Editorials: How to fight election cyber attacks while protecting the health of voters during a pandemic | Quentin E. Hodgson and Jennifer Kavanagh/Baltimore Sun

State and local elections officials — nervously eyeing the fall for a potential second wave of COVID-19 — are scrambling. With only five months before the presidential election, they are scouting larger polling places to enable social distancing and planning to mail and scan more absentee and mail-in ballots than ever. But in addition to keeping poll workers and voters safe from viral transmission, there is a second major risk: how to keep the election itself secure from cyber threats. During the recent months of the pandemic, U.S. adversaries have stepped up both cyberattacks and disinformation campaigns. The United States should expect them to also take advantage of the logistical challenges of voting in a COVID-19 world to redouble their efforts against elections. Cyber threats to U.S. elections came into sharp relief in 2016, when Russia conducted operations to influence the electorate and infiltrate voting systems. In January 2017, the Department of Homeland Security declared elections to be “critical infrastructure” and embarked on an extensive cybersecurity support effort. It established, for example, the Elections Infrastructure Information Sharing and Analysis Center which provides elections officials with cybersecurity alerts, vulnerability assessments and response aid when experiencing a cyberattack.

National: How secure are electronic pollbooks and vote reporting tools? This new program aims to find out | Joseph Marks/The Washington Post

Voting machines get most of the attention when it comes to election security. But officials are now trying to tackle myriad ways adversaries could undermine U.S. elections aside from directly rigging ballots. A new pilot project run by a top cybersecurity nonprofit group and the Election Assistance Commission aims to look for bugs in the many other machines that hackers could exploit to throw an election into chaos, such as electronic poll books and systems for reporting unofficial election night results. Most states currently don’t have a formal process for ensuring they’re secure. “Most of our adversaries aren’t looking to affect the outcome of an election as much as they want to affect our confidence in that outcome,” Aaron Wilson, senior director of election security at the Center for Internet Security, which is running the project, told me. “All of these technologies could have a really big impact on voter confidence and in some cases on the vote itself.” A cyberattack that modified voter information in e-poll books, for example, could make it difficult or impossible for many people to cast ballots. An attack that changed election night results could create confusion about the winner and degrade faith in the real result.

National: Why Can’t People Vote Online? Election Security Analysts Weigh In | Chris Iovenko/Observer

The coronavirus pandemic has radically changed the way we live; it is also upending the way we vote. Traditional polling stations, which often have long lines and use crowded indoor spaces and shared voting equipment, pose substantial risks for spreading the disease. Unless there is a massive switch to remote voting, the predicted second wave of COVID-19 this fall could be catastrophically escalated by large in-person turnouts at polling stations. And in turn, efforts to prevent increased infections can be used as an excuse for targeted, discriminatory curtailment of in-person voting, with the outrageous events in Georgia’s primary election on Tuesday a clear example of the potential derailment of democracy. Currently, the most common way to vote remotely is by mail. It’s a proven, convenient, and safe technique; in the 2016 election,  1 in 4 Americans voted by mail. However, President Donald Trump (who himself votes by mail) and his allies have falsely attacked vote-by-mail as wide-open to fraud and an attempt by Democrats to steal the election. The Republican National Committee has launched a lawsuit in California contesting expansion of vote-by-mail and in states controlled by Republicans obstacles to voting by mail will likely be greater than those faced by voters in other states.

National: Cybersecurity Concerns with Online Voting for 2020 Presidential Election | 2020-06-11 | Security Magazine

A new report by researchers at the Massachusetts Institute of Technology (MIT) and University of Michigan discusses the cybersecurity vulnerabilities associated with OmniBallot, a we-based system for blank ballot delivery, ballot marking and (optionally) online voting. Three states – Delaware, West Virginia and New Jersey – recently announced they would allow certain voters to cast votes using OmniBallot. Researcher Michael A. Specter at MIT and J. Alex Halderman at the University of Michigan reverse engineered the client-side e portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security. “We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare,” the researchers explain. In addition, Democracy Live, which appears to have no privacy policy, receives sensitive personally identifiable information— including the voter’s identity, ballot selections, and browser fingerprint— that could be used to target political ads or disinformation campaigns, the report says.

National: Researchers say online voting tech used in 5 states is fatally flawed | Timothy B. Lee/Ars Technica

OmniBallot is election software that is used by dozens of jurisdictions in the United States. In addition to delivering ballots and helping voters mark them, it includes an option for online voting. At least three states—West Virginia, Delaware, and New Jersey—have used the technology or are planning to do so in an upcoming election. Four local jurisdictions in Oregon and Washington state use the online voting feature as well. But new research from a pair of computer scientists, MIT’s Michael Specter and the University of Michigan’s Alex Halderman, finds that the software has inadequate security protections, creating a serious risk to election integrity. Democracy Live, the company behind OmniBallot, defended its software in an email response to Ars Technica. “The report did not find any technical vulnerabilities in OmniBallot,” wrote Democracy Live CEO Bryan Finney. This is true in a sense—the researchers didn’t find any major bugs in the OmniBallot code. But it also misses the point of their analysis. The security of software not only depends on the software itself but also on the security of the environment on which the system runs. For example, it’s impossible to keep voting software secure if it runs on a computer infected with malware. And millions of PCs in the United States are infected with malware.

National: Democracy Live Internet Voting System Can Be Hacked, Researchers Warn | Lucas Ropek /Government Technology

An online voting platform that has seen recent adoption by numerous state and county governments has vulnerabilities that could be exploited to change votes without the knowledge of election officials, a new report alleges. The OmniBallot, which is a product of Seattle-based tech firm Democracy Live, purports to offer “secure, accessible remote balloting for all voters” and is being used by state or county governments in Oregon, Washington, Colorado, Ohio, Florida, New Jersey and West Virginia. The company developed a number of contracts for limited Internet voting pilot programs with states earlier this year, after COVID-19 threatened to disrupt primary elections nationwide. These programs are fairly limited in scope and largely focus on overseas voters and the disabled. However, computer science researchers say what the company really offers is an insecure platform. The recently published report from professors Michael J. Specter, of MIT, and J. Alex Halderman, of the University of Michigan, states that the company “uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare [its partners].”

National: Cyber Command creates new malware sharing portal with National Guard | Mark Pomerleau/The Fifth Domain

A new portal created by U.S. Cyber Command and the National Guard provides a two-way interface for sharing malware and gain better insights into cyber threats facing the nation, according to a June 9 release from the command. This portal, called Cyber 9-Line, allows participating Guard units from their perspective states to quickly share incidents with Cyber Command. Cyber Command’s elite Cyber National Mission Force, which conducts operations aimed at disrupting specific nation state actors, is then able to provide analysis on the malware and offer feedback to the states to help redress the incident. “This level of cooperation and feedback provides local, state and Department on Defense partners with a holistic view of threats occurring in the United States and abroad,” said Brig. Gen. William Hartman, commander of the Cyber National Mission Force and the lead for Cyber Command’s election security group. “Dealing with a significant cyber incident requires a whole-of-government defense, bidirectional lines on communication and data sharing enables the collective effort to defend elections.”

Editorials: Will Vote-by-App Ever Be Safe? | Scott White/Dark Reading

Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders. The push for online voting has been happening for years, but now that a major pandemic has hit the US, there is more incentive than ever for states and counties to try out online and mobile voting services. This summer, Delaware and West Virginia will allow online voting in their primaries, and New Jersey is also testing it in a municipal election. The Utah GOP recently used mobile voting in a virtual state convention. Other states and counties are likely to follow. These solutions are far from perfect; to call them “experimental” is putting it nicely. Most of the current providers are new companies with relatively small development teams. Multiple researchers like MIT and Trail of Bits have found vulnerabilities in the voting app created by Voatz. It’s also concerning that the app developer appears to be antagonistic to the security community about such vulnerability research. And let’s not forget what happened to Shadow Inc.’s IowaReporterApp during the Iowa Democratic presidential caucus this past February. The inherent vulnerability of app-based voting is a serious cause for concern, but governments and political parties are likely to pursue them anyway. So, let’s take a closer look at where the problems are.

Voting Blogs: Democracy Live internet voting: unsurprisingly insecure, and surprisingly insecure | Andrew Appel/Freedom to Tinker

The OmniBallot internet voting system from Democracy Live finds surprising new ways to be insecure, in addition to the usual (severe, fatal) insecurities common to all internet voting systems. There’s a very clear scientific consensus that “the Internet should not be used for the return of marked ballots” because “no known technology guarantees the secrecy, security, and verifiability of a marked ballot transmitted over the Internet.” That’s from the National Academies 2018 consensus study report, consistent with May 2020 recommendations from the U.S. EAC/NIST/FBI/CISA. So it is no surprise that this internet voting system (Washington D.C., 2010) is insecure , and this one (Estonia 2014) is insecure, and that internet voting system is insecure (Australia 2015) , and this one (Sctyl, Switzerland 2019), and that one (Voatz, West Virginia 2020) A new report by Michael Specter (MIT) and Alex Halderman (U. of Michigan) demonstrates that the OmniBallot internet voting system from Democracy Live is fatally insecure. That by itself is not surprising, as “no known technology” could make it secure. What’s surprising is all the unexpected insecurities that Democracy Live crammed into OmniBallot–and the way that Democracy Live skims so much of the voter’s private information.

Russia: Moscow Said to Hire Kaspersky to Build Voting Blockchain With Bitfury Software | Anna Baydakova/CoinDesk

Voting and blockchain have been a controversial couple but Moscow appears determined to use the technology for a national referendum involving President Vladimir Putin. Russia will vote on changing its constitution, adopted in 1993, on July 1. The main issue to be decided is whether to allow Russia’s president to stay in power for more than the current limit of two consecutive six-year terms. Most of the nation will use traditional paper ballots, but residents of Moscow and the Nizhny Novgorod region will have the option of casting their votes electronically and, at least in the Muscovites’ case, having them recorded on a blockchain. According to an official page dedicated to electronic voting, Moscow’s Department of Information Technologies, which is working on the technical solution, plans to use Bitfury’s open-source enterprise blockchain, Exonum. “The blockchain technology is working in the Proof of Authority mode,” the page says in Russian. “A smart contract for the ballot ledger will be recording the votes in the system, and after the voting is complete it will decode them and publish them in the blockchain system.” The Department of Information Systems did not respond to CoinDesk’s request for comment by press time. Bitfury’s spokesperson declined to comment on the company’s involvement in the project.

National: Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find | Kim Zetter/OneZero

New research shows that an internet voting system being used in multiple states this year is vulnerable to hacking, and could allow attackers to alter votes without detection. On Sunday, researchers published a report that details how votes in OmniBallot, a system made by Seattle-based Democracy Live, could be manipulated by malware on the voter’s computer, insiders working for Democracy Live, or external hackers. OmniBallot is currently used in Colorado, Delaware, Florida, Ohio, Oregon, Washington, and West Virginia. Though online voting has typically been used by overseas military and civilian voters, it could expand to more voters in the future due to the pandemic. The researchers found that bad actors could gain access to ballots by compromising Democracy Live’s network or any of the third-party services and infrastructure that the system relies on, including Amazon, Google, and Cloudflare. “At worst, attackers could change election outcomes without detection, and even if there was no attack, officials would have no way to prove that the results were accurate,” the researchers, Michael Specter at the Massachusetts Institute of Technology and J. Alex Halderman of the University of Michigan, write. “No available technology can adequately mitigate these risks, so we urge jurisdictions not to deploy OmniBallot’s online voting features.”

National: Hackers Are Already Screwing With the 2020 Election | Eric Lutz/Vanity Fair

Donald Trump has spent months promulgating bad-faith attacks on remote voting, masking his fears that high turnout could favor his Democratic opponent with unfounded claims that it would result in widespread fraud. “WE CAN NEVER LET THIS TRAGEDY BEFALL OUR NATION,” he tweeted of mail-in voting last month. But while the president’s attacks on proposals to ensure votes can be safely cast amid the coronavirus pandemic may be obvious lies, some remote voting measures have raised legitimate concerns about the risk of foreign interference. With COVID-19 almost certain to remain an enormous public health issue through election day in November, several states—including ones led by Republicans—have sought to expand access to mail-in voting. A handful are going even further, experimenting with or ramping up online voting. According to the New York Times, the latter is potentially vulnerable to hacking, with researchers warning that online voting could present opportunities for foreign manipulation. “Online voting raises such severe risks that, even in a time of unrest and pandemic, these jurisdictions are taking a major risk of undermining the legitimacy of their election results,” University of Michigan computer science professor J. Alex Halderman told the Times.

National: DARPA wants hackers to try to crack its new generation of super-secure hardware | Joseph Marks/The Washington Post

The Pentagon’s top research agency thinks it has developed a new generation of technology that will make voting machines, medical databases and other critical digital systems far more secure against hackers. Now, the Defense Advanced Research Projects Agency, which helped invent GPS and the Internet, is launching a contest for ethical hackers to try to break into that technology before it goes public. DARPA is offering the hackers cash prizes for any flaws they find using a program called a “bug bounty.” The new technology is based on re-engineering hardware, such as computer chips and circuits, so that the typical methods hackers use to undermine the software that runs on them become impossible. That’s far different from the standard approach to cybersecurity, in which tech companies release a never-ending stream of software patches every time bad guys discover a new bug.

National: COVID-19 Adds to US Election Security Challenges: Report | Ishita Chigilli Palli/GovInfo Security

The global COVID-19 pandemic has created a new series of cybersecurity challenges for election officials across the U.S., including concerns about the security of mail-in ballots and whether attackers will target vulnerable networks for those local election workers still working remotely, according to a new report. The Brennan Center for Justice, a nonpartisan law and public policy institute connected to New York University Law School, released a report on Friday urging Congress to provide states with the required resources to ensure more secure election process. “Effective digital resiliency plans can ensure that operations continue and eligible citizens are able to exercise their right to vote even in the face of cyberattacks or technical malfunctions,” according to the report.

National: Chinese and Iranian APT Groups Targeted US Presidential Campaigns | Kelly Sheridan/Dark Reading

Google’s Threat Analysis Group (TAG) recently saw a China-linked cyberattack group targeting Joe Biden’s 2020 presidential campaign staff, and an Iran-linked attack group targeting Donald Trump’s campaign staff. Both incidents involved phishing; neither one indicated a compromise. TAG director Shane Huntley posted a tweet about the findings late last week. Both campaigns were notified of the attempts and informed federal law enforcement, he wrote. This isn’t the first time that attackers have attempted to infiltrate the Trump campaign: Last year, Microsoft found a group seemingly linked to the Iranian government targeted Trump’s 2020 reelection efforts. Because this year’s elections are only a few months away, this discovery isn’t surprising. If the Trump and Biden campaigns represent the major political parties on November 3, there will be more intelligence value placed on their communications, says Charles Ragland, security engineer at Digital Shadows.

National: Report details new cyber threats to elections from COVID-19 | Maggie Miller/The Hill

Election officials face a wide range of new cybersecurity threats stemming from voting changes spurred by the coronavirus pandemic, according to a report released Friday. The report, compiled by New York University’s Brennan Center for Justice, lays out threats such as attempts to target election officials working on unsecured networks at home, recovering from voter registration system outages and securing online ballot request systems. “Voters are already placing increased demands on online registration systems and mail ballot options,” the authors wrote in the report. “At the same time, the risk of cyberattacks from foreign state and nonstate actors alike remains.” Lawrence Norden, director of the Brennan Center’s Election Reform Program and a co-author of the report, told The Hill that election officials were already faced with cybersecurity threats, but they’re now also facing COVID-19 challenges. “Now that we are past the primaries in a lot of states, there is time to return our attention again to cybersecurity, and obviously the threat hasn’t gone away just because we are dealing with COVID-19 in the United States,” Norden said.

National: Amid Pandemic and Upheaval, New Cyber Risks to the Presidential Election | David E. Sanger, Nicole Perlroth and Matthew Rosenberg/The New York Times

With the general election less than 150 days away, there are rising concerns that the push for remote voting prompted by the pandemic could open new opportunities to hack the vote — for President Vladimir V. Putin of Russia, but also others hoping to disrupt, influence or profit from the election. President Trump has repeatedly said that mail-in ballots invite voter fraud and would benefit Democrats. It is a baseless claim: Mail-in voting has resulted in little fraud in the five states that have used it for years, and a recent study at Stanford University found that voting by mail did not advantage either party and might increase voter turnout for both parties. But there are different worries. The rush to accommodate remote voting is leading a small number of states to experiment with or expand online voting, an approach the Department of Homeland Security deemed “high risk” in a report last month. It has also put renewed focus on the assortment of online state voter registration systems, which were among the chief targets of Russian hackers in 2016. Their security is central to ensuring that, come November, voters actually receive their mail-in ballots or can gain access to online voting. While Russian hackers stopped short of manipulating voter data in 2016, American officials determined the effort was likely a dry run for future interference. To head off that threat, last summer the Department of Homeland Security hired the RAND Corporation to re-evaluate the nation’s election vulnerabilities, from poll booths to the voter registration systems. RAND’s findings only heightened the longstanding fears of government officials: State and local registration databases could be locked by hackers demanding ransomware or manipulated by outside actors.

National: Attempted hacks of Trump and Biden campaigns reveal a race to disrupt the 2020 general election | Joseph Marks/The Washington Post

It’s official: The race to hack the 2020 general election is in full swing. Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff, the leader of Google’s threat-hunting team revealed in a tweet. China, meanwhile, tried to hack staff for former vice president Joe Biden, the presumptive Democratic presidential nominee, Shane Huntley said. The hackers didn’t successfully breach those accounts. But these nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by U.S. adversaries. “It’s no surprise the Chinese and Iranian governments are trying to compromise our 2020 presidential campaigns through cyberattacks. Their goal is simple: suck up information about our candidates’ campaigns and then create conflict and chaos in our election,” Matt Rhoades, who managed Mitt Romney’s 2012 campaign and helped launch a bipartisan group aimed at preventing election hacking, told me. Officials with the Department of Homeland Security and U.S. intelligence have been warning for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest in a replay of operations from the last presidential race, which leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.

Editorials: Online voting is my 2020 cybersecurity nightmare | Lee Black/The Hill

COVID-19 social distancing measures will likely continue through 2020 — or should — significantly impacting the November election. One proposed solution has been a shift to online voting — an approach that is the dream of many voting reform advocates and the nightmare of cyber and national security experts. Online voting has an allure, given our pervasive use of the internet: We file taxes online, conduct banking transactions, meet future spouses, buy, and sell houses, and purchase a dizzying array of goods and services. We have shifted so much of our lives and responsibilities online that at times it seems backwards to not digitize every action. So why not voting? There is no room for error with foundational democratic exercises like voting. In this case, the process is more important than the outcome. Trust is a critical element of the system for the winner, but more importantly, for the loser, whose acceptance of defeat based on the will of the people allows for a peaceful transition of power. Many uncertainties surround the technical security needed to ensure confidence in the results of online elections. More troubling still is how foreign governments might seek to deconstruct or disrupt any online voting technology we deploy. Similar efforts are already being reported targeting healthcare and research institutions in the U.S. working on a COVID-19 vaccine. Several threats must be addressed before we ever vote online.

District of Columbia: Some D.C. Residents Were Allowed To Vote By Email. Was That A Good Idea? | Martin Austermuhle/DCist

By Monday, Ward 6 resident Alex Dickson was running out of options. She had requested an absentee ballot for the following day’s primary election, but even after repeated promises from the D.C. Board of Elections that one had been sent, she had yet to receive it. By late that day, election officials offered her another option: She could vote by email. “What? OMG that’s crazy,” wrote Dickson in a Twitter exchange with an election official. But on Tuesday morning, that’s what she did. Faced with what is reported to have been hundreds of complaints from D.C. residents who said they never got requested absentee ballots in the mail, early this week the elections board decided to offer the chance to cast their ballots via email, using an existing service that had been used in the past — but only for a small group of voters with disabilities, and also for those in the military living overseas. The move came in the last-minute scramble to accommodate voters ahead of Tuesday’s primary, which was being conducted largely through the mail because of the COVID-19 pandemic. But the sudden shift in how the election was to be run — announced in late March, two months ahead of the primary — wasn’t without its challenges, leaving the elections board struggling to keep up with a huge number of requests for absentee ballots: more than 90,000 all told, roughly tenfold most normal election cycles.

Iran: Hacking team accused of targeting US election campaign | Middle East Monitor

Iran has been named as one of the two countries to be running a state backed hacking operation, in an attempt to access sensitive information from the campaign teams of US President Donald Trump and the Presumptive 2020 Democratic presidential nominee Joe Biden. The other is China. Details of the hacking operation were uncovered by Google Threat Analysis Group (TAG). “Recently TAG saw China APT group targeting Biden campaign staff & Iran APT targeting Trump campaign staff with phishing,” tweeted Shane Huntley, director for Google’s Threat Analysis Group. He said that there was “no sign of compromise” and that both the affected users and federal law enforcement were notified. In a separate tweet, yesterday, Huntley explained APT31 was a Chinese backed hacking group and APT35 was an Iranian backed hacking group, both of which are said to be known to the threat analysis team for targeting government officials.

National: Presidential Campaigns Targeted by Suspected Chinese, Iranian Hackers | Robert McMillan/Wall Street Journal

Campaign staffers working on the presidential campaigns of Donald Trump and Joe Biden have been targeted with online attacks coming from Iran and China respectively, Google said, in a sign that the meddling four years ago in the U.S. presidential election by Russia could be pursued more widely this time. Google said Thursday that the staffers were targeted with so-called phishing attacks that often are an attempt to gain access to online email accounts. They raise the specter of a repeat of the 2016 campaign, during which Russian hackers stole information from Democratic staffers and posted them online. While neither China nor Iran are thought to have previously engaged in the kind of hacking and public dumping of emails that disrupted Hillary Clinton’s presidential campaign four years ago, some cybersecurity experts believe that Russia’s success in 2016 may spur copycat activity. The fact that the attacks targeted campaign staff should put campaigns on alert for a possible attempt to hack and dump information, said Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab. “It should be a major red flag.”

National: Google: Biden and Trump campaigns targeted by separate spearphishing campaigns | Shannon Vavra/CyberScoop

Hackers linked with China and Iran have been sending malicious spearphishing emails to staff on Joe Biden and President Donald Trump’s campaigns respectively, according to a researcher with Google’s Threat Analysis Group. Chinese government-linked hackers have been targeting Biden’s staffers, whereas Iranian government-linked hackers have been targeting Trump’s campaign, according to Shane Huntley, the Director of Google’s Threat Analysis Group. There is no evidence that the hacking attempts have resulted in compromises, Huntley said. This is just the latest warning from security researchers and the U.S. intelligence community that foreign government-backed hackers are interested in targeting various U.S. presidential campaigns during the 2020 election cycle, in what is turning out to be a tumultuous year for American citizens amid economic turmoil, the coronavirus pandemic, and mass protests about racism. “The Trump campaign has been briefed that foreign actors unsuccessfully attempted to breach the technology of our staff,” the Trump campaign told CyberScoop in a statement. “We are vigilant about cybersecurity and do not discuss any of our precautions.”

Georgia: State gets fresh start on election security, but risks remain | Mark Niesse/The Atlanta Journal-Constitution

The security surrounding Georgia’s new voting system is code-named Project Beskar, a reference to impenetrable steel from “Star Wars.” Georgia election officials say the protections are strong enough to safeguard votes from hacking attempts or tampering, with upgraded voting equipment that adds a paper ballot for the first time in 18 years.But election security experts aren’t convinced. They say the system remains vulnerable because it still relies on electronics and retains a link to the internet. They fear computer-generated paper ballots will prove to be meaningless if most voters fail to check them for accuracy.Across Georgia, all voters who go to the polls to cast ballots in the June 9 primary will use the $104 million system, which features fresh touchscreens, printers, check-in tablets and tabulation servers. Old equipment has been put in storage, never to be touched by voters again. Gabriel Sterling, who oversaw the installation of the voting system, said it’s independent from any potential flaws in Georgia’s outdated electronic voting machines. Even if they had been compromised, Sterling said the old computers wouldn’t contaminate the new ones.

Australia: How will the ACT election be made safe amid the COVID-19 pandemic? | Dan Jervis-Bardy/The Canberra Times

Early voting should be expanded to allow this year’s territory election to be held safely amid the COVID-19 pandemic, the ACT Electoral Commission has recommended. The commission has been forced to reassess the planning for, and staging of, the October 17 ballot because of the disruptions caused by coronavirus. In a special report presented to Speaker Joy Burch on Thursday, the commission said that due to the uncertainty surrounding the virus, it had to be assumed that the threat of further outbreaks and social distancing restrictions would still exist during the election period. It said it urgently needed to settle on a model for conducting the ballot which mitigated health risks to the community and its staff, while ensuring the integrity of the electoral process. The commission examined six options for conducting the ballot, including moving to universal online or postal voting, delaying the election date or maintaining normal procedures.

Europe: Europe nears tipping point on Russian hacking | Laurens Cerulus/Politico

The European Union is getting ready to slap sanctions on a group of Russian hackers, according to three diplomats involved — a move that would mark a turning point in the bloc’s efforts to address foreign hacking. The sanctions, expected later this year, come after the German government announced it “had evidence” tying members of a Russian hacking group to the cyberattack on the Bundestag in 2015. Diplomats gathered physically Wednesday in Brussels to discuss the Bundestag hack and whether they should respond using a new cyber sanctions regime. European countries have weighed sanctioning foreign nationals and entities involved in hacking for months, but talks were mired in secrecy as governments weighed their options. That changed when Chancellor Angela Merkel — previously reluctant to chide Russia over hacking — said last month that Berlin could not “simply ignore” an “outrageous” attack, and her government called for an EU response.

National: CISA Official Sidesteps Controversy over Trump’s Voting Fraud Claims | Mariam Baksh/Nextgov

As lawmakers and election security experts try to counter President Trump’s assertion that voting by mail invites fraud, a senior official of the Cybersecurity and Infrastructure Security Agency dismissed the controversy as a “process” issue. “I mean, you got to keep in mind what our goal here is,” the senior CISA official said on a call with reporters today regarding the primary contests happening in eight states. “We’re supporting state and local officials as they implement their electoral, you know as they administer elections. We’re focused on the infrastructure, providing cybersecurity services to the infrastructure, back-end systems, on voting machines, those are all the things. The president’s concern is on the process side.” The official was answering a question about whether CISA was doing anything to publicly fact check May 26 tweets the president made claiming the use of mail-in ballots means “this will be a rigged election.” In an unprecedented move, Twitter labeled the tweets “misleading,” and noted their potential to sow confusion.  

National: ‘Biggest threat to election security is the coronavirus,’ security expert warns | Benjamin Freed/StateScoop

Although the rate of new infections appears to have slowed down in recent weeks, the COVID-19 pandemic remains the greatest challenge to ensuring that the 2020 presidential election runs accurately and securely, election security experts said Monday. Speaking on a webcast hosted by two members of the House Homeland Security Committee, Wendy Weiser of New York University’s Brennan Center for Law and Justice said election officials still need much more funding and support to make all the preparations for an election that will likely have to be conducted largely via mail, especially in states that have historically low rates of postal ballots. “By far the biggest threat to our election is the coronavirus,” Weiser said. “We are going to see substantial changes to how we run elections this year.” A potential preview of November is playing out Tuesday, with seven states and the District of Columbia holding their primary elections, including several that were delayed from March and April as the pandemic spread and kept voters cooped up under stay-at-home orders. In almost all those jurisdictions, election officials — Republican and Democratic — made efforts to expand their use of mail-in ballots.

New Jersey: Division of Elections spent $89,000 for one online voter | David Wildstein/New Jersey Globe

New Jersey spent $89,000 to test online voting, but just one voter used the system in the May 12 non-partisan municipal elections. New Jersey Division of Elections director Robert F. Giles awarded the contact, obtained by the New Jersey Globe,  to Seattle-based Democracy Live, Inc. on April 27 to test an electronic ballot delivery system that would allow voters needing special assistance to vote online using their computer or mobile device. The contract was not publicly bid. “This was all very hush-hush,” a county clerk, speaking on the condition of anonymity told Globe.  “They didn’t want this heavily publicized.  They were just testing it and didn’t want people to know about it in case something went wrong.” The contract, which had been in the works, was not finalized until after ballots for the all-VBM May 12 elections had already been printed and mailed. Several election officials told the Globe that Giles instructed them to include an insert with the ballots that included vague language saying that a disabled voter needing assistance should call the county clerk’s office. One election official described the process as an “honor system” that would allow a voter to supply them with an e-mail address to send a link for online voting without any effective verification process. “We were told to just ask for an email address,” the official said.

Minnesota: Protest goes online in Minneapolis as city, police websites hit by cyberattacks | Joseph Marks/The Washington Post

The clash is now online in Minneapolis. Cyberattacks struck city government and law enforcement computers as mass anger over the killing of George Floyd, a black man who died after a Minneapolis police officer pressed his knee into his neck, led to major protests there. The operation, known as a denial of service attack, rendered websites for Minneapolis police and some city agencies inaccessible for hours by overwhelming them with a flood of web traffic. A similar attack struck state computer systems but was less effective. The attacks demonstrate how hacker activists who are willing to skirt the law can frequently amplify protests against police and government. The sometimes-violent protests and clashes with police led to thousands of arrests in cities across the nation, including Washington and Atlanta. “When a police website goes down, that’s flashy and it communicates something emotional,” M.R. Sauter, an assistant professor at the University of Maryland who wrote a 2014 book about denial of service attacks and digital activism, told me. “This is a type of protest theater, which is what a lot of street [protest] actions are. It’s just online.” Sauter acknowledged that while some digital activism can go too far – and end up limiting the free flow of information to the public or impede police work – the Minneapolis attack was more acceptable because it communicated public anger at the police and local officials without seriously endangering anyone.