Ohio Secretary of State Jon Husted said he’s hoping the federal government comes forward with money to update Ohio’s voting machines but admits, “I don’t hold my breath in thinking that they are going to.” Husted said the Ohio legislature is looking at ways to share costs to update voting machines that date to the mid-2000s. A split of 80 percent cost for the state and 20 percent for the local governments is being considered for replacement of machines that the Ohio Association of Elections Officials has said could cost an estimated $200 million. Ohio and other states replaced their old punch card voting systems with electronic touch screen and optical scan machines in the wake of the “hanging chad” debacle in Florida during the deadlocked 2000 presidential election and additional problems in 2004, including long lines in Ohio. The federal Help America Vote Act in 2002 for the first time provided funding to help states buy voting equipment.Full Article: Jon Husted: Replacing voting machines will be costly.
Texas: What Happened When One Texas County Tried To Build A Cheap, Open-Source Election System | Texas Public Radio
Travis County, home to Austin, has been working to build a better voting system – one that satisfies the need to maintain security and accessibility for voters. Travis County Clerk Dana DeBeauvoir, the chief election official, has been a part of developing the system, called STAR Vote, which would have replaced the current Hart InterCivic eSlate system that has been in use since 2001. That system cost roughly $7 million, and has seen several security augmentations over the years. DeBeauvoir was making considerable progress on STAR Vote until a few weeks ago, when it looked like the plan was starting to lose steam. The Austin Monitor headline read “STAR Vote collapses.” DeBeauvoir had worked with academics to develop the new system, but when it came time to seek bids to build it, DeBeauvoir says she didn’t receive any Requests for Proposal that filled the bill.Full Article: What Happened When One Texas County Tried To Build A Cheap, Open-Source Election System | Texas Public Radio.
A new report pushes recommendations based on the research done into voting machine hacking at DEFCON 25, including basic cybersecurity guidelines, collaboration with local officials and an offer of free voting machine penetration testing. It took less than an hour for hackers to break into the first voting machine at the DEFCON conference in July. This week, DEFCON organizers released a new report that details the results from the Voting Village and the steps needed to ensure election security in the future. Douglas Lute, former U.S. ambassador to NATO and retired U.S. Army lieutenant general, wrote in the report that “last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years – potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the security of our voting process — the fundamental link between the American people and our government — could be much more damaging,” Lute wrote. “In short, this is a serious national security issue that strikes at the core of our democracy.”Full Article: DEFCON hopes voting machine hacking can secure systems.
The political instability that has resulted from Russian meddling in the 2016 US presidential elections has put the focus on voting machines as a national security vulnerability, Douglas Lute, a former US permanent representative to NATO, said at the Atlantic Council on October 10. “I don’t think I’ve seen a more severe threat to American national security than the election hacking experience of 2016,” said Lute. There is a “fundamental democratic connection between the individual voter and the democratic outcome” of an election, he said, adding: “If you can undermine that, you don’t need to attack America with planes and ships. You can attack democracy from the inside.” … Lute delivered a keynote address at the Atlantic Council to call for a sense of urgency among policymakers and all stakeholders able to play a role in the solution to insecure voting machines. He also highlighted the findings presented in the DEF CON Report on Cyber Vulnerabilities in US Election Equipment, Databases, and Infrastructure, launched at the Council, which help to shed light on the technological dimensions of this national security threat. Ultimately, as Lute writes in the foreword, “this report makes one key point: our voting systems are not secure.”Full Article: Voting Machines: A National Security Vulnerability?.
When attendees at the July DEFCON conference breached every poll book and voting machine that event organizers had in the Voting Machine Hacking Village, elections officials took notice. A new report from DEFCON, the National Governors Association, the Atlantic Council, the Center for Internet Security and a number of universities and top technology vendors provides a more detailed look at just how vulnerable the entire U.S. election system – equipment, databases and infrastructure — is to hacking and urges policymakers to shore up security gaps. Vulnerabilities start with an insecure supply chain. Many parts used in voting machines are manufactured overseas, and the report authors suggested that bad actors could compromise the equipment “well before that voting machine rolls off the production line.” Voting Village participants found voting machines with universal default passwords and ones that broadcast their own Wi-Fi access point, which would allow hackers to connect. Once hackers gained access, they could escalate their privileges so they could run code, change votes in the database or turn the machine off remotely. Additionally, unprotected, uncovered USB ports provided easy inputs for thumb drives or keyboards.Full Article: Report details election vulnerabilities uncovered at DEFCON -- GCN.
You don’t even have to know much about voting machines to hack some of the systems that are still in use across the country. A new report published on Tuesday outlines how amateur hackers were able to “effectively breach” voting equipment, in some cases in a matter of minutes or hours, over just four days in July at DEFCON, an annual hacker conference. The report underscores the vulnerability of U.S. election systems. It also highlights the need for states to improve their security protocols after the Department of Homeland Security said Russian hackers attempted to target them during the 2016 election. “The DEFCON Voting Village showed that technical minds with little or no previous knowledge about voting machines, without even being provided proper documentation or tools, can still learn how to hack the machines within tens of minutes or a few hours,” the report says.Full Article: It Isn't Even That Difficult To Hack Voting Equipment | HuffPost.
If Los Angeles County voters spark a revolution when they cast their ballots for President in 2020, it may not stem from the choices they select but rather the way they did it. The digital age is coming to the ballot box here with a new, publically owned system that the County Clerk plans to begin rolling out next summer. The first major makeover to the region’s voting system since 1968 was a long time coming. “We said ‘why don’t we look at this from a holistic standpoint and from the eyes of a voter?’” County Clerk Dean Logan told the Santa Monica City Council during a presentation of the new system. The County partnered with designers at Palo Alto based IDEO to give southern California elections the Silicon Valley treatment. The design firm was behind the first Apple mouse, the first wearable breast pump (still in beta) and revamped public school cafeterias in San Francisco. The result: new voting booths that integrate smartphones, touchscreens, QR codes and old-fashioned paper. Eight years after the over hall began in 2010, many of the changes to hit L.A. County’s five million voters are procedural, not digital.Full Article: Big changes coming to LA County Elections | Santa Monica Daily Press.
When voters in Virginia head to the polls this November, they’ll be casting their ballots the old-fashioned way. The state’s Board of Elections decided earlier this month to de-certify the widely used Direct-Recording Electronic (DRE) voting machines ahead of the gubernatorial election – prompting counties and cities to replace their touchscreen machines with those that produce a paper trail. Virginia is not alone. Several states are now considering a return to old-fashioned paper ballots or a reinforced paper trail so results can be verified, amid concerns over hacking attempts in last year’s presidential race as well as longstanding cybersecurity worries about touchscreen machines. “Our No. 1 priority is to make sure that Virginia elections are carried out in a secure and fair manner,” James Alcorn, chairman of the State Board of Elections, said in a statement, calling the move “necessary to ensure the integrity of Virginia’s elections.”Full Article: Voting machine concerns have states eyeing return to paper ballots | Fox News.
Missouri: Boone County’s aging election equipment comes with estimated $1 million replacement price tag | Columbia Daily Tribune
Boone County’s aging voting equipment will need to be replaced in the next couple of years, and the estimated $1 million expense — once covered in the past by the federal government — solely will be the county’s responsibility. The Help America Vote Act of 2002, which reformed the U.S. voting process, awarded Boone County $888,700 more than a decade ago to purchase new equipment, including software, ballot counting equipment known as M100 machines and iVote machines, or the touchscreen ballots accessible through the American Disabilities Act.
The county’s voting equipment, which has a 10-year lifespan, has experienced an increasing number of errors in recent years and needs to be replaced, said Boone County Clerk Taylor Burks. Burks, appointed to the position in late July by Gov. Eric Greitens, said his office did not have enough time to meet the 2018 budget request deadline on Sept. 30 to find funding for replacement equipment next year. But he expects to have a plan for 2019.
Kansas: Appeals court to grapple with Beth Clarkson voting-machine case in Wichita | The Wichita Eagle
Is voting rigged in Sedgwick County? Is there any way to prove it is or isn’t? Those are the fundamental questions underlying a Kansas Court of Appeals case to be argued Tuesday morning in a special court session at Friends University in Wichita. The appeals court is being asked to allow a recount of votes on audit tapes from voting machines to test the accuracy of the tallies reported by Sedgwick County Election Commissioner Tabitha Lehman. Wichita State University statistician Beth Clarkson has tried for seven years to gain access to the tapes. Her request was denied by Lehman and the denial was upheld in district court. Lehman and Sedgwick County say that there is no problem with the votes and releasing the tapes would risk compromising the secrecy of people’s ballots. Tuesday’s appeal arguments will feature two prominent Wichita attorneys.Full Article: Appeals court to grapple with Beth Clarkson voting-machine case in Wichita | The Wichita Eagle.
One of the reasons why computer security is so hard is because you have to get absolutely everything right in order to have a secure system. And there’s lots of different kinds of things you can get wrong. Everything from your software was buggy, your passwords were too weak, you published your passwords accidentally, your hardware was insecure, the user made a mistake and fell victim to a phishing attack and gave their credentials to a foreign agent or a bad guy. All of those things have to be done correctly in order to have a secure system. It might seem tempting to think, you know, everybody has a cell phone so you could just use your cell phone to do voting like we do for American Idol or similar TV shows. It works for American Idol because nobody cares all that much who wins or doesn’t win.Full Article: Election Hackers: Why Voting Technology Has to Stay Primitive | Big Think.
Editorials: Decertifying Virginia’s vulnerable voting machines is just the first step | Fredericksburg Free Lance Star
The Virginia State Board of Elections has belatedly decided that all electronic touchscreen voting machines still in use throughout the commonwealth cannot be used for the Nov. 7 general election because they are vulnerable to hacking, even though they are not connected to the internet. This revelation is not new. For more than a decade, computer scientists at Princeton, Johns Hopkins, and other top universities have demonstrated that hackers can surreptitiously change votes on these machines without leaving a trace. In 2005, Finnish computer programmer Harri Hursti successfully hacked into Diebold voting machines that were in a locked warehouse in Leon County, Fla., under the watchful eyes of elections officials, a feat still referred to today as the Hursti Hack. But it took another demonstration of successful hacking at the DEFcon cybersecurity conference in Las Vegas this summer to finally convince board members that they needed to immediately decertify all touchscreen voting machines still in use in Virginia. Better late than never, as the old saying goes, but that left 22 cities and counties that still use them to tabulate election results in the lurch. Decertification should have happened years ago.Full Article: EDITORIAL: Decertifying vulnerable voting machines is just the first step | Editorials | fredericksburg.com.
California: San Francisco could become first local government to use open-source voting system | San Francisco Chronicle
San Francisco has taken a tentative step toward deciding on whether it will become the first local government in the country to run its voting machines on open-source software. The notion of shifting away from using proprietary technology sold by private companies to computer code made freely available for anyone to use and modify has been talked about for years. But it’s been getting more attention since the city allocated $300,000 to study the issue. Last week, Elections Director John Arntz opened discussions with Slalom, a consulting group selected by the city to prepare a detailed report on what San Francisco would face if it decides go to an open-source voting system. The report is expected to be finished by January at a cost of around $175,000.Full Article: San Francisco could become first local government to use open-source voting system - San Francisco Chronicle.
National: Patent suit pits top two players in U.S. electronic voting machines against each other | IPWatchdog
On Monday, August 21st, Omaha, NE-based voting machine firm Election Systems & Software filed a patent infringement suit against election product company Dominion Voting Systems of Toronto, Ontario. Election Systems is asserting a patent on an electronic voting machine technology that provides multiple methods by which a user may cast a vote in an effort to improve accessibility. The suit has been filed in the District of Delaware. Election Systems is asserting a single patent in the case: U.S. Patent No. 8991701, titled Integrated Voting System and Method for Accommodating Paper Ballots and Audio Ballots and issued to the firm in March 2015. It claims an accessible voting station for use during an election having a voting console to present an audio ballot to a voter and receive voting selections from the voter, a printer to print a ballot including the selections and a reader that scans a portion of the printed ballot to determine voting selections.Full Article: Delaware Patent suit pits top two players in U.S. electronic voting machines against each other - IPWatchdog.com | Patents & Patent Law.
Pennsylvania: An Allegheny County election integrity coalition won’t get a ballot question but is still pushing for new laws | The Incline
A referendum effort to get a question about election integrity on the November ballot may have failed, but the coalition behind it still plans to lobby the Allegheny County Council to pass legislation. A coalition of groups including Don’t Tread on My Vote and VoteAllegheny plan to rally at the City-County building at 4 p.m. today and attend the 5 p.m. meeting of county council. As the activists previously explained to the Post-Gazette, their main aim is to get the county to create a commission to review voting machines and eventually have them replaced with ones that leave a paper trail. … With the referendum effort done, the coalition now plans to focus on lobbying county council to pass a 16-page ordinance it drafted or similar legislation.Full Article: An Allegheny County election integrity coalition won’t get a ballot question but is still pushing for new laws.
Editorials: Voting Machines Are Easy To Hack – It’s Time We Face The Harsh Reality | Daniel Knighten/News4C
We live in the age of technology and every aspect of our life is evolving. Technology is present everywhere and while this provides numerous advantages, it can also become a major weak spot. The best example is the upgrade of the voting process in the US. It made things easier for voters, but it soon became clear that the voting machines are vulnerable pieces of electronic equipment that require the attention of government officials. Security experts gave out several warnings and earlier this year we have announced that the security of the voting system represents a priority for our country. In the words of Jeh Johnson, Secretary of Homeland Security, “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.” However, despite the government’s best intentions, the 25th annual DEF CON computer security conference was an eye-opener for national security. The convention, held in July, in Las Vegas, proved just how simple it is to interfere with the voting machines and it managed to expose all their exploitable parts.Full Article: Voting Machines Are Easy To Hack – It's Time We Face The Harsh Reality - News4C.
Voting systems must be accurate, usable, accessible and secure to be successful, according to a new paper from a voting behavior expert at Rice University. “Improving Voting Systems’ User-Friendliness, Reliability and Security” will appear in Behavioral Science and Policy and summarizes voting systems in the United States used throughout the past decade and outlines lessons about how to improve them. In the paper, author Mike Byrne, a professor of psychology and computer science at Rice, summarizes previous voting research that supports his argument that the following four factors are critical to the success of voting systems. In his previous research on voting accuracy, Byrne found that voting machines fail to capture voter intent up to 4 percent of the time. He found a 1-2 percent error rate for paper ballots, a 1.5 percent error rate for direct recording electronic – DRE – machines and a 3-4 percent error rate for punch cards and lever machines. He said this is clear evidence that this issue must be addressed. Voting error rates were measured by comparing each voter’s intent with the actual vote that was cast.Full Article: Successful voting systems must be accurate, usable, accessible and secure.
American Democracy depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly in question, but given that there are 66 weeks until midterm elections, and 14 weeks until local 2017 elections, there’s plenty of time to fix the poor state of voting technology, right? Wrong. To secure voting infrastructure in the US in time for even the next presidential election, government agencies must start now. At Def Con 2017 in Las Vegas, one of the largest hacker conferences in the world, Carsten Schurmann (coauthor of this article) demonstrated that US election equipment suffers from serious vulnerabilities. It took him only a few minutes to get remote control of a WINVote machine used in several states in elections between 2004 and 2015. Using a well-known exploit from 2003 called MS03-026, he gained access to the vote databases stored on the machine. This kind of attack is not rocket science and can be executed by almost anyone. All you need is basic knowledge of the Metasploit tool.Full Article: Voting Machine Hackers Have 5 Tips to Save the Next Election | WIRED.
Utah election officials at the Capitol brought voters in to test out new voting machines with a goal of finding a system that is secure and quickly counts ballots from counties that do all-mail voting. The voter feedback from Wednesday will help an ongoing state process to choose the best provider of voting equipment for county officials, Utah Director of Elections Mark Thomas said. Vetting should be completed in the next couple of months, Thomas said. The new technology will provide counties with cost benefits, but the Legislature has appropriated only $270,000 toward replacing the machines.Full Article: Utah Residents Help Officials Vet New Voting Machines | Utah News | US News.
E-voting machines and voter registration systems used widely in the United States and other countries’ elections can readily be hacked—in some cases with less than two hours’ work. This conclusion emerged from a three-day-long hackathon at the Def Con security conference in Las Vegas last weekend. Some of those hacks could potentially leave no trace, undercutting the assurances of election officials and voting machine companies who claim that virtually unhackable election systems are in place. … “These people who hacked the e-poll book system, when they came in the door they didn’t even know such a machine exists. They had no prior knowledge, so they started completely from scratch,” says Harri Hursti, Hacking Village co-coordinator and data security expert behind the first hack of any e-voting system in 2005.Full Article: DEFCON Hackers Found Many Holes in Voting Machines and Poll Systems - IEEE Spectrum.