Talk to the hand – the current state of the push to count ballots by hand | M. Mindy Moretti/Electionline Weekly

Probably since the inception of the first voting machine, there have been skeptics. However, that skepticism — by and large unfounded — reached a fever pitch in 2020 and has manifested itself in a rise in calls from some factors to count ballots by hand. Elections officials, experts and advocates have all largely come out against the idea of hand-counting ballots other than in limited circumstances. “Machine counting is generally twice as accurate as hand-counting and a much simpler and faster process,” said Stephen Ansolabehere, a professor of government at Harvard University who has conducted research on hand-counts told the Associated Press. In one study in New Hampshire, he found poll workers who counted ballots by hand were off by 8%. The error rate for machine counting runs about 0.5%, Ansolabehere said. Most recently, Verified Voting released a report, Election Night Hand Counts: Realities and Risks. The report notes that claims that election night hand counts are the only way to confirm election outcomes are being used as a tool to spread disinformation about vote counting systems. Read Article

National: Guns and Voting: New report highlights the risks of mixing firearms with voting | Michael Waldman/Brennan Center for Justice

The risk of gun violence in American elections has increased over the past two decades due to shifts in the Supreme Court’s Second Amendment stance and the influence of a pro-gun movement, leading to significant deregulation of guns in some states. This, coupled with growing political polarization, has made voting and elections targets of threats and intimidation. As the 2024 election approaches, 27 states now allow carrying firearms in public without a permit or background check compared to just two in 2010. With more guns and increased political violence, there’s a pressing need for strong laws to mitigate risks. The report suggests prohibiting firearms at polling places, ballot drop boxes, election offices, and ballot counting facilities, along with implementing stronger laws to prevent intimidation of voters, election officials, and workers. Read Article

Voting Blogs: How AI Puts Elections at Risk — And the Needed Safeguards | Mekela Panditharatne and Noah Giansiracusa/Brennan Center for Justice

The Brennan Center highlights the emerging threat of artificial intelligence (AI) in elections and the potential for AI-driven disinformation to undermine democracy. It discusses the recent advancements in generative AI tools, such as deepfake audio and video, that can create convincing content resembling real people and events. These tools could be used to spread disinformation, manipulate public opinion, and undermine trust in the electoral process. The article calls for comprehensive measures to address this threat, including the designation of a lead agency to govern AI issues in elections, development of detection tools for deepfakes and disinformation campaigns, industry regulations, and transparency requirements for AI developers and social media platforms. It emphasizes the need for a coordinated global response to safeguard elections from the risks posed by AI. Read Article

Voting Blogs: The Growing Election Sabotage Movement | Michael Waldman/Brennan Center for Justice

No doubt, Donald Trump’s effort to overturn the 2020 election had absurd elements. (The Four Seasons Total Landscaping press conference? The Kraken?) It culminated, of course, in the deadly chaos of the Capitol insurrection. Now, the more we learn, the more we realize there was a concerted plan to steal the election and upend the results. Next time it won’t be so amateurish. In fact, Trump’s allies are systematically removing obstacles to stealing elections in states across the country. The Brennan Center published a report this week documenting the campaign. Two state legislatures have bestowed upon themselves the power to remove and replace local election officials with partisan operatives. Six states have passed laws threatening election officials with new or heightened criminal penalties. Three states have robbed election officials of the power to properly regulate partisan poll monitors in the polling place. Five states launched phony partisan reviews of last year’s election results led by biased actors who employed inadequate safeguards. To the longstanding problem of vote suppression, add election sabotage. Some state legislators are trying to go even further. How much further? In 2021, lawmakers in seven states — Arizona, Nevada, Missouri, Michigan, Texas, Idaho, and Oklahoma — introduced bills to give elected officials the power to overturn an election. Thankfully, none of those bills passed this time around, but their widespread consideration is itself alarming. The Arizona bill, which is among the most shocking to democratic sensibilities, reads: “The legislature may vote to reject or confirm the preliminary results of the election.” It garnered seven sponsors. Just five years ago, the idea that politicians should have the power to overturn an election would have been unthinkable. Indeed, what is the point of voting if the politicians in power can simply wave away the result?

Full Article: The Growing Election Sabotage Movement | Brennan Center for Justice

Voting Blogs: Juan Gilbert’s Transparent BMD | Andrew Appel/Freedom to Tinker

Princeton’s Center for Information Technology Policy recently hosted a talk by Professor Juan Gilbert of the University of Florida, in which he demonstrated his interesting new invention and presented results from user studies. It’s well known that a voting system must use paper ballots to be trustworthy (at least with any known or foreseeable technology). But how should voters mark their ballots? Hand-marked paper ballots (HMPB) allow voters to fill in ovals with a pen, to be counted by an optical scanner. Ballot-marking devices (BMDs) allow voters to use a touchscreen (or other assistive device) and then print out a ballot card listing the voter’s choices. The biggest problem with BMDs is that most voters don’t check the ballot card carefully, so that if the BMD were hacked and misrepresenting votes on the paper, the voters wouldn’t notice–and even if a few voters did notice, the BMDs would have successfully stolen the votes of many other voters. One scientific study (not in a real election) showed that some process interventions–such as, “remind voters to check their ballots”–might improve the rate at which voters check their ballots. I am skeptical that those kinds of interventions will be consistently applied in thousands of polling places, or that voters will stay vigilant year after year. And even if the rate of checking can be improved from 6.6% to 50%, there’s still no clear remedy that can protect the outcome of the election as a whole. Instead of reminding the voter, Professor Gilbert’s solution is to force them to look directly at the printout, immediately after voting each contest. In this video, at 0:36, see how the voter is asked to touch the screen directly in front of the spot on the paper where the vote was just printed.

Full Article: Juan Gilbert’s Transparent BMD

Voting Blogs: Russia scales up e-voting for key referendum – but misses security issues | Alex Hardy/openDemocracy

The delayed Russian referendum on constitutional reform goes ahead this week as the country emerges from many of the quarantine measures imposed over the past few months to control the spread of the Covid-19 virus. The referendum is being held to amend the Russian constitution, and was unveiled in January. The proposed changes most notably mean that President Putin can legally remain in power until 2036 by making him eligible to stand in a further two Presidential elections, should he wish to do so. Holding a referendum for these changes is not required by law. Such amendments can and have now been authorised by Russia’s regional legislative assemblies. However, the referendum is seen as a show of public legitimacy for these changes. As such, it is important for the authorities that the turnout is seen to be suitably high. Divided opposition movements have been in debate as to whether or not the vote should be boycotted. Meanwhile, the move towards online voting has been presented by the authorities as a move to protect public safety during the Covid-19 pandemic but it also represents an opportunity for the Kremlin to encourage higher voter turnout.

Voting Blogs: Safely opening PDFs received by e-mail (or fax?!) | Andrew Appel/Freedom to Tinker

Many election administrators in U.S. states and counties need to receive and open PDF files from voters. Some of these administrators receive these PDFs as e-mail attachments. These may be filled-out voter registration forms, or even voted ballots from UOCAVA (overseas and military) voters. We all know that malware can lurk in e-mail attachments; how can those election officials protect themselves from being hacked? Internet return of voted ballots is inherently insecure; that’s a separate issue and I’ll discuss it below. For now, how can one safely open a PDF attachment? I discussed this question with Dan Guido, cybersecurity consultant and CEO of trailofbits.com. The safe way to view a PDF is inside the Chrome or Firefox browser. Printing a PDF directly from Chrome (or Firefox) to your printer is reasonably safe. The unsafe way to view a PDF is with your favorite PDF-viewer app such as Adobe Reader. The reason is simple: Google (for Chrome) and Mozilla (for Firefox) have put enormous effort into making their PDF viewers safe, putting them inside a “sandbox” that the hackers can’t get out of — and they’ve largely succeeded.

Voting Blogs: New Jersey agrees No Internet voting in July, vague about November | Andrew Appel/Freedom to Tinker

A formal settlement agreement has been submitted to the NJ Superior Court regarding online ballot access in the 2020 elections. On May 4, 2020,  New Jersey’s Division of Elections was caught trying to adopt vote-by-Internet on the stealth, even though the law forbids it.  That is, not only is Internet voting inherently insecurable, there’s a 2010 Court Order still in effect that says, “computers utilized for election-related duties shall at no time be connected to the Internet.”  That’s based on the New Jersey Superior Court’s finding that “As long as computers, dedicated to handling election matters, are connected to the Internet, the safety and security of our voting systems are in jeopardy,” in the case of Gusciora v. Corzine. Penny Venetis, attorney for the Gusciora plaintiffs, filed a motion (in early May) with the Court, to make the State abandon its plans for online voting, on the basis that receiving ballots e-mailed or uploaded on the Internet clearly violates this order.  The Court ordered the parties to reach a settlement by June 8, or report their separate positions.

Voting Blogs: Democracy Live internet voting: unsurprisingly insecure, and surprisingly insecure | Andrew Appel/Freedom to Tinker

The OmniBallot internet voting system from Democracy Live finds surprising new ways to be insecure, in addition to the usual (severe, fatal) insecurities common to all internet voting systems. There’s a very clear scientific consensus that “the Internet should not be used for the return of marked ballots” because “no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” That’s from the National Academies 2018 consensus study report, consistent with May 2020 recommendations from the U.S. EAC/NIST/FBI/CISA. So it is no surprise that this internet voting system (Washington D.C., 2010) is insecure , and this one (Estonia 2014) is insecure, and that internet voting system is insecure (Australia 2015) , and this one (Sctyl, Switzerland 2019), and that one (Voatz, West Virginia 2020) A new report by Michael Specter (MIT) and Alex Halderman (U. of Michigan) demonstrates that the OmniBallot internet voting system from Democracy Live is fatally insecure. That by itself is not surprising, as “no known technology” could make it secure. What’s surprising is all the unexpected insecurities that Democracy Live crammed into OmniBallot–and the way that Democracy Live skims so much of the voter’s private information.

Voting Blogs: Why Online Voting Isn’t the Answer to Running Elections During Covid-19 | Lawrence Norden/Brennan Center for Justice

There has been growing buzz around the potential for internet voting as states struggle with preparing to conduct safe and fair elections during the Covid-19 pandemic. Companies selling online voting systems promise a “silver bullet” to deal with voting during the pandemic: a new technology that will allow people to vote from their homes, a safe distance from others. Unfortunately, there is no magical solution for running elections during a pandemic. Ensuring voters and election workers can be safe will require money, work, and time. States and localities need substantial resources to ensure they can handle more mail balloting and keep polling places safe. Indeed, given all the other changes election officials and voters are facing this year, there couldn’t be a worse time to try to add a risky, unproven technology like internet voting into our elections, particularly when we know that hostile actors have not given up on disrupting our democracy.

Voting Blogs: It’s Crunch Time for 2020 Election Security: Is Arizona Equipped to Face New Threats? | Kristin Palmason/State of Elections

The Help America Vote Act (HAVA) enacted by Congress in 2012 with overwhelming bipartisan support, provides federal funds to states for the purpose of reforming the administration of elections, including upgrading voting equipment and eliminating punch-card and lever voting machines. As HAVA was enacted in response to the 2000 contested election of Bush v. Gore, which hinged on outdated voting equipment and “hanging chads,”  HAVA funds were intended to streamline internal election processes and updating archaic voting systems. Arizona committed to using the funds to replace punch card voting systems, add touch screen equipment and update voter registration, provisional balloting, and grievance processes. By 2015, approximately $3.3 billion in HAVA funds for election assistance was awarded to states nationwide, with approximately $52.5 million awarded to Arizona.

Voting Blogs: Much ado about mail voting | Gavin Thompson Weise/U.S. Vote Foundation

The Wisconsin primary held earlier this month has shown us that in-person voting right now is impractical, if not downright dangerous. Mail voting, meanwhile, is offering an attractive solution to a very sticky problem – how to complete the 2020 primaries and general election without major health risks. Not surprisingly, academicians, voting advocates, and of course, politicians, have all jumped into the discourse. For voting rights advocates, it is an unprecedented moment to push forward an important agenda issue, an opportunity to expand enfranchisement and improve turnout. Opponents of mail voting have been quick to point out the risks of voter fraud, although with underwhelming evidence. Republican candidates, including President Trump, have expressed concerns about the GOP’s chances if the electorate votes predominantly by mail. But there is again little evidence to support such a claim. According to Richard Hasen, law professor at the University of California – Irvine and author of the Election Law Blog, Republicans and Democrats alike benefit from by mail voting “Republicans have long enjoyed the convenience of vote by mail”, says Hasen. “Heavily Republican Utah uses all mail elections and regularly elects Republican legislators. Voters across the political spectrum like the option of vote by mail.”

Voting Blogs: What are costs of voting by mail? The costs are as varied as the process | M. Mindy Moretti/electionline Weekly

The next time you fly, whenever that may eventually be, if you ask everyone on the flight how much they paid for their ticket, you’ll get a different answer from just about every passenger. The same can be said for how much it costs to conduct an election entirely or mostly by mail. It’s a bit different for every jurisdiction. Election costs are traditionally difficult to gather given the dispersed nature of funding sources — federal dollars, state reimbursements, fees for services, general funds, etc.— as well as the functions across different governmental agencies (in some states). Another obstacle is the way we talk about elections. The same term is used to describe different things (IE “early voting”) so it isn’t as easy as simply comparing election office budgets. “However, if we break it down to the bare materials and functions—those specific to the policy being analyzed, we can get a semblance of understanding of baseline costs,” said Tammy Patrick senior advisor, Elections at the Democracy Fund. Additionally, Patrick noted, the answer sought needs to be specified in order to ask the correct question. For instance, there is a difference between “what does it cost to conduct an all-mail election” and “what costs are specific to an all-mail election”?

Voting Blogs: Ballot-level comparison audits: precinct-count | Andrew Appel/Freedom to Tinker

In my last post I described a particularly efficient kind of risk-limiting audit (RLA) of election results: ballot-level comparison audits, which rely on a unique serial number on every ballot. The serial number should not be preprinted on the ballot where the voter can learn it, otherwise the voter could sell their vote, or be coerced to vote a certain way, and the buyer or coercer could learn the vote from the file of cast-vote records (CVRs). The solution, when central-count optical scan (CCOS) is used, is that the central-count optical-scan voting machine can print the serial number onto the ballot, as it scans and counts the ballot. But many jurisdictions use precinct-count optical scan (PCOS): the voter marks a ballot, and feeds it directly into the PCOS voting machine, where it is scanned, counted, and preserved in a ballot box. This has three advantages over CCOS: PCOS machines can alert the voter about overvotes, undervotes, or blank ballots, which gives the voter a chance to correct their ballot. PCOS tabulations are ready immediately at the close of the polls, which gives faster election-night reporting. PCOS tabulations give an additional safeguard against low-tech paper-ballot tampering: if the hand-to-eye recount of this batch does not match the results claimed by the optical-scanner, then one of them is wrong. The paper ballots themselves are the presumed ballot of record; State statutes should say that in case of disagreement we trust the paper by default, not the (possibly hacked or buggy) computers; but even so, a disagreement is important evidence of possible tampering that could be worth a forensic investigation. We don’t get this safeguard with central-count scanning of precinct-marked ballots. But PCOS machines are not equipped with serial-number printers. Why is that? It would be straightforward to add one to a standard PCOS design, and it wouldn’t much affect the price of the product (so I’ve been told by the vice president of a major voting-machine company). The reason is not that the vendors can’t or won’t make the product; it’s that PCOS-ballot serial numbers are not so straightforward to use in RLAs.

Voting Blogs: Ballot-level comparison audits: central-count | Andrew Appel/Freedom to Tinker

All voting machines these days are computers, and any voting machine that is a computer can be hacked to cheat. The widely accepted solution is to use voting machines to count paper ballots, and do Risk-Limiting Audits: random-sample inspections of those paper ballots to ensure (with a guaranteed level of assurance) that the election outcome claimed by the computers is the same as you’d get by an accurate count of the votes actually marked on the paper ballots. An RLA is any statistical/logistical method that guarantees a quantifiable risk limit. Most RLA methods are much more efficient than a full recount, but some RLA methods are more efficient than others, especially in close elections: the closer the margin of victory, the more ballots you have to random-sample to guarantee the risk limit. One simple method, the Ballot Polling Audit, randomly samples individual ballots from among all the batches of ballots in the entire election, and (by human inspection of the paper ballot) counts how many are for each candidate. If you sample enough ballots, and that “poll” comes out the same way as the outcome claimed by the voting machines, then you get real assurance. (If the “poll” doesn’t come out the same way, you can do a bigger poll or a full hand recount.)

Voting Blogs: Counties in North Carolina Gamble on New Voting Machines | Margaret Lowry/State of Elections

Super Tuesday is tomorrow and voters in North Carolina might use new voting machines. Since the 2018 election, several counties in North Carolina have had to make a critical decision for their voters–what voting machines should they purchase? A shortened timetable and heightened concern about election security have made for a contentious process. A 2013 bill required all voting systems in the state to produce a paper ballot, and set a schedule to decertify existing machines that did not meet the requirement. Originally, the bill set the decertification date as January 1, 2018, but subsequent legislation in 2015 and 2018 pushed the deadline to December 1, 2019. About one-third of the counties in North Carolina have Direct Record Electronic (DRE) voting systems that will need to be replaced by the decertification date. DREs are paperless. Voters use a touchscreen to select their choice, and the machine then stores and tabulates that choice electronically.

Voting Blogs: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice

America’s intelligence agencies have unanimously concluded that the risk of cyberattacks on election infrastructure is clear and present — and likely to grow. 1 While officials have long strengthened election security by creating resiliency plans, 2 the evolving nature of cyber threats makes it critical that they constantly work to improve their preparedness. It is not possible to build an election system that is 100 percent secure against technology failures and cyberattacks, but effective resiliency plans nonetheless ensure that eligible voters are able to exercise their right to vote and have their votes accurately counted. This document seeks to assist officials as they revise and expand their plans to counter cybersecurity risks. Many state and local election jurisdictions are implementing paper-based voting equipment, risk-limiting audits, and other crucial preventive measures to improve overall election security. In the months remaining before the election, it is at least as important to ensure that adequate preparations are made to enable quick and effective recovery from an attack if prevention efforts are unsuccessful. While existing plans often focus on how to respond to physical or structural failures, these recommendations spotlight how to prevent and recover from technological errors, failures, and attacks. Advocates and policymakers working to ensure that election offices are prepared to manage technology issues should review these steps and discuss them with local and state election officials.

Voting Blogs: Election experts warn against RFID-based voting systems | e-lected blog

A voting system which uses Radio Frequency Identification (RFID) technology to store electronic votes has been under scrutiny after election experts questioned its capacity to safeguard the integrity of election data. Though the voting system had been tested in a few Argentine jurisdictions, academics from around the world had not had a real chance to analyze it in detail until authorities from the Democratic Republic of Congo decided to use a similar system for the long-delayed elections of December, 2018. The decision to automate the controversial elections using an untested system drew criticism from U.S. diplomats. According to experts from The Sentry, it is possible to manipulate the information the RFID chip contains, since the use of this unique identifier technology and radio communications give off signals that can be easily detected at distances greater than expected. Experts recommend election officials to refrain from implementing this type of technology.  RFID technology is well known for its usefulness in tracking inventories, but its use extends to other industries, from bookstores and apparel to health and transportation. The main benefit of having RFIDs is that it allows quick communication with remote sensors. Nonetheless, however useful RFID may be for certain industries, elections are an entirely different ballgame. The capacity to allow remote sensors to read the information it contains opens the door for bad actors to hack the votes.

Voting Blogs: U.S. Elections Are Still Vulnerable to Foreign Hacking | Tim Lau/Brennan Center for Justice

Election officials warn that the time is running out for Congress to bolster security before the 2020 race. The warnings follow a recent statement from a senior U.S. intelligence official confirming that Russia, China, and Iran are attempting to manipulate public opinion ahead of the 2020 elections. And earlier this year, the Department of Homeland Security and the FBI reported that Russian hacking efforts in 2016 were more extensive than originally understood, targeting elections in all 50 states. Congress took a major step last year toward helping states boost their election security efforts by approving $380 million in grant funds through the Help America Vote Act (HAVA). States have started to put that funding to work and are expected to spend 85 percent of that money by the 2020 election, much of it on cybersecurity, updated voting equipment, and election audits, according to estimates by the Elections Assistance Commission (EAC). But despite those efforts, many election security projects at the state level remain unfunded or underfunded, as outlined in Defending Elections, a new paper authored by a bipartisan group of organizations including the Brennan Center, the Alliance for Securing Democracy, R Street Institute, and the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Defending Elections provides case studies from six states analyzing how they allocated their HAVA grants and the outstanding needs for additional election security funding. “State and local election officials need support from the federal government,” said Liz Howard, who is a counsel in the Brennan Center’s Democracy Program, was the former deputy commissioner for the Virginia Department of Elections, and co-authored the Defending Elections report. “They are on the front lines, yet many, especially those in rural localities, simply lack the resources to implement additional election security projects to further strengthen our election infrastructure.”

Voting Blogs: Stewards of Democracy: The Views of American Local Election Officials | Natalie Adona/Democracy Fund

Local elections officials (LEOs) are the stewards of our democracy, but oftentimes they are left out of important conversations about the future of our elections nationwide. The LEOs from our survey are the chief elections officers in their local jurisdictions. Not to be confused with poll workers, the LEOs surveyed in our new report oversee local election processes and are responsible for ensuring the voting process is fair, free, and secure. Among their many responsibilities, LEOs execute the election laws in their state, make decisions that define the voter experience, and train the permanent and temporary employees that interact with the electorate. It might be hard to imagine but (depending on how you count) between 7,000-10,000 local election officials manage the front line of elections in the United States. Despite their recognition as the people who run elections, LEOs are often left out of national conversations about reform and may not have a seat at the table when important policy decisions are made at the local, state, or federal levels—decisions that they alone will ultimately implement.

Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker

Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.

In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.

What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate.  This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.

That’s what it is, but how do you do it?  RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper.  It’s an administrative process as much as it is an algorithm.

In 2018, RLAs were performed by the state of Colorado.  In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia.  From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.

Voting Blogs: Florida is the Florida of ballot-design mistakes | Andrew Appel/Freedom to Tinker

This article was originally posted at Freedom to Tinker on November 14, 2018.

Well designed ballot layouts allow voters to make their intentions clear; badly designed ballots invite voters to make mistakes.  This year, the Florida Senate race may be decided by a misleading ballot layout—a layout that violated the ballot design recommendations of the Election Assistance Commission. In Miami, Florida in the year 2000, the badly designed “butterfly ballot” misled over 2000 voters who intended to vote for Al Gore, to throw away their vote.  (That’s a strong statement, but it’s backed up by peer-reviewed scientific analysis.) In Sarasota, Florida in the year 2006, in a Congressional race decided by 369 votes, over 18,000 voters failed to vote in that race, almost certainly because of a badly designed touch-screen ballot layout. In Broward County, Florida in the year 2018, it appears that a bad optical-scan ballot design caused over 26,000 voters to miss voting in the Senate race, where the margin of victory (as of this writing, not yet final) is 12,562 votes.

Voting Blogs: Counting Ballots Pursuant to Law is Not Stealing an Election | Steven F. Huefner /Election Law @ Moritz

It has been less than 72 hours since polls closed on the 2018 congressional midterm elections, and for candidates and their supporters who do not yet know the outcome of close contests, patience – not unsubstantiated or false allegations of election rigging – MUST be the order of the day. As any close observer of U.S. elections knows, once the polls close each state then conducts a carefully structured process of tallying the votes. Critically, as any close observer also knows, the Election Night “results” are not only unofficial, they are also still entirely preliminary and will almost inevitably change, perhaps considerably. With the dramatic rise in the use of mail-in absentee voting over the past decade, election officials increasingly must deal after Election Day with a significant volume of paper ballots that have arrived around Election Day (each state sets its own rules for when the ballots must arrive). Meanwhile, provisional ballots also require individual review and processing after Election Day. These post-election processes are not some mere afterthought; rather, they are critical components of determining the official election outcome, and they must be respected as essential to the overall integrity of the election.

Voting Blogs: This Software is Exposing State Election Servers to Intruders | Democracy Chronicles

A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries. As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.

Voting Blogs: Ten ways to make voting machines cheat with plausible deniability | Andrew Appel/Freedom to Tinker

Voting machines can be hacked; risk-limiting audits of paper ballots can detect incorrect outcomes, whether from hacked voting machines or programming inaccuracies; recounts of paper ballots can correct those outcomes; but some methods for producing paper ballots are more auditable and recountable than others.

A now-standard principle of computer-counted public elections is, use a voter-verified paper ballot, so that in case the voting machine cheats in counting the votes, the human doing an audit or recount can see the paper that the voter marked.  Why would the voting machine cheat?  Well, they’re computers, and any computer may have security vulnerabilities that permits an attacker to modify or replace its software.  We must presume that any voting machine might, at any time, be under the complete control of an attacker, an election thief.

Voting Blogs: CEIR voter registration database security report: Survey finds most states adopted best cybersecurity practices since ‘16 | electionlineWeekly

The Center for Election Innovation and Research (CEIR) has released a new report based on a survey of 26 states conducted between June and July of 2018 to assess the current state of security around voter registration databases (VRDBs). The survey results, released ahead of National Voter Registration Day, show that immense progress has been made in securing voter registration databases since 2016, though significant room for improvement remains for states to strengthen their defenses against hacking attempts. Voter registration databases have been a central focus of conversations around election security since the 2016 presidential election when several voter registration databases were scanned and at least one infiltrated by Russian operatives.

Voting Blogs: Creating a culture of proactive security: Colorado’s EPIC TTX prepares for almost any scenario | electionlineWeekly

There was a fire, a tornado, and the heating system went down in the ballot-tabulation room. There was fake news on social media and real news media in the room. Polls opened late and stayed open late. The state voter registration database went down. Tabulation machines failed to tabulate. There were concerned citizens and advocates demanding to know what was happening. And then there was Olga from Sputnik News who seemed overly curious about everything. Those were just some of the scenarios and situations faced by Colorado county elections officials and staff participating in the secretary of state’s EPIC table top exercise last week in Englewood.

Voting Blogs: Federal Court Expedites Motion to Compel Georgia to Use Paper Ballots for 2018 Midterm Elections | The Brad Blog

Plaintiffs in a Georgia lawsuit seeking to force the state to move to a hand-marked paper ballot system in time for this year’s midterm elections, promise to produce expert testimony to the court, demonstrating that “Georgia’s voting system is a catastrophically open invitation to malicious actors intent on disrupting our democracy.” The Coalition for Good Governanceand a group of multi-partisan individual plaintiffs filed a motion [PDF]  on July 31, seeking a preliminary injunction in the federal case, to prevent Georgia from conducting this year’s midterms on the state’s notorious Diebold AccuVote TS (touchscreen) Direct Recording Electronic (DRE) voting machines. Instead, plaintiffs seek an order that Georgia’s election officials utilize, for in-person voting, the same already-certified, Diebold paper ballot-based optical-scan system currently used for tabulation of the Peach State’s absentee ballots.

Voting Blogs: Lawsuit Seeks Public Info About Controversial Voting Purge Letter | Brennan Center for Justice

The Brennan Center for Justice at NYU School of Law is suing the Justice Department today for refusing to turn over documents related to a controversial letter DOJ sent last year, which sought detailed information about how states maintain their voter rolls. Voting rights groups are concerned that it could be a prelude to pressuring states to engage in aggressive voter purges — the often-flawed process of deleting names from voter registration lists. “The public has a right to know why the Justice Department sent this letter, and what information it received from states in response,” said Jonathan Brater, counsel in the Brennan Center’s Democracy Program. “The Justice Department should be fighting to protect the voting rights of all Americans. We are concerned, though, that this letter may be part of a broader effort to undermine those rights, and we are going to court to find out.”

Voting Blogs: Time Running Out to Secure Against 2018 Election Cyberattacks | Democracy Chronicles

In a wide-ranging set of indictments handed down on July 13, 2018, the U.S. Department of Justice (DOJ) charged 12 Russian intelligence officers with brazenly attacking U.S. election infrastructure during the 2016 presidential election. On that same day, Director of National Intelligence Dan Coats sounded the alarm that Russia is continuing its cyberattacks on the United States, ominously stating that “the warning lights are blinking red again,” just as they were before the terrorist attacks of 9/11. Coats went on to say that the nation’s election systems and other digital infrastructure are “literally under attack.” Yet, in the face of overwhelming evidence, for more than a year-and-a-half, President Donald Trump has cast doubt on these consistent warnings. It now is incumbent on Congress, key members of the administration, state and local officials, and other stakeholders to take aggressive steps within their respective purviews to secure our election infrastructure.