In 2016, I bought two voting machines online for less than $100 apiece. I didn’t even have to search the dark web. I found them on eBay. Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online. If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn’t work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the “Property Of” government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
The Voting News
GovtechThe U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process. It started with texts in October 2018. Russian hackers operating in the Internet Research Agency – the infamous “troll factory” linked to Russian intelligence, Russian private military contractors and Putin-friendly oligarchs – received warnings via pop-ups, texts and emails not to interfere with U.S. interests. Then, during the day of the election, the servers that connected the troll factory to the outside world went down.Full Article: U.S. Military Steps Up Cyberwarfare Effort.
For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.
The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.
At the headquarters of Ukraine’s SBU more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month’s presidential vote. During the joint EU-Ukraine cyber security drills the Westerners pretend to be hackers attacking the country’s central election commission, while the Ukrainians seek to neutralise them. The exercises held in Kiev last week involved around a hundred experts and were part of efforts to prevent arch-foe Russia from interfering in the crucial March 31 election. Ukrainian security officials said they had registered a growing number of distributed denial-of-service attacks and phishing attempts to gain access to computers of the country’s ministries and other state structures in recent months.Full Article: Ukraine ready to take on Russian election hackers.
Indonesia: Russian, Chinese language Hackers Interfering With Indonesian Presidential Election | Brinkwire
Indonesia has identified China and Russia as sources of an ongoing wave of relentless cyber assaults intended to disrupt the country’s presidential elections on April 17. The attacks originate in Russia and China, said Arief Budiman, head of Indonesia’s General Elections Commission or KPU. Budiman also said some of the cyberattacks are attempts to “manipulate or modify” content. Others aim to create ghost voters, or fake voter identities. “They try to hack our system,” according to Budiman. “Not only every day. Almost every hour,” he said. The KPU head said it remains unclear if the motive of this continuing wave of attacks is “to disrupt Indonesia” or to help one of the candidates win. Incumbent president Joko Widodo is squaring-off against Prabowo Subianto, a former special forces general in the election.Russian, Chinese language Hackers Interfering With Indonesian Presidential Election – Brinkwire.
State election officials told members of Congress Wednesday that even after the $380 million the federal government distributed last year for states to shore up the security around their election systems, more will be needed to replace dated voting equipment and to combat future cyberthreats. But the officials who testified before the House Homeland Security Committee were not unanimous in how new funds should be awarded, some wary that the federal government would put too many requirements and deadlines on states for spending additional election-assistance money. “The most important feature to a good election security bill is to create one that provides necessary resources to the states without creating unfunded or underfunded mandates and strangling restrictions through federal overreach,” Alabama Secretary of State John Merrill said in his opening remarks.Full Article: Election officials ask Congress for new wave of security funding.
National: ‘We’re doubling down.’ DHS insists it’s not reducing election security efforts | The Washington Post
The Homeland Security Department is actually surging its efforts to protect elections against foreign hackers during the two years leading up to the 2020 elections — not winding them down, the agency’s top cybersecurity official insists. Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities. “The department’s election security and countering foreign influence security-related efforts are not going anywhere,” Krebs said. “In fact, we’re doubling down.” The article made waves in the security community because even a perception that the government isn’t serious about securing elections against Russian hackers could damage trust in the result in the 2020 election. Federal officials — including Krebs himself — have warned Russia may have viewed the midterms as merely a “warm-up” for 2020 when more Americans will be looking for signs of foreign influence. That stakes for officials such as Krebs are especially high because President Trump has wavered on whether he believes Russia was responsible for its hacking and disinformation campaign to influence the 2016 presidential contest.Full Article: The Cybersecurity 202: 'We're doubling down.' DHS insists it's not reducing election security efforts - The Washington Post.
The head of the Department of Homeland Security’s cybersecurity wing is pushing back on a media report that the agency has scaled back personnel and resources from its combatting foreign election interference. Cybersecurity and Infrastructure Security Agency Director Chris Krebs hosted a conference call with reporters less than 24 hours after The Daily Beast published a story that quoted multiple anonymous DHS officials who said two CISA task forces focused on coordinating the department’s response to foreign influence in U.S. elections were significantly downsized shortly after the mid-terms. Krebs didn’t deny that personnel levels for the task forces were reduced. He characterized the task forces as temporary vehicles to address an emerging threat while CISA worked to hire staff and build more permanent institutional capacity to tackle the issue.Full Article: CISA says it's ramping up election security efforts for 2020 -- FCW.
National: Native American Rights Groups Are Gearing Up to Fight Voter Suppression in 2020 | Pacific Standard
Native American rights advocates who went to bat against voter suppression and disenfranchisement in last year’s mid-term elections—and championed unprecedented voter turnout—are gearing up to renew their fight in key battleground states ahead of the already fraught 2020 presidential elections. “We are looking at mobilizing five, maybe six states” with significant Native American populations and where there have been concerns over voter access and turnout, says OJ Semans, co-director of Four Directions voting rights advocacy group. Semans is a member of the Rosebud Sioux Tribe. Last year, Semans worked to ensure Native American voters across the country had access to the polls. Among his group’s successes was the mobilization of an unprecedented number of Native American voters in North Dakota for the 2018 mid-terms. In his preparation for the 2020 elections, he’s setting his sights on Nevada, Arizona, Wisconsin, Michigan, and North Carolina.Full Article: Native American Rights Groups Are Gearing Up to Fight Voter Suppression in 2020 - Pacific Standard.
Blockchain, the ingenious database technology best known for underpinning the faddish digital currency Bitcoin, is reviving the utopian fantasies of the early internet era. In an influential manifesto from that time, “A Declaration of the Independence of Cyberspace,” published in 1996, the essayist and activist John Perry Barlow opposed the idea of government regulation of the internet, offering instead an anarchical vision of an online world in which a decentralized network of people existed free from all authorities and intermediaries save for their own “social contract.” Whatever else Barlow’s statement might have been, it was not prophetic. The online world today is full of authorities and intermediaries — search engines, social media platforms, cloud computing services, internet service providers — all of which exert considerable control over cyberspace and are themselves shaped by laws and regulations. It is hard to imagine a cyberlibertarian paradise emerging from that.Full Article: Is Blockchain Technology Overhyped? - The New York Times.
Florida: Palm Beach, ground zero for 2018 vote recount, didn’t apply for election security cash | Politico
Palm Beach County officials failed to tap election security funds available for the 2018 midterms, making it the only jurisdiction in the state that didn’t seek a share of the federal aid. Nearly $2 million in federal funds was made available to the state for hardware and software support, including server installations and network monitoring, ahead of the 2018 midterm elections. In a presentation to the House Transportation and Tourism Appropriations Subcommittee on Wednesday, state elections director Maria Matthews said 66 of 67 Florida counties applied for the funds, news that angered lawmakers. “Once again, the Palm Beach supervisors office has proven that they have been woefully mismanaged,” said state Rep. Blaise Ingoglia, a Spring Hill Republican who led the Republican Party of Florida during the 2018 election cycle. “It’s clear to me that making deadlines was not their forte.”Full Article: Palm Beach, ground zero for 2018 vote recount, didn’t apply for election security cash.
Georgia: Bill seeks switch to ballot-marking devices for Georgia elections | Atlanta Journal Constitution
A broad elections bill introduced Thursday would replace Georgia’s electronic voting system with touchscreens that print ballots before they’re counted. The printed ballots would create a paper trail to check the accuracy of election results. Georgia’s current direct-recording electronic voting machines lack a paper backup. The legislation, House Bill 316, follows the recommendations of a voting commission created by Gov. Brian Kemp last year when he was secretary of state. The commission favored the touchscreens, called ballot-marking devices, over paper ballots filled out with a pen or pencil. Election integrity advocates say paper ballots filled out by hand are more secure, but supporters of ballot-marking devices say they’re easier to use and more likely to accurately record votes. Ballot-marking devices print ballots that are then counted by optical scanning machines.
Indiana: House rejects effort to give voters more time to get absentee ballots | Greensburg Daily News
Democrats in the Indiana House tried and failed in their efforts to assure that Hoosiers have more time to apply for an absentee ballot. House Bill 1311, authored by Rep. Thomas Saunders, R-Lewisville, would change the amount of time to apply for an absentee ballot from eight to 12 days before an election because local county clerks had said they needed more time to process them. “We want people’s votes to count,” Saunders said in an interview. An earlier deadline would give voters more time to submit the ballots and clerks more time to count them.Full Article: House rejects effort to give voters more time to get absentee ballots | Local News | greensburgdailynews.com.
Kansas: Elections director: Crosscheck last used in 2017, when audit found security risks | St. John News
State elections director Bryan Caskey told lawmakers Tuesday the controversial Interstate Crosscheck program hasn’t been used since 2017, when a Homeland Security audit discovered vulnerabilities, and won’t be used this year. The program is the subject of a class-action lawsuit filed by the American Civil Liberties Union on behalf of 945 voters whose partial Social Security numbers were exposed by Florida officials through an open records request. In an appearance before the House Elections Committee, Caskey said Secretary of State Scott Schwab has ordered a review of Crosscheck to determine whether to abandon the program all together. He also said the state could use $2 million in federal funds untouched by former Secretary Kris Kobach to gain access to an alternative. The initial cost for the Electronic Registration Information Center would be $25,000.Full Article: Kansas elections director: Crosscheck last used in 2017, when audit found security risks - News - SJ News Online - St. John, KS - St. John, KS.
Louisiana: Officials say Louisiana will be ready for felon voting rights change | The Times-Picayune
State officials said Louisiana will be ready for a law change that will allow thousands of people convicted of felonies to vote as of March 1, although little information has been available about how the registration process will work. Secretary of State Kyle Ardoin, who oversees elections, and Corrections Secretary Jimmy LeBlanc are responsible for making sure those impacted have their voting rights restored. They hadn’t met face-to-face to talk about the issue until last Friday (Feb. 8), but each said they are mostly on the same page about how to implement the new law, which the Louisiana Legislature approved last year. “We are going to implement it and we are going to be ready,” Ardoin said in an interview Tuesday.Full Article: Louisiana will be ready for felon voting rights change, officials say | nola.com.
The American Civil Liberties Union has sued the state on behalf of two college students who claim a new law that requires a New Hampshire driver’s license to vote violates their constitutional rights and represents a 21st-century “poll tax.” Caroline Casey is originally from Louisiana and Maggie Flaherty is from California. Both women are sophomores at Dartmouth College who voted in the 2018 primaries and general elections in New Hampshire but maintain driver’s licenses from their home states, according to the lawsuit. Under HB 1264, which was signed into law last year but doesn’t take effect until July, anyone who votes in New Hampshire must obtain an in-state driver’s license and vehicle registration within 60 days of casting their ballot.Full Article: ACLU sues to block NH voter fraud law deriding it as a 'poll tax' | Courts | unionleader.com.
North Carolina: Elections officials will give U.S. attorney vastly fewer records than he sought in voter probe | The Washington Post
Six months after a grand jury demanded millions of North Carolina voting records, state officials have announced they will release fewer than 800 voter files — a potentially significant setback for a Trump-appointed U.S. attorney who has targeted noncitizen voting as one of his top priorities. The state Board of Elections last week instructed 44 county election offices that received wide-ranging subpoenas for millions of voting records in August to hand over the files for only 289 voters. The state will turn over registration records for an additional 500 voters. It is unclear whether the vastly reduced volume of records is the result of a court order or an agreement between the board and U.S. Attorney Robert J. Higdon Jr., who sought the records in August, shortly after he announced the arrest of 19 noncitizens on charges that they had illegally voted in the 2016 presidential election.Full Article: North Carolina elections officials will give U.S. attorney vastly fewer records than he sought in voter probe - The Washington Post.
South Carolina: Gov. McMaster removes elections board in Richland County that missed 1,040 votes | Post and Courier
Gov. Henry McMaster stepped in Thursday and punted all four members of the Richland County Elections Board after 1,040 votes were not counted in the fall, the county’s fourth major elections blunder in eight years. State law says the governor can remove county elections board members for “incapacity, misconduct or neglect of duty.” “South Carolinians’ confidence in the lawful and professional oversight of elections must never be jeopardized,” McMaster said after issuing an executive order. “The repeated actions and behavior of these officials are wholly unacceptable and cannot be tolerated,” his message continued. “To regain and maintain Richland County voters’ confidence at the ballot box, the entire board must be replaced with new leadership.”Full Article: Gov. McMaster removes elections board in SC's capital county that missed 1,040 votes | Palmetto Politics | postandcourier.com.
Tennessee: Republicans, ACLU join forces to help more felons regain right to vote | Nashville Tennessean
Two Republican lawmakers, with the backing of the American Civil Liberties Union, are setting out to make it simpler for people with felony convictions to regain their right to vote, a process more arduous in Tennessee than in most states. Tennessee’s rights restoration laws are among the strictest in the country. It is one of 12 states that requires individuals with felony convictions to complete multiple steps beyond serving their sentence in order to have their voting rights restored, and is the only state requiring the payment of outstanding child support obligations in order to do so.Full Article: Tennessee Republican bill promotes voting rights for felons.
Texas: Secretary of state apologizes for how he rolled out voter citizenship review. But he still supports the effort. | The Texas Tribune
Facing an uncertain path to confirmation after ordering a deeply flawed voter citizenship review that seemingly focused on naturalized citizens, Texas Secretary of State David Whitley is apologizing to state lawmakers for the way his office bungled its rollout of the review — but he is still holding firm behind the overall effort. In a letter sent to state lawmakers late Wednesday, Whitley largely defended the review efforts as a legally sound exercise, and he did not admit that his office had erred when it mistakenly threw into question the eligibility of tens of thousands of U.S. citizens or when it sent counties lists of voters it knew very likely included naturalized citizens. Instead, Whitley vaguely admitted there were some shortcomings to the data his office used to flag almost 100,000 registered voters for citizenship reviews and noted his office should have devoted more time to “additional communication” with local and state officials to “further eliminate anyone from our original list who is, in fact, eligible to vote.”Full Article: David Whitley delivered Texas lawmakers an apology over citizenship review | The Texas Tribune.