Voting Blogs: Russia scales up e-voting for key referendum – but misses security issues | Alex Hardy/openDemocracy

The delayed Russian referendum on constitutional reform goes ahead this week as the country emerges from many of the quarantine measures imposed over the past few months to control the spread of the Covid-19 virus. The referendum is being held to amend the Russian constitution, and was unveiled in January. The proposed changes most notably mean that President Putin can legally remain in power until 2036 by making him eligible to stand in a further two Presidential elections, should he wish to do so. Holding a referendum for these changes is not required by law. Such amendments can and have now been authorised by Russia’s regional legislative assemblies. However, the referendum is seen as a show of public legitimacy for these changes. As such, it is important for the authorities that the turnout is seen to be suitably high. Divided opposition movements have been in debate as to whether or not the vote should be boycotted. Meanwhile, the move towards online voting has been presented by the authorities as a move to protect public safety during the Covid-19 pandemic but it also represents an opportunity for the Kremlin to encourage higher voter turnout.

Voting Blogs: Safely opening PDFs received by e-mail (or fax?!) | Andrew Appel/Freedom to Tinker

Many election administrators in U.S. states and counties need to receive and open PDF files from voters. Some of these administrators receive these PDFs as e-mail attachments. These may be filled-out voter registration forms, or even voted ballots from UOCAVA (overseas and military) voters. We all know that malware can lurk in e-mail attachments; how can those election officials protect themselves from being hacked? Internet return of voted ballots is inherently insecure; that’s a separate issue and I’ll discuss it below. For now, how can one safely open a PDF attachment? I discussed this question with Dan Guido, cybersecurity consultant and CEO of trailofbits.com. The safe way to view a PDF is inside the Chrome or Firefox browser. Printing a PDF directly from Chrome (or Firefox) to your printer is reasonably safe. The unsafe way to view a PDF is with your favorite PDF-viewer app such as Adobe Reader. The reason is simple: Google (for Chrome) and Mozilla (for Firefox) have put enormous effort into making their PDF viewers safe, putting them inside a “sandbox” that the hackers can’t get out of — and they’ve largely succeeded.

Voting Blogs: New Jersey agrees No Internet voting in July, vague about November | Andrew Appel/Freedom to Tinker

A formal settlement agreement has been submitted to the NJ Superior Court regarding online ballot access in the 2020 elections. On May 4, 2020,  New Jersey’s Division of Elections was caught trying to adopt vote-by-Internet on the stealth, even though the law forbids it.  That is, not only is Internet voting inherently insecurable, there’s a 2010 Court Order still in effect that says, “computers utilized for election-related duties shall at no time be connected to the Internet.”  That’s based on the New Jersey Superior Court’s finding that “As long as computers, dedicated to handling election matters, are connected to the Internet, the safety and security of our voting systems are in jeopardy,” in the case of Gusciora v. Corzine. Penny Venetis, attorney for the Gusciora plaintiffs, filed a motion (in early May) with the Court, to make the State abandon its plans for online voting, on the basis that receiving ballots e-mailed or uploaded on the Internet clearly violates this order.  The Court ordered the parties to reach a settlement by June 8, or report their separate positions.

Voting Blogs: Democracy Live internet voting: unsurprisingly insecure, and surprisingly insecure | Andrew Appel/Freedom to Tinker

The OmniBallot internet voting system from Democracy Live finds surprising new ways to be insecure, in addition to the usual (severe, fatal) insecurities common to all internet voting systems. There’s a very clear scientific consensus that “the Internet should not be used for the return of marked ballots” because “no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” That’s from the National Academies 2018 consensus study report, consistent with May 2020 recommendations from the U.S. EAC/NIST/FBI/CISA. So it is no surprise that this internet voting system (Washington D.C., 2010) is insecure , and this one (Estonia 2014) is insecure, and that internet voting system is insecure (Australia 2015) , and this one (Sctyl, Switzerland 2019), and that one (Voatz, West Virginia 2020) A new report by Michael Specter (MIT) and Alex Halderman (U. of Michigan) demonstrates that the OmniBallot internet voting system from Democracy Live is fatally insecure. That by itself is not surprising, as “no known technology” could make it secure. What’s surprising is all the unexpected insecurities that Democracy Live crammed into OmniBallot–and the way that Democracy Live skims so much of the voter’s private information.

Voting Blogs: Why Online Voting Isn’t the Answer to Running Elections During Covid-19 | Lawrence Norden/Brennan Center for Justice

There has been growing buzz around the potential for internet voting as states struggle with preparing to conduct safe and fair elections during the Covid-19 pandemic. Companies selling online voting systems promise a “silver bullet” to deal with voting during the pandemic: a new technology that will allow people to vote from their homes, a safe distance from others. Unfortunately, there is no magical solution for running elections during a pandemic. Ensuring voters and election workers can be safe will require money, work, and time. States and localities need substantial resources to ensure they can handle more mail balloting and keep polling places safe. Indeed, given all the other changes election officials and voters are facing this year, there couldn’t be a worse time to try to add a risky, unproven technology like internet voting into our elections, particularly when we know that hostile actors have not given up on disrupting our democracy.

Voting Blogs: It’s Crunch Time for 2020 Election Security: Is Arizona Equipped to Face New Threats? | Kristin Palmason/State of Elections

The Help America Vote Act (HAVA) enacted by Congress in 2012 with overwhelming bipartisan support, provides federal funds to states for the purpose of reforming the administration of elections, including upgrading voting equipment and eliminating punch-card and lever voting machines. As HAVA was enacted in response to the 2000 contested election of Bush v. Gore, which hinged on outdated voting equipment and “hanging chads,”  HAVA funds were intended to streamline internal election processes and updating archaic voting systems. Arizona committed to using the funds to replace punch card voting systems, add touch screen equipment and update voter registration, provisional balloting, and grievance processes. By 2015, approximately $3.3 billion in HAVA funds for election assistance was awarded to states nationwide, with approximately $52.5 million awarded to Arizona.

Voting Blogs: Much ado about mail voting | Gavin Thompson Weise/U.S. Vote Foundation

The Wisconsin primary held earlier this month has shown us that in-person voting right now is impractical, if not downright dangerous. Mail voting, meanwhile, is offering an attractive solution to a very sticky problem – how to complete the 2020 primaries and general election without major health risks. Not surprisingly, academicians, voting advocates, and of course, politicians, have all jumped into the discourse. For voting rights advocates, it is an unprecedented moment to push forward an important agenda issue, an opportunity to expand enfranchisement and improve turnout. Opponents of mail voting have been quick to point out the risks of voter fraud, although with underwhelming evidence. Republican candidates, including President Trump, have expressed concerns about the GOP’s chances if the electorate votes predominantly by mail. But there is again little evidence to support such a claim. According to Richard Hasen, law professor at the University of California – Irvine and author of the Election Law Blog, Republicans and Democrats alike benefit from by mail voting “Republicans have long enjoyed the convenience of vote by mail”, says Hasen. “Heavily Republican Utah uses all mail elections and regularly elects Republican legislators. Voters across the political spectrum like the option of vote by mail.”

Voting Blogs: What are costs of voting by mail? The costs are as varied as the process | M. Mindy Moretti/electionline Weekly

The next time you fly, whenever that may eventually be, if you ask everyone on the flight how much they paid for their ticket, you’ll get a different answer from just about every passenger. The same can be said for how much it costs to conduct an election entirely or mostly by mail. It’s a bit different for every jurisdiction. Election costs are traditionally difficult to gather given the dispersed nature of funding sources — federal dollars, state reimbursements, fees for services, general funds, etc.— as well as the functions across different governmental agencies (in some states). Another obstacle is the way we talk about elections. The same term is used to describe different things (IE “early voting”) so it isn’t as easy as simply comparing election office budgets. “However, if we break it down to the bare materials and functions—those specific to the policy being analyzed, we can get a semblance of understanding of baseline costs,” said Tammy Patrick senior advisor, Elections at the Democracy Fund. Additionally, Patrick noted, the answer sought needs to be specified in order to ask the correct question. For instance, there is a difference between “what does it cost to conduct an all-mail election” and “what costs are specific to an all-mail election”?

Voting Blogs: Ballot-level comparison audits: precinct-count | Andrew Appel/Freedom to Tinker

In my last post I described a particularly efficient kind of risk-limiting audit (RLA) of election results: ballot-level comparison audits, which rely on a unique serial number on every ballot. The serial number should not be preprinted on the ballot where the voter can learn it, otherwise the voter could sell their vote, or be coerced to vote a certain way, and the buyer or coercer could learn the vote from the file of cast-vote records (CVRs). The solution, when central-count optical scan (CCOS) is used, is that the central-count optical-scan voting machine can print the serial number onto the ballot, as it scans and counts the ballot. But many jurisdictions use precinct-count optical scan (PCOS): the voter marks a ballot, and feeds it directly into the PCOS voting machine, where it is scanned, counted, and preserved in a ballot box. This has three advantages over CCOS: PCOS machines can alert the voter about overvotes, undervotes, or blank ballots, which gives the voter a chance to correct their ballot. PCOS tabulations are ready immediately at the close of the polls, which gives faster election-night reporting. PCOS tabulations give an additional safeguard against low-tech paper-ballot tampering: if the hand-to-eye recount of this batch does not match the results claimed by the optical-scanner, then one of them is wrong. The paper ballots themselves are the presumed ballot of record; State statutes should say that in case of disagreement we trust the paper by default, not the (possibly hacked or buggy) computers; but even so, a disagreement is important evidence of possible tampering that could be worth a forensic investigation. We don’t get this safeguard with central-count scanning of precinct-marked ballots. But PCOS machines are not equipped with serial-number printers. Why is that? It would be straightforward to add one to a standard PCOS design, and it wouldn’t much affect the price of the product (so I’ve been told by the vice president of a major voting-machine company). The reason is not that the vendors can’t or won’t make the product; it’s that PCOS-ballot serial numbers are not so straightforward to use in RLAs.

Voting Blogs: Ballot-level comparison audits: central-count | Andrew Appel/Freedom to Tinker

All voting machines these days are computers, and any voting machine that is a computer can be hacked to cheat. The widely accepted solution is to use voting machines to count paper ballots, and do Risk-Limiting Audits: random-sample inspections of those paper ballots to ensure (with a guaranteed level of assurance) that the election outcome claimed by the computers is the same as you’d get by an accurate count of the votes actually marked on the paper ballots. An RLA is any statistical/logistical method that guarantees a quantifiable risk limit. Most RLA methods are much more efficient than a full recount, but some RLA methods are more efficient than others, especially in close elections: the closer the margin of victory, the more ballots you have to random-sample to guarantee the risk limit. One simple method, the Ballot Polling Audit, randomly samples individual ballots from among all the batches of ballots in the entire election, and (by human inspection of the paper ballot) counts how many are for each candidate. If you sample enough ballots, and that “poll” comes out the same way as the outcome claimed by the voting machines, then you get real assurance. (If the “poll” doesn’t come out the same way, you can do a bigger poll or a full hand recount.)

Voting Blogs: Counties in North Carolina Gamble on New Voting Machines | Margaret Lowry/State of Elections

Super Tuesday is tomorrow and voters in North Carolina might use new voting machines. Since the 2018 election, several counties in North Carolina have had to make a critical decision for their voters–what voting machines should they purchase? A shortened timetable and heightened concern about election security have made for a contentious process. A 2013 bill required all voting systems in the state to produce a paper ballot, and set a schedule to decertify existing machines that did not meet the requirement. Originally, the bill set the decertification date as January 1, 2018, but subsequent legislation in 2015 and 2018 pushed the deadline to December 1, 2019. About one-third of the counties in North Carolina have Direct Record Electronic (DRE) voting systems that will need to be replaced by the decertification date. DREs are paperless. Voters use a touchscreen to select their choice, and the machine then stores and tabulates that choice electronically.

Voting Blogs: Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials | Brennan Center for Justice

America’s intelligence agencies have unanimously concluded that the risk of cyberattacks on election infrastructure is clear and present — and likely to grow. 1 While officials have long strengthened election security by creating resiliency plans, 2 the evolving nature of cyber threats makes it critical that they constantly work to improve their preparedness. It is not possible to build an election system that is 100 percent secure against technology failures and cyberattacks, but effective resiliency plans nonetheless ensure that eligible voters are able to exercise their right to vote and have their votes accurately counted. This document seeks to assist officials as they revise and expand their plans to counter cybersecurity risks. Many state and local election jurisdictions are implementing paper-based voting equipment, risk-limiting audits, and other crucial preventive measures to improve overall election security. In the months remaining before the election, it is at least as important to ensure that adequate preparations are made to enable quick and effective recovery from an attack if prevention efforts are unsuccessful. While existing plans often focus on how to respond to physical or structural failures, these recommendations spotlight how to prevent and recover from technological errors, failures, and attacks. Advocates and policymakers working to ensure that election offices are prepared to manage technology issues should review these steps and discuss them with local and state election officials.

Voting Blogs: Election experts warn against RFID-based voting systems | e-lected blog

A voting system which uses Radio Frequency Identification (RFID) technology to store electronic votes has been under scrutiny after election experts questioned its capacity to safeguard the integrity of election data. Though the voting system had been tested in a few Argentine jurisdictions, academics from around the world had not had a real chance to analyze it in detail until authorities from the Democratic Republic of Congo decided to use a similar system for the long-delayed elections of December, 2018. The decision to automate the controversial elections using an untested system drew criticism from U.S. diplomats. According to experts from The Sentry, it is possible to manipulate the information the RFID chip contains, since the use of this unique identifier technology and radio communications give off signals that can be easily detected at distances greater than expected. Experts recommend election officials to refrain from implementing this type of technology.  RFID technology is well known for its usefulness in tracking inventories, but its use extends to other industries, from bookstores and apparel to health and transportation. The main benefit of having RFIDs is that it allows quick communication with remote sensors. Nonetheless, however useful RFID may be for certain industries, elections are an entirely different ballgame. The capacity to allow remote sensors to read the information it contains opens the door for bad actors to hack the votes.

Voting Blogs: U.S. Elections Are Still Vulnerable to Foreign Hacking | Tim Lau/Brennan Center for Justice

Election officials warn that the time is running out for Congress to bolster security before the 2020 race. The warnings follow a recent statement from a senior U.S. intelligence official confirming that Russia, China, and Iran are attempting to manipulate public opinion ahead of the 2020 elections. And earlier this year, the Department of Homeland Security and the FBI reported that Russian hacking efforts in 2016 were more extensive than originally understood, targeting elections in all 50 states. Congress took a major step last year toward helping states boost their election security efforts by approving $380 million in grant funds through the Help America Vote Act (HAVA). States have started to put that funding to work and are expected to spend 85 percent of that money by the 2020 election, much of it on cybersecurity, updated voting equipment, and election audits, according to estimates by the Elections Assistance Commission (EAC). But despite those efforts, many election security projects at the state level remain unfunded or underfunded, as outlined in Defending Elections, a new paper authored by a bipartisan group of organizations including the Brennan Center, the Alliance for Securing Democracy, R Street Institute, and the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Defending Elections provides case studies from six states analyzing how they allocated their HAVA grants and the outstanding needs for additional election security funding. “State and local election officials need support from the federal government,” said Liz Howard, who is a counsel in the Brennan Center’s Democracy Program, was the former deputy commissioner for the Virginia Department of Elections, and co-authored the Defending Elections report. “They are on the front lines, yet many, especially those in rural localities, simply lack the resources to implement additional election security projects to further strengthen our election infrastructure.”

Voting Blogs: Stewards of Democracy: The Views of American Local Election Officials | Natalie Adona/Democracy Fund

Local elections officials (LEOs) are the stewards of our democracy, but oftentimes they are left out of important conversations about the future of our elections nationwide. The LEOs from our survey are the chief elections officers in their local jurisdictions. Not to be confused with poll workers, the LEOs surveyed in our new report oversee local election processes and are responsible for ensuring the voting process is fair, free, and secure. Among their many responsibilities, LEOs execute the election laws in their state, make decisions that define the voter experience, and train the permanent and temporary employees that interact with the electorate. It might be hard to imagine but (depending on how you count) between 7,000-10,000 local election officials manage the front line of elections in the United States. Despite their recognition as the people who run elections, LEOs are often left out of national conversations about reform and may not have a seat at the table when important policy decisions are made at the local, state, or federal levels—decisions that they alone will ultimately implement.

Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker

Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.

In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.

What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate.  This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.

That’s what it is, but how do you do it?  RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper.  It’s an administrative process as much as it is an algorithm.

In 2018, RLAs were performed by the state of Colorado.  In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia.  From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.

Voting Blogs: Florida is the Florida of ballot-design mistakes | Andrew Appel/Freedom to Tinker

This article was originally posted at Freedom to Tinker on November 14, 2018.

Well designed ballot layouts allow voters to make their intentions clear; badly designed ballots invite voters to make mistakes.  This year, the Florida Senate race may be decided by a misleading ballot layout—a layout that violated the ballot design recommendations of the Election Assistance Commission. In Miami, Florida in the year 2000, the badly designed “butterfly ballot” misled over 2000 voters who intended to vote for Al Gore, to throw away their vote.  (That’s a strong statement, but it’s backed up by peer-reviewed scientific analysis.) In Sarasota, Florida in the year 2006, in a Congressional race decided by 369 votes, over 18,000 voters failed to vote in that race, almost certainly because of a badly designed touch-screen ballot layout. In Broward County, Florida in the year 2018, it appears that a bad optical-scan ballot design caused over 26,000 voters to miss voting in the Senate race, where the margin of victory (as of this writing, not yet final) is 12,562 votes.

Voting Blogs: Counting Ballots Pursuant to Law is Not Stealing an Election | Steven F. Huefner /Election Law @ Moritz

It has been less than 72 hours since polls closed on the 2018 congressional midterm elections, and for candidates and their supporters who do not yet know the outcome of close contests, patience – not unsubstantiated or false allegations of election rigging – MUST be the order of the day. As any close observer of U.S. elections knows, once the polls close each state then conducts a carefully structured process of tallying the votes. Critically, as any close observer also knows, the Election Night “results” are not only unofficial, they are also still entirely preliminary and will almost inevitably change, perhaps considerably. With the dramatic rise in the use of mail-in absentee voting over the past decade, election officials increasingly must deal after Election Day with a significant volume of paper ballots that have arrived around Election Day (each state sets its own rules for when the ballots must arrive). Meanwhile, provisional ballots also require individual review and processing after Election Day. These post-election processes are not some mere afterthought; rather, they are critical components of determining the official election outcome, and they must be respected as essential to the overall integrity of the election.

Voting Blogs: This Software is Exposing State Election Servers to Intruders | Democracy Chronicles

A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries. As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.

Voting Blogs: Ten ways to make voting machines cheat with plausible deniability | Andrew Appel/Freedom to Tinker

Voting machines can be hacked; risk-limiting audits of paper ballots can detect incorrect outcomes, whether from hacked voting machines or programming inaccuracies; recounts of paper ballots can correct those outcomes; but some methods for producing paper ballots are more auditable and recountable than others.

A now-standard principle of computer-counted public elections is, use a voter-verified paper ballot, so that in case the voting machine cheats in counting the votes, the human doing an audit or recount can see the paper that the voter marked.  Why would the voting machine cheat?  Well, they’re computers, and any computer may have security vulnerabilities that permits an attacker to modify or replace its software.  We must presume that any voting machine might, at any time, be under the complete control of an attacker, an election thief.

Voting Blogs: CEIR voter registration database security report: Survey finds most states adopted best cybersecurity practices since ‘16 | electionlineWeekly

The Center for Election Innovation and Research (CEIR) has released a new report based on a survey of 26 states conducted between June and July of 2018 to assess the current state of security around voter registration databases (VRDBs). The survey results, released ahead of National Voter Registration Day, show that immense progress has been made in securing voter registration databases since 2016, though significant room for improvement remains for states to strengthen their defenses against hacking attempts. Voter registration databases have been a central focus of conversations around election security since the 2016 presidential election when several voter registration databases were scanned and at least one infiltrated by Russian operatives.

Voting Blogs: Creating a culture of proactive security: Colorado’s EPIC TTX prepares for almost any scenario | electionlineWeekly

There was a fire, a tornado, and the heating system went down in the ballot-tabulation room. There was fake news on social media and real news media in the room. Polls opened late and stayed open late. The state voter registration database went down. Tabulation machines failed to tabulate. There were concerned citizens and advocates demanding to know what was happening. And then there was Olga from Sputnik News who seemed overly curious about everything. Those were just some of the scenarios and situations faced by Colorado county elections officials and staff participating in the secretary of state’s EPIC table top exercise last week in Englewood.

Voting Blogs: Federal Court Expedites Motion to Compel Georgia to Use Paper Ballots for 2018 Midterm Elections | The Brad Blog

Plaintiffs in a Georgia lawsuit seeking to force the state to move to a hand-marked paper ballot system in time for this year’s midterm elections, promise to produce expert testimony to the court, demonstrating that “Georgia’s voting system is a catastrophically open invitation to malicious actors intent on disrupting our democracy.” The Coalition for Good Governanceand a group of multi-partisan individual plaintiffs filed a motion [PDF]  on July 31, seeking a preliminary injunction in the federal case, to prevent Georgia from conducting this year’s midterms on the state’s notorious Diebold AccuVote TS (touchscreen) Direct Recording Electronic (DRE) voting machines. Instead, plaintiffs seek an order that Georgia’s election officials utilize, for in-person voting, the same already-certified, Diebold paper ballot-based optical-scan system currently used for tabulation of the Peach State’s absentee ballots.

Voting Blogs: Lawsuit Seeks Public Info About Controversial Voting Purge Letter | Brennan Center for Justice

The Brennan Center for Justice at NYU School of Law is suing the Justice Department today for refusing to turn over documents related to a controversial letter DOJ sent last year, which sought detailed information about how states maintain their voter rolls. Voting rights groups are concerned that it could be a prelude to pressuring states to engage in aggressive voter purges — the often-flawed process of deleting names from voter registration lists. “The public has a right to know why the Justice Department sent this letter, and what information it received from states in response,” said Jonathan Brater, counsel in the Brennan Center’s Democracy Program. “The Justice Department should be fighting to protect the voting rights of all Americans. We are concerned, though, that this letter may be part of a broader effort to undermine those rights, and we are going to court to find out.”

Voting Blogs: Time Running Out to Secure Against 2018 Election Cyberattacks | Democracy Chronicles

In a wide-ranging set of indictments handed down on July 13, 2018, the U.S. Department of Justice (DOJ) charged 12 Russian intelligence officers with brazenly attacking U.S. election infrastructure during the 2016 presidential election. On that same day, Director of National Intelligence Dan Coats sounded the alarm that Russia is continuing its cyberattacks on the United States, ominously stating that “the warning lights are blinking red again,” just as they were before the terrorist attacks of 9/11. Coats went on to say that the nation’s election systems and other digital infrastructure are “literally under attack.” Yet, in the face of overwhelming evidence, for more than a year-and-a-half, President Donald Trump has cast doubt on these consistent warnings. It now is incumbent on Congress, key members of the administration, state and local officials, and other stakeholders to take aggressive steps within their respective purviews to secure our election infrastructure.

Voting Blogs: Purges: A Growing Threat to the Right to Vote | Brennan Center for Justice

On April 19, 2016, thousands of eligible Brooklyn voters dutifully showed up to cast their ballots in the presidential primary, only to find their names missing from the voter lists. An investigation by the New York state attorney general found that New York City’s Board of Elections had improperly deleted more than 200,000 names from the voter rolls. In June 2016, the Arkansas secretary of state provided a list to the state’s 75 county clerks suggesting that more than 7,700 names be removed from the rolls because of supposed felony convictions. That roster was highly inaccurate; it included people who had never been convicted of a felony, as well as persons with past convictions whose voting rights had been restored. And in Virginia in 2013, nearly 39,000 voters were removed from the rolls when the state relied on a faulty database to delete voters who allegedly had moved out of the commonwealth. Error rates in some counties ran as high as 17 percent.

Voting Blogs: States are applying for 2018 HAVA funds, how are they spending them? | electionlineWeekly

Earlier this year, the president signed Consolidated Appropriations Act of 2018 into law, the law includes $380 million in grants for states to improve their cybersecurity. To-date 32 states, America Samoa and the U.S. Virgin Islands have applied for their HAVA funds. Although states are allowed to draw down on their available funds in phases, most states seem to be applying for—and receiving—all their funds at one time. Once states have applied for their funds they have 90-days to provide a narrative on what they will be spending the money on. Part of the requirement for receiving the federal funds is a 5 percent match from states. How elections officials are getting those matches varies. Some states are relying on their Legislatures to allocate the funding and others are using existing funds allocated in state budgets.

Voting Blogs: Are Absentee Ballots as Helpful to Voters as They Appear to Be? | State of Elections

My experience in voting with an absentee ballot in New Jersey in the 2012 and 2016 presidential elections, as well as the 2017 gubernatorial election, alerted my attention to flaws in the system. As an active voter, these experiences have left me to wonder if absentee voting is worth it. I am thankful that my home state of New Jersey has an absentee ballot system that allows me to vote as a New Jerseyite even though I go to school in Virginia. Although New Jersey’s absentee ballot rules are arguably less stringent than other states, I learned the hard way that absentee voting can be difficult.

Voting Blogs: Are Rhode Island’s Mail-In Ballots a “Gigantic, Illegal Loophole?” | State of Elections

Ken Block, a two-time former gubernatorial candidate, made headlines in early October 2017 over a provocative tweet regarding voter identification (“voter-ID”) and mail-in ballots. Mr. Block claimed that mail-in ballots violated Rhode Island’s voter-ID law and are effectively a “gigantic, illegal loophole” to performing widespread voter fraud. Block implored the Rhode Island legislature to attend to this matter immediately. In response, Mr. Stephen Erickson, a Rhode Island State Board of Elections member, considered such a measure as “another effort to limit people’s ability to vote.” Mr. Erickson asserted that the Board “regularly rejects mail[-in] ballots where there is a substantial difference between the two signatures or if the witnesses does not provide enough information so that they can be identified and questioned.”

Voting Blogs: Two new cybersecurity tools for elections officials | electionlineWeekly

While states and localities are awaiting their share of the $380 million allotted by Congress to upgrade elections cybersecurity, there are two, totally free ways that they can start beefing up their security now. The Center for Internet Security (CIS), a nonprofit that harnesses the power of the global IT community to safeguard private and public organizations against cyber threats recently released A Handbook for Elections Infrastructure Security and also launched the Elections Infrastructure Sharing and Analysis Center (EI-ISAC).