Georgia: Demonstration shows Georgia voting machines could be hacked | Atlanta Journal-Constitution


A rapt audience watched as professor Alex Halderman, an expert on electronic voting machines, changed votes in a hypothetical election before their eyes. At a Georgia Tech demonstration this week, Halderman showed how to rig an election by infecting voting machines with malware that guaranteed a chosen candidate would always win. Four people from the audience voted on the same kind of touch-screen machines used in real Georgia elections, casting ballots for either President George Washington or Benedict Arnold, the Revolutionary War general who defected to the British. Despite a 2-2 split in this election test run, the voting machine’s results showed Arnold won 3-1.

National: Here’s how hackers could cause chaos in this year’s US midterm election | MIT Technology Review

On November 6, Americans will head to the polls to vote in the congressional midterm election. In the months before the contest, hordes of foreign hackers will head to their keyboards in a bid to influence its outcome. Their efforts will include trying to get inside the digital infrastructure that supports the electoral process. There’s a worrying precedent here. Last year, the Department of Homeland Security notified 21 states that Russian actors had targeted their election systems in the months leading up to the 2016 US presidential election. DHS officials said the Russians were mainly scanning computers and networks for security holes rather than taking advantage of any flaws that were discovered. Still, that’s no cause for complacency. Intelligence officials are already warning that Russia is intent on meddling in this year’s election too, and hackers from other countries hostile to the US could join in. This week, both DHS and the Federal Bureau of Investigation said Russia is laying the groundwork for broad cyberattacks against critical US infrastructure. Last year, the DHS designated voting technology as part of that vital framework.

National: 14 states’ voting machines are highly vulnerable. How’d that happen? | McClatchy

Texas counties have doled out millions of dollars in recent months to replace thousands of old touch-screen voting machines that lack a paper record – a weakness security experts warn could allow Russians or other hackers to rig U.S. elections without detection. The problem is, many of the new machines have the same vulnerability. So do similar machines in more than a dozen states across the country. Vicki Shelly, the election administrator in San Jacinto County, Tex., north of Houston, said she received no alert from Washington or state officials before the county spent $383,000 on its new paperless touch-screen voting system made by Hart InterCivic. “Whoever’s doing all the research, it seems like we should have been in on it a little sooner,” said Shelly, one of hundreds of election officials that make up the first line of defense against attempts to tamper with U.S. election results. “Honestly, it’s very disturbing.”

National: Meet the high-tech solution to Russian election hacking: paper ballots | Vox

Russian hackers tried to tamper with voting systems in 21 states during the 2016 US presidential election, and the American intelligence community expects Moscow will try again in November. But states from Virginia to Rhode Island aren’t focused on new cybersecurity software. Instead, they’re looking to one of the oldest technologies in existence: paper. It’s a striking change from 2016, when five states used electronic voting systems that didn’t leave any paper record of votes, and nine used some paperless machines. Now, states are rushing to take advantage of $380 million that Congress approved last month to help protect voting systems. Most states are prioritizing some kind of paper record. “In this year of our lord 2018, we’re talking about paper ballots, but that actually might be one of the smartest systems,” Sen. Kamala Harris (D-CA) told reporters in March.

National: Want to hack a voting machine? Hack the voting machine vendor first | CSO

Thousands of voting machine vendor employees’ work emails and plaintext passwords appear in freely available third-party data breach dumps reviewed by CSO, raising questions about the security of voting machines and the integrity of past election results. While breached sites, like LinkedIn after the 2012 breach, force users to change their passwords, a significant number of people reuse passwords on other platforms, making third-party data breaches a gold mine for criminals and spies. For many years voting machine vendors have claimed that voting machines were air gapped — not connected to the internet — and were thus unhackable. Kim Zetter debunked that idea in The New York Times in February. An attacker who managed to break into a voting machine vendor employee’s work email, because the employee used the same password as on a breached site, could leverage that to gain access to the voting machines themselves. And if voting machine vendors install remote access software on voting machines, factory backdoors that vendor employees use to remotely access the machines for maintenance, troubleshooting or election setup purposes, this turns voting machine vendor employees into targets. Hack the vendor, hack the voting machine.

National: Here’s how much money states will receive for election security upgrades | Cyberscoop

The Trump administration has told states exactly how much of a $380 million fund they will get to make their voting systems more cyber-secure ahead of the 2018 midterm elections. The funding, made available through a $1.3 trillion omnibus package passed last week, is one of Congress’s first major steps to prevent a repeat of Russian hackers’ meddling in U.S. elections. The money can be used to upgrade state computer systems and offer cybersecurity training to election officials, among other things. California, Florida, New York and Texas together will get a quarter of the cash, with California leading the pack with about $35 million. A full breakdown of the funding can be found here. The money is a “breakthrough for election security and the health of our country’s democracy,” said Lawrence Norden of the Brennan Center for Justice at NYU Law.

National: So Your State Has Come Into Some Election Security Money. Now What? | Route Fifty

Most states won’t have risk-limiting audits in place by the November midterms, which makes how they spend the $380 million in federal funding for election security, due out within 39 days, that much more important. Congress included the money in the omnibus spending bill, at the Senate Intelligence Committee’s recommendation, to be disbursed to states under the Help America Vote Act and spent on verifiable paper balloting, post-election audits of votes and cyber defenses. The appropriation is a good first step in shoring up voting systems against Russian-connected hacking, according to election security experts, but it doesn’t come close to replacing vulnerable polling place equipment in most at-risk states. “I wouldn’t say it’s a drop in the bucket—a glass of water in the bucket,” Joe Kiniry, Free & Fair CEO and chief scientist, told Route Fifty by phone. “A big corporation spends this much money on cybersecurity in a year.”

National: Everyone Knows How to Secure Elections. So Do It | WIRED

After months of stalled progress in Congress, efforts to promote and fund nationwide election security improvements have finally gained some momentum this week. The Senate Intelligence Committee released its long-awaited election infrastructure defense recommendations. Senate leaders got behind a revised version of the Secure Elections Act. And late Thursday night, the Senate passed the omnibus spending bill, which includes $380 million for securing digital election systems. All the pieces are in place. The solutions are clear. All that’s left is the doing. But, of course, that turns out to be the hardest part. Experts say that while Congress did take meaningful action this week, it likely comes too late to play an extensive role in securing this year’s midterm elections. “This is a great first step, but it’s not going to solve the problem,” says Marian Schneider, president of Verified Voting, a group that promotes election system best practices. “Just the heightened awareness of what is the threat model and what are best practices for dealing with that threat model makes me hopeful and optimistic that those steps will be taken. But I would like to see the vulnerable systems replaced, and the clock is ticking. The farther we get into the year, the less likely it is. That’s just a reality.”

National: Everyone Agrees That All Voting Machines Should Leave A Paper Trail. Here’s Why It Won’t Happen. | Buzzfeed

Despite Congress’s agreement last week to spend $380 million to help states replace voting machines that don’t produce a paper trail, it’s likely that tens of thousands of voters will cast their ballots in this year’s midterm elections on outdated equipment that the Department of Homeland Security has called a “national security concern.” That’s because the newly approved money will be allocated to all 50 states instead of just those that have the greatest need to replace voting machines. Thirteen states use voting machines that can’t be audited because they don’t produce a paper trail to check against the machine’s electronic tabulations. Of those, only two would receive enough funding under the recent appropriation to replace all their machines; the rest could replace only a fraction of what they need. For example, the funding would cover less than half the cost of what it would take for Pennsylvania — a state whose results were critical to the outcome of the 2016 presidential race — to replace all of its outdated machines.

Editorials: We need to protect against vote tampering | Dan Wallach/Fort Worth Star-Telegram

Election winners are always happy to take the win, but the losers — and often the voters — require evidence, and that evidence needs strong backing. Modern voting systems must engender confidence that the final tally represents the true preferences of voters, without manipulation or tampering. After apparent Russian interference in the 2016 national elections, politicians nationwide are investigating our security posture. It seems that no Russian probes into Texas election systems went anywhere, but we might not be so lucky next time. Texas’s current voting systems were not designed to defend against the cyberattack skills that the Russians and other sophisticated adversaries can bring to bear. It’s time for our state to plan an orderly retirement of its old and insecure voting equipment and adopt better practices. Texas has a unique chance to be a national leader here, and there are three Texans poised to lead the charge. Director of Elections Keith Ingram heads the Secretary of State’s investigation into election security. Under the Texas Cybersecurity Act, he must issue a report — due December 1, 2018 — that contains legislative recommendations aimed at bolstering our election systems.

Georgia: Legislature Considers New Voter Equipment, but Experts Say Law Needs Fix | Atlanta Progressive News

The State House is currently considering SB 403, to replace the current E-voting machines, which are direct recording, with ballot marking devices, allowing for a paper audit trail in Georgia elections by Jan. 01, 2024. On Feb. 28, 2018, the bill passed the State Senate nearly unanimously, in a vote of fifty to one. However, elections integrity organizations including VoterGA, Common Cause Georgia, Verified Voting, the National Election Defense Coalition, Georgians for Verified Voting, and the Georgia Sunshine Project have expressed their opposition to the House version of SB 403 in part because voter protections were ignored.  

Georgia: State legislature’s final hours focus on paper ballots | Associated Press

Thursday will mark the last day of Georgia’s 40-day legislative session, and several bills, including proposals that would replace the state’s 16-year-old electronic voting system and give victims of childhood sexual assault more time to sue their abusers, await action by either the House or Senate. The final days of the session are generally chaotic as lawmakers push to vote on as many bills as possible and use legislative maneuvers to hitch stalled proposals to other bills. Here’s a look at some of the latest action from the General Assembly and what is expected in its final days: A proposal that has passed the Senate but awaits a vote in the House would move Georgia from its 16-year-old electronic touchscreen voting system with no paper backup, to either a touchscreen system that prints a paper ballot or paper ballots marked by pencil.

Michigan: Manual election audits to debut in Michigan 2018 race | Associated Press

New measures to bolster security for Michigan’s 2018 midterm elections were announced this month, but experts said they don’t address all past gripes with state procedures. During this year’s May election and November general election, Michigan will hand-count ballots for all precincts selected in the post-election audit, secretary of state spokesman Fred Woodhams said. The state currently uses paper ballots that are scanned through optical voting machines. Past elections’ audits required reviewing voting machine equipment as well as procedural compliance of poll workers, he said, but did not entail recounting paper ballots. … But the reforms don’t fully reassure Alex Halderman, a professor of computer science and engineering at the University of Michigan. He noted that under Michigan procedure, post-election audits occur after the results are already certified, rendering the practice moot when it comes to disputing a race outcome.

National: Old voting machines in the US can be hacked without people knowing it | Business Insider

For all the hubbub about election security in the US ahead of the 2018 midterms, there is one issue that almost no one seems to be talking about: old voting machines. A total of 41 states currently have voting machines that are at least a decade old, according to the Brennan Center for Justice, leaving thousands of systems vulnerable to hackers and other security risks that could compromise election results. With old voting machines come a whole host of issues: outdated software, machine breakdown, spare replacement parts that are near impossible to find. On Tuesday, the Senate Intelligence Committee, which is investigating Russia’s meddling in the 2016 US election, called on states to “rapidly replace outdated and vulnerable voting systems.”

Georgia: Lawmakers mull paper ballot voting system | Associated Press

As Georgia lawmakers consider scrapping electronic voting machines for a system that uses paper ballots, a razor-thin margin in a U.S. House race over 500 miles away in Western Pennsylvania has highlighted a crucial distinction between the two systems: the presence of an auditable paper trail. The proposal would move Georgia from its 16-year-old electronic touchscreen voting system with no paper backup, to either a touchscreen system that prints a paper ballot or paper ballots marked by pencil. Republican Rep. Ed Setzler of Acworth, one of the bill’s primary backers, said it was needed to ensure that election results could be audited if there were claims or evidence of irregularities and to bolster voter confidence. The measure recently passed the House Governmental Affairs Committee and is expected to quickly see a vote before the full House. … A tight U.S. House race in Western Pennsylvania last week was questioned by GOP officials there who said they were looking into alleged voting irregularities after Democrat Conor Lamb declared victory over Republican Rick Saccone in a longtime GOP stronghold that includes four counties in the Pittsburgh area.

Illinois: Security of state voter rolls a concern as primaries begin | Associated Press

With the Illinois primary just days away, state election officials are beefing up cyber defenses and scanning for possible intrusions into voting systems and voter registration rolls. They have good reason to be on guard: Two years ago, Illinois was the lone state known to have its state election system breached in a hacking effort that ultimately targeted 21 states. Hackers believe to be connected to Russia penetrated the state’s voter rolls, viewing data on some 76,000 Illinois voters, although there is no indication any information was changed. Since then, Illinois election officials have added firewalls, installed software designed to prevent intrusions and shifted staffing to focus on the threats. The state has been receiving regular cyber scans from the federal government to identify potential weak spots and has asked the U.S. Department of Homeland Security to conduct a comprehensive risk assessment. That assessment is scheduled but will not happen before Tuesday’s second-in the-nation primary.

National: Spooked by election hacking, states are moving to paper ballots | Cyberscoop

Paper ballots may seem like an antiquated voting practice, but hacking fears are now pushing an increasing number of states toward a return to the basics. State legislatures and election directors are heeding warnings from Washington that hackers may tamper with electronic voting systems in the 2018 midterm elections. The U.S. intelligence community has said that Russian President Vladimir Putin launched a campaign to interfere with the 2016 presidential election and that the Kremlin will try to do so again. On the national level, lawmakers have made several attempts to push legislation aiming to strengthen election cybersecurity through grants to upgrade equipment and to increase cooperation between the federal government and lower jurisdictions. So far, no such legislation has passed either chamber of Congress. Amid all this national attention, a number of states have started to act on their own bolster the integrity of elections they run. With these states, the focus has been on doing away with direct-recording electronic voting machines (DREs) that don’t produce a paper record.

Georgia: Bill to replace Georgia’s electronic voting machines advances | Atlanta Journal-Constitution

A proposal to replace Georgia’s electronic voting machines passed a subcommittee Tuesday despite concerns that the legislation doesn’t go far enough to safeguard elections. The measure calls for the state to begin using a new voting system with paper ballots in time for the 2020 presidential election. State lawmakers say the state’s all-digital election system, in use since 2002, is outdated and needs to be scrapped after tech experts exposed security vulnerabilities last year in the same type of voting machines as those used in Georgia. … Critics of the voting legislation say the touch-screen machines, which the state tested during a Conyers election in November, are vulnerable to tampering because they use bar codes for tabulation purposes. Voters wouldn’t be able to tell whether the bar codes matched the candidates they chose, which would also be printed on the ballot.

Pennsylvania: Special Election shows need for U.S. voting machine upgrades: experts | Reuters

Pennsylvania’s tight congressional special election underscores the need for states to replace aging voting machines and use paper ballots as backups to ensure the integrity of vote counts ahead of pivotal November U.S. midterm elections, election security advocates said on Wednesday. Democrat Conor Lamb led Republican Rick Saccone by only a few hundred votes out of nearly 230,000 cast in the closely watched U.S. House of Representatives election on Tuesday in western Pennsylvania. With many states using antiquated voting machines and with concerns about potential interference in U.S. elections by Russia or other actors, there is rising concern among experts about the need to safeguard American balloting.

National: Push to bolster election security stalls in Senate | The Hill

Senators are running into roadblocks from state officials as they try to craft legislation to secure election systems before the midterms in November. Sens. James Lankford (R-Okla.) and Kamala Harris (D-Calif.) are pushing for legislation that would bolster the security of U.S. voting infrastructure, with an eye toward countering threats from adversaries like Russia. But Lankford on Wednesday was forced to table an amendment to a bill moving through the Senate that was aimed at improving information-sharing between federal and state election officials on election cyber threats. State officials objected to the amendment. The development sparked frustration on the Senate Homeland Security and Governmental Affairs Committee, where lawmakers have been agitating for action. … The amendment would also mandate that election service providers, including vendors and contractors, notify state officials promptly if election systems — including voting machines, voter registration databases and election agency email systems — are breached, and that state officials provide the information to their federal counterparts in a timely fashion. The secretaries of state questioned whether states would be penalized if a vendor or contractor failed to notify state election agencies of cybersecurity incidents.

Georgia: Plan to Scrap Vulnerable Voting Machines Moves to the House | The Atlanta Journal-Constitution

Georgia lawmakers are preparing to ditch the state’s old and vulnerable electronic voting machines, but they haven’t fully committed to paper ballots that can’t be hacked. A bill to to replace all of Georgia’s 27,000 voting machines in time for the 2020 presidential election cleared the state Senate last week and is now pending in the House. Organizations seeking secure elections say they’re worried that Georgia could end up with an untrustworthy and expensive election system. The legislation has raised some concerns, including the lack of a requirement that manual recounts be conducted with paper ballots and the possibility that bar codes could be printed on the ballots. “Electronics make life easier, but they also can be manipulated,” said Sara Henderson, the executive director of Common Cause Georgia, a government accountability group. “We’re trying to get changes into the bill that will make paper the official ballot of record. “If we don’t have that language in there, we’ll have the same situation as we have now,” she said.

Michigan: As hacking fears mount, Michigan election security gets middling marks | Bridge Magazine

Genesee County Clerk John Gleason powered up his work computer last summer and began sifting through his emails. To his shock, he said he found a “nasty, vulgar-laden” email in his sent folder, supposedly authored by him. “At first, I thought it was someone in the office playing a joke on me,” said Gleason, who has presided over every election in the mid-Michigan county of 410,000 residents since he was elected clerk in 2013. County workers tracked the source of the email to a Russian phishing link intended to hook users with the promise of dating or weight loss, Gleason said. A few months ago, a similar incident happened to his computer, which Gleason uses to help direct elections in Michigan’s fifth-largest county. … Computer scientists and elections experts consider the optical scan systems the best because they start with a paper ballot, which make it possible for election officials to double-check results if questions arise. But that doesn’t mean the machines can’t be hacked. Since Americans began using electronic voting machines 15 years ago, computer scientists have repeatedly warned that nearly every type of system is susceptible to manipulation.

Texas: Experts Say Electronic Voting Machines Aren’t Secure. So Travis County Is Designing Its Own. | KUT

Travis County Clerk Dana DeBeauvoir has spent more than a decade working with researchers and computer security experts to design a voting machine that’s more secure and reliable. This massive undertaking resulted in the Secure, Transparent, Auditable, and Reliable Voting System, or STAR-Vote. But getting manufacturers to build it has been a challenge. … When Houston first floated the idea of switching to DREs in 2001, it caught Dan Wallach’s attention. He urged city leaders not to ditch paper ballots. “My message then was: These are just computers,” says Wallach, a professor in the department of computer science at Rice University, “and computers are hackable.”

Editorials: Replace Pennsylvania voting machines right now | Marian Schneider and Wilfred Codrington/Pittsburgh Post-Gazette

Pennsylvania’s Acting Secretary of State Robert Torres last month directed that, going forward, all voting machines purchased in the state must employ “a voter-verifiable paper ballot or paper record of votes cast.” This was great news. It will help ensure the accuracy of vote-counting in Pennsylvania and give voters more confidence in election results. It was long overdue. The two key words in the directive are “verifiable” and “paper,” neither of which apply to how the vast majority of Pennsylvanians have been voting since 2006. Currently, 83 percent of Pennsylvania voters use direct-recording electronic systems, or DREs — voting machines that produce no paper ballot for voters to verify before leaving their polling places and that therefore leave no paper trail to follow if election results are contested. DREs are computer systems. Have you ever had your computer crash? Have you ever heard of computer systems being hacked?

Editorials: Putin and Sissi are putting on elections. Why bother? | Jackson Diehl/The Washington Post

With Western democracy on the defensive, China’s Xi Jinping is aggressively advancing a new model for human governance in the 21st century: personal dictatorship backed by nationalism, state-directed capitalism and a security apparatus empowered by cutting-edge technologies. There’s no pretense of evolution toward democracy or even the rule of law. On the contrary, Xi explicitly casts his regime as an alternative that “offers a new option for other countries.” Among the world leaders seemingly most likely to embrace this neo-totalitarianism are Russia’s Vladi­mir Putin and Egypt’s Abdel Fatah al-Sissi, both of whom have consolidated personal power on a platform of nationalism. So it’s interesting that both Putin and Sissi are putting on presidential elections this month. Sure, these are not real elections. They are Potemkin pageants that will award the two strongmen overwhelming victories, thanks in part to the exclusion of all serious opponents. The only suspense about the March 18 vote in Russia, or the ballot in Egypt concluding 10 days later, will be about the abstention rate, because opposition leaders in both countries are calling for boycotts.

Legislation: Election Security a High Priority – Until It Comes to Paying for New Voting Machines | ProPublica

“Today’s voting systems are not going to last 70 years, they’re going to last 10,” says U.S. Elections Assistance Commission Commissioner Matt Masterson. While previous generations of voting equipment, lever machines and punch cards, had hardware that could be relied on for decades, today’s technology becomes outdated a lot faster. While election equipment needs to be replaced more often, election administration remains a low funding priority, a ProPublica review of state and local budgets nationwide found. In 2017, Utah appropriated $275,000 to aid counties in purchasing new voting equipment, but $500,000 to help sponsor the Sundance Film Festival. A few years earlier, Missouri allocated $2 million in grants to localities to replace voting equipment the state, while increasing the Division of Tourism budget by $10 million to $24 million.

National: Ryan move to replace election agency leader stirs outcry | Politico

House Speaker Paul Ryan faced Democratic criticism Thursday after choosing not to renew the term of a federal agency head who has helped lead the charge on securing elections from hackers. Matthew Masterson, chairman of the Election Assistance Commission, will depart once the Senate confirms a successor, three people familiar with the situation told POLITICO. His four-year term as a commissioner expired in December, but he has stayed while Ryan contemplated whom to recommend to President Donald Trump as a nominee for the seat. Ryan has decided that Masterson won’t be on the list. Another commissioner was already scheduled to take the chairman’s slot on Saturday, but Masterson could have remained as a commissioner if he were renominated. … “This is insanity,” said Joseph Lorenzo Hall, an election security expert who is the chief technologist at the Center for Democracy & Technology. “Matt is extremely capable and has been a champion of more secure and better elections the entire time he’s been on the EAC.”

Maryland: Officials look to shore up election defenses after Russian tampering | Baltimore Sun

As details emerge of the Russian campaign to influence the 2016 election, officials in Maryland are working to protect the state’s voting system for this year and beyond. State elections officials are working with federal authorities to shore up Maryland’s defenses against tampering with electronic voting systems and electoral rolls. Lawmakers have introduced proposals to fix perceived flaws, audit results more rigorously and to compel greater disclosures about advertising on social media. … Poorvi Vora, a professor of computer science at George Washington University, says Maryland is among the worst of the 50 states in securing absentee ballots. The state allows voters to request absentee ballots through its web site and mark them online before mailing them in. That function is part of the system that allows voters to register online. It’s also the system that hackers probed in August 2016. Charlson said they did not breach it.

Texas: Weaknesses in Texas’ voting systems put under microscope | KXAN

Are Texas voting systems susceptible to a hack? Who polices wrongdoing at the polls? Should lawmakers make any changes to help Texas elections run more smoothly? State senators met Thursday to address concerns of fraud, irregularities and weaknesses in the system. Lt. Gov. Dan Patrick tasked a Senate select panel to address a handful of issues pertaining to election security. Sen. Bryan Hughes, R-Mineola, who chairs the committee, said there are few rights more precious than the right to vote. He said he expected the bipartisan group to take a “thorough look” at making possible changes to “ensure Texas is still leading on voting security.”