Missouri: Boone County’s aging election equipment comes with estimated $1 million replacement price tag | Columbia Daily Tribune

Boone County’s aging voting equipment will need to be replaced in the next couple of years, and the estimated $1 million expense — once covered in the past by the federal government — solely will be the county’s responsibility. The Help America Vote Act of 2002, which reformed the U.S. voting process, awarded Boone County $888,700 more than a decade ago to purchase new equipment, including software, ballot counting equipment known as M100 machines and iVote machines, or the touchscreen ballots accessible through the American Disabilities Act.
The county’s voting equipment, which has a 10-year lifespan, has experienced an increasing number of errors in recent years and needs to be replaced, said Boone County Clerk Taylor Burks. Burks, appointed to the position in late July by Gov. Eric Greitens, said his office did not have enough time to meet the 2018 budget request deadline on Sept. 30 to find funding for replacement equipment next year. But he expects to have a plan for 2019.

Kansas: Appeals court to grapple with Beth Clarkson voting-machine case in Wichita | The Wichita Eagle

Is voting rigged in Sedgwick County? Is there any way to prove it is or isn’t? Those are the fundamental questions underlying a Kansas Court of Appeals case to be argued Tuesday morning in a special court session at Friends University in Wichita. The appeals court is being asked to allow a recount of votes on audit tapes from voting machines to test the accuracy of the tallies reported by Sedgwick County Election Commissioner Tabitha Lehman. Wichita State University statistician Beth Clarkson has tried for seven years to gain access to the tapes. Her request was denied by Lehman and the denial was upheld in district court. Lehman and Sedgwick County say that there is no problem with the votes and releasing the tapes would risk compromising the secrecy of people’s ballots. Tuesday’s appeal arguments will feature two prominent Wichita attorneys.

Editorials: So You Want Digital Voting? Hackers Want It Even More | Kathleen Fisher/Big Think

One of the reasons why computer security is so hard is because you have to get absolutely everything right in order to have a secure system. And there’s lots of different kinds of things you can get wrong. Everything from your software was buggy, your passwords were too weak, you published your passwords accidentally, your hardware was insecure, the user made a mistake and fell victim to a phishing attack and gave their credentials to a foreign agent or a bad guy. All of those things have to be done correctly in order to have a secure system. It might seem tempting to think, you know, everybody has a cell phone so you could just use your cell phone to do voting like we do for American Idol or similar TV shows. It works for American Idol because nobody cares all that much who wins or doesn’t win. 

Editorials: Decertifying Virginia’s vulnerable voting machines is just the first step | Fredericksburg Free Lance Star

The Virginia State Board of Elections has belatedly decided that all electronic touchscreen voting machines still in use throughout the commonwealth cannot be used for the Nov. 7 general election because they are vulnerable to hacking, even though they are not connected to the internet. This revelation is not new. For more than a decade, computer scientists at Princeton, Johns Hopkins, and other top universities have demonstrated that hackers can surreptitiously change votes on these machines without leaving a trace. In 2005, Finnish computer programmer Harri Hursti successfully hacked into Diebold voting machines that were in a locked warehouse in Leon County, Fla., under the watchful eyes of elections officials, a feat still referred to today as the Hursti Hack. But it took another demonstration of successful hacking at the DEFcon cybersecurity conference in Las Vegas this summer to finally convince board members that they needed to immediately decertify all touchscreen voting machines still in use in Virginia. Better late than never, as the old saying goes, but that left 22 cities and counties that still use them to tabulate election results in the lurch. Decertification should have happened years ago.

California: San Francisco could become first local government to use open-source voting system | San Francisco Chronicle

San Francisco has taken a tentative step toward deciding on whether it will become the first local government in the country to run its voting machines on open-source software. The notion of shifting away from using proprietary technology sold by private companies to computer code made freely available for anyone to use and modify has been talked about for years. But it’s been getting more attention since the city allocated $300,000 to study the issue. Last week, Elections Director John Arntz opened discussions with Slalom, a consulting group selected by the city to prepare a detailed report on what San Francisco would face if it decides go to an open-source voting system. The report is expected to be finished by January at a cost of around $175,000.

National: Patent suit pits top two players in U.S. electronic voting machines against each other | IPWatchdog

On Monday, August 21st, Omaha, NE-based voting machine firm Election Systems & Software filed a patent infringement suit against election product company Dominion Voting Systems of Toronto, Ontario. Election Systems is asserting a patent on an electronic voting machine technology that provides multiple methods by which a user may cast a vote in an effort to improve accessibility. The suit has been filed in the District of Delaware. Election Systems is asserting a single patent in the case: U.S. Patent No. 8991701, titled Integrated Voting System and Method for Accommodating Paper Ballots and Audio Ballots and issued to the firm in March 2015. It claims an accessible voting station for use during an election having a voting console to present an audio ballot to a voter and receive voting selections from the voter, a printer to print a ballot including the selections and a reader that scans a portion of the printed ballot to determine voting selections.

Pennsylvania: An Allegheny County election integrity coalition won’t get a ballot question but is still pushing for new laws | The Incline

A referendum effort to get a question about election integrity on the November ballot may have failed, but the coalition behind it still plans to lobby the Allegheny County Council to pass legislation. A coalition of groups including Don’t Tread on My Vote and VoteAllegheny plan to rally at the City-County building at 4 p.m. today and attend the 5 p.m. meeting of county council. As the activists previously explained to the Post-Gazette, their main aim is to get the county to create a commission to review voting machines and eventually have them replaced with ones that leave a paper trail. … With the referendum effort done, the coalition now plans to focus on lobbying county council to pass a 16-page ordinance it drafted or similar legislation.

Editorials: Voting Machines Are Easy To Hack – It’s Time We Face The Harsh Reality | Daniel Knighten/News4C

We live in the age of technology and every aspect of our life is evolving. Technology is present everywhere and while this provides numerous advantages, it can also become a major weak spot. The best example is the upgrade of the voting process in the US. It made things easier for voters, but it soon became clear that the voting machines are vulnerable pieces of electronic equipment that require the attention of government officials. Security experts gave out several warnings and earlier this year we have announced that the security of the voting system represents a priority for our country. In the words of Jeh Johnson, Secretary of Homeland Security, “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.” However, despite the government’s best intentions, the 25th annual DEF CON computer security conference was an eye-opener for national security. The convention, held in July, in Las Vegas, proved just how simple it is to interfere with the voting machines and it managed to expose all their exploitable parts.

National: Successful voting systems must be accurate, usable, accessible and secure | Phys.org

Voting systems must be accurate, usable, accessible and secure to be successful, according to a new paper from a voting behavior expert at Rice University. “Improving Voting Systems’ User-Friendliness, Reliability and Security” will appear in Behavioral Science and Policy and summarizes voting systems in the United States used throughout the past decade and outlines lessons about how to improve them. In the paper, author Mike Byrne, a professor of psychology and computer science at Rice, summarizes previous voting research that supports his argument that the following four factors are critical to the success of voting systems. In his previous research on voting accuracy, Byrne found that voting machines fail to capture voter intent up to 4 percent of the time. He found a 1-2 percent error rate for paper ballots, a 1.5 percent error rate for direct recording electronic – DRE – machines and a 3-4 percent error rate for punch cards and lever machines. He said this is clear evidence that this issue must be addressed. Voting error rates were measured by comparing each voter’s intent with the actual vote that was cast.

National: Voting Machine Hackers Have 5 Tips to Save the Next Election | WIRED

American Democracy depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly in question, but given that there are 66 weeks until midterm elections, and 14 weeks until local 2017 elections, there’s plenty of time to fix the poor state of voting technology, right? Wrong. To secure voting infrastructure in the US in time for even the next presidential election, government agencies must start now. At Def Con 2017 in Las Vegas, one of the largest hacker conferences in the world, Carsten Schurmann (coauthor of this article) demonstrated that US election equipment suffers from serious vulnerabilities. It took him only a few minutes to get remote control of a WINVote machine used in several states in elections between 2004 and 2015. Using a well-known exploit from 2003 called MS03-026, he gained access to the vote databases stored on the machine. This kind of attack is not rocket science and can be executed by almost anyone. All you need is basic knowledge of the Metasploit tool.

Utah: Residents Help Officials Vet New Voting Machines | Associated Press

Utah election officials at the Capitol brought voters in to test out new voting machines with a goal of finding a system that is secure and quickly counts ballots from counties that do all-mail voting. The voter feedback from Wednesday will help an ongoing state process to choose the best provider of voting equipment for county officials, Utah Director of Elections Mark Thomas said. Vetting should be completed in the next couple of months, Thomas said. The new technology will provide counties with cost benefits, but the Legislature has appropriated only $270,000 toward replacing the machines.

National: DEFCON Hackers Found Many Holes in Voting Machines and Poll Systems | IEEE Spectrum

E-voting machines and voter registration systems used widely in the United States and other countries’ elections can readily be hacked—in some cases with less than two hours’ work. This conclusion emerged from a three-day-long hackathon at the Def Con security conference in Las Vegas last weekend. Some of those hacks could potentially leave no trace, undercutting the assurances of election officials and voting machine companies who claim that virtually unhackable election systems are in place. … “These people who hacked the e-poll book system, when they came in the door they didn’t even know such a machine exists. They had no prior knowledge, so they started completely from scratch,” says Harri Hursti, Hacking Village co-coordinator and data security expert behind the first hack of any e-voting system in 2005.

Michigan: Some Michigan communities to see new voting machines at their precincts | MLive

Voters from 63 communities in 11 Michigan counties heading to the booths on August 8th will notice new ballot counting machines. The new machines will be replacing ten-year-old equipment with new optical-scan voting systems. By November of 2018, all cities and townships in Michigan will have the new equipment that allows for faster processing and easier use for disabled voters. Secretary of State Ruth Johnson introduced the new voting machines in the Rochester Hills City Hall building on Wednesday morning, August 2. “The new state of the art machines and programming protect the integrity of our process to ensure every vote counts,” said Johnson.

National: Voting machines and election systems – a quick look | Associated Press

Digital voting machines are in the spotlight in Venezuela, where the head of Smartmatic, a maker of election systems used in the country’s tumultuous constituent-assembly election, said Wednesday that the official turnout figure had been “tampered with .” The company’s CEO said the count was off by at least 1 million votes — possibly in either direction. Tibisay Lucena, head of Venezuela’s National Electoral Council, dismissed that allegation as an “irresponsible declaration” that might lead to legal action. The government-stacked electoral council claims more than 8 million people voted in the election for a nearly all-powerful constituent assembly. Independent analysts have expressed doubts at that number. Here’s a look at the technology and politics of voting machines and election systems. The voting-machine market is a speck in the prodigious tech sector. Iowa University computer scientist Douglas Jones estimates its annual revenues in the United States at less than $200 million — roughly what Google pulls in every day. It’s much harder to get reliable information about the fragmented global market for election systems.

Michigan: New voting machines coming to Michigan: Here’s how they’re different | Detroit Free Press

Cities across Michigan will be breaking in new voting equipment for Tuesday’s primary, following the discovery of irregularities during last year’s presidential election recount and as a commission appointed by the president looks into questions of voter integrity across the country. Detroit, which experienced numerous problems during the November 2016 election, will be the biggest of the 60 cities that will switch to the new voting machines next week. Some 45 counties will have the equipment on board by the November election. All municipalities in the state will be hooked up by the August 2018 primary election. “We knew it was time to get new equipment,” Secretary of State Ruth Johnson said during a demonstration Wednesday of the new equipment in Rochester Hills. “Our equipment was at least 10 years old and nearing the end of its life. Elections are too important to rely on old voting machines.” “They’ve made a lot of changes. We have high hopes for them,” said Sally Williams, the state’s newly appointed elections director.

Utah: Security on mind as state auditions new voting machines, software | Deseret News

Just last weekend, a long-running hackers convention in Las Vegas lined up a dozen U.S. electronic voting machines, many of which were obtained from government auctions and second-hand sources like eBay, and unleashed attendees on them. By the end of the weekend, all of the machines had been breached in one form or another. And while most of the equipment was somewhat out of date in terms of technology, a few of the models are still in use. DefCon 25 organizers said the exercise was about illustrating and helping address security vulnerabilities in the U.S. election system, a popular national conversation topic following allegations that are still under investigation of outside meddling in the 2016 election cycle. On Wednesday, another lineup of voting machines popped up at the Utah Capitol. This time, however, the event was aimed at giving members of the public an opportunity to audition some of the latest in voting technology as part of a state process to choose a new provider of voting equipment for county officials who operate Utah elections.

National: Hackers Eviscerate Election Tech Security…Who’s Surprised? | WhoWhatWhy

Over the past two days, all major US news outlets breathlessly reported that hackers in Las Vegas needed little time to expose the security flaws of several types of voting machines this weekend. While it is certainly nice to see the mainstream media cover election integrity issues more than once every four years, anybody following the topic, as WhoWhatWhy routinely does, was hardly surprised that the hackers were so successful. How do we know? Because, in anticipation of what happened at the DEF CON hacking conference, WhoWhatWhy spoke to many of the leading election integrity experts to get their thoughts on the event. Most of them expressed hope that the hackers would raise much-needed awareness of the vulnerabilities of US voting machines. Some of the experts we spoke to ahead of the event expressed concerns that, should the hackers fail to breach the machines, it would give people a false sense of security. It turns out that they did not have to worry about that — at all.

National: Congressmen at DefCon: Please help us, hackers! | The Parallax

For the first time in the 25 years of the world’s largest hacker convention, DefCon, two sitting U.S. Congressmen trekked here from Washington, D.C., to discuss their cybersecurity expertise on stage. Rep. Will Hurd, a Texas Republican, and Rep. Jim Langevin, a Rhode Island Democrat, visited hacking villages investigating vulnerabilities in cars, medical devices, and voting machines; learned about how security researchers plan to defend quantum computers from hacks; and met children learning how to hack for good. … Hurd said security researchers could play an important role in addressing increasingly alarming vulnerabilities in the nation’s voting apparatus. DefCon’s first voting machine-hacking village this weekend hosted a voting machine from Shelby County, Tenn., that unexpectedly contained personal information related to more than 600,000 voters. Village visitors managed to hack the machine, along with 29 others.

National: Hackers at a cybersecurity conference breached dozens of voting machines | Business Insider

Professional hackers were invited to break into dozens of voting machines and election software at this year’s annual DEFCON cybersecurity conference. And they successfully hacked every single one of the 30 machines acquired by the conference. The challenge was held at DEF CON’s “Voting Village,” where hackers took turns breaching ten sample voting machines and voter registration systems, Politico reported. … “Follow the money,” Harri Hursti, the cofounder of Nordic Innovation Labs, which helped organize DEF CON, told The Hill. “On the other end of the ballot, that’s where the money is — banks and roads.” Hodge said that if officials take care to “store machines, set them up, [and] always have someone keeping an eye on machines,” that could go a long way in ensuring the safety of the electoral process.

National: DHS is refusing to investigate possible breach of voting machines | Business Insider

Pressure to examine voting machines used in the 2016 election grows daily as evidence builds that Russian hacking attacks were broader and deeper than previously known. And the Department of Homeland Security has a simple response: No. DHS officials from former secretary Jeh Johnson to acting Director of Cyber Division Samuel Liles may be adamant that machines were not affected, but the agency has not in fact opened up a single voting machine since November to check. Asked about the decision, a DHS official told TPM: “In a September 2016 Intelligence Assessment, DHS and our partners determined that there was no indication that adversaries were planning cyber activity that would change the outcome of the coming US election.” According to the most recent reports, 39 states were targeted by Russian hackers, and DHS has cited–without providing details–domestic attacks in its own reports as well. “Although we continue to judge all newly available information, DHS has not fundamentally altered our prior assessments,” the department told TPM.

National: Every Voting Machine at This Hacking Conference Got Totally Pwned | Gizmodo

A noisy cheer went up from the crowd of hackers clustered around the voting machine tucked into the back corner of a casino conference room—they’d just managed to load Rick Astley’s “Never Gonna Give You Up” onto the WinVote, effectively rickrolling democracy. The hack was easy to execute. Two of the hackers working on the touchscreen voting machine, who identified only by their first names, Nick and Josh, had managed to install Windows Media Player on the machine and use it to play Astley’s classic-turned-trolling-track. … The security industry encourages regular software updates to patch bugs and keep machines as impenetrable as possible. But updating the machines used in voting systems isn’t as easy as installing a patch because the machines are subject to strict certification rules.

National: Hackers Demonstrate How Vulnerable Voting Machines Are | US News & World Report

We shouldn’t need another reminder, but the DefCon hacking conference in Las Vegas provided one over the weekend anyway: Voting machines are highly susceptible to electronic attacks. You might remember the topic of hacking elections from such recent presidential campaigns as: last year’s. And while – this is important – there’s no evidence that hackers manipulated actual vote tallies in 2016, there’s every reason to believe that cyber-malefactors will try to do just that in future. And the DefCon gang proved how easy that would be. The convention set up a Voting Machine Hacking Village where attendees could see what they could do against more than 30 voting machines (procured, no kidding, via eBay and government auctions). It took less than 90 minutes before a hacker was able to crack the poorly-secured Wi-Fi on one voting machine (which is, thankfully, outdated and was apparently last used in 2015); another programmed a machine to play Rick Astley’s ghastly song, “Never Gonna Give You Up.” Imagine casting your vote on Election Day and getting rickrolled for your trouble.

National: Hackers descend on Las Vegas to expose voting machine flaws | Politico

Election officials and voting machine manufacturers insist that the rites of American democracy are safe from hackers. But people like Carten Schurman need just a few minutes to raise doubts about that claim. Schurman, a professor of computer science at the University of Copenhagen in Denmark, used a laptop’s Wi-Fi connection Friday to gain access to the type of voting machine that Fairfax County, Virginia, used until just two years ago. Nearby, other would-be hackers took turns trying to poke into a simulated election computer network resembling the one used by Cook County, Illinois. …  Before the 2016 election, former FBI Director James Comey assuaged fears by telling Congress that the system was so “clunky” — comprised of a mishmash of different kinds of machines and networks, with each state’s results managed by a consortium of state and county officials — that its overall integrity was fairly safe. Election security advocates aren’t as confident. Barbara Simons, Board Chair of Verified Voting, a nonprofit that since 2003 has studied U.S. elections equipment, said that the vulnerabilities on display in Las Vegas only served to reiterate a need for the country to adopt a nationwide system of verifiable paper ballots and mandatory, statistically significant audits. While numerous states have starting moving in this direction, Simons worries it’s not enough.

National: These Hackers Reveal How Easy It Is To Hack US Voting Machines | Forbes

In a muggy little room in the far corner of Caesar’s Palace, wide-eyed and almost audibly buzzing is Carsten Schurmann. The German-born hacker has just broken into a U.S. voting machine with his Apple Mac in a matter of minutes. He can turn it on and off, he can read all the information stored within and if he felt like it, he could probably change some votes if the system was in use. “This is insane,” he says. But today, that machine is not in use, it’s being opened up for anyone to try what Schurmann did. A host of technically-minded folk have gathered at DEF CON’s Voting Machine Village, where they’re tinkering with more than 25 commonly used systems used across American elections. They might just save the next election from Russian hackers. Those machines are, co-organizer Matt Blaze says, horribly insecure. Blaze’s hope is the public will be made aware of their many, many flaws, and demand elections be protected from outside, illegal interference, following the much-documented attempts by Russia to install Donald Trump as president.

National: Hackers Scour Voting Machines for Election Bugs | VoA News

Hackers attending this weekend’s Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results. The 25-year-old conference’s first “hacker voting village” opened on Friday as part of an effort to raise awareness about the threat of election results being altered through hacking. Hackers crammed into a crowded conference room for the rare opportunity to examine and attempt to hack some 30 pieces of election equipment, much of it purchased over eBay, including some voting machines and digital voter registries that are currently in use.

National: Hackers breach each of dozens voting machines brought to conference | The Hill

One of the nation’s largest cybersecurity conferences is inviting attendees to get hands-on experience hacking a slew of voting machines, demonstrating to researchers how easy the process can be. “It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia. The DEF CON cybersecurity conference is held annually in Las Vegas. This year, for the first time, the conference is hosting a “Voting Machine Village” where attendees can try to hack a number of systems and help catch vulnerabilities. The conference acquired 30 machines for hackers to toy with. Every voting machine in the village was hacked.

Editorials: As Hackers Target U.S. Voting Machines, We Need Leaders Who’ll Put Country Over Party | Karen Hobert Flynn/Just Security

“If there has ever been a clarion call for vigilance and action against a threat to the very foundation of our democratic political system, this episode is it,” former Director of National Intelligence James Clapper told senators in May. Clapper’s warning about the impact of Russian interference in the 2016 election and the potential damage from future cyberattacks around the world packed a particularly powerful wallop. Over the next few days in Las Vegas, a group of white hat hackers will run a “Voting Machine Hacking Village,” using real U.S. voting machines to back up Clapper’s alarm with a demonstration of the vulnerability of some of our voting systems. This private effort, part of DEF CON, the world’s largest hacker convention, highlights a serious public problem: our election infrastructure was attacked and will be again; our federal and state governments must do much more to protect our most cherished right as Americans, our vote.

California: Worried about election hacking, L.A. County officials are turning to hackers for help | Los Angeles Times

Local election officials are looking for some good hackers. As part of an effort to create a new voting system, Los Angeles County computer specialists are headed this week to Defcon, one of the world’s largest hacking conventions, where attendees will try to compromise a new target — voting equipment. County Registrar-Recorder Dean C. Logan said he hopes Defcon’s new Voting Village will give his staff more to worry about as they work to revamp the way Los Angeles County votes. Defcon, which draws 20,000 participants to Las Vegas yearly, has set aside a space this year for hackers to pick apart voting machines, assail voter-registration databases and carry out mock attacks on various voting processes from around the country.

National: Hackers plan to break into 30 voting machines to put election meddling to the test | USA Today

Think of it as a stress test for democracy. Hackers plan to spend this weekend trying to break into more than 30 voting machines used in recent elections to see just how far they can get. U.S. election officials have consistently said that despite Russian attempts to affect the outcome of the 2016 presidential election, no votes were tampered with. … However, experts in election voting software say no states routinely perform post-election vote audits to ensure that the reported vote count tallies with ballots, Singer said. Moreover, there were no forensic examinations of any of the voting machines used in the 2016 presidential election, in part because many election-machine vendor contracts prohibit it, Singer said. That’s a red flag for hackers at DefCon.

National: Top hacker conference to target voting machines | Politico

Hackers will target American voting machines—as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar’s Palace in Las Vegas at the end of July for DEFCON, the world’s largest hacking conference, organizers are planning to have waiting what they call “a village” of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. … With all the attention on Russia’s apparent attempts to meddle in American elections—former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there’s no evidence of actual vote tampering—voting machines were an obvious next target, said DEFCON founder Jeff Moss. Imagine, he said, what a concerted effort out of Russia or anywhere else could do.