More states now have paper trails to verify votes were correctly counted | Joseph Marks/The Washington Post

When all the votes are counted this year, Americans should have far more confidence their votes were tallied correctly than in 2016. After that contest was upended by Russian interference, states vastly increased the number of votes that are cast with paper records that can be audited later. More than 90 percent of votes will have a paper record this year compared with about 80 percent in 2016. States have also significantly improved how often and how scrupulously they perform post-election audits. The changes have been especially significant in some of the states still counting ballots and where the Trump campaign has already launched legal challenges. Georgia and Pennsylvania have both shifted from having paper records for few or none of their voters in 2016  to having paper records for all votes cast in their states — a protection security experts say is a bare minimum to ensure votes weren’t altered by hackers or miscounted because of a technology failure. Michigan, Pennsylvania, Georgia and Nevada also probably are performing more rigorous audits of their results this year, though officials haven’t finalized plans in all cases. Edison Research has projected that Biden will win Michigan and Wisconsin. Trump is leading in Pennsylvania, Georgia and North Carolina and Biden is leading in Nevada and Arizona, with many votes still to be counted. … “The country is making distinct progress toward an election system in which every voter is able to verify that their ballot is marked correctly and election officials are able to verify that ballots are counted correctly,” Mark Lindeman, interim co-director of Verified Voting, told me. He added that “2020 is by no means the promised land, but we’re certainly much closer.”

Full Article: The Cybersecurity 202: More states now have paper trails to verify votes were correctly counted – The Washington Post

National: Despite Risks, Some States Still Use Paperless Voting Machines | Lucas Ropek/Government Technology

For years, paperless voting machines have been characterized as an election security hazard. Without an auditable paper trail, security experts say vote tabulation runs the risk of producing results inconsistent with the voters’ choices, either because of hacking or technical errors. While most states have seen adoption of hybrid digital-paper solutions that include a voter verifiable paper audit trail (VVPAT), not all of them have.Today, counties in Texas, Tennessee, Louisiana, Mississippi, Indiana, Kansas, Kentucky, and New Jersey are still exclusively using paperless machines, also called direct recording electronic systems (DREs).Derek Tisler, election security analyst with the Brennan Center, said the number of states using DREs has nearly halved since the last election, but there are a smattering of states that, for reasons mostly financial, still have not switched.”In 2016, there were 14 states that used paperless machines as the primary polling place equipment in at least some of their counties and towns. They represented about 1 in 5 votes that were cast in the 2016 election,” said Tisler. “Since then, six of those states have fully transitioned to some sort of paper-based voting equipment.”

Full Article: Despite Risks, Some States Still Use Paperless Voting Machines

Editorials: Our voting machines are aging fast. Congress should improve them. | The Washington Post

One of American elections’ biggest vulnerabilities can be found in one of the most obvious places: the voting machines themselves. The country’s voting infrastructure may not have been tampered with this time around, but experts say outdated systems and an overreliance on hackable electronics mean that if someone wanted to attack the next election, they might well get away with it. Even absent an interference attempt (or at least one that officials are aware of), the problems with voting machines during last week’s midterms were manifest and manifold. In Texas and several other states, technological flaws led to some votes reportedly getting flipped from one candidate to another. In North Carolina, some systems did not work because of the humidity. New York also experienced large-scale breakdowns.

Editorials: Voting Machines: What Could Possibly Go Wrong? | Jennifer Cohn/NYR Daily | The New York Review of Books

Since the 2016 election, there has been a good deal of commentary and reporting about the threats to American democracy from, on the one hand, Russian interference by Facebook and Twitterbot-distributed propaganda, and on the other, voter ID laws and other partisan voter suppression measures such as electoral roll purges. Both of these concerns are real and urgent, but there is a third, yet more sinister threat to the integrity of the November 6 elections: the vulnerability of the voting machines themselves. This potential weakness is critical because the entire system of our democracy depends on public trust—the belief that, however divided the country is and fiercely contested elections are, the result has integrity. Nothing is more insidious and corrosive than the idea that the tally of votes itself could be unreliable and exposed to fraud. 

Delaware: State misses target for releasing voting machine bid info | Delaware First Media

Common Cause Delaware has been waiting months to learn more about the vendors vying to provide the state with new voting machines and it was told Wednesday that wait will continue. Office of Management and Budget Director Mike Jackson said last month the bid data would be released by now. But an OMB spokesman says they are still reviewing and redacting documents and hope to release the info by the end of the month. This comes just as U.S House Democrats release a report saying Delaware has one of the five most insecure voting systems in the country. The other states are Georgia, Louisiana, New Jersey and South Carolina.

California: Los Angeles County Invests $300 Million in New Voting System | MyNewsLA

Los Angeles County officials voted Tuesday to spend roughly $300 million on a major redesign of its voting system in anticipation of the 2020 presidential election, even as an independent consultant investigates a glitch in the existing process that led to nearly 120,000 voters being left off polling place rosters last week. The new system, which has an electronic interface at the polling place but generates a paper ballot for record keeping, is part of a broader update that includes allowing voters to cast a ballot over an 11-day period prior to and including Election Day. The county will also do away with assigning traditional polling places and instead allow voters to drop in at any vote center convenient to them.

Pennsylvania: New University of Pittsburgh commission to focus on 2020 election security | Pittsburgh Tribune

A newly formed commission convened to study Pennsylvania’s election cyber­security aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” Hickton said there is a sense of urgency in the commission’s work. He said he hopes the commission will wrap up later this year and present its recommendations to policymakers in time to have changes in place for 2020.

National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop

Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.

National: Trump-Approved Budget Short on Election Security, Counties Say | Stateline

During the 2016 presidential election, Russian hackers targeted election systems in Pennsylvania and 20 other states, according to U.S. intelligence officials. Those officials fear that, during the 2018 midterms, hackers may target state voter registration databases, county websites and official social media accounts to spread misinformation and sow doubt in the U.S. election system. In February, Pennsylvania Gov. Tom Wolf, a Democrat, directed all counties that are planning to update aging election equipment to buy machines that create a paper trail. However, the directive from Wolf, aimed at machines used by 83 percent of the state’s voters, did not come with funding attached, placing the financial burden on federal or local budgets.

National: States to get at least $3 million each for election security in spending deal | USA Today

States will receive at least $3 million each to protect their voting systems against Russian cyber attacks under a provision added to a sweeping government spending deal that Congress has reached. The $1.3 trillion spending deal includes a total of $380 million for election security grants. The House passed the bill Thursday and sent it to the Senate for approval. States have been scrambling to improve their cyber security after Homeland Security officials revealed last year that Russian hackers tried to breach election systems in at least 21 states in 2016. Although no actual votes were changed, hackers broke into Illinois’ voter registration database.

Georgia: Barcodes Stir Anxiety As Georgia Eyes New Voting System | WABE

As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law. One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy. In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information. In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.

Texas: Experts Say Electronic Voting Machines Aren’t Secure. So Travis County Is Designing Its Own. | KUT

Travis County Clerk Dana DeBeauvoir has spent more than a decade working with researchers and computer security experts to design a voting machine that’s more secure and reliable. This massive undertaking resulted in the Secure, Transparent, Auditable, and Reliable Voting System, or STAR-Vote. But getting manufacturers to build it has been a challenge. … When Houston first floated the idea of switching to DREs in 2001, it caught Dan Wallach’s attention. He urged city leaders not to ditch paper ballots. “My message then was: These are just computers,” says Wallach, a professor in the department of computer science at Rice University, “and computers are hackable.”

Editorials: Replace Pennsylvania voting machines right now | Marian Schneider and Wilfred Codrington/Pittsburgh Post-Gazette

Pennsylvania’s Acting Secretary of State Robert Torres last month directed that, going forward, all voting machines purchased in the state must employ “a voter-verifiable paper ballot or paper record of votes cast.” This was great news. It will help ensure the accuracy of vote-counting in Pennsylvania and give voters more confidence in election results. It was long overdue. The two key words in the directive are “verifiable” and “paper,” neither of which apply to how the vast majority of Pennsylvanians have been voting since 2006. Currently, 83 percent of Pennsylvania voters use direct-recording electronic systems, or DREs — voting machines that produce no paper ballot for voters to verify before leaving their polling places and that therefore leave no paper trail to follow if election results are contested. DREs are computer systems. Have you ever had your computer crash? Have you ever heard of computer systems being hacked?

Illinois: Aging equipment could threaten future Illinois elections | Columbia Chronicle

Most people would not expect a 13-year-old computer to function properly, yet Illinois has allowed its voting technology to become just as obsolete, said Sarah Brune, executive director of the Illinois Campaign for Political Reform. The nonprofit political advocacy group is working with Illinois officials to raise awareness of the state’s aging voting equipment and the need for new voting machines. Some voting jurisdictions are still using floppy disks, and election administrators have to search the internet for replacement parts, according to Brune. The last time Chicago purchased voting equipment was in 2005, said Jim Allen, spokesman for the Chicago Board of Elections. While the current system has not had security issues, new equipment would improve election transparency and auditing processes. Suburban Cook County is in need of an update too, he added. 

South Dakota: House approves repealing direct electronic recording | The Daily Republic

Despite some lawmakers leaving early, 59 representatives happened to still be in the House on Friday afternoon when Rep. Nancy York stood to talk. She explained what’s behind changes sought for parts of South Dakota’s election laws. York, R-Watertown, said election officials in different states are backing away from direct electronic recording of votes. South Dakota law allows it but it hasn’t been used. Security of a person’s ballot is the main reason. HB 1013 would repeal references to direct electronic recording from state law, she said.

National: Bipartisan Senate Bill Would Help States Beef Up Election Cybersecurity | Stateline

Six U.S. senators have filed a bipartisan bill that would provide grants to states to help them move from paperless voting machines to paper ballots in an effort to make voting systems less vulnerable to hackers. In September, the U.S. Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election. While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.

National: Hackers to Help Make Voting Machines Safe Again | CPO Magazine

Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table. U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”

National: Hacking the vote: Threats keep changing, but election IT sadly stays the same | Ars Technica

The outcome of the 2016 presidential election is history. But allegations of voter fraud, election interference by foreign governments, and intrusions into state electoral agencies’ systems have since cast a pall over the system that determines who makes the laws and enforces them in the United States. Such problems will not disappear no matter what comes out of a presidential commission or a Congressional hearing. “Amazon will not go out of business because one percent of its transactions are fraudulent,” said David Jefferson, a visiting computer scientist at Lawrence Livermore National Laboratory and chairman of the Verified Voting Foundation, a non-governmental organization working toward accuracy, integrity, and verifiability of elections. “That’s not the case for elections.” Jefferson’s words came during his talk at the latest edition of DEFCON, the annual infosec event. Election hacks naturally became something of an overarching theme within the Caesar’s Palace convention center this summer. In fact, there was an entire room dedicated solely to testing the reliability of US electronic voting systems. Called “Voting Village,” the space was filled with more than 25 pieces of electoral hardware—voting machines and other electronic election-management equipment—in various stages of deconstruction. Any curious conference attendee, no matter where they fell within the conference’s wide technical skill spectrum, could contribute to the onslaught of software and hardware hacks targeting the machines in this de facto lab.

Virginia: Localities scramble to get paper ballot voting machines in time for Election Day | WTVR

With Election Day rapidly approaching, poll workers in roughly a dozen localities all over the Commonwealth, including bigger cities like Norfolk and small ones like Hopewell, frantically train on brand new voting machines. On September 8, the Virginia Board of Elections voted to immediately de-certify all paper-less voting machines in the state. Those were the machines that allowed voters to vote by touching the screen. “We’ve had concerns in Virginia about the paper-less equipment for a while, and we’ve been kind of on a path to replacing them state-wide,” Edgardo Cortes, the state Commissioner of Elections, said.

New Jersey: State’s voting machines get less scrutiny than laundry scales, amusements | The Record

Boardwalk “claw” machines. Laundry scales. Boiled linseed oil. All three are subject to more state regulation than voting machines in New Jersey. And with Tuesday’s election for governor — one of the first two statewide contests in the U.S. since last year’s presidential race — some voting-rights activists are expressing concern that New Jersey’s vote could be vulnerable. Despite consumer-protection laws that mandate testing of pharmacy scales, gas pumps, amusement park rides and hundreds of other types of equipment — and regulations governing everything from the size of peach baskets to the temperature at which commercial linseed oil must be boiled — the state has comparatively few regulations on voting machines. It does not require machines to leave a verifiable paper trail. Nor does it mandate audits of elections. New Jersey does limit the types of voting machines counties can choose from, but leaves it to counties to test the machines.

Connecticut: UConn’s Center for Voting Technology Research supports fair and free elections | The Daily Campus

The University of Connecticut’s Center for Voting Technology Research (VoTeR Center) is working to keep state elections fair and fraud free, a topic recently brought to light by Secretary of State Denise Merrill in a statement released Friday. “(On Oct. 26th), along with representatives from the state’s information technology and public safety departments, I met with regional officials from the United States Department of Homeland Security to discuss how we can work together to ensure that Connecticut elections are safe from outside interference or manipulation,” Merrill said. The center aids this mission by advising state agencies in the use of electronic voting equipment and investigating voting solutions, according to its website. “We’ve been in existence since 2006 and we’ve been working with the Secretary of the State’s Office since then,” said Dr. Alexander Schwarzmann, professor and head of the UConn computer science and engineering department. “Our work was motivated by the nationwide change in the way that elections are conducted with the help of technology.”

Georgia: Former Gov. Roy Barnes’ firm to represent Georgia in lawsuit | Atlanta Journal Constitution

Former Gov. Roy Barnes’ law firm will represent Georgia Secretary of State Brian Kemp in a lawsuit that a national election transparency advocacy group filed to force the state to overhaul its election system. The Department of Administrative Services has replaced Attorney General Christopher Carr with Barnes Law Group to represent Kemp, the state Election Board and others named in the case, Kemp spokeswoman Candice Broce said. The Charlotte-based Coalition for Good Governance, led by Executive Director Marilyn Marks, has said that reported security lapses show the state’s system is “vulnerable and unreliable” and should not have been used for the 6th Congressional District runoff race in June — nor should it be used in next week’s election. Kennesaw State University runs the Center for Elections Systems and is also a defendant in the lawsuit. …  KSU said the server that had been examined by the FBI was wiped so it could be repurposed, and that the FBI had a copy of the data that were on the server.

Ohio: Jon Husted: Replacing voting machines will be costly | Dayton Daily News

Ohio Secretary of State Jon Husted said he’s hoping the federal government comes forward with money to update Ohio’s voting machines but admits, “I don’t hold my breath in thinking that they are going to.” Husted said the Ohio legislature is looking at ways to share costs to update voting machines that date to the mid-2000s. A split of 80 percent cost for the state and 20 percent for the local governments is being considered for replacement of machines that the Ohio Association of Elections Officials has said could cost an estimated $200 million. Ohio and other states replaced their old punch card voting systems with electronic touch screen and optical scan machines in the wake of the “hanging chad” debacle in Florida during the deadlocked 2000 presidential election and additional problems in 2004, including long lines in Ohio. The federal Help America Vote Act in 2002 for the first time provided funding to help states buy voting equipment.

Texas: What Happened When One Texas County Tried To Build A Cheap, Open-Source Election System | Texas Public Radio

Travis County, home to Austin, has been working to build a better voting system – one that satisfies the need to maintain security and accessibility for voters. Travis County Clerk Dana DeBeauvoir, the chief election official, has been a part of developing the system, called STAR Vote, which would have replaced the current Hart InterCivic eSlate system that has been in use since 2001. That system cost roughly $7 million, and has seen several security augmentations over the years. DeBeauvoir was making considerable progress on STAR Vote until a few weeks ago, when it looked like the plan was starting to lose steam. The Austin Monitor headline read “STAR Vote collapses.” DeBeauvoir had worked with academics to develop the new system, but when it came time to seek bids to build it, DeBeauvoir says she didn’t receive any Requests for Proposal that filled the bill.

National: DEFCON hopes voting machine hacking can secure systems | TechTarget

A new report pushes recommendations based on the research done into voting machine hacking at DEFCON 25, including basic cybersecurity guidelines, collaboration with local officials and an offer of free voting machine penetration testing. It took less than an hour for hackers to break into the first voting machine at the DEFCON conference in July. This week, DEFCON organizers released a new report that details the results from the Voting Village and the steps needed to ensure election security in the future. Douglas Lute, former U.S. ambassador to NATO and retired U.S. Army lieutenant general, wrote in the report that “last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years – potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the security of our voting process — the fundamental link between the American people and our government — could be much more damaging,” Lute wrote. “In short, this is a serious national security issue that strikes at the core of our democracy.”

National: Voting Machines: A National Security Vulnerability? | Atlantic Council

The political instability that has resulted from Russian meddling in the 2016 US presidential elections has put the focus on voting machines as a national security vulnerability, Douglas Lute, a former US permanent representative to NATO, said at the Atlantic Council on October 10. “I don’t think I’ve seen a more severe threat to American national security than the election hacking experience of 2016,” said Lute. There is a “fundamental democratic connection between the individual voter and the democratic outcome” of an election, he said, adding: “If you can undermine that, you don’t need to attack America with planes and ships. You can attack democracy from the inside.” … Lute delivered a keynote address at the Atlantic Council to call for a sense of urgency among policymakers and all stakeholders able to play a role in the solution to insecure voting machines. He also highlighted the findings presented in the DEF CON Report on Cyber Vulnerabilities in US Election Equipment, Databases, and Infrastructure, launched at the Council, which help to shed light on the technological dimensions of this national security threat. Ultimately, as Lute writes in the foreword, “this report makes one key point: our voting systems are not secure.”

National: Report details election vulnerabilities uncovered at DEFCON | GCN

When attendees at the July DEFCON conference breached every poll book and voting machine that event organizers had in the Voting Machine Hacking Village, elections officials took notice. A new report from DEFCON, the National Governors Association, the Atlantic Council, the Center for Internet Security and a number of universities and top technology vendors provides a more detailed look at just how vulnerable the entire U.S. election system – equipment, databases and infrastructure —  is to hacking and urges policymakers to shore up security gaps. Vulnerabilities start with an insecure supply chain. Many parts used in voting machines are manufactured overseas, and the report authors suggested that bad actors could compromise the equipment “well before that voting machine rolls off the production line.” Voting Village participants found voting machines with universal default passwords and ones that broadcast their own Wi-Fi access point, which would allow hackers to connect. Once hackers gained access, they could escalate their privileges so they could run code, change votes in the database or turn the machine off remotely. Additionally, unprotected, uncovered USB ports provided easy inputs for thumb drives or keyboards.

National: It Isn’t Even That Difficult To Hack Voting Equipment | HuffPost

You don’t even have to know much about voting machines to hack some of the systems that are still in use across the country. A new report published on Tuesday outlines how amateur hackers were able to “effectively breach” voting equipment, in some cases in a matter of minutes or hours, over just four days in July at DEFCON, an annual hacker conference. The report underscores the vulnerability of U.S. election systems. It also highlights the need for states to improve their security protocols after the Department of Homeland Security said Russian hackers attempted to target them during the 2016 election. “The DEFCON Voting Village showed that technical minds with little or no previous knowledge about voting machines, without even being provided proper documentation or tools, can still learn how to hack the machines within tens of minutes or a few hours,” the report says.

California: Big changes coming to Los Angeles County Elections | Santa Monica Daily Press

If Los Angeles County voters spark a revolution when they cast their ballots for President in 2020, it may not stem from the choices they select but rather the way they did it. The digital age is coming to the ballot box here with a new, publically owned system that the County Clerk plans to begin rolling out next summer. The first major makeover to the region’s voting system since 1968 was a long time coming. “We said ‘why don’t we look at this from a holistic standpoint and from the eyes of a voter?’” County Clerk Dean Logan told the Santa Monica City Council during a presentation of the new system. The County partnered with designers at Palo Alto based IDEO to give southern California elections the Silicon Valley treatment. The design firm was behind the first Apple mouse, the first wearable breast pump (still in beta) and revamped public school cafeterias in San Francisco. The result: new voting booths that integrate smartphones, touchscreens, QR codes and old-fashioned paper. Eight years after the over hall began in 2010, many of the changes to hit L.A. County’s five million voters are procedural, not digital.

National: Voting machine concerns have states eyeing return to paper ballots | Fox News

When voters in Virginia head to the polls this November, they’ll be casting their ballots the old-fashioned way. The state’s Board of Elections decided earlier this month to de-certify the widely used Direct-Recording Electronic (DRE) voting machines ahead of the gubernatorial election – prompting counties and cities to replace their touchscreen machines with those that produce a paper trail. Virginia is not alone. Several states are now considering a return to old-fashioned paper ballots or a reinforced paper trail so results can be verified, amid concerns over hacking attempts in last year’s presidential race as well as longstanding cybersecurity worries about touchscreen machines. “Our No. 1 priority is to make sure that Virginia elections are carried out in a secure and fair manner,” James Alcorn, chairman of the State Board of Elections, said in a statement, calling the move “necessary to ensure the integrity of Virginia’s elections.”