New Zealand: Plans for online voting at local govt elections ‘dangerous’ | Radio New Zealand

An Australian IT expert says New Zealand would be crazy to adopt online voting for local government elections and would be opening itself up to widespread electoral fraud. Nine councils including Auckland, Wellington, Hamilton and Tauranga want to use it at next year’s elections, despite there being few examples overseas of where it is being used successfully or safely. Online voting was first used at government elections in Estonia in 2005. Its take up by the rest of the world since then has been limited at best, in large part due to vulnerabilities in its systems that allowed hackers to cast fake votes and rig elections. Australian IT expert Vanessa Teague alerted authorities to faults in the 2015 New South Wales state elections, where a quarter of a million voted online. There were plenty of hackers worldwide happy to take money from a vested interest looking to manipulate an election in their favour, she said.

National: The Cyberthreats That Most Worry Election Officials | Wall Street Journal

As Election Day gets closer, one issue looms large for voters and election officials alike: cybersecurity. Hoping to quell fears about foreign hackers and repel potential threats, many states and counties are beefing up their plans to deal with cyberattacks. They’re shoring up systems to protect their voter databases and hiring security experts to assess the strength of their defenses. They’re coordinating with social-media organizations to stamp out deliberately fraudulent messages that could mislead voters about how to cast a ballot. And they’re banding together to share information and simulating how to respond to potential emergencies. One simulation-based exercise, held by the Department of Homeland Security in mid-August, gathered officials from 44 states, the District of Columbia and multiple federal agencies, the DHS says. “There absolutely is more emphasis on contingency planning” since 2016, says J. Alex Halderman, a professor of computer science at the University of Michigan. 

National: Voting Machines: A Weak Link | EE Times

In my community, we vote by filling in circles on a paper sheet that goes into a scanner — we have a paper trail. Can such a process still be hacked? Yes, though paperless voting machines can more easily be hacked. Professors Ronald Rivest of MIT and J. Alex Halderman of the University of Michigan explained on Sept. 13 in a session at EmTech MIT on how hackers can alter elections. According to Rivest, about 80% of voting jurisdictions in the U.S. have some sort of paper trail in the event of voting-machine hacks. If, however, you vote in Delaware, Georgia, Louisiana, New Jersey, South Carolina, or Nevada, there is no way to hand-count the votes should the need arise; votes are electronically recorded. The map below reveals that many other states use a mixture of paper and paperless voting systems. 

National: 5 states will vote without paper ballots; experts want that to change | ABC

When voters go to the polls in five states, a verified paper trail will not follow them. At a time of heightened concerns over election interference, election-security experts have called for that to change, suggesting paper results – visually confirmed by voters – would help state officials recover in the event of meddling or simple mistakes. “That presents a greater risk because there’s no way to detect if things have gone wrong,” said Marian Schneider, former deputy secretary of voting and administration in Pennsylvania and the president of the group Verified Voting. Paper ballots – or, at least, auditable paper trails, in which voters can see their choices recorded on a printed roll of paper – have been recommended by experts from Homeland Security Secretary Kirstjen Nielsen to the Brennan Center for Justice’s Democracy Program to the Defending Digital Democracy Project at Harvard’s Belfer Center. A large swath of Americans, however, will vote without them.

National: How to hack an election—and what states should do to prevent fake votes | MIT Technology Review

Donald Trump won the 2016 presidential election thanks to the votes of just 107,000 people in three states. The intricacies of the Electoral College help create situations where a relatively small number of US citizens can decide who wins the presidency. How susceptible could these votes be to tampering? The answer: a lot more than you might realize. In a live demonstration at MIT Technology Review’s EmTech conference today, J. Alex Halderman, professor of computer science and engineering at the University of Michigan, showed just how easy it would be to meddle with vote tallies to directly change election outcomes. Halderman brought an AccuVote TSX machine to the stage in a live demonstration of the dangers. He had three volunteers use the machine to vote in a mock election between George Washington and Benedict Arnold. Cameras pointing at the screen and projected above the stage showed the three voters casting their ballots for Washington. Yet when Halderman printed the returns from the machine, the reported result was a two-to-one victory for Arnold. 

National: The Overlooked Weak Link in Election Security | ProPublica

More than one-third of counties that are overseeing elections in some of the most contested congressional races this November run email systems that could make it easy for hackers to log in and steal potentially sensitive information. A ProPublica survey found that official email accounts used by 11 county election offices, which are in charge of tallying votes in 12 key U.S. House of Representatives races from California to Ohio, could be breached with only a user name and password – potentially allowing hackers to vacuum up confidential communications or impersonate election administrators. Cybersecurity experts recommend having a second means of verifying a user’s identity, such as typing in an additional code from a smartphone or card, to thwart intruders who have gained someone’s login credentials through trickery or theft. This system, known as two-factor verification, is available on many commercial email services. “Humans are horrific at creating passwords, which is why ‘password’ is the most commonly used password,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., who has pushed for security fixes in the voting process. This means increasingly we need something other than passwords to secure access to our accounts, especially email, which tends to undergird all our other accounts.”

Georgia: Judge weighs whether Georgia must switch to paper ballots | Associated Press

A federal judge who’s considering whether Georgia should have to switch from electronic voting machines to paper ballots for the November election called the situation “a catch-22.” Voting integrity groups and individuals sued state and county election officials, arguing that the touchscreen voting machines Georgia has used since 2002 are vulnerable to hacking and provide no way to confirm that votes have been recorded correctly because they don’t produce a paper trail. They’ve asked U.S. District Judge Amy Totenberg to order Secretary of State Brian Kemp, the Republican candidate for governor, to implement the use of paper ballots for the Nov. 6 midterm elections.

National: The Best Way To Secure US Elections? Paper Ballots | Dark Reading

Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
A new report from the National Academies of Sciences, Engineering, and Medicine is recommending the use of human-readable paper ballots as the best way to protect the security and integrity of US elections, at least in the immediate future. In fact, the committee behind the report wants election officials to consider ditching voting methods that do not provide a reliable paper-verifiable audit trail as early as the upcoming 2018 midterms and for all local, state, and federal elections by 2020. It also does not want jurisdictions to permit the use of the Internet and Internet-connected systems to return marked ballots until “very robust guarantees” of security and verifiability are developed. Other recommendations include the need for states to mandate risk-limiting audits prior to the certification of election results and routine assessments of the integrity of voter registration systems and databases.

National: Why the Midterm Elections Are Hackable | BankInfoSecurity

With the midterm elections just around the corner, Barbara Simons, author of the election security book “Broken Ballots,” explains why some voting computers remain inherently flawed. The genesis of problems with today’s voting machines was the controversy involved in counting certain paper ballots in the 2000 presidential election in Florida, Simons explains. “What we really have are voting computers, and anybody who has been reading the news for the past few years understands that computers are vulnerable to attack by hacking; they’re also vulnerable to software bugs and other unintentional errors that can occur,” Simons says in an interview with Information Security Media Group. “And yet as a result of this early, wrong perception that paper was not a good technology to use for voting, many of these initial voting computers that came out were paperless, which meant that it was impossible to do a recount.”

National: ‘Our House Is on Fire.’ Elections Officials Worry About Midterms Security | Time

Greasing the machinery of democracy can be tedious business. Aside from the occasional recount or a hanging chad, the bureaucrats who run state elections don’t usually see much drama in their work. But this year’s all-important midterms are no ordinary election cycle. So it was that election administrators from all 50 states received rarified, red-carpet treatment outside Washington earlier this year, as federal intelligence gurus granted them secret clearances for the day, shuttled them to a secure facility, and gave them eye-opening, classified briefings on the looming threat. The message, participants said, was chilling. Officials from the FBI, the Department of Homeland Security, the National Security Agency and other agencies warned that the Russians had already shown they could hit hard in the 2016 presidential campaign, and they have been preparing to hit even harder — and no doubt in different ways — this time around. “This was a first for me,” Steve Sandvoss, who heads the Illinois elections office and attended the briefing, said in a recent interview. “I came out of there with the understanding that the threat is not going to go away.” The midterms will determine control of Congress, where a flip to the Democrats in the House or the Senate would no doubt intensify the pressure Trump is already facing from Special Counsel Robert Mueller’s Russia investigation.

National: Are We Making Elections Less Secure Just to Save Time? | The Intercept

Something strange happens on election night. With polls closing, American supporters of both parties briefly, intensely align as one: We all want to know who’s going to win, and we don’t want to wait one more minute. The ravenous national appetite for an immediate victor, pumped up by frenzied cable news coverage and now Twitter, means delivering hyper-updated results and projections before any official tally is available. But the technologies that help ferry lightning-quick results out of polling places and onto CNN are also some of the riskiest, experts say. It’s been almost two years since Russian military hackers attempted to hijack computers used by both local election officials and VR Systems, an e-voting company that helps make Election Day possible in several key swing states. Since then, reports detailing the potent duo of inherent technical risk and abject negligence have made election security a national topic. In November, millions of Americans will vote again — but despite hundreds of millions of dollars in federal aid poured into beefing up the security of your local polling station, tension between experts, corporations, and the status quo over what secure even means is leaving key questions unanswered: Should every single vote be recorded on paper, so there’s a physical trail to follow? Should every election be audited after the fact, as both a deterrent and check against fraud? And, in an age where basically everything else is online, should election equipment be allowed anywhere near the internet?

Georgia: Voting Plan Has Drawn New Criticism, This Time Over How It’s Dealing With Voters Overseas | Buzzfeed

The state of Georgia has blocked all foreign internet traffic to its online voter registration site, BuzzFeed News has learned, a move that would do little to deter hackers but blocks absentee voters. The site, registertovote.sos.ga.gov, is accessible only to US IP addresses. The decision has outraged technologists and voting groups. In theory, it’s meant as a security measure, based on the idea that a person visiting the site is more likely to be a foreign hacker. But in practice, it has the opposite effect: Georgians abroad who don’t know how to reroute their internet traffic with tools like virtual private networks (VPNs) or Tor will be prevented from registering to vote. “This won’t really do anything to dissuade a hacker. It will only turn away real voters,” said Susan Dzieduszycka-Suinat, president of the US Vote Foundation, a nonprofit that helps Americans vote abroad. “A hacker, or even a determined voter, will just get onto a VPN and to a US IP address, and guess what? They’re in.”

Florida: Cyber-threats abound as Florida gets ready to vote | Tampa Bay Times

Tuesday’s primary is a dry run for democracy in a tense time of cyber-threats. It will be the most thorough test of voting operations since Russian operatives tried to hack Florida voting rolls before the 2016 presidential election. But it’s not one election, it’s 67 — one in every county from the Keys to Pensacola. As counties plan for what’s often a low-turnout election, they have spent millions of dollars safeguarding computer servers, installing surveillance cameras and card readers, building security barriers and training workers to detect threats they can’t see. “We want to make sure that our employees know what a phishing email looks like,” says Lisa Lewis, supervisor of elections in Volusia County, a county the Russians targeted two years ago. “If there’s no subject line, I tell people, ‘Don’t open it.’ “

National: Election-Hacking Lessons from the 2018 Def Con Hackers Conference | The New Yorker

Earlier this month, Bianca Lewis, who is eleven years old, was wearing a T-shirt printed with the words “No time for Barbie, there’s hacking to be done” and sitting in front of a computer at the annual Def Con hacking conference, in Las Vegas, meddling with a replica of the Florida Secretary of State’s election Web site. She’d already surreptitiously entered the site’s database through what is known as an SQL injection. “First, you open the site,” she explained, “then you type a few lines of code into the search bar, and you can delete things and change votes. I deleted Trump. I deleted every single vote for him.” Lewis was visiting an event at the conference run by R00tz Asylum, a nonprofit that teaches hacking to kids, where organizers had replicated thirteen Secretary of State Web sites and invited kids to hack them. The day the conference began, as programmers were finishing coding the sites, the National Association of Secretaries of State issued a press release complaining that Def Con “utilizes a pseudo environment which in no way replicates state election systems, networks, or physical security.” That was true enough—these sites were only look-alikes—but they were constructed from data scraped from the actual state sites, and contained known vulnerabilities that had been exploited by hackers in the past. One of the organizers, Jake Braun, rolled his eyes when I asked him about the association’s letter. “It’s totally tone-deaf,” he said. “A nation-state is literally hacking our democracy—wouldn’t you want to take any help you could possibly get? If they don’t think that the Russians are not doing what we’re doing here all year, as opposed to just a weekend, then they are fucking idiots, right?”

National: Senators duel over audit requirements in election security bill | FCW

As the Secure Elections Act barrels towards a crucial markup in the Senate, two of its original cosponsors expressed divergent views on whether the bill must mandate hand counted post-election audits. The latest version of the bill released by Senate Rules Committee chair Roy Blunt (R-Mo.) would, like its predecessors, mandate that every state conduct a post-election audit to verify the results. However, Blunt’s version would allow states to conduct those audits by hand as well as through electronic means. Previous versions of the bill specified that audits be inspected “by hand and not by device.” During a hearing on cybersecurity, Sen. Amy Klobuchar (D-Minn.), one of the original co-sponsors of the bill, pressed her colleagues to fight to reinsert the language. “I would love to see that risk-limiting audit requirement across the country,” said Klobuchar. “What we have right now in the bill is a requirement that simply audits be required and they have to report back to us. We have backup paper ballots in 14 states now, nine as you know have partial [paper backups], five don’t have any at all….I don’t know how you could prove what happened in an election if there was a hacking.”

National: States using chunk of federal $380M to safeguard voting | Associated Press

Racing to shore up their election systems before November, states are using millions of dollars from the federal government to tighten cybersecurity, safeguard their voter registration rolls and improve communication between county and state election officers. The U.S. Election Assistance Commission released a report Tuesday showing how states plan to spend $380 million allocated by Congress last spring to strengthen voting systems amid ongoing threats from Russia and others. All but a fraction of the money has already been sent to the states, the District of Columbia and U.S. territories. The largest chunk — roughly 36 percent — is being spent to improve cybersecurity in 41 states and territories. More than a quarter of the money will be used to replace voting equipment in 33 states and territories, although the bulk of this is unlikely to happen until after the Nov. 6 midterm elections.

National: Kids at hacking conference show how easily US elections could be sabotaged | The Guardian

At the world’s largest hacking conference, there was good news and bad news for fans of free and fair elections. The good news is that hacking the US midterms – actually changing the recorded votes to steal the election for a particular candidate – may be harder than it seems, and most of the political actors who could pose a threat to the validity of an election are hesitant to escalate their attacks that far. The bad news is that it doesn’t really matter. While the actual risk of a hacker seizing thousands of voting machines and altering their records may be remote, the risk of a hacker casting the validity of an election into question through one of any number of other entry points is huge, and the actual difficulty of such an attack is child’s play. Literally.

National: Election integrity advocates protest security bill changes | Politico

The version of the Senate’s major election security bill that the Rules Committee marks up this week will not require states to conduct post-election audits using paper records, a major blow to election integrity advocates who are now sharply criticizing the bill. The chairman’s mark of the Secure Elections Act, S. 2593 (115), “would allow for and validate audits of electronic ballot images, which are just plain worthless as a safeguard against cyberattacks,” Susan Greenhalgh, policy director at the National Election Defense Coalition, told MC. Voting system vendors, which encourage local election officials to buy electronic systems, tout the supposed auditability of their digital ballots, despite cybersecurity experts nearly unanimously warning against electronic audits. “This sort of audit would be very appealing to election officials,” Greenhalgh said of the weakened provision, “as it would eliminate the need for extensive ballot manifests and tracking of paper ballots.”

Verified Voting in the News: West Virginia is testing a mobile voting app for the midterms. What could go wrong? | Vox

On November 6, West Virginians who are serving in the military or living overseas will be able to vote in a brand new way — via an app on their smartphone. But in a climate that’s rife with fear of US election hacking, this new method of voting is raising some questions. …  As mentioned earlier, Voatz relies on blockchain to record the votes. Blockchain, in brief, is a digital ledger that records data — in this case, your vote — but once it’s published, it can’t be canceled or altered. Voatz says its blockchain is “permissioned,” which means you need to be an authenticated user to access it, ostensibly making it more protected. But the problem, according to Philip Stark, a professor of statistics at the University of California Berkeley, is that blockchain does nothing to solve the really difficult problems of voting online. “The one-sentence summary is it’s a scam,” he said of Voatz. “They are not doing what they claim to be doing.”

National: Hackers are out to jeopardize your vote | MIT Technology Review

Russian hackers targeted US electoral systems during the 2016 presidential election. Much has been done since then to bolster those systems, but J. Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, says they are still worryingly vulnerable (see “Four big targets in the cyber battle over the US ballot box”). MIT Technology Review’s Martin Giles discussed election security with Halderman, who has testified about it before Congress and evaluated voting systems in the US, Estonia, India, and elsewhere.

Lots of things, from gerrymandering to voter ID disputes, could undermine the integrity of the US electoral process. How big an issue is hacking in comparison?

Things like gerrymandering are a question of political squabbling within the rules of the game for American democracy. When it comes to election hacking, we’re talking about attacks on the United States by hostile foreign governments. That’s not playing by the rules of American politics; that’s an attempt to subvert the foundations of our democracy.

National: Researchers show how to alter emailed ballots in use in 30 states | McClatchy

Top computer researchers gave a startling presentation recently about how to intercept and switch votes on emailed ballots, but officials in the 30 or so states said the ease with which votes could be changed wouldn’t alter their plans to continue offering electronic voting in some fashion. Two states — Washington and Alaska — have ended their statewide online voting systems. The developments, amid mounting fears that Russians or others will try to hack the 2018 midterm elections, could heighten pressure on officials on other U.S. states to reconsider their commitment to online voting despite repeated admonitions from cybersecurity experts. But a McClatchy survey of election officials in a number of states that permit military and overseas voters to send in ballots by email or fax — including Alabama, Kansas, Missouri, North Carolina, South Carolina and Texas — produced no immediate signs that any will budge on the issue. Some chief election officers are handcuffed from making changes, even in the name of security, by state laws permitting email and fax voting. … Researchers at the DefCon convention were sharply critical of any sort of electronic voting, including voting by smartphone, which will occur for the first time in November. West Virginia announced last week that it will allow military personnel posted overseas and registered to vote in West Virginia to vote via smartphone in the Nov. 6 election, using an app created by Voatz, a Boston-based startup.

National: DEF CON’s Voting Village tests hacker-government collaboration | CyberScoop

The national conversation on election security came into sharp focus Friday at a renowned hacker conference as U.S. officials and security researchers sought common ground in raising awareness of potential vulnerabilities in election equipment. The goal was to have a more transparent conversation about those vulnerabilities without spreading undue public fear about them. The Voting Village at DEF CON in Las Vegas, a room where white-hat hackers could tinker with voting machines and mock voter registration databases, was a high-profile test of that collaboration. “I’m here to learn,” Alex Padilla, California’s secretary of state, said before touring the village in the bowels of Caesars Palace hotel and casino. …  At the village, Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, stood next to a large ballot-scanner made by Election Systems & Software, one of the country’s biggest voting-equipment vendors. A couple of young researchers were picking the machine apart looking for vulnerabilities and what voting data the old machine might reveal.

Ohio: Counties Consider Move from Electronic to Paper Voting Systems | Government Technology

A new generation of voting machines may soon be on the way thanks to a bill signed by Gov. John Kasich, which will allow $114.5 million to be distributed among Ohio’s 88 counties. “New” generation, however, may mean taking a step back in time. Voters in 41 counties, including Butler, Montgomery and Greene, have been using direct-recording electronic voting machines, or DREs, which requires the use of a touchscreen. But now, more counties are considering using paper ballots, as no DRE machine is currently certified for use in Ohio. That leaves many counties looking at a switch to paper ballots and optical-scanning equipment to count ballots, or hybrid systems coming at more than twice the price that employ touchscreens to mark a paper ballot. “I know people think that’s going backwards,” Butler County Board of Elections Director Diane Noonan said. “But you have to look at these machines and understand that paper is not what they think it is.” Warren, Preble and Clark counties already use paper ballots.

Verified Voting in the News: Voting by Smartphone: Quick and Easy, Just Not Very Secure | Der Spiegel

A small number of Americans will be able to vote in the midterm elections this November by taking a selfie-style video and downloading an app. West Virginia is the first and only state to test out Voatz, a voting app for smartphones. The experiment, which is largely directed at military personnel serving overseas, will allow the soldiers to cast their votes digitally as an alternative to cumbersome absentee ballots. … Ultimately, no one can say with certainty whether Voatz’s app is secure. Nimit Sawhney’s startup launched the software several years ago, and it went on to win a number of awards. But there is very little proof that it is invulnerable.

To start with, the infrastructure that Voatz uses cannot be secured — i.e., the voters’ smartphones and the networks used to transfer the data. Marian K. Schneider, president of the U.S. advocacy group Verified Voting, lobbies to make voting in the digital era transparent and secure. She has profound reservations about smartphone voting: “Even putting aside the authentication and verifiability issues, nothing in these systems prevents malware on smartphones, interception in transit or hacking at the recipient server end.” She also thinks it wouldn’t be too difficult to tamper with the identity authentication process. And even a targeted interruption of the connection could be enough to influence an election.

National: Hackers at Def Con break into voting machines to identify security flaws | Tech2

Def Con, one of the world’s largest security conventions, served as a laboratory for breaking into voting machines on 10 August, extending its efforts to identify potential security flaws in technology that may be used in the November US elections.Hackers will continue to probe the systems over the weekend in a bid to discover new vulnerabilities, which could be turned over to voting machine makers to fix.The three-day Las Vegas-based “Voting Village” also aimed to expose security issues in digital poll books and memory-card readers. “These vulnerabilities that will be identified over the course of the next three days would, in an actual election, cause mass chaos,” said Jake Braun, one of the village’s organizers. “They need to be identified and addressed, regardless of the environment in which they are found.”

Verified Voting in the News: Smartphone Voting Is Happening, but No One Knows if It’s Safe | WIRED

When news hit this week that West Virginian military members serving abroad will become the first people to vote by phone in a major US election this November, security experts were dismayed. For years, they have warned that all forms of online voting are particularly vulnerable to attacks, and with signs that the midterm elections are already being targeted, they worry this is exactly the wrong time to roll out a new method. Experts who spoke to WIRED doubt that Voatz, the Boston-based startup whose app will run the West Virginia mobile voting, has figured out how to secure online voting when no one else has. At the very least, they are concerned about the lack of transparency. “From what is available publicly about this app, it’s no different from sending voting materials over the internet,” says Marian Schneider, president of the nonpartisan advocacy group Verified Voting. “So that means that all the built-in vulnerability of doing the voting transactions over the internet is present.”

National: Def Con steps out of the shadows to fight election cyber threat | Financial Times

Hacking democracy was as easy as abcde. When Carsten Schurmann sat down to hack one of the voting machines used instead of paper ballots in the state of Virginia, he used a simple online tool to discover a flaw in the machine that had been public — and remained unfixed — for 14 years. And he already knew the password, because he had found that on the internet, too. The password was abcde. Wearing a short-sleeved shirt and wire-framed glasses, the Danish computer science professor described how simple it had been to get in to the WINvote machine, after which he was able to tamper with the vote tally. “The machines are all vulnerable,” he said. “I’m not a hacker but I tried the first thing and it worked.”

Verified Voting in the News: Why security experts hate that “blockchain voting” will be used in the midterm elections | MIT Technology Review

Voting in West Virginia just got a lot more high-tech—and experts focused on election security aren’t happy about it. This fall, the state will become the first in the US to allow some voters to submit their federal general election ballots using a smartphone app, part of a pilot project primarily involving members of the military serving overseas. The decision seems to fly in the face of years of dire warnings about the risks of online voting issued by cybersecurity researchers and advocacy groups focused on election integrity. But even more surprising is how West Virginia officials say they plan to address those risks: by using a blockchain. The project has drawn harsh criticism from election security experts, who argue that as designed, the system does little to fix the problems inherent in online voting. We first heard of the West Virginia pilot in May, when the state tested a mobile app, developed by a startup called Voatz, during primary elections. The test was limited to overseas voters registered in two counties. Now, citing third-party audits of those results, officials plan to offer the option to overseas voters from the whole state. Their argument is that a more convenient and secure way to vote online will increase turnout—and that a blockchain, which can be used to create records that are extremely difficult to tamper with, can protect the process against meddling.

National: “A Horrifically Bad Idea”: Smartphone Voting Is Coming, Just in Time for the Midterms | Vanity Fair

Almost a year ago, the Department of Homeland Security alerted roughly half of all U.S. states that their election systems had been the targets of hackers linked to Russia. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, later confirmed the attacks. “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,” she told NBC News in February. Even worse, experts have warned that Russia’s attempts at meddling did not end in 2016. “They’re still very active—in making preparations, at least—to influence public opinion again,” Feike Hacquebord, a security researcher at Trend Micro, told the Associated Press in January. The Trump administration, meanwhile, is doing painfully little to prevent future attacks. The president’s repeated denials of Russian meddling is another form of malign neglect. With less than three months to go until Americans return to the polls en masse, the United States remains deeply vulnerable to any hackers who might like to cast a vote of their own.  Enter Voatz. With a name reminiscent of a plot device in Idiocracy, Voatz is a mobile election-voting-software start-up that wants to let you vote from your phone. In the upcoming midterm elections, West Virginians serving overseas will be the first in the U.S. to be able to vote via a smartphone app using Voatz technology, CNN reported Monday. The Boston-based company raised $2.2 million earlier this year, helped along by buzzwords such as “biometrics” and “blockchain,” which it claims allows it to secure the voting process. Its app reportedly requires voters to take and upload a picture of their government-issued I.D., along with a selfie-style video of their face, which facial-recognition technology then uses to ensure the person pictured in the I.D. and the person entering a vote are the same. The ballots are anonymized and recorded on the blockchain.