Editorials: The internet and elections don’t mix. So why do we keep trying? | Jack Morse/Mashable

When it comes to conducting secure elections, keeping things old-fashioned is often the best bet. This simple reality can be broken down into two digestible nuggets of security wisdom: The internet and voting don’t mix. And auditable paper trails beat fancy digital recording devices every time. Security experts beat us over the head with these admonitions time and time again. And yet, as yesterday’s Iowa caucus screwup shows, we still have a lot of listening left to do. The Iowa caucuses — trending on Twitter at the time of this writing as the “#IowaCaucusDisaster” — represent a spectacular failure in modern day election reporting. According to numerous reports, a shoddily tested app was employed to relay caucus results to party officials. That app failed to properly function, throwing presidential candidates’ campaigns — and the country — into a brief fit.  Importantly, we should be clear that Iowa caucus-goers did not vote using the app. Rather, the caucus results — which were recorded on paper cards like the one shown above — were, after being tallied, reported to Democratic party officials via the app. Or, at least they were supposed to be. It was in this reporting phase that things took a turn for the terrible, with reports that the app had malfunctioned and perhaps tabulated results incorrectly.

National: Caucus Meltdown Tied to Democrats’ Little-Tested Mobile App | Michaela Ross, Kartikay Mehrotra and Chris Strohm/Bloomberg

The breakdown in reporting results from Iowa’s Democratic caucuses appears tied to failures in a mobile application that wasn’t ready for the load of a statewide election and which the head of the Homeland Security Department said wasn’t subjected to a cybersecurity test by his agency. “This is more of a stress or load issue as well as a reporting issue that we’re seeing in Iowa,” acting Department of Homeland Security Secretary Chad Wolf said in a Fox News interview Tuesday. Wolf said there’s little evidence of hacking of the app, which precinct officials struggled to use on Monday night. He said that his department’s cyber division had offered to test the software for vulnerabilities but was declined.… But the failure spotlights the need for hard-copy backups across election systems, as a handful of states are still using voting machines that don’t produce a paper receipt, according to Marian Schneider, president of the voting advocacy group Verified Voting and former deputy secretary for elections of Pennsylvania. “It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release the results from those records,” Schneider said.

National: Why 2020 could be a year of election malfunctions | Steven Overly and Eric Geller/Politico

Monday’s caucus app meltdown is just a taste of what may await the rest of America. Iowa wasn’t alone in adopting new technology to run elections in 2020, and the odds are it may not be the last state to suffer the consequences. Counties with tens of millions of people have rolled out new voting machines in recent years to replace hack-prone paperless devices. But new technologies inevitably bring their own hiccups, some more damaging than others. And as the debacle surrounding the Iowa Democrats’ vote-reporting app showed, any confusion can feed divisions and conspiracy theories, fueled by social media, that undermine Americans’ faith in democracy. Marian Schneider, the president of the advocacy group Verified Voting, said technology will always carry some risk, particularly when it’s connected to the internet — noting that even large companies with deep pockets get hacked. She said the problems in Iowa reinforce her organization’s argument that voting and reporting should not be done via mobile app. Another lesson: At least the Iowa caucuses had paper records to back up all of the electronic information. And so should other elections, she said. “So, the takeaway is that having a low-tech backup is really important whenever you’re deploying technology in elections,” she said.

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

National: DHS creates ‘tabletop in a box’ for local election security drills | Benjamin Freed/StateScoop

For the past few years, the Department of Homeland Security has convened exercises for state election officials to test how they’d respond to a cyberattack against voting systems. At a National Association of Secretaries of State meeting in Washington last weekend, a DHS official introduced a new product that could make it easier for local officials to run those exercises. The tabletop exercises, as the events are known, are designed to give secretaries of state, election directors, IT leaders and other officials a war game-like environment simulating the threats posed by foreign governments and other adversaries that might try to disrupt a real election. And while the exercises have included representatives of some local governments, one of the biggest challenges statewide election officials say they have is making sure new cybersecurity tools and procedures trickle down to even the smallest, most resource-strapped jurisdictions involved in the democratic process. The Cybersecurity and Infrastructure Security Agency on Friday published its “Elections Cyber Tabletop Exercise Package,” a 58-page guide for state and local officials to hold their own drills simulating ransomware, data breaches, disinformation campaigns and attempts to corrupt voting equipment. Matt Masterson, a senior adviser at CISA, described the document as a “tabletop in a box.”

National: Majority of Election Websites in Battleground States Failing in Cybersecurity | Security Magazine

A large majority of election-related websites operated by local governments in battleground states lack a key feature that would help them be more cybersecure — a site that ends in .gov as opposed to .com or other extensions. Research by McAfee found that as many as 83.3 percent of county websites lacked .GOV validation across these states, and 88.9 percent and 90 percent of websites lacked such certification in Iowa and New Hampshire respectively. Such shortcomings could make it possible for malicious actors to establish false government websites and use them to spread false election information that could influence voter behavior and even impact final election results. “Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” said Steve Grobman, McAfee Senior Vice President and Chief Technology Officer. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times. In this way, this malicious actor could impact election results without ever physically or digitally interacting with voting machines or systems.”

Iowa: Caucus debacle shakes public confidence in 2020 security | Joseph Marks/The Washington Post

The biggest security lesson from last night’s Iowa caucuses: It doesn’t take a hack for technology to undermine confidence in an election. The spectacular failure of a mobile app that was supposed to forward caucus results last night — which are still not out, as of this morning — is a striking example of how faulty technology can spark questions about election results and create an opening for misinformation and conspiracy theories. “These kinds of technical issues and operational delays play right into the game plan of malicious actors,” Maurice Turner, an election security expert at the Center for Democracy and Technology, told me. “[They] can leverage these small facts and turn them into viral misinformation messages speculating about hacking or corruption being behind the irregularities.”  The Democratic Party have surged its focus on cybersecurity to combat foreign interference by Russia or other actors that U.S. intelligence officials warn may seek a repeat of 2016. While an Iowa Democratic Party spokeswoman insisted the app “did not go down and this is not a hack or an intrusion,” the technical snags largely achieved the effects officials have long sought to avoid. Even candidates questioned whether the results were tainted: Vice President Joe Biden’s campaign complained about “considerable flaws” in the reporting system and demanded an explanation of the app’s quality controls before any results were released publicly.

Iowa: Democrats Should Have Known Better Than To Use An App | Kaleigh Rogers/FiveThirtyEight

More than 14 hours after the Iowa caucuses began, we still don’t have any official results, and it’s becoming clear that an app is at least partly to blame. An app designed to let caucus leaders report results seems to have had problems including user error, lack of connectivity and an insufficient backup plan, demonstrating exactly why it’s so difficult — and risky — to introduce new technology into elections. “Right now, a lot of the election security community is trying to, as nicely as possible, say ‘We told you so,’” said Maggie MacAlpine, a co-founder of Nordic Innovation Labs, a firm of security consultants whose specialties include safeguarding elections. This year, the Iowa Democratic Party, which runs the state’s Democratic caucuses, introduced a smartphone app that local precinct chairs could use to send in tallies from their caucus sites. Immediately, election security experts raised concerns because the party wouldn’t reveal who built the app, what testing had been done, or who they had consulted to make sure it was secure. The party insisted, however, that thorough security measures had been put in place, and besides, precinct chairs could always fall back on the reporting technology they’ve been using for decades: a phone-in hotline. One problem: Multiple precinct chairs reported hours-long wait times, and even getting cut off, when they tried to use that hotline.

Iowa: DHS chief says offer to vet Iowa caucus app was declined | Maggie Miller/The Hill

Acting Homeland Security Secretary Chad Wolf said Tuesday that an offer to vet the app used by the Iowa Democratic Party to tabulate votes during the Iowa caucuses was turned down. “Our Cybersecurity and Infrastructure Security Agency has offered to test that app from a hacking perspective,” Wolf said during an appearance on Fox News’s “Fox & Friends.” Wolf said the offer was “declined” and noted that “we’re seeing a couple of issues with it.” “I would say right now, we don’t see any malicious cyber activity going on,” he added. The Iowa Democratic Party said Tuesday morning that the app used to tabulate votes as part of the first-in-the-nation caucuses, which CNN confirmed was built by the firm Shadow, had a “coding issue in the reporting system” that slowed down the reporting of vote totals.

Nevada: Democrats won’t use app that caused Iowa caucus fiasco | Adam Edelman/NBC

Nevada’s Democratic Party said Tuesday it will not use the trouble-plagued app that has contributed to ongoing delays in the reporting of results in the Iowa Democratic caucuses. Democrats in Nevada had planned to use the app for their caucus on Feb. 22. The same company developed the app for both states. But the state’s Democratic Party said Tuesday that it had previously created backup plans for its reporting systems and was in the process of “evaluating the best path forward.” “NV Dems can confidently say that what happened in the Iowa caucus last night will not happen in Nevada on February 22nd. We will not be employing the same app or vendor used in the Iowa caucus,” Nevada State Democratic Party Chair William McCurdy II said in a statement.

Nevada: Democrats won’t use app at center of Iowa delays | Chris Mills Rodrigo/The Hill

The Nevada Democratic Party on Tuesday announced that it will not use the election results app that has been blamed for the delay in results from the Iowa caucuses. “NV Dems can confidently say that what happened in the Iowa caucus last night will not happen in Nevada on February 22nd. We will not be employing the same app or vendor used in the Iowa caucus,” Nevada State Democratic Party Chairman William McCurdy said in a statement. “We had already developed a series of backups and redundant reporting systems, and are currently evaluating the best path forward.” The announcement comes after the results of the Iowa caucuses, which began on Monday at 8 p.m. EST, have yet to be released amid confusion over the app used to transmit results, triggering uproar from supporters and political pundits. The slow rollout has lead many to question Iowa’s first-in-the-nation status. Price told campaigns early Tuesday afternoon that presidential campaigns should expect that a “majority” of the caucus results will be released at 5 p.m. EST, a source on the call told The Hill.

Ohio: State to ramp up election security with new federal funds | Maggie Miller/The Hill

Ohio is moving to implement a string of election security measures with new funding from Washington as the state races against the clock to guard against foreign hacking and disinformation campaigns. Ohio Secretary of State Frank LaRose (R), speaking on the sidelines of last week’s National Association of Secretaries of State (NASS) meeting in Washington, said there has been a seismic shift at the state level following the 2016 Russian election interference.  “From what I’ve observed, there is definitely a pre-2016, post-2016 mentality,” said LaRose, who characterized the coordination between the federal government, states and county officials as improving “exponentially.” Congress appropriated $380 million in 2018 to help states boost their election security. That was followed by an additional $425 million in December.  “I don’t think you’re ever going to hear a secretary of State or any state official say, ‘Turn off the tap, we’ve got enough federal funding,’” LaRose said. “I’m a fiscal conservative and I believe that we should be smart with our taxpayers’ dollars, but the demand is huge.”

Iowa: 2020’s first election security test: Iowa | Eric Geller/Politico

The Iowa caucuses on Monday night are practically as low-tech as elections come, involving the least-hackable voting process imaginable: People gathering in rooms and writing their choice on paper. But the first contest of the 2020 presidential race still represents a high-profile test of whether election officials, political parties and security experts are ready for another wave of cyberattacks, after Russian hackers revealed dangerous weaknesses in 2016. And despite assurances from both the Democratic and Republican parties that they’ve taken extensive steps to prepare, experts say attackers have plenty of opportunities to disrupt the democratic process.

National: Election officials confident about security days before first contests of 2020 | Joseph Marks/The Washington Post

Election officials are striking a confident tone about digital security at their final summit before caucus and primary season begins. But they’re also planning for the worst, war-gaming how to handle any major hacks from Russia or other adversaries. “We’re planning as if they’re coming back,” Chris Krebs, the Department of Homeland Security’s top cybersecurity official, said on the sidelines of the conference hosted by the National Association of Secretaries of State. “The playbook’s out there. It’s not just about Russia. It’s about anyone else that may want to get into this space.” Krebs led more than 200 officials through a series of worst-case scenarios during the conference, testing how they’d respond and work together during a cyberattack or misinformation campaign targeting a primary or general election. Among the participants were representatives from 44 states, 15 election vendors and 11 federal departments and agencies, a DHS spokeswoman said. The conclusion: Officials are far better prepared than in 2016 when Russian hackers probed election infrastructure across the nation and upended Hillary Clinton’s campaign by hacking and releasing emails and flooding disinformation onto social media.

National: As Iowa caucuses loom, states drill with feds to protect 2020 elections | Sean Lyngaas/CyberScoop

With the Iowa caucuses just days away, state election officials from around the country gathered this week in Washington, D.C., to drill for cyberattacks, study ransomware and learn how to work with ethical hackers. The level of collaboration was unthinkable four years ago, when Russia-backed hackers and trolls interfered to the electoral process. Then, it took many months for federal officials to notify states that their systems had been targeted, and states bristled at the Department of Homeland Security’s 2017 designation of election systems as critical infrastructure. Now, federal and state officials are mapping out how a foreign adversary might try to undermine the democratic process, and practicing how they would thwart those attacks. “We’re light years ahead today from where we were [in the aftermath of 2016]” Mac Warner, the secretary of state of West Virginia, said Thursday at the National Association of Secretaries of State conference. Warner said that shortly after the U.S. military killed a top Iranian general earlier this month, DHS officials held a call with states to explain the Iranian cyberthreat and what to watch for on their systems.

National: Behind the scenes, states race to shore up 2020 elections | Ben Popken/NBC

The officials in charge of running America’s elections in many states convened in the nation’s capitol this week to test and discuss their preparations for the 2020 U.S. presidential election. On their checklists: Everything. The National Association of Secretaries of State kicked off its biannual conference Thursday, a four-day event which this year has a heavy emphasis on election security. Each state has a chief elections officer and in 24, that’s the secretary of states. In others they may be responsible for only some parts of the electoral process. While praising the new information sharing network between state and federal authorities, officials who spoke with NBC News touched on a wide variety of challenges they continue to face, from disappointment with weak support by the executive branch to persistent concerns about disinformation. “We need to make sure that our operations are as resilient as possible, meaning that our hardware and software prevents attack, and measures are in place to survive an attack so that voters can trust the results of the election,” said Nellie Gorbea, the Rhode Island secretary of state.

Illinois: State officials: Implemented solutions to cyber attacks will improve Illinois’ election security| Mike Kramer/Pekin Daily Times

The well-documented 2016 infiltration of Illinois’ Voter Registration System by Russian hackers demonstrated that election infrastructure in the United States has become a focal point for foreign cyber attacks. According to Tazewell County Clerk John Ackerman, Illinois election officials have responded to the intrusions by working to upgrade the state’s cyber defenses. The upgrades are designed to protect voters and their ballots leading up to this year’s general election. ″(Election security) isn’t an issue that’s being discussed endlessly with no solution in sight,” said Ackerman. “There is a solution that has been provided and will be implemented throughout the state of Illinois before the 2020 elections. Here in Tazewell County, the solution went online just last week and I believe neighboring counties are similarly online. Other parts of the state still aren’t, but the goal is they will be before the March primary.”

Iowa: Caucuses to Be Testing Ground for Efforts to Protect Voting From Hackers | Alexa Corse/Wall Street Journal

With Iowans kicking off voting in the 2020 presidential election season, the race is also on to protect the vote from cyberattacks and other intrusions. Precautions being taken to secure elections range from revamped electronic voting systems backed up by paper ballots to having cybersecurity experts on standby on voting days. Election officials from across the country gathering this weekend in Washington are discussing contingency planning and other safeguard measures for the 2020 voting season. Monday’s caucuses in Iowa and New Hampshire’s primary the following week present a test for the overhaul in voting security taken since 2016, when, U.S. intelligence agencies say, Russia deployed hackers and internet trolls to interfere in the presidential election. While those intelligence assessments say no votes were tampered with, the agencies warn that Russia, China, Iran and other foreign adversaries are seeking new ways to interfere. “We’re planning as if they’re coming back,” Chris Krebs, the top cybersecurity official at the Department of Homeland Security, said after meeting with election officials from across the country in Washington on Thursday. “It’s not just about Russia. It’s about anyone else that may want to get into this space.”

Ohio: Local counties meet deadline for security rules | Chris Stewart/Dayton Daily News

Area elections officials say they met a Friday deadline to comply with a 34-point security checklist mandated by Ohio’s secretary of state to defend against attacks on election infrastructure. “We’re not going to wash our hands and say we are done with cyber security,” said Jan Kelly, director of the Montgomery County Board of Elections. “This is ongoing. This is what it’s going to be in the future.” The checklist included high priority items that boards of elections hadn’t addressed from one issued in 2018. The new directive included testing systems for the latest vulnerabilities and adding security upgrades, putting elections personnel through background checks, and installing cyber-attack detection and tracking hardware. The changes provide a standard of election security others hope to emulate, said Ohio Secretary of State Frank LaRose. “There’s a reason other states are looking to Ohio,” he said. “We’ve challenged our counties to make significant and challenging improvements well before voters begin casting their ballots; setting up the security redundancies necessary to achieve a successful election.”

Iowa: Delayed Iowa Caucus Results Lead to Confusion | The New York Times

Troy Price, the chairman of the Iowa Democratic Party, said shortly after 1:00 a.m. Central time that he expected to have caucus results to report “later today” after party officials had manually tallied the data. On a brief conference call with reporters, Mr. Price stressed that the caucus results were being delayed because of problems reporting delegate totals from the more than 1,600 precincts, not because the system had been hacked. “This is taking longer than expected,” he said. “The system is in place to make sure we can report results with full confidence.” Several hours after the caucuses ended, the state party still has not publicly reported any results. Mr. Price did not take questions, and the call ended after he finished reading his statement.

National: Election officials get training before 2020 voting begins | Christina A. Cassidy/Associated Press

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security. The change since 2016 underscores how election security has become a top concern with presidential nominating contests set to begin next week. Kicking off Thursday’s meeting was a training exercise coordinated by the Department of Homeland Security. Election officials from 44 states joined officials with 11 federal agencies and representatives from more than a dozen voting technology companies to participate in the half-day exercise to help them keep votes secure. “We’ve come a long ways,” said Iowa Secretary of State Paul Pate. “That’s the strength of doing these tabletops: putting everyone in the same room so we have that contact and preparing for whatever scenarios might come up.” The vast majority of panels at the biannual meetings of the National Association of Secretaries of State and the National Association of State Election Directors are dedicated to cybersecurity, from what states can do to disrupt hacking attempts to the threat of ransomware.

National: House GOP introduces bill to secure voter registration systems against foreign hacking | Maggie Miller/The Hill

Republicans on the House Administration Committee on Wednesday introduced legislation that would seek to update a long-standing federal election law and secure voter registration databases from foreign hacking attempts. The Protect American Voters Act (PAVA) would require the Election Assistance Commission (EAC) to establish the Emerging Election Technology Committee (EETC), which would help create voluntary guidelines for election equipment, such as voter registration databases, not covered under the Help America Vote Act (HAVA). HAVA was signed into law in 2002 following problems with voting during the 2000 presidential election. The law established the EAC and set minimum election administration standards.  The EETC would be empowered to bypass the existing Voluntary Voting Systems Guidelines process, which is a voluntary set of voting requirements that voting systems can be tested against to ensure their security and accessibility. The new bill would also establish an Election Cyber Assistance Unit within the EAC, which would help connect state and local election officials across the country with cybersecurity experts who could provide technical support. 

National: Securing elections starts with securing voter registration | Samuel S. Visner/StateScoop

It’s Nov. 3, Election Day: You go to the polls at the school where you’ve cast your ballots for the last 15 years, only to be told you are no longer on the voter registration list. And according to your state’s online database, you’re now supposed to be voting at a church 15 miles away. You’re confused, angry and late for work. So, you don’t vote. And your candidates of choice lose. How would you feel about those who won, much less the democratic process, after that? Attacking voter registration databases is one of the many ways threat actors could attempt to tamper with this year’s presidential election. After the 2016 election cycle, U.S. intelligence officials concluded that hostile nation-state actors attempted to access voter files in all 50 states and succeeded in some states, including Illinois. These and other kinds of compromises, such as ransomware that could deny election officials’ access to critical voter data during the 2020 election, could undermine confidence in U.S. institutions and the perceived legitimacy of those elected.

National: There’s a new cross-country effort to train election and campaign pros on digital security | Joseph Marks/The Washington Post

A team from the University of Southern California has embarked on a 50-state tour to give cybersecurity training to poll workers and state and local campaign staffers who will be the last line of defense against Russian hacking in 2020. The group, called the Election Cybersecurity Initiative, views itself as a bottom-up, grass-roots counterpart to national-level election security efforts led by the Department of Homeland Security in the wake of Russia’s election interference in 2016. It’s hoping to advise local election officials, Election Day volunteers, ground-level campaign door-knockers and even interns in both political parties who national officials are unlikely to reach. The group also wants to build a network of cybersecurity experts at universities across the nation who can help secure local races and polling sites. “There are incredible grass-roots resources and folks who are highly educated,” Justin Griffin, the group’s managing director, told me. “We’re really going to the states to touch those folks who could never take the time or have the budget to come to Washington for a session like this.” The cross-country effort, which launched in Maryland this week, is yet another example of how the threat of hacking and disinformation is affecting every part of the elections and campaign process. The group, which is funded with a grant from Google, is modeling itself after an election campaign and using the tagline: “Our candidate is democracy.”

Illinois: Elections officials disclose fresh problems with voter registration | Sophia Tareen/Associated Press

Illinois elections officials disclosed fresh problems Wednesday with the state’s automatic voter registration program, including at least one eligible voter who said she registered to vote but ended up on an opt-out list. The program is already under fire for mistakenly registering over 500 people who indicated they weren’t U.S. citizens, of which 15 people voted in 2018 and 2019 elections. Election officials said at least eight of the people have long voting histories and were likely U.S. citizens, leaving seven voters in question. The individuals involved were applying for standard drivers’ licenses at secretary of state’s offices. Details were scarce on the new issues, disclosed at a State Board of Elections meeting. Brenda Glahn, an attorney with the secretary of state, said registrations of eligible voters who appeared to decline to be registered were still sent to election officials. The problems stem from those applying for a REAL ID, which requires proof of citizenship.

Ohio: Boards of Election face Friday deadline to finish security updates ahead of March primary | John Kosich/News5Cleveland

Ohio Secretary of State Frank LaRose will tell you that talk of efforts to interfere in our elections isn’t talk, it’s a reality. “There are foreign adversaries who want to undermine the credibility of this thing that is really fundamental to our way of life as Americans and that is the ability to elect our leaders,” LaRose told News 5 from Israel, where he was asked to speak this week at a cyber-security conference in Tel Aviv. “They’ve heard about some of the work we’re doing in Ohio where in many ways we’re leading the nation with a very aggressive cyber-security posture that we’ve put in place to protect the integrity of our elections,” he said. “While I’ve been here I’ve had the chance to meet with my counterparts from Israel’s electoral commission as well, so there’s a great exchange of information between the Israeli experts that work to keep their election’s safe and secure and myself.” The state’s county boards of election this week have been busy completing LaRose’s task of making sure they are all individually protected against attack — a 34-point checklist that they have until January 31 to complete.

National: Election Officials To Convene Amid Historic Focus on Voting And Interference | Pam Fessler/NPR

Top election officials from all 50 states are meeting in Washington this week to prepare for 2020 — a gathering amid widespread concern over whether the upcoming elections will be fair and accurate, as well as free of the kind of foreign interference that marred the 2016 campaign. Despite major government efforts to upgrade security, an NPR/PBS NewsHour/Marist poll found that about 41% of Americans surveyed do not think the country is prepared to protect the U.S. election system from another attack. Voters also say their biggest concern is disinformation, followed by voter fraud and voter suppression. Forty-four percent think it’s likely that many votes will not actually be counted in 2020. While most voters have confidence in their state and local governments to run a fair election, 43% do not think those officials have done enough to make sure that there’s no foreign interference. Many more blame President Trump. Fifty-six percent say he has done little or nothing to keep the elections safe. A slim majority think the president, who has repeatedly questioned Russian tampering in 2016, actually encourages foreign interference.

National: It takes too long to detect hacking after elections. Here’s 3 ways to help. | Jeremy Epstein/Fifth Domain

In 33 states in America, millions of voters are still at risk of having their ballots deliberately changed, uncounted, undercounted, misrecorded or otherwise subverted. Why? Simply because these states either permit some form of Internet voting or because one or more parts of their voting processes are connected to the Internet. This should disturb us. What is doubly worrying is the fact that, even if an intrusion is detected in these systems, there is no way to determine with certainty the impact on vote counts from the malicious hacks without paper ballots. There is no paper-based, traceable record of citizens’ votes without paper ballots. This means there is no way to reliably audit the election results. While paper ballots don’t prevent hacks, they can nullify the impacts of hacks because they allow authorities to reliably and accurately recount votes. The ability to retrace elections is critical in many ways: to restore the will of the people by accurately reflecting their votes, and to maintain confidence in our elections and our democracy.

National: FBI breach notice rules lauded by states, but some want more | Derek B. Johnson/FCW

Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. “They’re not in a position to give any attention to what was going on and to try to correct the issue, and so if [the feds aren’t] contacting us, what’s the value of calling anyone?” he told FCW. “And when we explained that to [the federal government,] they understood.”

National: Nonprofit expands free security services for campaigns as election season heats up | Cat Zakrzewski/The Washington Post

Political campaigns might not have the time or money to seek out tech talent and services in their busiest season, even as concerns loom about election hacking and interference. A political odd couple is trying to change that. Defending Digital Campaigns — founded by Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager — is offering campaigns a wide range of free and discounted cybersecurity services. The nonprofit organization, which acts as a clearinghouse between campaigns and the companies, announced yesterday that it broadly expanded its industry partners to include tech heavyweights such as Microsoft and Cloudflare. DDC is designed to be a one-stop shop for campaigns to get protections against phishing, websites and mobile app security, multi-factor authentication through security keys, and more. “DDC will create even more value for campaigns by housing a number of these offerings from different companies,” Ginny Badanes, director of Microsoft’s Defending Democracy Program, tells me. “We think this will help increase adoption of these services and ultimately make campaigns more secure.” Microsoft is offering its suite of Office and business products for campaigns at a discount. It’s also a more expedient way to ensure campaigns can access their services, especially in a complicated regulatory environment, companies say. DDC secured Federal Election Commission approval to provide campaigns with free or discounted services last year. By partnering with the organization, companies don’t have to seek out individual approvals — a process that can take several months.