforts | Daniel Castro/Government Technology

Cybersecurity continues to be a major challenge for state and local governments, and the issue will likely grow in importance in the coming year. First, they are popular targets. During the first half of 2019, nearly two-thirds of ransomware attacks targeted state and local governments. Second, they face a multitude of threats — data breaches, ransomware, phishing, malware and more — and they must be prepared to defend against all of them. For example, last year, government officials in Cabarrus County, N.C., fell victim to an online social engineering attack in which the scammer stole $1.7 million in taxpayer funds. Third, and perhaps most important, with continued growth in e-gov applications and smart city initiatives, state and local governments are collecting and storing more data than ever before. Securing this information will need to be a top priority. Unfortunately, many agencies simply aren’t up to the task. They don’t have the talent, training or resources to respond to the most advanced attacks. Nor is it necessarily reasonable to expect them to. They can outsource some of these security roles to the private sector, just as they do with other IT responsibilities, but they still must be accountable.

National: Election related websites outdated, exposed vulnerabilities | Jack Gillum/Pro Publica and Raleigh News & Observer

The Richmond, Va., website that tells people where to vote and publishes election results runs on a 17-year-old operating system. Software used by election-related sites in Johnston County, N.C., and the town of Barnstable, Mass., had reached its expiration date, making security updates no longer available. These aging systems reflect a larger problem: A ProPublica investigation found that at least 50 election-related websites in counties and towns voting on Super Tuesday — accounting for nearly 2 million voters — were particularly vulnerable to cyberattack. The sites, where people can find out how to register to vote, where to cast ballots and who won the election, had security issues such as outdated software, poor encryption and systems encumbered with unneeded computer programs. None of the localities contacted by ProPublica said that their sites had been disrupted by cyberattacks.

National: MIT Professor: Blockchain is good in itself, but not good for votes | Jonita Singh/Wink Report

Computer scientist Ronald Rivest has said that blockchain is not the right technology to vote, although it may find the right application in a number of other areas. Rivest gave his opinion at the RSA Security Conference, held earlier this week in San Francisco, reported technology-focused news broadcast ITWire on February. 28. Rivest – who is a cryptography expert and professor at the Massachusetts Institute of Technology – called voices an interesting problem that requires a stricter approach compared to many existing security applications. He said:

“Blockchain is the wrong security technology to vote. I like to bring a combination lock to a kitchen fire or something. It is good for certain things in itself, but it is not good to vote. “

National: DHS Rolls Out ‘Tabletop in a Box’ Election Cybersecurity Tool | Phil Goldstein/StateTech Magazine

With the 2020 election primary season fully underway, state and local election officials are ramping up their cybersecurity efforts to counter malicious threats. They are also getting support from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Several weeks ago, CISA released a 58-page guide, its “Elections Cyber Tabletop Exercise Package,” which it calls a “tabletop in a box.” The guide is designed to allow state and local officials to conduct election security drills simulating phishing and ransomware attacks, corrupted voter registration information, disinformation campaigns and attacks on voting equipment. As StateScoop reports, such tabletop exercises, “are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election.” Tabletop exercises can be used to “enhance general awareness, validate plans and procedures, rehearse concepts, and/or assess the types of systems needed to guide the prevention of, protection from, mitigation of, response to, and recovery from a defined incident,” the guide states.

National: #RSAC: Election Security Beyond the Ballot Box | Sean Michael Kerner/Infosecurity Magazine

There has been a lot written in recent years about election security and ensuring the integrity of voting systems. While voting machines are important, so too are non-voting election technologies, which was the topic of a session at the RSA Conference in San Francisco. Aaron Wilson, Senior Director of Election Security at the Center for Internet Security (CIS), explained that non-voting election systems include things that support elections. Those systems include electronic poll books, election night reporting systems, voter registration systems, and electronic ballot delivery. “There is a lot to that attack surface, but there are not a lot of standards and regulations,” Wilson said. The Center for Internet Security has developed a guide to help secure those non-voting election systems that has 160 best practices to help reduce risk and improve confidence. The overall goal, according to Wilson, isn’t necessarily that every election official will do all the steps, but rather they will have a guide that provides questions to ask vendors and IT staff.

National: New Intelligence Chief Asks Election Czar to Remain in Post | Julian E. Barnes/The New York Times

The new acting director of national intelligence, Richard Grenell, has asked an intelligence official who angered some lawmakers with a briefing about Russian interference in the 2020 election to stay on in her role. Mr. Grenell’s move is a peace offering to the 17 intelligence agencies he oversees and a potential sign that he will not be conducting a widespread purge, as some administration officials have feared. Mr. Grenell, a Trump loyalist who has little experience in intelligence, removed the No. 2 official in his office in his first day on the job last week. Whether Mr. Grenell, appointed to the post last week by President Trump, can win over members of Congress and the intelligence community will depend in part whether he can convince them that he will focus on protecting the elections from outside interference. Some administration officials feared that the official who briefed the lawmakers, Shelby Pierson, would be removed as well. As the intelligence community’s top election security official since last year, she was subjected to withering criticism after her briefing to a classified hearing of the House Intelligence Committee on Feb. 13 touched off a fierce partisan debate over the nature of Russia’s interference in the 2020 election.

National: Christopher Krebs – the ‘accidental director’ on the front line of the fight for election security | Maggie Miller/The Hill

Christopher Krebs, the first director of the Cybersecurity and Infrastructure Security Agency (CISA), is zeroing in on elections ahead of November. CISA was created out of the former National Protection and Programs Directorate (NPPD) and signed into law by President Trump in late 2018. It is one of the primary federal agencies tasked with assisting state and local officials in bolstering election security. “I spend at this point 40 to 50 percent of my time on election security issues,” Krebs told The Hill during an interview at CISA headquarters this month. “A top priority for us right now is protecting 2020.” During the 2018 midterm elections, CISA hosted a situational awareness room on Election Day to continuously monitor threats across the country and worked closely with regional officials to address cyber vulnerabilities. Krebs said he saw getting through the midterms “unscathed” as part of his legacy as the first director of CISA, the newest agency in the Department of Homeland Security (DHS). “I’m not looking at 2020 as a metric or some sort of legacy mark, but what I want my legacy to be — and I hope to be here for longer — is that CISA is a meaningful player in the national and international stage,” Krebs said.

National: Dueling Narratives Emerge From Muddied Account of Russia’s 2020 Interference | David E. Sanger/The New York Times

As accusations swirled Sunday about Russia’s efforts to interfere with the 2020 election, President Trump’s national security adviser and former Vice President Joseph R. Biden Jr. could not agree on what Moscow is, or is not, doing. Their disagreement came as intelligence officials disputed reports that emerged last week about a briefing of the House Intelligence Committee. The officials now maintain that the House members either misheard or misinterpreted a key part of the briefing, and that the Office of the Director of National Intelligence did not mean to say that it believes the Russians are currently intervening in the election explicitly to help President Trump. They do believe that Russia is intervening in the election, and that Moscow prefers Mr. Trump, a deal maker it knows well. But at least for now, those two objectives may not be linked. The differing interpretations only made it easier for the Trump administration and Democrats to put forward their own version of what the Russians are doing. As the national security adviser, Robert C. O’Brien, defended Mr. Trump and intimated that the Russians favored the Democratic presidential front-runner, Senator Bernie Sanders, Mr. Biden blamed the president and other Republicans for allowing Russia to continue to interfere in the election.

National: Ransomware top of mind for DHS cyber chief | Derek B. Johnson/FCW

The Department of Homeland Security’s cyber chief said his organization is trying to do more to address ransomware and other digital threats that directly touch the lives of citizens. Speaking at the RSA Conference in San Francisco, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said his agency has stepped up efforts to proactively reach out to federal agencies, local governments, businesses and critical infrastructure managers about how to prepare and what to do if their data is encrypted and held ransom by criminals or state-aligned hacking groups. “For years and years and years, particularly in the federal government, we’ve been focused on the nation-state adversary, the highly capable, the big four: Russia, China, Iran [and] North Korea,” he said. “I think we’ve been a little bit late to the game on ransomware,” he said, adding, it’s what average Americans see “in their schools, their hospitals and their municipal agencies.” Krebs described CISA’s role as that of a middleman uniquely positioned to canvass all the major stakeholders in the cybersecurity ecosystem and “facilitate a knowledge transfer from the haves to the have-nots.” CISA can leverage the collective financial and human capital resources of the big fish — like major banks — and push that knowledge and awareness down the chain to the broader cybersecurity ecosystem.

National: Americans should not be confident about security of 2020 election, experts say | Joseph Marks/The Washington Post

Americans should not be confident about the security of the 2020 election, according to a slim majority of experts surveyed by The Cybersecurity 202. The assessment from 57 percent of The Network, a panel of more than 100 cybersecurity experts who participate in our ongoing informal survey, puts a serious damper on the years-long push by federal, state and local government officials and political parties to bolster election security since a Russian hacking and influence operation upended the 2016 contest. “There are no signs that any part of our institutions are capable of providing an election that is reasonably secure from tampering and manipulation,” said Dave Aitel, a former NSA computer scientist who is now CEO of the cybersecurity company Immunity. “Every part of the voting process is vulnerable. This includes the voter registration process, the voting itself, the vote tabulation, and the results-reporting system,” said Bruce Schneier, fellow and lecturer at the Harvard Kennedy School of Government. Cindy Cohn, executive director of the Electronic Frontier Foundation, called for “more serious security measures for voting, from registration through to reporting the results back to the central voting authority.”

National: Defending against multifaceted election attacks | Lavi Lazarovitz/GCN

Much has been made of the vulnerabilities inherent in voting infrastructure over the past few years. DEFCON hacking villages have repeatedly found flaws in voting machines, and researchers across the country have outlined the ways attackers could infiltrate voting systems and influence an election. While these headlines generate attention, they tend to overshadow the myriad of other ways attackers could impact elections without touching a single vote. While many of the attacks in 2016 took the form disinformation campaigns, there are many other opportunities — direct and indirect — for attackers to have an impact. So while it is incredibly important to continue hardening the security of the physical voting machines, we must guard against other ways attackers could influence an election outcome without ever compromising a machine. From a security perspective, vulnerabilities have been the main talking point when it comes to elections. But while changing a vote is one thing, preventing voters from getting to the polls altogether could prove more effective.

National: The Coronavirus Outbreak Is Raising Questions About Voting In The 2020 Presidential Primaries | Zahra Hirji/Buzzfeed

US citizens living in China have been told they won’t be able to cast their vote in person for the Democratic primary next month and will instead need to vote online, according to Democrats Abroad, the group in charge of overseeing voting overseas. And as the coronavirus outbreak has spread to 38 countries, triggering concerns about a global pandemic, CDC officials warned on Tuesday that they expect the virus to spread to the US — and told US businesses and schools to prepare. The news raises questions about whether the coronavirus outbreak could interrupt the lead-up to the biggest national event of the year: the 2020 election.

National: Reliability of pricey new ballot marking devices questioned | Frank Bajak/Associated Press

In the rush to replace insecure, unreliable electronic voting machines after Russia’s interference in the 2016 U.S. presidential race, state and local officials have scrambled to acquire more trustworthy equipment for this year’s election, when U.S. intelligence agencies fear even worse problems. But instead of choosing simple, hand-marked paper ballots that are most resistant to tampering because paper cannot be hacked, many are opting for pricier technology that computer security experts consider almost as risky as earlier discredited electronic systems. Called ballot-marking devices, the machines have touchscreens for registering voter choice. Unlike touchscreen-only machines, they print out paper records that are scanned by optical readers. South Carolina voters will use them in Saturday’s primary. The most pricey solution available, they are at least twice as expensive as the hand-marked paper ballot option. They have been vigorously promoted by the three voting equipment vendors that control 88 percent of the U.S. market.

National: With 2020 general election approaching, voting security under growing scrutiny | Maya Rodriguez/Scripps Media

It’s the foundation of American democracy: voting. Depending on where you are in the U.S., though, your election experience could look very different from that in your neighboring state or even just your neighbor. “It really does depend on where you are in the country,” said Marian Schneider, who heads up Verified Voting, a non-profit, non-partisan group that advocates for better election security. In particular, the group takes a closer look at when it comes to the use of computers in elections. “We use computers in every aspect of election administration in this country,” Schneider said. “We have also historically underfunded our elections and not put the money into them that we need in order to run a computerized operation.”

National: Russia trying to help Bernie Sanders’s campaign, according to briefing from U.S. officials | Shane Harris, Ellen Nakashima, Michael Scherer and Sean Sullivan/The Washington Post

U.S. officials have told Sen. Bernie Sanders that Russia is attempting to help his presidential campaign as part of an effort to interfere with the Democratic contest, according to people familiar with the matter. President Trump and lawmakers on Capitol Hill also have been informed about the Russian assistance to the Vermont senator, those people said, speaking on the condition of anonymity to discuss sensitive intelligence. It is not clear what form that Russian assistance has taken. U.S. prosecutors found a Russian effort in 2016 to use social media to boost Sanders’s campaign against Hillary Clinton, part of a broader effort to hurt Clinton, sow dissension in the American electorate and ultimately help elect Donald Trump. “I don’t care, frankly, who [Russian President Vladimir] Putin wants to be president,” Sanders said in a statement. “My message to Putin is clear: Stay out of American elections, and as president I will make sure that you do. “In 2016, Russia used Internet propaganda to sow division in our country, and my understanding is that they are doing it again in 2020. Some of the ugly stuff on the Internet attributed to our campaign may well not be coming from real supporters.”

National: Sanders blasts Russia for reportedly trying to boost his presidential campaign | Susan Heavey and Simon Lewis/Reuters

Democratic presidential candidate Bernie Sanders on Friday warned Russia to stay out of U.S. elections after American officials had told him Moscow was trying to aid his campaign. “The intelligence community is telling us they are interfering in this campaign, right now, in 2020. And what I say to Mr. Putin, if elected president, trust me you are not going to be interfering in American elections,” Sanders told reporters in Bakersfield, California. Sanders, 78, a democratic socialist from Vermont, is considered the front-runner for the Democratic nomination and is favored to win the Nevada caucuses on Saturday. The Washington Post on Friday, citing people familiar with the matter, said U.S. officials had told Sanders about the Russian effort and had also informed Republican President Donald Trump and U.S. lawmakers. It was not clear what form the Russian assistance took, the paper said. A congressional source confirmed intelligence officials have told lawmakers Russia appears to be engaging in disinformation and propaganda campaigns to boost the 2020 campaigns of both Sanders and Trump. The source, however, cautioned that the findings are very tentative.

National: Congress to get election security briefing next month amid Intel drama | Jordain Carney/The Hill

The administration is gearing up to brief lawmakers on election security as the country wades deeper into the 2020 primaries. Both the House and Senate will be briefed, separately, on March 10, according to Speaker Nancy Pelosi (D-Calif.) and a Senate aide. The briefings will come a week after Super Tuesday, when primary voters in more than a dozen states will head to the polls. On March 10, voters in six more states will cast ballots. The announcement of the briefings come as President Trump’s shake up of top intelligence community positions has sparked fierce criticism from Democrats and some national security professionals, and after reports that intelligence leaders have told lawmakers that Russia is again seeking to aid Trump’s campaign efforts. “American voters should decide American elections — not Vladimir Putin. All Members of Congress should condemn the President’s reported efforts to dismiss threats to the integrity of our democracy & to politicize our intel community,” Pelosi said in a tweet on Thursday.

National: DHS Publishes 2020 Strategic Plan for Election Security | Lucas Ropek/Government Technology

With a contentious race for the American presidency underway and fears of foreign influence in electoral politics growing, state governments are looking for ways to bolster their position before voters hit the polls. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently published its 2020 election security strategic plan to help meet that mission, outlining how it hopes to assist states before this year’s presidential contest unfolds. That assistance will come in a number of forms: engaging the nation’s some 8,000 election jurisdictions with planning and response capabilities; facilitating coordination between various state, local and private stakeholders; and deploying personnel to offer assessment and testing of voting infrastructure, including cyberhygiene and penetration tests. At the same time, CISA is also offering assistance to political campaigns and infrastructure, giving security assessments and information sharing services to them, while also highlighting the work of other important intelligence organizations like the Multi-State Information Sharing and Analysis Center and the Elections Infrastructure Information Sharing and Analysis Center. The CISA report also shines a spotlight on a number of states that are currently role models for election security practices.

National: Lawmakers Are Warned That Russia Is Meddling to Re-elect Trump | Adam Goldman, Julian E. Barnes, Maggie Haberman and Nicholas Fandos/The New York Times

Intelligence officials warned House lawmakers last week that Russia was interfering in the 2020 campaign to try to get President Trump re-elected, five people familiar with the matter said, a disclosure to Congress that angered Mr. Trump, who complained that Democrats would use it against him. The day after the Feb. 13 briefing to lawmakers, the president berated Joseph Maguire, the outgoing acting director of national intelligence, for allowing it to take place, people familiar with the exchange said. Mr. Trump cited the presence in the briefing of Representative Adam B. Schiff, Democrat of California, who led the impeachment proceedings against him, as a particular irritant. During the briefing to the House Intelligence Committee, Mr. Trump’s allies challenged the conclusions, arguing that he had been tough on Russia and strengthened European security. Some intelligence officials viewed the briefing as a tactical error, saying that had the official who delivered the conclusion spoken less pointedly or left it out, they would have avoided angering the Republicans. Though intelligence officials have previously told lawmakers that Russia’s interference campaign was continuing, last week’s briefing did contain what appeared to be new information, including that Russia intended to interfere with the 2020 Democratic primaries as well as the general election.

National: Trump sacks intelligence director after congress is warned Russia wants to see him re-elected | Ellen Nakashima, Shane Harris, Josh Dawsey and Anne Gearan/The Washington Post

A senior US intelligence official told lawmakers last week that Russia wants to see president Donald Trump re-elected, viewing his administration as more favourable to the Kremlin’s interests, according to people who were briefed on the comments. After learning of that analysis, which was provided to House of Representatives lawmakers in a classified hearing, Mr Trump erupted at his acting director of national intelligence, Joseph Maguire, in the Oval Office, perceiving him and his staff as disloyal for speaking to congress about Russia’s perceived preference. The intelligence official’s analysis and Mr Trump’s furious response ruined Mr Maguire’s chances of becoming the permanent intelligence chief, according to people familiar with the matter, who, like others, spoke on the condition of anonymity to discuss a sensitive matter. It was not clear what specific steps, if any, US intelligence officials think Russia may have taken to help Mr Trump, according to the individuals. Mr Trump announced on Wednesday that he was replacing Mr Maguire with a vocal loyalist, Richard Grenell, who is the US ambassador to Germany. The shake-up at the top of the intelligence community is the latest in a post-impeachment purge. Mr Trump has instructed aides to identify and remove officials across the government who aren’t defending his interests, and he wants them replaced with loyalists.

National: Disability rights groups say focus on election security hurting voter accessibility | Maggie Miller/The Hill

Disability rights advocates on Thursday urged election officials to focus on accessibility alongside security for U.S. elections and pushed for more technological solutions that would allow all Americans to cast secure votes. “For people with disabilities, our votes aren’t secure now,” Kelly Buckland, the executive director of the National Council for Independent Living, said at an election accessibility summit hosted by the Election Assistance Commission (EAC) on Thursday. “I believe we could make them more secure through technology that is available today.” After Russian interference in the 2016 presidential elections — which according to U.S. intelligence agencies and former special counsel Robert Mueller involved sweeping disinformation efforts on social media and targeting of vulnerabilities in voter registration systems — election security has become a major topic of debate on the national stage. Concerns around the use of technology in elections were also heightened this month following the use of a new vote tabulation app by the Iowa Democratic Party during the Iowa caucuses. The app malfunctioned due to a “coding issue,” leading to chaos around the final vote tally.  After these incidents, election security experts have advocated for using more paper ballots to ensure no individual or group can hack the votes, and to ensure no glitch can occur.  However, disability groups on Thursday noted that moving to just paper could make it difficult to vote for blind or visually impaired people, those who have difficulty leaving their homes, or those for whom English is not their first language.

National: ElectionGuard could be Microsoft’s most important product in 2020. If it works | Alfred Ng/CNET

Building 83 doesn’t stand out on Microsoft’s massive Redmond, Washington, headquarters. But last week, the nameless structure hosted what might be the software giant’s most important product of 2020. Tucked away in the corner of a meeting room, a sign reading “ElectionGuard” identifies a touchscreen that asks people to cast their votes. An Xbox adaptive controller is connected to it, as are an all-white printer and a white ballot box for paper votes. If you didn’t look carefully, you might have mistaken all that for an array of office supplies. ElectionGuard is open-source voting-machine software that Microsoft announced in May 2019. In Microsoft’s demo, voters make their choices by touchscreen before printing out two copies. A voter is supposed to double-check one copy before placing it into a ballot box to be counted by election workers. The other is a backup record with a QR code the voter can use to check that the vote was counted after polls close. With ElectionGuard, Microsoft isn’t setting out to create an unhackable vote — no one thinks that’s possible — but rather a vote in which hacks would be quickly noticed. The product demo was far quieter than the typical big tech launch. No flashy lights or hordes of company employees cheering their own product, like Microsoft’s dual screen phone, its highly anticipated dual-screen laptop or its new Xbox Series X. And yet, if everything goes right, ElectionGuard could have an impact that lasts well beyond the flashy products in Microsoft’s pipeline.

National: Is technology consistent with electoral integrity? The hard lessons of Iowa | Sarah E. Hunt/Salon

In the modern era, much of American greatness is derived from the conception that the United States maintains the integrity of its elections, thus ensuring the fair representation of its citizens in the halls of government. Such elections brought about the suffragist and civil rights movements, which marked evolutionary tectonic shifts in American democracy that aligned the nation more closely with the ideals set forth in its Constitution. When revolutionary action is called for, our country has the ability and will to better itself and defend its values. The chaos surrounding the 2020 Iowa caucus two weeks ago was a bellwether, heralding another transformational moment. Our willingness to take action will define America’s trajectory. The events unfolding in the heartland of our country are a wake-up call to the entire nation. They highlight the importance of protecting the security and integrity of our electoral system.

National: The Simple Lessons from a Complicated Iowa Caucus | Gowri Ramachandran and Susannah Goodman/Just Security

The very high-profile failure of a new app that was supposed to help report Iowa Caucus results has generated some important lessons. Even though the New Hampshire primary was not plagued by the same kinds of gross technical failures, it would be a mistake to just quickly move on and forget the lessons of the first debacle. As the Nevada Caucus approaches, it’s clear some lessons have been learned, but not all. As is widely known now, the Iowa app technology was designed to help record results from rounds of caucusing and pull together the results from across the state. But the app didn’t work, and results were not delivered, raising questions about not just the technology but the implementation process for the system. Massive frustration and even conspiracy theories ensued. Fortunately, Iowa had paper records and was able to turn to those in the face of the tech failure to help confirm the results. The media, candidates, and the public had to be patient, but without the paper records, results wouldn’t have been just delayed; they would have been impossible to obtain. The first lesson is clear: Anything computerized can fail for a slew of reasons, from hacking to software defects to inadequate training of election workers. This includes tablets, voting machines, ballot scanners, electronic poll books, and apps on phones and tablets.

National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

National: Researchers Find Security Flaws in Voatz Mobile Voting App | Andrea Noble/Route Fifty

A mobile voting app used by West Virginia and several local governments in the 2018 midterm elections contains vulnerabilities that could allow hackers to determine how someone voted or even change their vote, according to a report released Thursday by security researchers. Researchers from the Massachusetts Institute of Technology found the security flaws in the Voatz voting app, which was originally designed as a way for overseas service members to cast ballots. The researchers said their findings underscore prior security recommendations that the internet not be used for voting. “Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” said Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. “Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.” In addition to West Virginia, several local governments, including ones in Washington state, Colorado, Utah and Oregon, have conducted their own pilots with the Voatz system. Additional states are also considering whether to use the app to assist absentee voters in upcoming elections.