National: 5 Ways Election Interference Could (And Probably Will) Worsen In 2018 And Beyond | NPR

If you thought 2016 was bad, just wait for the sequel. Russian election interference seeped into nearly every aspect of the political landscape two years ago, but many experts are wondering whether upcoming U.S. elections could be worse. “If we do nothing, if we let the mechanics of voting continue to deteriorate, then I am 100 percent sure that we are going to be attacked again in the fullness of time,” said J. Alex Halderman, a professor of computer science at the University of Michigan. “And it’s going to make 2016 look quaint by comparison.” … The actual nuts and bolts of how Americans vote are vulnerable for a number of reasons. Older computerized voting machines run older software, which makes them more exposed to potential vulnerabilities. In the case of many states that either use a completely digital or partially digital voting system, they’re ripe for hacking.

National: Elections: Another unsecured enterprise application? | GCN

As hackers become more sophisticated, state and local election officials must ramp up their IT expertise to protect registration data and elections results. “Elections offices have become IT offices that happen to run elections,” Jeremy Epstein, deputy division director of the National Science Foundation’s Division of Computer and Network Systems said at the Jan. 10 Election Assistance Summit. “We need to be focused on detection and recovery.” When Rhode Island Secretary of State Nellie Gorbea was appointed in January 2015, she made election security a priority by growing her IT department by 40 percent to deal with increasing threats. She also worked with legislative leadership to get more funding to replace old election equipment.

National: DHS Official On Russian Hacking: ‘A National Security Issue’ | NPR

President Trump has shown little interest in fighting the threat of Russians hacking U.S. elections. He’s shown a lot of interest in fighting voter fraud, something he insists — without evidence — is widespread. Parts of his administration are doing just the opposite. Bob Kolasky, an acting deputy undersecretary at the Department of Homeland Security (DHS), told a group of election officials gathered in Washington, D.C., this week that the threat of Russian hacking in future elections is “a national security issue.” “We have seen no evidence that the Russian government has changed its intent or changed its capability to cause duress to our election system. That may not be the only concern we have in the future,” Kolasky said, adding that another nation-state or bad actor could also attempt to interfere in U.S. voting.

National: Bipartisan Senate Bill Would Help States Beef Up Election Cybersecurity | Stateline

Six U.S. senators have filed a bipartisan bill that would provide grants to states to help them move from paperless voting machines to paper ballots in an effort to make voting systems less vulnerable to hackers. In September, the U.S. Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election. While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.

Alabama: Court gives last-minute order that could impede recount procedure | The Guardian

Controversy swirled over the mechanics of the Alabama Senate election after the state supreme court intervened at the eleventh hour to give election officials a green light not to preserve electronic ballot records that could form the basis of a recount. A court in Montgomery, the state capital, issued an injunction on Monday afternoon ordering election officials around the state to preserve digital images of the ballots cast by Alabama voters in the hard-fought contest between controversial Republican Roy Moore and Democrat Doug Jones. … Priscilla Duncan, the lead plaintiff in the case, noted with some amazement that the secretary of state’s protest was lodged with the supreme court at 4.38pm and the justices came back with their ruling at 5.18pm. “It’s just unbelievable that they examined the pleadings and got eight judges to concur in half an hour on a Monday afternoon,” she said.

New York: State Board of Elections Official Says City Must Move to Instant Runoff Voting | Gotham Gazette

Ahead of the September 12 primary, mayoral candidate Sal Albanese seemingly had the Reform Party ballot line locked up. It meant that Albanese would be on the general election ballot even if he lost the Democratic primary to Mayor Bill de Blasio. At the last minute, however, Republican candidate Nicole Malliotakis and independent candidate Bo Dietl attempted to snatch the Reform nomination from Albanese through an “opportunity to ballot,” which had effectively opened up the Reform line to write-in candidates. Albanese would prevail with 53 percent of the vote, but the spectacle raised major concerns for elections officials. Had all of the candidates failed to reach the 40 percent mark, it would’ve automatically triggered a laborious and costly citywide runoff election between the top two vote-getters. New York City “dodged a bullet” in avoiding a runoff election, said Douglas Kellner, Democratic co-chair of the New York State Board of Elections, at a Wednesday oversight hearing of the City Council’s Committee on Governmental Operations. Kellner, who was there to give his assessment of the recent municipal elections and other matters, briefed the committee members on steps the Council could take to improve election management.

India: Voting machines without safeguards | National Herald

Computer Scientist who prefers paper. That is how the American magazine The Atlantic described her earlier this year. Having worked at IBM for long, Barbara Simons (76) is among the pioneers in computer science. When, therefore, she began saying that electronic voting was not safe, people took her to be a ‘crank’. But undeterred, Simons became one of the founders of American organization Verified Voters, which has been in the forefront of the movement to replace machines with paper ballots in American elections. … Simons is skeptical about steps taken by tech companies to enhance cyber security. Pointing out that all 50 states in the USA use computerised scanners for vote counting, she claimed that few states had a system of post-editing auditing to detect manipulation. “Mandatory audits, in the form of hand counts of randomized samplings of ballots, are essential to protect against invisible vote theft,” Simons said, adding, “in an unaudited system, malicious code could easily go unnoticed. “It’s not rocket science,” she said. “Any halfway-decent programmer could do it.”

Alabama: State Supreme Court Okays Destruction of Digital Voting Records | Gizmodo

Alabama’s special election for Jeff Sessions’ vacated Senate seat is underway today, but state courts are still battling over whether or not digital records from the vote should be preserved in case of a recount or a hack. On Monday, a judge ordered local election officials to save digital images of ballots, AL.com reports. However, his decision was quickly reversed by the Alabama Supreme Court, which stayed his order Monday evening. Alabama uses paper ballots in its elections, which is considered more secure than many digital voting machines. Once voters mark their choices on paper, the ballots are scanned by computers to tally the votes. This system isn’t set up properly for audits, according to Verified Voting, an election integrity organization.

India: Electronic Voting Machines unsafe and VVPATS need more robust safeguards | National Herald

Voter Verifiable Paper Audit Trail (VVPAT) is useless unless a statistically significant number of VVPATS are manually counted after the election to ascertain that they functioned properly, say two American computer scientists who believe that the only safe election technology is the ‘paper ballot’. In other words, the Election Commission’s provision of testing VVPATs at just ONE polling booth in each constituency is not good enough to inspire confidence.National Herald on Sunday asked two pioneers engaged in advocacy for election integrity in the United States, Barbara Simons and Mark Halvorson to comment on the controversy over Electronic Voting Machines in India. While Simons, a computer scientist who worked for IBM, was one of the founders of the non-profit Verified Voting (verifiedvoting.org), Halvorson continues to be on its board of advisors. He was also the founder and former director of Citizens for Election Integrity, Minnesota (US) and helped organize the first national Audit Summit in the United States in 2007.

Georgia: Election Tech Companies Show Potential Replacements For Voting Machines | WABE

Some of the nation’s top election technology companies explained to state lawmakers Thursday how they might replace Georgia’s 15-year-old electronic voting machines, which have been phased out in many states around the country. … Georgia is one of five states where voting machines currently have no paper trail, and cybersecurity experts agree that exposes the system to potential doubt, hacks and glitches. “The bottom line is you want to have that fail-safe, so that the system can be checked with an audit and, if necessary, be recounted with a physical record, and that’s provided with a paper ballot,” said Susan Greenhalgh with Verified Voting, a nonprofit, nonpartisan organization that advocates for accuracy, transparency and verifiability of elections. She presented to the committee Thursday.

Georgia: Lawmakers turn timely attention to accuracy of Georgia’s voter tech | Columbus Ledger-Enquirer

A lawsuit that calls into question the accuracy and integrity of past elections is working its way through the system. In the meantime, a bipartisan group of Georgia lawmakers is considering changes that might make such issues moot with regard to future ones. For the last 15 years, Georgia has used touch-screen voting machines, most of which do not provide hard-copy records of vote counts. (The machines used in Muscogee County, as most local voters are aware, provide printed as well as electronic records of vote totals.) One of the advisers at the Thursday committee hearing was Susan Greenhalgh of Verified Voting, an advisory group founded by computer scientists which AP identified as “a non-partisan, non-profit organization that pushes for measures to make elections accurate, transparent and verifiable.” (Greenhalgh is not affiliated with any of the for-profit voter tech companies also represented at the committee meeting.)

Editorials: You can’t hack paper ballots | Paul Campbell/Buffalo Reflex

Recently in this column I wrote about the problems with a cashless society, and today I am talking about the hazards of a paperless voting system. I’m sure this looks to some like I am anti-technology, but I’m not. All technologies — from television sets to the Internet — have their downsides, and these should be explored as objectively as possible. Everyone should read an excellent article on this subject in the December issue of The Atlantic magazine. The story, by Jill Leovy, is about Barbara Simons, 76, who has been an ardent fan of paper ballots for the past two decades. Just about everybody, including the League of Women Voters and the ACLU, passed her off as a crackpot for years. In the aftermath of the alleged Russian interference with the 2016 presidential election, however, the guardians of our voting system are taking a second look at Simons’ ideas. It should be noted that Simons, now retired, was a computer engineer for decades.

California: Saving throw: Securing democracy with stats, spreadsheets, and 10-sided dice | Ars Technica

More than a dozen counties have now participated in a California-wide pilot project to provide a real-world test of what had previously been an academic theory. The pilot was authorized under California Assembly Bill 2023, which passed in 2010. Including audits conducted before the bill’s passage, 23 contests have been audited across several county-level elections in the state in recent years, and other counties, including Orange, Marin, and Yolo, will have additional audits in the coming weeks. California already has a mandatory audit law, which stipulates that a public manual tally of 1 percent of the precincts, chosen at random, must take place. But in Stark’s view, this is the wrong way to proceed. “There is no statistical justification for the 1 percent tally,” Stark explained. “It is a check on the accuracy of the system, but it is not well tied to ensuring that outcomes are right. It doesn’t require more counting for small margins than for large ones, and it does not require a full hand count, even if something is obviously wrong.”

Georgia: Paper ballots pass Election Day test in Georgia | Atlanta Journal Constitution

The results are in from this month’s test run of a voting system that could bring paper ballots back to Georgia: It was easy to use and fast, but it would come with a high cost to taxpayers. The trial of the touch screen-plus-paper ballot voting system “came off without a hitch” when it was tried during the Nov. 7 election for Conyers’ mayor and City Council, Georgia Elections Director Chris Harvey said. Though this voting system would be an improvement over Georgia’s 15-year-old paperless machines, an election transparency group called Verified Voting says the state should stop using touch screens and return to the simple efficiency of filling out ballots with pens or pencils, like about 70 percent of the nation. During the trial run, voters picked their candidates on touch-screen machines, which then printed out a filled-in paper ballot that reflected their choices. Then voters could review their paper ballots for accuracy before feeding them into a trash can-shaped machine, which scanned the ballots, counted them and deposited them into a locked container.

National: States Start Using Statistical Methods to Check Voter Count Accuracy | eWeek

In the face of overwhelming evidence that the Russians meddled in the 2016 U.S. presidential election, states are adopting auditing measure to detect any possible direct ballot fraud and give voters confidence in the results. After clear evidence emerged that Russia attempted to influence the results of the 2016 U.S. presidential election by social media, and more directly by hacking election systems, state governments are embarking on a variety of efforts to use statistical auditing to verify election results. On Nov. 15, Colorado kicked off its first statewide statistical audit of its most recent election by using a statistical technique known as risk-limiting audits to establish the integrity of the vote. Because of mail-in ballots from voters serving in the military, the state had to wait eight days to receive all votes and initiate the audit. Risk-limiting audits, or RLAs, allow election officials to verify the outcome of an election by sampling a much smaller subset of ballots compared to a full recount. Verifying the results of presidential elections in each state from 1992 to 2008, for example, only requires an average of 307 ballots per state. The number of ballots required to verify the vote, however, increases as the contests become closer and eventually defaults to a full recount, in the case of an extremely close race. Colorado’s legislature voted to adopt an election-wide audit in 2010, and election officials began piloting RLA in 2013.

Georgia: Kennesaw State Embroiled in Controversy over Security of Election Data | Higher Education

Judging strictly by how the Center for Election Systems at Kennesaw State University is described on its official website, everything is peachy when it comes to the fact that the center is charged by the Secretary of State with ensuring the integrity voting systems throughout Georgia. “The Center maintains an arms-length working relationship with the Secretary of State and the vendor, ensuring both independence and objectivity in its work,” the center states on its website. But if you ask Marilyn R. Marks, executive director of the Coalition for Good Governance, a university has no business playing such a critical role in the oversight of a state’s election infrastructure. It’s an argument that Marks says is underscored by the fact that voter data in Georgia was exposed on the Internet for a significant period of time leading up to key elections in Georgia — a fact uncovered by a cybersecurity expert named Logan Lamb, who reported it to the center. KSU only took action when a second cybersecurity expert — Chris Grayson — found the same security gaps and reported them to Andrew Green, a colleague and KSU faculty member who lectures on information security and assurance, according to lawsuit filed by Marks’ coalition.

National: Securing the vote: How ‘paper’ can protect US elections from foreign invaders | CSMonitor

When Logan Lamb visited the website of Georgia’s Center for Election Systems in Aug. 2016, what he found left him speechless. Although the cybersecurity researcher had no password or special authorization, he was able through a Google search to download the state’s voter registration list, view files with Election Day passwords, and access what appeared to be databases used to prepare ballots, tabulate votes, and summarize vote totals. He also discovered a vulnerability that would allow anyone to take full control of a server used for Georgia’s elections. It was everything a Russian hacker – or any malicious intruder – might need to disrupt the vote in Georgia. “Had the bad guys wanted to just completely own the central election system, they could have,” Mr. Lamb told the Monitor in an interview … There are only a handful of states in the US that are currently performing audits that start with voter-verified paper ballots. Many counties in California have conducted pioneering work with such audits. New Mexico hires an independent CPA to oversea an audit of a few key races in that state. And Rhode Island recently enacted a law to develop a voter-verified audit system. But the single most important development in this area is about to take place in Colorado.

New Jersey: State’s voting machines get less scrutiny than laundry scales, amusements | The Record

Boardwalk “claw” machines. Laundry scales. Boiled linseed oil. All three are subject to more state regulation than voting machines in New Jersey. And with Tuesday’s election for governor — one of the first two statewide contests in the U.S. since last year’s presidential race — some voting-rights activists are expressing concern that New Jersey’s vote could be vulnerable. Despite consumer-protection laws that mandate testing of pharmacy scales, gas pumps, amusement park rides and hundreds of other types of equipment — and regulations governing everything from the size of peach baskets to the temperature at which commercial linseed oil must be boiled — the state has comparatively few regulations on voting machines. It does not require machines to leave a verifiable paper trail. Nor does it mandate audits of elections. New Jersey does limit the types of voting machines counties can choose from, but leaves it to counties to test the machines.

Georgia: Georgia Wiped Its Election Server While Advocates Fought for Security Investigation | Gizmodo

A server that held data central to Georgia’s elections was wiped this summer, destroying the potential for a forensic investigation to determine whether or not the server was compromised by hackers, the AP reports. The data destruction was revealed in an email last week from an associate state attorney general to a group that is suing Georgia in an attempt to force additional security measures into the election system. The lawsuit was filed on July 3rd and data was reportedly destroyed on July 7th. In August, backups of the wiped server were also destroyed. “The lawsuit was filed, and right after the lawsuit was filed, they wiped their server. After it was moved to federal court, they did it again,” Marian Schneider, the president of Verified Voting, an organization that advocates for election security and has worked with the group of Georgia advocates involved in the lawsuit, told Gizmodo.

National: Wary of Hackers, States Move to Upgrade Voting Systems | The New York Times

State election officials, worried about the integrity of their voting systems, are pressing to make them more secure ahead of next year’s midterm elections. Reacting in large part to Russian efforts to hack the presidential election last year, a growing number of states are upgrading electoral databases and voting machines, and even adding cybersecurity experts to their election teams. The efforts — from both Democrats and Republicans — amount to the largest overhaul of the nation’s voting infrastructure since the contested presidential election in 2000 spelled an end to punch-card ballots and voting machines with mechanical levers. One aim is to prepare for the 2018 and 2020 elections by upgrading and securing electoral databases and voting machines that were cutting-edge before Facebook and Twitter even existed. Another is to spot and defuse attempts to depress turnout and sway election results by targeting voters with false news reports and social media posts.

Verified Voting in the News: Stars not aligned for new Travis County, Texas voting system | electionlineWeekly

The best laid plans of mice, men and elections officials often go awry and that’s exactly what happened to 12 years of studying and planning for Travis County, Texas Clerk Dana DeBeauvoir. Long before anyone ever thought to mention Russians and elections in the same breath, Travis County began looking for a way to improve the security of the county’s voting system and provide a verifiable paper trail. DeBeauvoir was upset that activists were attacking elections administrators for the design of voting systems and the purchase of DRE voting systems that did not have a paper trail.

National: DHS is standing by its initial assessment that 21 states were targeted | HuffPost

Top election officials in two states say the Department of Homeland Security gave them faulty information last week when it said Russian hackers scanned their election systems last year. The accusations underscore the persistent barriers in information sharing as the federal government and states try to respond to hacking in last year’s election. DHS informed election officials in 21 states on Friday that Russian hackers had tried to access voter information, the first time many states found out they had been targeted. DHS has faced criticism for being slow to share information with states. Now election officials in Wisconsin and California say DHS has provided them with additional information showing that Russian hackers actually scanned networks at other state agencies unconnected to voter data. In Wisconsin, DHS told officials on Tuesday that hackers had scanned an IP address belonging to the Department of Workforce Development, not the Wisconsin Elections Commission. … Scott McConnell, a DHS spokesman, said in a statement the agency stood by its assessment that 21 states were targeted by Russian hackers last year. He suggested hackers still could have targeted election records, even if they did not target the IP addresses of the state’s election body.

Georgia: Lawmakers begin discussion of replacing voting machines | Atlanta Journal-Constitution

A handful of lawmakers began the discussion Friday about what it might take to move Georgia to a new election system, an important but incremental step toward replacing the state’s aging voting machines. The meeting of the state House Science and Technology Committee represents a start. Any decision will likely take a few years and, depending on the type of system officials pick, could cost more than $100 million. Cheaper options are available, but the state’s leaders all need to agree on what they want. “We all want to have a system that is best in class and does all the things technology can provide for us,” said committee Chairman Ed Setzler, R-Acworth. Beginning that conversation now, he added, means the “committee starts out of session to look at these things and to look at what technological options can serve our state well.” Georgia’s current system, considered state-of-the-art when it was adopted 15 years ago, is now universally acknowledged by experts to be vulnerable to security risks and buggy software. Only a handful of states still use similar electronic systems, which voters know for their digital touch screens. A majority — 41 states — either have or are moving toward voting done entirely on paper or on a hybrid system that incorporates some kind of paper trail.

National: Voting machines can be hacked without evidence, commission is told | Washington Times

The country’s voting machines are susceptible to hacking, which could be done in a way so that it leaves no fingerprints, making it impossible to know whether the outcome was changed, computer experts told President Trump’s voter integrity commission Tuesday. The testimony marked a departure for the commission, which was formed to look into fraud and barriers to voting, but which heard that a potentially greater threat to confidence in American elections is the chance for enemy actors to meddle. “There’s no perfect security; there’s only degrees of insecurity,” said Ronald Rivest, a professor at the Massachusetts Institute of Technology. He said hackers have myriad ways of attacking voting machines. “You don’t want to rest the election of the president on, ‘Maybe the Wi-Fi was turned on when it shouldn’t have been.’” He and two other computer security experts said bar codes on ballots and smartphones in voting locations could give hackers a chance to rewrite results in ways that couldn’t be traceable, short of sampling of ballots or hand recounts — and those work only in cases where there’s a paper trail.

Verified Voting in the News: Board of Elections Ends Use of Touch-Screen Voting Machines | Wall Street Journal

Election administrators in Virginia ordered the state’s remaining touch-screen electronic voting machines be taken out of service in advance of the coming statewide election, after hackers demonstrated vulnerabilities in an array of election technology at a recent security convention. Virginia, one of two states holding statewide elections for governor and state legislature this year, won’t use any touch-screen machines in the Nov. 7 general election after the State Board of Elections voted Friday to revoke the certifications on all such systems still being used in the state. Virginia will switch to paper ballots counted and processed by computerized scanners. James Alcorn, chair of the board, said in a statement the move was “necessary to ensure the integrity of Virginia’s elections.” … The decision by Virginia to stop using touch-screen electronic voting machines marks a victory for advocates who have long criticized paperless electronic voting systems as insecure and potentially vulnerable to tampering and mischief.

Verified Voting in the News: Virginia Is Getting Rid Of Its Vulnerable Voting Machines | Newburgh Gazette

The State Elections Board of Virginia, on Friday the 8th of September, approved a plan to replace the direct-recording electronic (DRE) voting machines used now in the state due to concerns about hacking in future elections. Additionally, the direct-recording electronic voting equipment in use in Virginia does not have a voter-verifiable paper audit trail, which is an important security feature provided by the paper systems, the statement added. As of today, the following 22 Virginia localities use DREs: Bath, Buchanan, Chesapeake, Colonial Heights, Culpeper, Cumberland, Emporia, Falls Church, Gloucester, Hopewell, Lee, Madison, Martinsville, Norfolk, Poquoson, Portsmouth, Rappahannock, Russell, Surry, Sussex, Tazewell, and Washington. Most states will not hold a major election until November 2018, but Virginia will elect a new governor and other statewide officials this November.

National: Is low-tech the answer to election security? | FCW

Some experts say that given uneven IT security requirements for voting systems, the best protection against election hacking may be less technology. “Based on my experience, I don’t have a lot of confidence” in the security of election equipment, said Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, at a Sept. 8 Brookings Institution discussion. “Our election systems are known to be vulnerable,” he said, adding that even if they were not manipulated by a foreign government in 2016, “I think it’s a matter of time… [attacks] will only be more sophisticated going forward.” Halderman’s research includes information security testing on the exact machines used by states during federal elections.

Verified Voting in the News: Board of Elections halts use of voting machines considered vulnerable to hacking | Reuters

Virginia on Friday agreed to stop using paperless touchscreen voting machines that had been flagged by cyber security experts as potentially vulnerable to hackers and lacking sufficient vote auditing capabilities. The action represented one of the most concrete steps taken by a U.S. state to bolster the cyber security of election systems since the 2016 presidential race, when U.S. intelligence agencies say Russia waged a digital influence campaign to help President Donald Trump win. Virginia’s board of elections voted to accept a recommendation from its state election director, Edgardo Cortes, to decertify so-called direct-recording electronic machines, which count votes digitally and do not produce paper trails that can be checked against a final result.

National: Russian Election Hacking Efforts, Wider Than Previously Known, Draw Little Scrutiny | The New York Times

The calls started flooding in from hundreds of irate North Carolina voters just after 7 a.m. on Election Day last November. Dozens were told they were ineligible to vote and were turned away at the polls, even when they displayed current registration cards. Others were sent from one polling place to another, only to be rejected. Scores of voters were incorrectly told they had cast ballots days earlier. In one precinct, voting halted for two hours. Susan Greenhalgh, a troubleshooter at a nonpartisan election monitoring group, was alarmed. Most of the complaints came from Durham, a blue-leaning county in a swing state. The problems involved electronic poll books — tablets and laptops, loaded with check-in software, that have increasingly replaced the thick binders of paper used to verify voters’ identities and registration status. She knew that the company that provided Durham’s software, VR Systems, had been penetrated by Russian hackers months before. “It felt like tampering, or some kind of cyberattack,” Ms. Greenhalgh said about the voting troubles in Durham.