Los Angeles County officials voted Tuesday to spend roughly $300 million on a major redesign of its voting system in anticipation of the 2020 presidential election, even as an independent consultant investigates a glitch in the existing process that led to nearly 120,000 voters being left off polling place rosters last week. The new system, which has an electronic interface at the polling place but generates a paper ballot for record keeping, is part of a broader update that includes allowing voters to cast a ballot over an 11-day period prior to and including Election Day. The county will also do away with assigning traditional polling places and instead allow voters to drop in at any vote center convenient to them.
Pennsylvania: New University of Pittsburgh commission to focus on 2020 election security | Pittsburgh Tribune
A newly formed commission convened to study Pennsylvania’s election cybersecurity aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” Hickton said there is a sense of urgency in the commission’s work. He said he hopes the commission will wrap up later this year and present its recommendations to policymakers in time to have changes in place for 2020.
National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop
Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.
During the 2016 presidential election, Russian hackers targeted election systems in Pennsylvania and 20 other states, according to U.S. intelligence officials. Those officials fear that, during the 2018 midterms, hackers may target state voter registration databases, county websites and official social media accounts to spread misinformation and sow doubt in the U.S. election system. In February, Pennsylvania Gov. Tom Wolf, a Democrat, directed all counties that are planning to update aging election equipment to buy machines that create a paper trail. However, the directive from Wolf, aimed at machines used by 83 percent of the state’s voters, did not come with funding attached, placing the financial burden on federal or local budgets.
States will receive at least $3 million each to protect their voting systems against Russian cyber attacks under a provision added to a sweeping government spending deal that Congress has reached. The $1.3 trillion spending deal includes a total of $380 million for election security grants. The House passed the bill Thursday and sent it to the Senate for approval. States have been scrambling to improve their cyber security after Homeland Security officials revealed last year that Russian hackers tried to breach election systems in at least 21 states in 2016. Although no actual votes were changed, hackers broke into Illinois’ voter registration database.
As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law. One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy. In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information. In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.
Texas: Experts Say Electronic Voting Machines Aren’t Secure. So Travis County Is Designing Its Own. | KUT
Travis County Clerk Dana DeBeauvoir has spent more than a decade working with researchers and computer security experts to design a voting machine that’s more secure and reliable. This massive undertaking resulted in the Secure, Transparent, Auditable, and Reliable Voting System, or STAR-Vote. But getting manufacturers to build it has been a challenge. … When Houston first floated the idea of switching to DREs in 2001, it caught Dan Wallach’s attention. He urged city leaders not to ditch paper ballots. “My message then was: These are just computers,” says Wallach, a professor in the department of computer science at Rice University, “and computers are hackable.”
Editorials: Replace Pennsylvania voting machines right now | Marian Schneider and Wilfred Codrington/Pittsburgh Post-Gazette
Pennsylvania’s Acting Secretary of State Robert Torres last month directed that, going forward, all voting machines purchased in the state must employ “a voter-verifiable paper ballot or paper record of votes cast.” This was great news. It will help ensure the accuracy of vote-counting in Pennsylvania and give voters more confidence in election results. It was long overdue. The two key words in the directive are “verifiable” and “paper,” neither of which apply to how the vast majority of Pennsylvanians have been voting since 2006. Currently, 83 percent of Pennsylvania voters use direct-recording electronic systems, or DREs — voting machines that produce no paper ballot for voters to verify before leaving their polling places and that therefore leave no paper trail to follow if election results are contested. DREs are computer systems. Have you ever had your computer crash? Have you ever heard of computer systems being hacked?
Most people would not expect a 13-year-old computer to function properly, yet Illinois has allowed its voting technology to become just as obsolete, said Sarah Brune, executive director of the Illinois Campaign for Political Reform. The nonprofit political advocacy group is working with Illinois officials to raise awareness of the state’s aging voting equipment and the need for new voting machines. Some voting jurisdictions are still using floppy disks, and election administrators have to search the internet for replacement parts, according to Brune. The last time Chicago purchased voting equipment was in 2005, said Jim Allen, spokesman for the Chicago Board of Elections. While the current system has not had security issues, new equipment would improve election transparency and auditing processes. Suburban Cook County is in need of an update too, he added.
Despite some lawmakers leaving early, 59 representatives happened to still be in the House on Friday afternoon when Rep. Nancy York stood to talk. She explained what’s behind changes sought for parts of South Dakota’s election laws. York, R-Watertown, said election officials in different states are backing away from direct electronic recording of votes. South Dakota law allows it but it hasn’t been used. Security of a person’s ballot is the main reason. HB 1013 would repeal references to direct electronic recording from state law, she said.