National: MIT researchers find vulnerabilities in Voatz voting app used in multiple states | Maggie Miller/The Hill

A voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found. In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned. The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast. The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions. The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

National: ‘Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws | Kim Zetter/VICE

A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday. The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system. The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, principal research scientist with the lab. Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.

National: Senate GOP blocks election security bills as intel report warns of Russian meddling in 2020 | Igor Derysh/Salon

en. Marsha Blackburn, R-Tenn., blocked Democratic efforts to unanimously pass three bills related to election security despite warnings that Russia will interfere in the 2020 election. Sen. Mark Warner, D-Va., and Sen. Richard Blumenthal, D-Conn., tried to pass a bill that would require campaigns to report offers of foreign election assistance to the FBI, and another that would require campaigns to report such offers to the Federal Election Commission. “The appropriate response is not to say thank you, the appropriate response is to call the FBI,” Warner said, according to The Hill. “There is no doubt that [Trump] will only be emboldened in his efforts to illegally enlist foreign governments in his reelection campaign,” Blumenthal added. Sen. Ron Wyden, D-Ore., also tried to pass the Securing America’s Federal Elections Act (SAFE Act), which would provide additional funding to the Election Assistance Commission and would ban voting machines from being connected to the internet as well as machines that were manufactured in foreign countries. “America is 266 days away from the 2020 election, and Majority Leader McConnell has yet to take any concrete steps to protect our foreign elections from hacking or foreign interference,” Wyden said.

National: CISA leans into facilitator role in election security plan | Derek B. Johnson/FCW

Officials from the Cybersecurity and Infrastructure Security Agency often describe their role in election security as helping to coordinate and advise the larger ecosystem of election stakeholders. In a newly released strategic plan, the agency lays out its strategy for protecting the 2020 elections by largely leaning into that facilitator role, breaking down its coordination activities across four lines of effort: elections infrastructure, campaigns and political infrastructure, the American electorate and warning and response. To help protect digital and physical elections infrastructure, such as voting machines, election software systems and polling places, CISA views its role as largely complementary to that of states and localities, vendors and others on the front lines of election administration. Thus, getting those organizations to adopt better security practices through outreach and offers of federal resources are its prime tools.

Editorials: Why Companies Need to Help Ensure Election Integrity | Daniel Dobrygowski/Harvard Business Review

The Iowa Democratic caucus, the first election of the 2020 cycle in the U.S., seems to have played into experts’ most dire concerns about election integrity. Rather than a harbinger of disaster to come, we need to recognize this as a warning that it’s all hands on deck to ensure election security. It’s well past time to activate everyone who has a stake in trustworthy elections — not only campaigns, government officials, and voters, but also private companies as well. To borrow a meme, the best time to work together on securing the vote was 2010, the second-best time is right now. Much of the conversation around election security to date has focused on hacking, and it remains a serious concern. In 2016, Russian hackers targeted election infrastructure in more than two dozen U.S. states and compromised the email servers of Hillary Clinton’s presidential campaign. Adversaries have already begun targeting the 2020 presidential campaigns. Personal information about voters has also leaked from campaigns and political parties who store and analyze it online.

Editorials: Election hacking: is it the end of democracy as we know it? | Nick Ismail/Information Age

Since the 2016 US election, there have been murmurs about hacking elections. There are reports of hacktivists trying to compromise the ballot and rogue governments trying to control the outcome. But in a post-truth world, how much of this is legitimate? How much can we brush aside as fake news? If the recent controversial Iowa caucuses are anything to go by, we are definitely at risk. Sometimes bad actors also hack other criminals to use their network and hide their true identity. Recently, this was the case when a group of hackers from Eastern Europe compromised the network of elite Iranian hackers. In this scenario, governments and private companies in the Middle East and Britain were attacked while Tehran was set up to take the blame. So it begs the question, in the current threat landscape, what does it mean to hack an election?

Colorado: MIT study: voting app that Denver used could be hacked | Matt Mauro/KDVR

An app that some Denver voters used in 2019 has significant security issues, according to a new study from the Massachusetts Institute of Technology. The study that was released Thursday said hackers could potentially block or change a vote and steal a voter’s personal information from the app Voatz. The Denver Elections Division used Voatz in the May and June municipal elections for about 300 military and overseas voters. The Division did not report any security issues. “We were very happy with it,” said Director of Elections Jocelyn Bucaro. Burcaro said voter turnout increased significantly with Voatz. Traditionally, military members and others who are overseas and vote electronically would have to print a ballot, sign an affidavit, scan the documents and email them. Voatz allowed the voters to submit their ballots by just using a smartphone. Also, the division used a three-step process to ensure the app and votes were secure. “We are really grateful for the MIT researchers and releasing that report because we’ve been wanting more security review of the Voatz application and other vendors in this space,” Bucaro said.

Florida: DHS preparing report on 2016 Palm Beach election ransomware | David Smiley and Nicholas Nehamas/Miami Herald

Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link. Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted the FBI in November after a veteran IT employee told her that the office had been infected by a ransomware virus only a few weeks prior to the 2016 election. The virus was not publicly disclosed in 2016. Link said the FBI referred her to DHS, which sent a team of a half-dozen employees to her office late last month to do a “deep dive” into her department’s network. She said a report of their findings and recommendations is expected shortly. “We’ve had the top experts in the country here and they spent a lot of time with our system. When we get the report, we’ll be able to take care of everything we can take care of,” Link said in an interview Thursday. “I wanted this done before March if at all possible.”

Florida: Key Florida Elections Office Endured Cyberattack Ahead of 2016 Election | Miles Parks/NPR

The elections office of Florida’s third-most populous county was breached by a crippling cyberattack in the weeks leading up to the 2016 election, NPR confirmed on Thursday. There is no indication that the ransomware attack was connected to Russian interference efforts leading up to the last presidential race, but the revelation about it now shows how election officials are preparing for this year’s election without knowing all the details of what happened before. The attack on Palm Beach County came to light during a Palm Beach Post editorial board interview with county elections supervisor Wendy Sartory Link. “Have we been hacked in Palm Beach County? Yeah, we have,” Link told the paper. A spokesperson for the elections office also confirmed the attack to NPR. “It was in 2016, and as soon as Wendy found out about it, we went and did the necessary precautions to make sure that we were going to be 100% secure and safe,” said Judy Lamey, an assistant public information officer for the elections office.

Iowa: Caucus Meltdown Proved Transparency Is Essential, Election-Watchers Say | Miles Parks/NPR

As the Democratic primary season rolls on, one big lesson already is sinking in from the party’s caucus-night meltdown in Iowa: Secrecy isn’t a strategy. State Democratic chair Troy Price declined to answer questions a month ago about what sorts of tests were conducted on the smartphone app the party was planning to use on caucus night or detail backup plans should it fail. But he did promise some sort of transparency. “We’ll be able to give a preview to the press of what the app will look like in the days leading up to the caucuses,” Price said in mid-January, in his first interview about the app, with NPR and Iowa Public Radio. That preview never happened. And the reporting system then failed in a major way. The state party announced over the weekend that it was still adjusting results for 3 percent of the state’s total precincts, and updating its projected national delegate allocations.

Iowa: What the Iowa Caucus Tells Us About Cavalier Approaches to Technology | Cillian Kieran/CPO Magazine

As details emerge about the tech issues that have delayed the results of the Iowa caucus and thrown the public into states of confusion and frustration, I marvel at the familiarity of the story to anyone who has spent long enough working on the front lines of enterprise technology. It should be noted that the dust is still settling on events in the Hawkeye State, and so it may be a few more days until we know with absolute certainty what transpired and how exactly, in 2020, the results of the caucus are taking longer to arrive than in pre-internet days. But reports so far focus on the haphazard roll-out of a new voting app designed to facilitate (ostensibly) the transmission of results from caucus locations to centralized election monitors. A number of problems appear to have occurred with this process – ranging from caucus-site volunteers being unable to log-in to report results to rumored compromising by outside parties to scramble the results-logging process. Whatever the final assessment, it’s certainly not too early to call this a disaster, with a bungled roll-out as catalyst.

Nevada: Volunteers and campaigns worry about results reporting ahead of Nevada caucuses | Holmes Lybrand, Dianne Gallagher, Pamela Kirkland and Dan Merica/CNN

With the Nevada Democratic caucuses only a week away, both caucus workers and presidential campaigns are worried about the lack of detail the state party is providing about how the results reporting process will work. The worries come after the state party stopped working with Shadow Inc., the company behind the app whose “coding errors” were at the heart of the chaos of the Iowa caucuses. Having scrapped plans to use a pair of Shadow’s apps, the parties will instead use a “caucus calculator,” as outlined in a new memo released by the Nevada State Democratic Party Thursday. Described as “user friendly,” the calculator will be used to add early voting data into each precinct and calculate totals on caucus day, February 22, along with paper work sheets. The tool, which the party does not consider an app, will be available on iPads owned by the party and “accessed through a secure Google web form.” A similar memo was sent to the presidential campaigns on Monday.

West Virginia: State Expands Online Voting as Security Worries Grow | Patrick Groves/Government Technology

West Virginia, which has become an early tester of blockchain voting, is expanding Internet voting to include those with physical disabilities. But the move comes just as researchers from the Massachusetts Institute of Technology (MIT) have published a paper asserting that Voatz — the app West Virginia has been using in its pilot tests — has serious flaws, including the ability of bad actors to change votes without voters’ knowledge. Gov. Jim Justice signed SB 94 into law last week giving the secretary of state permission to create a system that allows people with physical disabilities to vote electronically. The Office of the Secretary of State lauded its success with Boston-based vendor Voatz that tallied 144 ballots from uniformed and overseas citizens in 2018. The Secretary of State’s Office may choose the startup again to enact the new law’s mandate for the 2020 primary and general elections. But election security experts and computer scientists have grown increasingly skeptical of the cybersecurity surrounding voting apps, especially after a mobile app used during the Iowa Caucus recorded data accurately but only reported it partially due to a coding error.

National: Voting on Your Phone: New Elections App Ignites Security Debate | Matthew Rosenberg/The New York Times

For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy. The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A start-up called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting. But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times ahead of its publication on Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.

National: MIT researchers identify security vulnerabilities in voting app | Abby Abazorius/MIT News

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting. Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

National: CISA and states tell Senate more cybersecurity resources needed | Benjamin Freed/StateScoop

State IT officials and the federal government’s top civilian cybersecurity official told members of the U.S. Senate Tuesday that the federal government needs to provide state and local governments with more assistance and expertise in protecting their networks and other critical infrastructure. Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency; Michigan Chief Security Officer Chris DeRusha; and Amanda Crawford, executive director of the Texas Department of Information Resources, each told members of the Senate Homeland Security Committee that while collaboration on cybersecurity between states and the federal government has improved in recent years, funding and resources for those activities are still in short supply. Krebs acknowledged his agency was not built to support state and local governments when it became the Department of Homeland Security’s newest branch in late 2018. But with ongoing threats to election security and a spike in ransomware attacks against local governments, he said, “we have had to build out our support to states.”

National: How Can State and Local Agencies Better Collaborate on Cybersecurity? | Phil Goldstein/StateTech Magazine

Some state governments, such as Massachusetts, have established formal plans to work with localities within their states on cybersecurity. However, as ransomware attacks proliferate across the country and strike big cities and small towns alike, state-level organizations say there needs to be greater IT security coordination between states and municipalities. Last month, the National Governors Association and the National Association of State Chief Information Officers released a report, “Stronger Together: State and Local Cybersecurity Collaboration,” designed to showcase best practices for such collaboration. “State governments are increasingly providing services to county and municipal governments, including endpoint protection, shared service agreements for cyber defensive tools, incident response and statewide cybersecurity awareness and training,” the report notes. At a minimum, the report says, increased engagement can provide government agencies with “a more accurate threat picture to enhance state and local governments’ cyber posture.” Yet agencies need to move beyond mere information sharing to “leverage limited resources for enhanced cyber capabilities,” the report notes.

Florida: Palm Beach County elections office hit by ransomware before 2016 election | Hannah Morse/The Palm Beach Post

Current Palm Beach County elections supervisor Wendy Sartory Link said she recently learned about a 2016 ransomware attack at the elections office. Weeks before the 2016 election that would usher in Donald Trump as president, the Palm Beach County Supervisor of Elections Office was subject to a ransomware attack, elections supervisor Wendy Sartory Link told The Palm Beach Post on Wednesday. The attack more than three years ago happened while Susan Bucher was elections supervisor, but Link said she was unsure how the virus infiltrated the system. “We weren’t part of that, but have we been hacked in Palm Beach County? Yeah, we have,” Link said during an editorial board interview. But Link said she does not believe the ransomware attack against the county is one of the two Russian hacking attempts in Florida revealed in former Special Counsel Robert Mueller’s report last April.

Utah: Lawmaker says Iowa caucuses a cautionary tale for online voting | Art Raymond/Deseret News

Issues in the recent Iowa Democratic caucuses with a smartphone app are a further reminder, according to one Utah lawmaker, that the state should move slowly and deliberately toward any future change to a statewide online voting system.

To that end, Rep. Mike McKell, R-Spanish Fork, is sponsoring a proposal to spend some 20 months on a study to determine what, if any, digital voting system is secure enough to trust with running Utah elections. That proposal, HB292, got unanimous support from the House Government Operations Committee on Wednesday and is now headed to the full body for further consideration. Ahead of the meeting, McKell told the Deseret News the proposed study isn’t due until October 2021 and would have no impact on the upcoming general election, nor the 2021 off-year municipal elections. The goal of the study, McKell said, is to take the necessary time to do a thorough assessment of the potential advantages, and pitfalls, of moving the voting process into the digital realm. “I think we need to slow things down and commit to a thorough review of internet voting,” McKell said. “I think there are a lot of pressures in play to use new technologies and take advantage of efficiencies they can bring. “But we just saw a whole host of problems in Iowa … that are a reminder that we’re just not there yet.”

Wisconsin: Cities Still Recovering From January Cyberattacks | Miranda Suarez/Wisconsin Public Radio

Two Wisconsin cities are still recovering after they were hit with ransomware in January, and one state official predicts those kinds of attacks will only get worse in the future. Ransomware is a kind of cyberattack that locks governments or companies out of their data, usually demanding money in exchange for access. It often enters a system through phishing emails, which contain a shady link or attachment. Ransomware shut down internal computer systems, like email, in Oshkosh and Racine on Jan. 28 and Jan. 31, respectively. Oshkosh city spokesperson Emily Springstroh said the city is mostly back online, but they don’t know yet how the virus got in.

Iran: U.S. must increase defenses against Iranian information operations, report says | Sean Lyngaas/CyberScoop

As social media platforms battle Iranian bots and trolls, the U.S. government needs to step up its own fight against Tehran’s digital influence operations, a new study says. With the 2020 election approaching, Washington should do more to attribute Iranian and other foreign influence operations and warn the public about them, scholars at the Atlantic Council think tank argue. “Iran has invested significant resources and accumulated vast experience in the conduct of digital influence efforts,” the report says. It calls on the Department of Homeland Security to create an intergovernmental agency to alert U.S. officials and the public of foreign influence operations. U.S. intelligence agencies need to work closely with social media companies to pinpoint foreign influence operations, Atlantic Council scholars Emerson Brooking and Suzanne Kianpour’s advise. That collaboration is a work in progress.

National: Senate GOP blocks three election security bills | Jordan Carney/The Hill

Senate Republicans blocked an effort by Democrats to unanimously pass three election security-related bills Tuesday, marking the latest attempt to clear legislation ahead of the November elections. Democrats tried to get consent to pass two bills that require campaigns to alert the FBI and Federal Election Commission (FEC) about foreign offers of assistance, as well as legislation to provide more election funding and ban voting machines from being connected to the internet. But Sen. Marsha Blackburn (R-Tenn.) opposed each of the requests. Under the Senate’s rules, any one senator can ask for unanimous consent to pass a bill, but any one senator can object and block their requests. Blackburn accused Democrats of trying to move the bills knowing that GOP lawmakers would block them and giving them fodder for fundraising efforts. “They are attempting to bypass this body’s Rules Committee on behalf of various bills that will seize control over elections from the states and take it from the states and where do they want to put it? They want it to rest in the hands of Washington, D.C., bureaucrats,” she said.

National: After GAO critique, DHS releases 2020 election security plan | Dean DeChiaro/Roll Call

The government’s top cybersecurity agency will focus on four key objectives to secure this year’s elections from hacking and other interference: protecting election infrastructure, assisting political campaigns, increasing public awareness about foreign intrusion, and facilitating the flow of information on vulnerabilities and potential threats between the public and private sectors. That’s according to the Cybersecurity and Infrastructure Security Agency’s #Protect2020 Strategic Plan, issued by the Homeland Security Department on Friday. The blueprint follows a Government Accountability Office report that said the agency would struggle to execute a nationwide strategy without a finalized agenda. The strategic plan describes the agency’s plans to work with federal law enforcement and state and local election officials on a “whole-of-nation effort” to defend electoral systems. “If we learned anything through 2016 and the Russian interference with our elections, it’s [that] no single organization, no single state, no locality can go at this problem alone,” CISA Director Christopher Krebs said in the report.

National: As Targets, States Need to Be Prepared for the 2020 Election | Tom Guarente/StateTech Magazine

With the first 2020 election primaries upon us, state government leaders are faced with the critical question of whether their election systems are prepared for looming cybersecurity threats. Foreign threat actors have shown again and again their interest in undermining one of the most sacred rights Americans hold: the vote. In Florida, it’s been reported, Russian interference in voter roll systems had the potential to alter results during the 2016 midterm elections. In Illinois, media reports show, there’s evidence that hackers working for Russian military intelligence installed malware on the network of a voter registration technology vendor. In fact, all 50 states’ election systems were targeted by Russia in 2016, according to a July 2019 report from the U.S. Senate Select Committee on Intelligence. Cyber-enabled election threats did not end in 2016. In the 2018 midterm elections, FireEye identified multiple social media accounts impersonating congressional candidates and spreading pro-Iran messages.

Iowa: How Acronym Pitched Itself to Potential Investors: “We Don’t Do Hyperbole. We Call BS.” | Ali Breland/Mother Jones

The letter was sent to prospective investors not long ago, the prose so redolent of disruptomatic DC consultant patter that lanyards practically hang from every word. “We don’t do hyperbole,” it reads. “We call BS. We say when our programs work. We say when they don’t because being dishonest or evasive tells us you have something to hide.” It goes on a little later: “Just don’t measure our success by how many Politico articles we’re mentioned in. You’ll be disappointed.” The letter, obtained by Mother Jones, was likely sent in 2018 on behalf of a nonprofit called Acronym, which today is infamous for having launched the tech company that launched the app that launched the Iowa Democratic caucuses into a days-long spectacle of incompetence. In the days since the caucuses went sideways in part because of its undertested app, Acronym has been evasive, if not dishonest. It has been mentioned in at least a dozen Politico articles, and indeed no one has taken the media attention as a measure of Acronym’s success.

Louisiana: Hacks on Louisiana Parishes Hint at Nightmare Election Scenario | Kartikay Mehrotra/Bloomberg

James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message. The timing wasn’t convenient. The clerk, Jeffrey Skidmore, was relaxing on his back porch and hoping to soak in some final moments of quiet before state and local elections. Skidmore let the call go to voicemail. But Wroten, whose company manages IT services for small companies and local governments, persisted until Skidmore finally picked up. “He told me we’d been infected by ransomware and to ask all 14 of my employees not to go into the office or try to access any of their files,” said Skidmore. “I was stunned. We had an election in six days.” That call, Wroten later recalled, was the start of one of the worst weeks of his life. Hackers had infiltrated Wroten’s company, Need Computer Help. From there, the attackers used the connections Wroten’s employees need to do their job in order to breach the networks of Vernon Parish and six other local parishes, the Louisiana equivalent of counties. The attacks highlight how vulnerable local jurisdictions remain despite four years of efforts to shore up defenses in preparation for the 2020 presidential election.

Maryland: Board of Elections halts wireless networks after glitch | Steve Thompson /The Washington Post

Maryland election officials have removed a requirement that some counties use an expanded wireless network during this year’s elections, after the network caused slowdowns during the special primary election last week. Opponents of the cellular networking system are pointing to delays during the special election in Maryland’s 7th congressional district as vindication of their concerns about cost and security risks. The primary was a day after technical problems threw Iowa’s Democratic caucus results under a cloud of uncertainty. State Sen. Cheryl C. Kagan (D-Montgomery) says the networking equipment is costly, unnecessary and vulnerable to hackers. She is sponsoring emergency legislation to ease deadlines under which local officials must tally votes, a move intended to remove the justification given by state election officials for using the new network. “If these wireless devices malfunctioned when only 60,000 voters came out for a special election, how can you rely on them when we’re expecting roughly one and a half million voters on primary election day?” Kagan said this week.

Nevada: Democrats lay out new plan for caucuses, trying to alleviate growing concerns about the process | Holly Bailey and Isaac Stanley-Becker/The Washington Post

After scrapping a pair of apps similar to the one that caused chaos in Iowa, the Nevada State Democratic Party said it would use paper ballots and an online check-in process in its presidential caucuses, a plan unlikely to end growing concerns about the coming vote. In a memo distributed to representatives of the 2020 campaigns on Monday night, party officials outlined several new procedures for early caucusing, set to begin Saturday. Among them was the use of an online Google check-in form designed to help party officials “track participants and streamline data collection” and the assignment of a numeric “voter PIN” and separate identification number tied to state voter registration to help route a participant’s ballot to their home precinct. The plan comes a week after Nevada Democrats were forced to rip up their caucus plans in the aftermath of Iowa’s disastrous caucus result. The party had been set to use two specially designed apps developed by political technology firm Shadow, the same company that designed the vote-recording app blamed for reporting issues in Iowa. But experts warned that this new proposal would leave the caucuses vulnerable to big security threats. They said, too, that they were puzzled by how the plan would work.

Nevada: Democrats to use scannable ballot for early voting, iPad with Google Forms for check in | Megan Messerly/Nevada Independent

Nevada Democrats will replace their app-based early voting process for the caucus with a scannable paper ballot, the first concrete details to emerge about the new process the party is designing in the wake of Iowa’s problem-plagued contest last week. Under the new system, early voters will fill out paper ballots that will be scanned at the end of each day, like a Scantron, at designated processing hubs monitored by the state party. Those paper ballots will be linked to voters’ unique secretary of state ID numbers — which will ensure their votes will flow to their home precinct to be counted alongside their neighbors’ on Caucus Day — through use of a check-in form, via Google Forms, as well as a paper back-up voter card. The Nevada State Democratic Party released the new details to the presidential campaigns Monday evening in a memo, which the party later provided to The Nevada Independent . The party’s executive director Alana Mounce and caucus director Shelby Wiltz also joined calls with individual campaigns to discuss the memo.

Israel: Benjamin Netanyahu’s election app potentially exposed data for every Israeli voter | Steve Hendrix /The Washington Post

An election app in use by Israeli Prime Minister Benjamin Netanyahu’s political party potentially exposed sensitive personal information for the country’s entire national voting registration of about 6.5 million citizens, according to Israeli media reports. The cellphone-based program, identified as the Elector app, is meant to manage the Likud party’s voter outreach and tracking for the country’s March 2 election, according to the Haaretz newspaper. But an independent programmer reportedly spotted a breach over the weekend that potentially exposed the names, addresses, ID numbers and other private data for every registered voter in the country. There was no immediate indication that any of the information had been downloaded before the breach was repaired, the paper said. The app’s developer told Haaretz that the flaw was quickly fixed and that new security measures were implemented. But a person close to Likud, who spoke on the condition of anonymity to discuss sensitive matters, said the party was braced for the possibility that information could have leaked, with worrying consequences. The comprehensive list of voters would have included personal details, including home addresses, for military leaders, security officials, government operatives and others of potential interest to Israel’s enemies.