One of American elections’ biggest vulnerabilities can be found in one of the most obvious places: the voting machines themselves. The country’s voting infrastructure may not have been tampered with this time around, but experts say outdated systems and an overreliance on hackable electronics mean that if someone wanted to attack the next election, they might well get away with it. Even absent an interference attempt (or at least one that officials are aware of), the problems with voting machines during last week’s midterms were manifest and manifold. In Texas and several other states, technological flaws led to some votes reportedly getting flipped from one candidate to another. In North Carolina, some systems did not work because of the humidity. New York also experienced large-scale breakdowns.
Editorials: Voting Machines: What Could Possibly Go Wrong? | Jennifer Cohn/NYR Daily | The New York Review of Books
Since the 2016 election, there has been a good deal of commentary and reporting about the threats to American democracy from, on the one hand, Russian interference by Facebook and Twitterbot-distributed propaganda, and on the other, voter ID laws and other partisan voter suppression measures such as electoral roll purges. Both of these concerns are real and urgent, but there is a third, yet more sinister threat to the integrity of the November 6 elections: the vulnerability of the voting machines themselves. This potential weakness is critical because the entire system of our democracy depends on public trust—the belief that, however divided the country is and fiercely contested elections are, the result has integrity. Nothing is more insidious and corrosive than the idea that the tally of votes itself could be unreliable and exposed to fraud.
Common Cause Delaware has been waiting months to learn more about the vendors vying to provide the state with new voting machines and it was told Wednesday that wait will continue. Office of Management and Budget Director Mike Jackson said last month the bid data would be released by now. But an OMB spokesman says they are still reviewing and redacting documents and hope to release the info by the end of the month. This comes just as U.S House Democrats release a report saying Delaware has one of the five most insecure voting systems in the country. The other states are Georgia, Louisiana, New Jersey and South Carolina.
Los Angeles County officials voted Tuesday to spend roughly $300 million on a major redesign of its voting system in anticipation of the 2020 presidential election, even as an independent consultant investigates a glitch in the existing process that led to nearly 120,000 voters being left off polling place rosters last week. The new system, which has an electronic interface at the polling place but generates a paper ballot for record keeping, is part of a broader update that includes allowing voters to cast a ballot over an 11-day period prior to and including Election Day. The county will also do away with assigning traditional polling places and instead allow voters to drop in at any vote center convenient to them.
Pennsylvania: New University of Pittsburgh commission to focus on 2020 election security | Pittsburgh Tribune
A newly formed commission convened to study Pennsylvania’s election cybersecurity aims to reduce vulnerability of the state’s polls in time for the next presidential contest. David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of University of Pittsburgh’s Institute for Cyber Law, Policy and Security, and Grove City College President Paul McNulty will lead the Blue Ribbon Commission on Pennsylvania’s Election Security. “Every part of our government and every part of what we stand for is premised upon free and fair elections and the public’s belief and confidence in our electoral system,” Hickton said. “Our systems are vulnerable.” Hickton said there is a sense of urgency in the commission’s work. He said he hopes the commission will wrap up later this year and present its recommendations to policymakers in time to have changes in place for 2020.
National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop
Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.
During the 2016 presidential election, Russian hackers targeted election systems in Pennsylvania and 20 other states, according to U.S. intelligence officials. Those officials fear that, during the 2018 midterms, hackers may target state voter registration databases, county websites and official social media accounts to spread misinformation and sow doubt in the U.S. election system. In February, Pennsylvania Gov. Tom Wolf, a Democrat, directed all counties that are planning to update aging election equipment to buy machines that create a paper trail. However, the directive from Wolf, aimed at machines used by 83 percent of the state’s voters, did not come with funding attached, placing the financial burden on federal or local budgets.
States will receive at least $3 million each to protect their voting systems against Russian cyber attacks under a provision added to a sweeping government spending deal that Congress has reached. The $1.3 trillion spending deal includes a total of $380 million for election security grants. The House passed the bill Thursday and sent it to the Senate for approval. States have been scrambling to improve their cyber security after Homeland Security officials revealed last year that Russian hackers tried to breach election systems in at least 21 states in 2016. Although no actual votes were changed, hackers broke into Illinois’ voter registration database.
As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law. One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy. In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information. In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.
Texas: Experts Say Electronic Voting Machines Aren’t Secure. So Travis County Is Designing Its Own. | KUT
Travis County Clerk Dana DeBeauvoir has spent more than a decade working with researchers and computer security experts to design a voting machine that’s more secure and reliable. This massive undertaking resulted in the Secure, Transparent, Auditable, and Reliable Voting System, or STAR-Vote. But getting manufacturers to build it has been a challenge. … When Houston first floated the idea of switching to DREs in 2001, it caught Dan Wallach’s attention. He urged city leaders not to ditch paper ballots. “My message then was: These are just computers,” says Wallach, a professor in the department of computer science at Rice University, “and computers are hackable.”