One of American elections’ biggest vulnerabilities can be found in one of the most obvious places: the voting machines themselves. The country’s voting infrastructure may not have been tampered with this time around, but experts say outdated systems and an overreliance on hackable electronics mean that if someone wanted to attack the next election, they might well get away with it. Even absent an interference attempt (or at least one that officials are aware of), the problems with voting machines during last week’s midterms were manifest and manifold. In Texas and several other states, technological flaws led to some votes reportedly getting flipped from one candidate to another. In North Carolina, some systems did not work because of the humidity. New York also experienced large-scale breakdowns.Full Article: Our voting machines are aging fast. Congress should improve them. - The Washington Post.
Editorials: Voting Machines: What Could Possibly Go Wrong? | Jennifer Cohn/NYR Daily | The New York Review of Books
Since the 2016 election, there has been a good deal of commentary and reporting about the threats to American democracy from, on the one hand, Russian interference by Facebook and Twitterbot-distributed propaganda, and on the other, voter ID laws and other partisan voter suppression measures such as electoral roll purges. Both of these concerns are real and urgent, but there is a third, yet more sinister threat to the integrity of the November 6 elections: the vulnerability of the voting machines themselves. This potential weakness is critical because the entire system of our democracy depends on public trust—the belief that, however divided the country is and fiercely contested elections are, the result has integrity. Nothing is more insidious and corrosive than the idea that the tally of votes itself could be unreliable and exposed to fraud.Full Article: Voting Machines: What Could Possibly Go Wrong? | by Jennifer Cohn | NYR Daily | The New York Review of Books.
Common Cause Delaware has been waiting months to learn more about the vendors vying to provide the state with new voting machines and it was told Wednesday that wait will continue. Office of Management and Budget Director Mike Jackson said last month the bid data would be released by now. But an OMB spokesman says they are still reviewing and redacting documents and hope to release the info by the end of the month. This comes just as U.S House Democrats release a report saying Delaware has one of the five most insecure voting systems in the country. The other states are Georgia, Louisiana, New Jersey and South Carolina.Full Article: State misses target for releasing voting machine bid info | Delaware First Media.
Los Angeles County officials voted Tuesday to spend roughly $300 million on a major redesign of its voting system in anticipation of the 2020 presidential election, even as an independent consultant investigates a glitch in the existing process that led to nearly 120,000 voters being left off polling place rosters last week. The new system, which has an electronic interface at the polling place but generates a paper ballot for record keeping, is part of a broader update that includes allowing voters to cast a ballot over an 11-day period prior to and including Election Day. The county will also do away with assigning traditional polling places and instead allow voters to drop in at any vote center convenient to them.Full Article: LA County Invests $300 Million in New Voting System - MyNewsLA.com.
Pennsylvania: New University of Pittsburgh commission to focus on 2020 election security | Pittsburgh Tribune
A newly formed commission convened to study Pennsylvania’s election cybersecurity aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” Hickton said there is a sense of urgency in the commission’s work. He said he hopes the commission will wrap up later this year and present its recommendations to policymakers in time to have changes in place for 2020.Full Article: New University of Pittsburgh commission to focus on 2020 election security | TribLIVE.
National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop
Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.Full Article: Security researchers and industry reps clash over voting machine security testing.
During the 2016 presidential election, Russian hackers targeted election systems in Pennsylvania and 20 other states, according to U.S. intelligence officials. Those officials fear that, during the 2018 midterms, hackers may target state voter registration databases, county websites and official social media accounts to spread misinformation and sow doubt in the U.S. election system. In February, Pennsylvania Gov. Tom Wolf, a Democrat, directed all counties that are planning to update aging election equipment to buy machines that create a paper trail. However, the directive from Wolf, aimed at machines used by 83 percent of the state’s voters, did not come with funding attached, placing the financial burden on federal or local budgets.Full Article: Trump-Approved Budget Short on Election Security, Counties Say.
States will receive at least $3 million each to protect their voting systems against Russian cyber attacks under a provision added to a sweeping government spending deal that Congress has reached. The $1.3 trillion spending deal includes a total of $380 million for election security grants. The House passed the bill Thursday and sent it to the Senate for approval. States have been scrambling to improve their cyber security after Homeland Security officials revealed last year that Russian hackers tried to breach election systems in at least 21 states in 2016. Although no actual votes were changed, hackers broke into Illinois’ voter registration database.Full Article: States to get at least $3 million each for election security in spending deal.
As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law. One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy. In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information. In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.Full Article: Barcodes Stir Anxiety As Georgia Eyes New Voting System | 90.1 FM WABE.
Texas: Experts Say Electronic Voting Machines Aren’t Secure. So Travis County Is Designing Its Own. | KUT
Travis County Clerk Dana DeBeauvoir has spent more than a decade working with researchers and computer security experts to design a voting machine that’s more secure and reliable. This massive undertaking resulted in the Secure, Transparent, Auditable, and Reliable Voting System, or STAR-Vote. But getting manufacturers to build it has been a challenge. … When Houston first floated the idea of switching to DREs in 2001, it caught Dan Wallach’s attention. He urged city leaders not to ditch paper ballots. “My message then was: These are just computers,” says Wallach, a professor in the department of computer science at Rice University, “and computers are hackable.”Full Article: Experts Say Electronic Voting Machines Aren't Secure. So Travis County Is Designing Its Own. | KUT.
Editorials: Replace Pennsylvania voting machines right now | Marian Schneider and Wilfred Codrington/Pittsburgh Post-Gazette
Pennsylvania’s Acting Secretary of State Robert Torres last month directed that, going forward, all voting machines purchased in the state must employ “a voter-verifiable paper ballot or paper record of votes cast.” This was great news. It will help ensure the accuracy of vote-counting in Pennsylvania and give voters more confidence in election results. It was long overdue. The two key words in the directive are “verifiable” and “paper,” neither of which apply to how the vast majority of Pennsylvanians have been voting since 2006. Currently, 83 percent of Pennsylvania voters use direct-recording electronic systems, or DREs — voting machines that produce no paper ballot for voters to verify before leaving their polling places and that therefore leave no paper trail to follow if election results are contested. DREs are computer systems. Have you ever had your computer crash? Have you ever heard of computer systems being hacked?Full Article: Replace Pennsylvania voting machines right now | Pittsburgh Post-Gazette.
Most people would not expect a 13-year-old computer to function properly, yet Illinois has allowed its voting technology to become just as obsolete, said Sarah Brune, executive director of the Illinois Campaign for Political Reform. The nonprofit political advocacy group is working with Illinois officials to raise awareness of the state’s aging voting equipment and the need for new voting machines. Some voting jurisdictions are still using floppy disks, and election administrators have to search the internet for replacement parts, according to Brune. The last time Chicago purchased voting equipment was in 2005, said Jim Allen, spokesman for the Chicago Board of Elections. While the current system has not had security issues, new equipment would improve election transparency and auditing processes. Suburban Cook County is in need of an update too, he added.Full Article: Aging equipment could threaten future Illinois elections | Metro | columbiachronicle.com.
Despite some lawmakers leaving early, 59 representatives happened to still be in the House on Friday afternoon when Rep. Nancy York stood to talk. She explained what’s behind changes sought for parts of South Dakota’s election laws. York, R-Watertown, said election officials in different states are backing away from direct electronic recording of votes. South Dakota law allows it but it hasn’t been used. Security of a person’s ballot is the main reason. HB 1013 would repeal references to direct electronic recording from state law, she said.
Six U.S. senators have filed a bipartisan bill that would provide grants to states to help them move from paperless voting machines to paper ballots in an effort to make voting systems less vulnerable to hackers. In September, the U.S. Department of Homeland Security notified election officials in nearly two dozen states that their voter registration systems had been targeted by Russian hackers during the 2016 presidential election. While the hackers failed to breach most of the systems, in Illinois, they succeeded in accessing the voter database, and nearly 90,000 records were compromised. And in Arizona, hackers stole an election employee’s username and password, but the system wasn’t compromised, according to the Arizona secretary of state.Full Article: Bipartisan Senate Bill Would Help States Beef Up Election Cybersecurity.
Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table. U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”Full Article: Hackers to Help Make Voting Machines Safe Again - CPO Magazine.
National: Hacking the vote: Threats keep changing, but election IT sadly stays the same | Ars Technica
The outcome of the 2016 presidential election is history. But allegations of voter fraud, election interference by foreign governments, and intrusions into state electoral agencies’ systems have since cast a pall over the system that determines who makes the laws and enforces them in the United States. Such problems will not disappear no matter what comes out of a presidential commission or a Congressional hearing. “Amazon will not go out of business because one percent of its transactions are fraudulent,” said David Jefferson, a visiting computer scientist at Lawrence Livermore National Laboratory and chairman of the Verified Voting Foundation, a non-governmental organization working toward accuracy, integrity, and verifiability of elections. “That’s not the case for elections.” Jefferson’s words came during his talk at the latest edition of DEFCON, the annual infosec event. Election hacks naturally became something of an overarching theme within the Caesar’s Palace convention center this summer. In fact, there was an entire room dedicated solely to testing the reliability of US electronic voting systems. Called “Voting Village,” the space was filled with more than 25 pieces of electoral hardware—voting machines and other electronic election-management equipment—in various stages of deconstruction. Any curious conference attendee, no matter where they fell within the conference’s wide technical skill spectrum, could contribute to the onslaught of software and hardware hacks targeting the machines in this de facto lab.Full Article: Hacking the vote: Threats keep changing, but election IT sadly stays the same | Ars Technica.
With Election Day rapidly approaching, poll workers in roughly a dozen localities all over the Commonwealth, including bigger cities like Norfolk and small ones like Hopewell, frantically train on brand new voting machines. On September 8, the Virginia Board of Elections voted to immediately de-certify all paper-less voting machines in the state. Those were the machines that allowed voters to vote by touching the screen. “We’ve had concerns in Virginia about the paper-less equipment for a while, and we’ve been kind of on a path to replacing them state-wide,” Edgardo Cortes, the state Commissioner of Elections, said.Full Article: Localities scramble to get paper ballot voting machines in time for Election Day | WTVR.com.
Boardwalk “claw” machines. Laundry scales. Boiled linseed oil. All three are subject to more state regulation than voting machines in New Jersey. And with Tuesday’s election for governor — one of the first two statewide contests in the U.S. since last year’s presidential race — some voting-rights activists are expressing concern that New Jersey’s vote could be vulnerable. Despite consumer-protection laws that mandate testing of pharmacy scales, gas pumps, amusement park rides and hundreds of other types of equipment — and regulations governing everything from the size of peach baskets to the temperature at which commercial linseed oil must be boiled — the state has comparatively few regulations on voting machines. It does not require machines to leave a verifiable paper trail. Nor does it mandate audits of elections. New Jersey does limit the types of voting machines counties can choose from, but leaves it to counties to test the machines.Full Article: N.J. voting machines get less scrutiny than laundry scales, amusements.
Connecticut: UConn’s Center for Voting Technology Research supports fair and free elections | The Daily Campus
The University of Connecticut’s Center for Voting Technology Research (VoTeR Center) is working to keep state elections fair and fraud free, a topic recently brought to light by Secretary of State Denise Merrill in a statement released Friday. “(On Oct. 26th), along with representatives from the state’s information technology and public safety departments, I met with regional officials from the United States Department of Homeland Security to discuss how we can work together to ensure that Connecticut elections are safe from outside interference or manipulation,” Merrill said. The center aids this mission by advising state agencies in the use of electronic voting equipment and investigating voting solutions, according to its website. “We’ve been in existence since 2006 and we’ve been working with the Secretary of the State’s Office since then,” said Dr. Alexander Schwarzmann, professor and head of the UConn computer science and engineering department. “Our work was motivated by the nationwide change in the way that elections are conducted with the help of technology.”Full Article: UConn’s Center for Voting Technology Research supports fair and free elections — The Daily Campus.
Georgia: Former Gov. Roy Barnes’ firm to represent Georgia in lawsuit | Atlanta Journal Constitution
Former Gov. Roy Barnes’ law firm will represent Georgia Secretary of State Brian Kemp in a lawsuit that a national election transparency advocacy group filed to force the state to overhaul its election system. The Department of Administrative Services has replaced Attorney General Christopher Carr with Barnes Law Group to represent Kemp, the state Election Board and others named in the case, Kemp spokeswoman Candice Broce said. The Charlotte-based Coalition for Good Governance, led by Executive Director Marilyn Marks, has said that reported security lapses show the state’s system is “vulnerable and unreliable” and should not have been used for the 6th Congressional District runoff race in June — nor should it be used in next week’s election. Kennesaw State University runs the Center for Elections Systems and is also a defendant in the lawsuit. … KSU said the server that had been examined by the FBI was wiped so it could be repurposed, and that the FBI had a copy of the data that were on the server.Full Article: Former Gov. Roy Barnes' firm to represent Georgia in lawsuit.