Verified Voting in the News: First new election results audit held in Fairfax city | WTOP

In a first for Virginia, elections officials gathered Thursday and Friday at the Fairfax County Courthouse to prove that election results from June’s primary were correct. The risk-limiting audit was for the Republican U.S. Senate primary results in the city of Fairfax. It was a demonstration of what could be done statewide in future elections as a statistical check to provide more evidence that the final results based on counts from ballot scanners are correct. The audits, when done for an entire election, are meant to show statistical confidence that the winner really won and the loser or losers really lost. Results of the first audit completed Friday showed the results of 69 randomly selected ballots scanned by a machine Thursday matched the hand count of those same ballots done Friday morning. (One ballot was selected twice by the random process).

Verified Voting in the News: Despite Russian Hacking Horror Stories, West Virginia Looks at Blockchain Voting App for Midterms | Crypto Disrupt

United States intelligence agencies have recently warned of possible Russian attempts to interfere with the upcoming midterm elections. Despite these warnings, West Virginia Secretary of State Mac Warner intends to press ahead with plans to offer West Virginians who are serving overseas in the military with the opportunity to vote via a smartphone app created by Boston company Voatz. … As you can imagine, there are some dissenting voices out there, and one came in the form of Joseph Lorenzo Hall, who is the chief technologist at the Centre for Democracy and Technology who told CNN that “Mobile voting is a horrific idea. It’s internet voting on people’s horribly secured devices, over our horrible networks, to servers that are very difficult to secure without a physical paper record of the vote.”

National: Despite Trump’s assurances, states struggling to protect 2020 election | Politico

President Donald Trump on Friday promised an intense, “whole-of-government” focus on securing the nation’s elections from cyberattacks — but a POLITICO survey of states finds ample reasons to worry about both this year’s midterms and 2020. Only 14 states plus Washington, D.C., say they plan to replace their voting machines in time for the next presidential election using their shares of the $380 million in election technology funding that Congress approved in March, according to POLITICO’s survey of election agencies nationwide. At least seven other states have paid for new voting equipment with other money. But 21 states either have decided not to upgrade their machines or are unsure of their plans — with some saying they would need much more federal aid to swap out their equipment.

National: The Midterm Elections Are Already Under Attack | WIRED

With primaries underway and less than four months to go until this year’s midterm elections, early signs of attack have already arrived—just as the US intelligence community warned. And yet Congress has still not done everything in its power to defend against them. At the Aspen Security Forum on Thursday, Microsoft executive Tom Burt said that phishing attacks—reminiscent of those carried out in 2016 against Hillary Clinton’s campaign—have targeted three midterm campaigns this year. Burt stopped short of attributing those efforts to Russia, but the disclosure is the first concrete evidence this year that candidates are being actively targeted online. They seem unlikely to be the last. “The 2018 midterms remain a potential target for Russian actors,” said Matt Masterson, a senior cybersecurity adviser to DHS, at a Senate hearing last week. “The risks to elections are real.”

Verified Voting in the News: West Virginia may offer blockchain-based ballots to all of its overseas voters this November | StateScoop

Two months after West Virginia allowed a small group of overseas voters to participate in the May 8 primary election using online ballots powered by blockchain technology, one of the state’s top election’s officials said on Sunday it could be implemented statewide in time for the general election in November. If the results of a post-election audit are favorable toward the new technology, which was offered to voters from two counties during the primary, West Virginia will offer all 55 of its counties to participate in blockchain-powered voting, Donald “Deak” Kersey, the state’s elections director, said at the National Association of Secretaries of State conference in Philadelphia. … Not everyone who watched Kersey’s presentation was convinced that mobile voting is the way to go. “Oh, my god,” said J. Alex Halderman, a computer science professor at the University of Michigan who is serving as a technology fellow to Verified Voting, which advocates for ballot security. “Voting over the internet creates extra-difficult problems. Securing servers? Protecting devices? Assuring votes have been recorded while protecting the secret ballot?” Halderman said that no voting technology developed is as secure as in-person paper ballots. He’s testified before Congress on the subject, and has conducted demonstrations in which he hacked electronic voting machines to change tabulations and, in one case, reprogram a machine to play Pac-Man.

National: Expert: Putin can hack our midterms | Yahoo News

Russian President Vladimir Putin is poised once again to meddle in an American election, and there’s little the U.S can do to stop him, an expert says. “The midterm is vulnerable to attack. There’s nothing we can do about it. It’s too late — if Putin wants to attack our midterm, he will.” Barbara Simons, a former IBM researcher and the co-author of “Broken Ballots: Will Your Vote Count?” told Grant Burningham, host of the Yahoo News podcast “Bots & Ballots.” Having spent the last decade trying to warn politicians of the vulnerabilities of computerized voting systems, Simons, who received a PhD in computer science from the University of California, Berkeley, says that states like Georgia, New Jersey, Delaware, Louisiana and South Carolina that have switched to paperless elections are especially ripe targets.

National: DEF CON Voting Village grows this year | POLITICO

Black Hat and DEF CON are just around the corner, and one of the biggest headlines from last year’s conferences was the Voting Village where hackers broke into voting machines en masse. This year’s Voting Village at DEF CON will be three times the size of last year’s event to accommodate the massive demand from 2017, event organizer Harri Hursti told Tim. But it wasn’t easy to get to that point: Hursti said voting machine vendors unhappy with the publicity about hacked equipment threw up hurdles that forced them to get creative, like visiting government auctions to buy equipment to probe.

National: States using election security grants for new voting machines that won’t be ready for 2018 | McClatchy

In three Southern states with some of the nation’s most vulnerable election systems, federal grants designed to help thwart cyberattacks may not provide much protection in time for the mid-term elections as Congress intended. The $380 million in grant funding was supposed to help all states bolster their elections security infrastructure ahead of the 2018 elections after the intelligence community had warned that state voting systems could again be targeted by foreign hackers as they were in 2016. States have until 2023 to spend the grant money, said Thomas Hicks, chairman of the Election Assistance Commission, which distributes the grants. But the long procurement process for voting machines makes it hard for states to buy new machines with their grants and get them into service by the 2018 mid-terms, even though “Congress looked at getting this money out quickly to have an effect on the 2018 election,” Hicks said. …  With just over four months remaining until the mid-term elections, at least 40 states and the District of Columbia have requested more than $266 million of the $380 million pot, according to the EAC.

National: Several States Purchasing Insecure Electronic Voting Systems | National Memo

For the first time in a dozen years, states are looking at replacing their aging voting machines and related computer systems. But a survey of the early legislative debates surrounding this prospect suggests that some states are not heeding advice from federal officials, academics and other experts saying that ink-marked paper-ballot systems are the wisest foundation for the most secure and verifiable elections. This apparent dichotomy comes as states and the federal government have made an unprecedented effort to ramp up cyber-security precautions and training before 2018’s fall midterms, and as the voting machine industry is offering products that offer striking new options to make vote-counting more transparent and trustable. The open question is whether legislators and election officials are looking to embrace newer technology and verification protocols, or whether they are drawn to more opaque systems that they have grown familiar with—and which are commercially available. As always is the case with 3,069 counties running America’s elections, there is a range of inclinations on voting modernization.

National: States Seek More Money to Secure Elections After Russian Meddling | Bloomberg

State election officials said they haven’t received as much federal funding as they need to secure their election systems even after U.S. intelligence officials concluded that Russia meddled in the 2016 election and the federal government called on states to step up efforts to prevent hacking. Officials from Minnesota and Vermont asked lawmakers for more money at a hearing Wednesday by the Senate Rules and Administration Committee in Washington. “Our upgrades to equipment and cybersecurity will be an ongoing challenge for many states; the federal funding received will, regrettably, be insufficient to do all we want, or need,” said Vermont Secretary of State Jim Condos, who is president-elect of the National Association of Secretaries of State.

Congo: New Voting System Vulnerabilities in Congo | Joseph Lorenzo Hall/Center for Democracy & TechnologyCenter for Democracy & Technology

Reading headlines, it might surprise some that the United States is not the only country with serious voting technology challenges. In fact, recent years have seen issues in India, Africa, and Latin America; technical experts have examined some of those systems and found them lacking. Today, I’m pleased to report that The Sentry – an NGO that works to prevent genocide and mass atrocities in Africa – released a detailed analysis (full report PDF) of the new system slated for use in the upcoming elections in the Democratic Republic of the Congo (DRC). The Sentry worked with Argentinian security researchers Javier Smaldone (@mis2centavos) and Alfredo Ortega (@ortegaalfredo) and myself to examine what little public information is available about this system. The verdict is not good.

National: Lack of paper trail a concern amid fears of election hacking | Associated Press

As the midterm congressional primaries heat up amid fears of Russian hacking, roughly 1 in 5 Americans will cast ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say lack of a hard copy makes it difficult to double-check results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say, ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society.

Pennsylvania: Replacing York County’s outdated voting machines: Looming deadline, big bill | York Dispatch

As the November election approaches, York County’s voting machines reportedly are outdated, vulnerable to hacking and lacking a commonly used safety feature that might reveal meddling or mistakes. In fact, most Pennsylvania counties are in the same boat, according to Department of State, which is giving them until 2020 to upgrade their machines. The switch won’t be cheap, and no one is sure who’s going end up footing the bill, estimated to be about $125 million statewide. York County’s machines are 12 years old and replaced lever-operated voting booths that had been in use for more than half a century. … The risks associated with York County’s machines range in severity — from simple programming errors like the county saw last year, to hacking that can change vote counts, according to Marian Schneider, president of Verified Voting and former deputy secretary for Elections and Voting under the Wolf administration.

National: Bill Clinton: US should return to paper voting to stop election hacks | Business Insider

All US states should return to a paper ballot system because they were at too much risk from cyberterrorism, former President Bill Clinton has said. While it isn’t yet clear how much of the 2016 presidential election was compromised by cyberattacks, all US citizens should return to pen and paper to vote for now, the 42nd president told the BBC on Monday. “Until we get this straightened out, every state should go to some sort of paper ballot system,” Clinton said. He specifically cited Virginia’s decision last year to return to a paper ballot system, in which manual votes are counted and processed by electronic scanners.

National: Ahead of November election, old voting machines stir concerns among U.S. officials | Reuters

U.S. election officials responsible for managing more than a dozen close races this November share a fear: Outdated voting machines in their districts could undermine confidence in election results that will determine which party controls the U.S. Congress. In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned, according to a Reuters analysis of data from six states and the Verified Voting Foundation, a non-political group concerned about verifiable elections. These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows. While something could go wrong in any of those districts, it is in the close elections where a miscount or a perception of a miscount matters most.

National: State Websites Are Hackable — And That Could Compromise Election Security | FiveThirtyEight

Not every election hack is a blockbuster — but even small-scale attacks on states’ cyber infrastructure have the potential for catastrophic effects. After receiving a tip from a small cyber firm called Appsecuri, FiveThirtyEight has confirmed that two states, Alabama and Nevada, had vulnerabilities that left them open to potential compromises of their state web presences. Earlier this month, Appsecuri approached FiveThirtyEight and said it found potential flaws on several states’ websites that would allow for information to be tampered with. It provided a number of vulnerabilities to FiveThirtyEight; FiveThirtyEight is only reporting those it could verify with the states affected.

New Jersey: Lawmakers Consider Switch To Paper Ballot System | WBGO

New Jersey lawmakers are considering whether the voting machines now used in the state should be replaced by a paper ballot system using electronic scanners. Princeton University computer science professor Andrew Appel says the voting machines are vulnerable to hacking. “So we should run our elections in a way that can detect and correct for computer hacking without having to put all our trust in computers. Therefore, we cannot use paperless touchscreen voting computers. They’re a fatally flawed technology.”

National: Remember the Age of Paper Ballots? It’s Back | Wall Street Journal

In an era rife with concerns about cybersecurity, election officials are increasingly turning to a decidedly low-tech solution: paper. While security advocates have long considered use of paper a best practice for election integrity, the pace of its adoption has accelerated in the wake of Russian meddling in the U.S. election in 2016. City and county governments around the country and a handful oif states, so far, have moved to replace electronic voting methods with paper ballots or to adopt electronic voting machines that generate paper receipts. Virginia last year, just two months before its state election, phased out all its old electronic touch-screen machines after a demonstration at a hacking conference spotlighted vulnerabvilities in its electronic voting machines. Voters across the state cast paper ballots on election day. In Kentucky and Pennsylvania, meanwhile, state officials have ordered that all new voting equipment have a paper trail.

Mississippi: State slated to receive some election security money | Jackson Clarion-Ledger

Mississippi can expect to receive nearly $4.5 million from the federal government in the next few months to improve election security, a spokeswoman for the secretary of state’s office said Tuesday. Secretary of State Delbert Hosemann applied for a grant from the U.S. Election Assistance Commission, which has about $90 million available to divide among states for election security measures. Spokeswoman Leah Rupp Smith said Tuesday that Mississippi should receive its money before the general election this November.

National: Election hacking puts focus on paperless voting machines | Associated Press

As the midterm congressional primaries heat up amid fears of Russian hacking, an estimated 1 in 5 Americans will be casting their ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say the lack of a hard copy makes it difficult to double-check the results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society. Georgia, which holds its primary on Tuesday, and four other states — Delaware, Louisiana, New Jersey and South Carolina — exclusively use touch-screen machines that provide no paper records that allow voters to confirm their choices.

Tennessee: Hack Shows Election Websites Are Vulnerable | NPR

When a WWE wrestler, especially one known for his demonic antics and a move called the “tombstone piledriver,” runs for mayor of your county, you know your election is going to get more attention than usual. But in Knox County, Tenn., it wasn’t the fact that Glenn Jacobs, also known to wrestling fans as Kane, was running for mayor that gained national attention on the county primary day, May 1. It was that the county’s election website, at the time the site was supposed to begin posting election results, came under attack. Malicious cyber actors shut down the county website and broke into the web server, according to county officials and a report done by the cyber security firm Sword and Shield. …”Any web server by definition, is connected to the internet, so it’s directly vulnerable to attacks from the internet,” said Doug Jones, an elections cyber security expert at the University of Iowa.

National: U.S. Voting System Still Vulnerable To Cyberattacks 6 Months Before Election Day | NPR

As America heads toward the 2018 midterms, there is an 800-pound gorilla in the voting booth. Despite improvements since Russia’s attack on the 2016 presidential race, the U.S. elections infrastructure is vulnerable — and will remain so in November. Cybersecurity expert Bruce Schneier laid out the problem to an overflowing room full of election directors and secretaries of state — people charged with running and securing elections — at a conference at Harvard University this spring. “Computers are basically insecure,” said Schneier. “Voting systems are not magical in any way. They are computers.” Even though most states have moved away from voting equipment that does not produce a paper trail, when experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won. Much of that process is digital.

Colorado: How Colorado became the safest state to cast a vote | The Washington Post

As local officials across the country scramble to hack-proof their voting systems ahead of the midterm elections, there’s one state that is paving the way as a leader in election security. Colorado has done virtually everything election experts recommend states do to stave off a repeat of 2016, when Russian hackers targeted 21 states as part of the Russian government’s massive election interference campaign. The state records every vote on a paper ballot. It conducts rigorous post-election audits favored by voting researchers. Nearly every county is equipped with up-to-date voting machines. Election officials take part in security trainings and IT workers test computer networks for weaknesses. Secretary of State Wayne Williams told me the state benefited from having some of those measures in place before 2016. Once the extent of Russia’s digital campaign in the presidential election became clear, he made it a priority to invest more in them, he said. “If people perceive a risk, they’re less likely to participate in voting,” Williams said. “We want to protect people from that threat, and we want to people to perceive that they are protected from that threat.”

Alaska: Election website was hacked on Election Day in 2016: report | CyberScoop

Hackers reportedly breached election systems in a third state, in addition to the already disclosed incidents involving Arizona and Illinois, during the 2016 campaign cycle. On Election Day 2016, a hacker successfully penetrated a server hosting Alaska’s main election website, the Anchorage Daily News reported on Monday night, citing documents obtained through a public records request. The breach is not connected to the previously reported hacking attempt made by Russia-linked hackers to access Alaska’s primary voter registration database. Alaska was one of 21 states that were previously informed by the Department of Homeland Security of similar Russian probing activity on their election systems. Security experts told ADN that, although the newly reported incident was a successful intrusion, the Alaska Division of Elections’ security measures appear to have prevented the attackers from changing content on the server.

National: How U.S. Election Officials Are Trying To Head Off The Hackers | Fast Company

U.S. Department of Homeland Security (DHS) officials now say it’s likely that in 2016, Russian hackers at least attempted to break into election systems in all 50 states. So far this year, there’s been no evidence of attempts of hacking election systems before the midterm congressional races, but federal, state, and local officials are still taking steps to keep any intruders at bay. Congress in March appropriated $380 million to help states beef up election security, and the DHS has been working with states to help them test and improve the security of their election systems. “The president has been clear, and the DHS and our interagency partners have been clear: We will not allow any foreign adversary to change the outcome of our elections,” Homeland Security Secretary Kirstjen M. Nielsen said at April’s RSA security conference in San Francisco. Hackers digitally flipping votes is the worst-case scenario, and it’s one that experts take seriously. Thirteen states use at least some voting machines that only record votes electronically with no paper backups, meaning a hack or even a malfunction could mean votes permanently altered or lost.

International: Online voting is impossible to secure. So why are some governments using it? | CSO

Dr. Vanessa Teague is one frustrated cryptographer. A researcher at the University of Melbourne in Australia, Teague has twice demonstrated massive security flaws in the online voting systems used in state elections in Australia — including one of the largest deployments of online voting ever, the 2015 New South Wales (NSW) state election, with 280,000 votes cast online. The response? Official complaints about her efforts to university administrators, and a determination by state election officials to keep using online voting, despite ample empirical proof, she says, that these systems are not secure.

Tennessee: Officials Are Trying To Get To The Bottom Of An Election Night Cyberattack | HuffPost

Officials in Knox County, Tennessee, are trying to gather more information about a cyberattack that crashed a government website that displayed election results to the public during its primary election for local offices on Tuesday. Dick Moran, the county’s top IT official, believes Knox County was the target of a denial-of-service attack in which actors with both domestic and foreign IP addresses deliberately flooded the county’s servers with traffic to try and crash them. The county website displaying election results went down for about an hour as polls closed on Tuesday. The crash meant that people who went to check election results between 8 and 9 p.m. on election night received an error message, according to the Knoxville News Sentinel. While the website was down, election officials printed out hard copies of the election results and gave them to reporters, WBIR, a local NBC affiliate, reportedKnox County Mayor Tim Burchett (R) said on Wednesday that the crash didn’t impact “vote tallies or the integrity of the election,” but that the county had hired a security firm to investigate the cause of the crash.

Pennsylvania: New University of Pittsburgh commission to focus on 2020 election security | Pittsburgh Tribune

A newly formed commission convened to study Pennsylvania’s election cyber­security aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” Hickton said there is a sense of urgency in the commission’s work. He said he hopes the commission will wrap up later this year and present its recommendations to policymakers in time to have changes in place for 2020.

New Jersey: Voting Machines: Is Safe Enough Good Enough? | NJ Spotlight

Although the state’s voting machines aren’t linked to the internet, experts warn that gives officials a false sense of security. What’s needed are machines that deliver a paper audit trail of every vote. The hacking of election results, rumored to have occurred in 2016 and feared to be possible now and in the future, can happen here, say experts. They worry that New Jersey’s current voting process is vulnerable, and the state’s ballot system has been graded among the least secure in the country. Still, the state’s chief election and security officials are confident in the integrity of New Jersey’s voting procedures. Since voting machines are not connected to the Internet, they believe there is no cause for concern. They have no plans to replace equipment that were put into service 15 years ago or longer. Despite this, some legislators and advocacy groups are not convinced. They point out the voting machines in use are relatively antiquated and do not meet recommendations of national experts.

Louisiana: State officials deny assessment, say they are working to prevent voting interference | The Louisiana Weekly

The Institute for Southern Studies compiled research on states’ election security and concluded that many states, including Louisiana, urgently need to improve. The recommendation follows months of research on the part of federal and state lawmakers as well as voting security experts, who began assessing the vulnerability of election procedures after Department of Homeland Security officials notified 21 states that Russian hackers had attempted to infiltrate their election systems during the 2016 presidential election. In Illinois, hackers successfully accessed voter registration information for tens of thousands of voters. … The Institute’s index includes extensive research from the Center for American Progress, which gave Louisiana a “D” grade for its voting security in an election security report released in February 2018, based in part on the state’s continued use of paperless electronic voting machines. Election security experts recommend that states use machines that create ballots as votes are cast, which can be counted in a post-election audit to detect potential manipulation of votes.