Kansas: Counties’ websites may lack security against hackers | Associated Press

Many Kansas counties’websites may be at risk as they lack basic protocols that make it easier for hackers to impersonate websites in order to install malware or trick individuals into giving out their personal information. Out of 105 counties, only eight of them have websites ending in .gov, a domain extension only government officials can control, and 60 counties’ URLs start with “http” rather than the more secure “https.” Experts say it could be a serious concern for smaller governments during a time of increasing cyberattacks, KCUR-FM reported. Local governments have in recent years become frequent targets of ransomware attacks, where hackers hold data hostage in exchange for money.

Pennsylvania: University of Pittsburgh forum will look at threats to democracy in the internet age | Abigail Mihaly/Pittsburgh Post-Gazette

Leading expert in cybersecurity David Hickton is warning us that the internet could dismantle democracy. Mr. Hickton, founding Director of the University of Pittsburgh Institute for Cyber Law, Policy and Security and former United States Attorney for the Western District of Pennsylvania, will discuss the issue in a lecture this week at the University of Pittsburgh. The “Can Democracy Survive the Internet?” lecture, hosted by the Dick Thornburgh Forum for Law and Public Policy at Pitt, will ask the question: Is the internet a force for freedom or for oppression? When his children began instant messaging online, Mr. Hickton realized the internet was an open environment, without sufficient rules or security. “[The cyber world] is designed to make our lives better,” said Mr. Hickton. “But … it’s not coincidental that in some places around the world, digital space is being used to make people less free.”

Editorials: As Washington State’s chief elections officer, I don’t think electronic voting is worth the risk | Kim Wyman/The Seattle Times

The integrity of our elections and our democracy is under attack. Bad actors — both foreign and domestic — seek to damage election infrastructure, manipulate results and sow discourse. Washington has made critical strides in shoring up security for upcoming elections and beyond, but safeguarding our elections is a race without a finish line. With cybersecurity experts warning of the severe vulnerabilities with online or mobile voting, including electronic ballot return methods, I am recommending the Legislature act on a bill I requested to protect Washington voters from cyber intrusion. Currently, Washington allows military and civilian overseas voters to return their ballots by email or fax. Cybersecurity experts, including the Department of Homeland Security, the Federal Bureau of Investigation, the National Security Agency and the Massachusetts Institute of Technology, are imploring states to eliminate these glaring vulnerabilities. Heeding their warnings, I partnered with a bipartisan group of legislators to eliminate email and fax ballot return options for voters serving or living overseas.

National: Disability rights groups say focus on election security hurting voter accessibility | Maggie Miller/The Hill

Disability rights advocates on Thursday urged election officials to focus on accessibility alongside security for U.S. elections and pushed for more technological solutions that would allow all Americans to cast secure votes. “For people with disabilities, our votes aren’t secure now,” Kelly Buckland, the executive director of the National Council for Independent Living, said at an election accessibility summit hosted by the Election Assistance Commission (EAC) on Thursday. “I believe we could make them more secure through technology that is available today.” After Russian interference in the 2016 presidential elections — which according to U.S. intelligence agencies and former special counsel Robert Mueller involved sweeping disinformation efforts on social media and targeting of vulnerabilities in voter registration systems — election security has become a major topic of debate on the national stage. Concerns around the use of technology in elections were also heightened this month following the use of a new vote tabulation app by the Iowa Democratic Party during the Iowa caucuses. The app malfunctioned due to a “coding issue,” leading to chaos around the final vote tally.  After these incidents, election security experts have advocated for using more paper ballots to ensure no individual or group can hack the votes, and to ensure no glitch can occur.  However, disability groups on Thursday noted that moving to just paper could make it difficult to vote for blind or visually impaired people, those who have difficulty leaving their homes, or those for whom English is not their first language.

Kentucky: Election Machinery Regularly Scanned by Foreign Hackers, Official Says | DH Kass/MSSP Alert

The state of Kentucky’s election systems are “routinely scanned” by foreign hackers, including North Korea, Russia and Venezuela, a senior election official told legislators in a state House budget subcommittee hearing. “This is not something that is in the past, that happened in 2016,” Jared Dearing, executive director of Kentucky’s Board of Elections told the subcommittee, according to the (Kentucky) Courier Journal. “It happens on a weekly basis.” A U.S. Department of Homeland Security official meets with the board every week to go over every scan against Kentucky’s system, he said. Cyber break-ins at the state election level are a growing concern for security defenders, with many states complaining rightfully that funding to fend off attacks is sorely lacking. “We’re asking county clerks with very, very limited resources, with not enough IT staff, to fully maintain their own systems,” Dearing said. “We’re asking them to participate in national security.” Late last year, some help arrived in the federal government’s fiscal 2020 budget agreement that includes $425 million in state election grants to improve cybersecurity. Increased awareness by state officials combined with supplemental financial support could present new opportunities for managed security service providers (MSSPs) and managed service providers (MSPs).

Minnesota: Standoff looms over election security, provisional ballots | Brian Bakst/MPR News

The Republican-sponsored bill for a provisional ballot system is tied to a measure unlocking more federal funding to enhance election security. The Senate State Government Finance and Policy and Elections Committee advanced it Tuesday on a 6-3 party-line vote. The rules would apply to anyone who registers at the polls. Their ballots would be kept out of counts until additional eligibility and residency verification checks are done within a week of an election. Sen. Torrey Westrom, R-Elbow Lake, said it’s an election-integrity safeguard. “Once the ballot is in the box, it’s like pouring two cups of water together — one has toxins in it and the other doesn’t. You can’t separate that water again,” he said. “The same thing goes here.” Democrats argued it would impose new voting obstacles — and could tie up legitimate votes — when there isn’t widespread evidence of ineligible people casting ballots. “If a person were to swear erroneously and after the fact be found out that it was a lie, they have a felony. They have a felony,” said Sen. Carolyn Laine, DFL-Columbia Heights. “This is not done light-heartedly. And as we know in the state of Minnesota it is rarely done and usually by mistake.”

Georgia (Sakartvelo): U.S. and Allies Blame Russia for Cyberattack on Republic of Georgia | David E. Sanger and Marc Santora/The New York Times

The United States and its key allies on Thursday accused Russia’s main military intelligence agency of a broad cyberattack against the republic of Georgia in October that took out websites and interrupted television broadcasts, in a coordinated effort to deter Moscow from intervening in the 2020 presidential election in the United States. The accusation, issued by Secretary of State Mike Pompeo, was particularly notable at a time when President Trump has been seeking to shift blame for interference in the 2016 election from Russia to Ukraine, a central element of his impeachment trial last month. Russian military intelligence, known as the G.R.U., was one of the agencies implicated in the cyberoperations aimed at interfering in that election and in a 2017 attack that struck major companies around the world, including Merck, Federal Express and Maersk. That attack is considered one of the most destructive and expensive in history, causing billions of dollars in damage.

Nevada: ‘A complete disaster’: Fears grow over potential Nevada caucus malfunction | Laura Barrón-López

The process will break down like this: On caucus day, each precinct chair will be given a party-purchased iPad that will have a link to a Google form — dubbed a “caucus calculator” — saved on it. Pre-loaded on the form will be the early vote total from that precinct. The precinct chair will then input vote totals after the first and second votes. Under caucus rules, voters choose their preferred candidate at the outset, known as the first alignment. But if their candidate fails to reach 15 percent, they can switch to a different candidate, or seek to persuade supporters of another candidate who fails to reach 15 percent to help their candidate clear that threshold during the second alignment. The prompts on the Google form are expected to look similar to how they appear on the physical caucus reporting sheet. When the first and second alignments are completed, the totals will be relayed over the cloud to the Nevada Democratic Party via the Google form, which on the back end appears as a Google spreadsheet. Separately, the precinct chair or site lead will take the printed caucus reporting sheets — each campaign must sign off on them first — and call the Nevada Democratic Party boiler room via a secure hotline. (Site leads oversee multiple precinct chairs in caucusing at a single large location.)

National: ElectionGuard could be Microsoft’s most important product in 2020. If it works | Alfred Ng/CNET

Building 83 doesn’t stand out on Microsoft’s massive Redmond, Washington, headquarters. But last week, the nameless structure hosted what might be the software giant’s most important product of 2020. Tucked away in the corner of a meeting room, a sign reading “ElectionGuard” identifies a touchscreen that asks people to cast their votes. An Xbox adaptive controller is connected to it, as are an all-white printer and a white ballot box for paper votes. If you didn’t look carefully, you might have mistaken all that for an array of office supplies. ElectionGuard is open-source voting-machine software that Microsoft announced in May 2019. In Microsoft’s demo, voters make their choices by touchscreen before printing out two copies. A voter is supposed to double-check one copy before placing it into a ballot box to be counted by election workers. The other is a backup record with a QR code the voter can use to check that the vote was counted after polls close. With ElectionGuard, Microsoft isn’t setting out to create an unhackable vote — no one thinks that’s possible — but rather a vote in which hacks would be quickly noticed. The product demo was far quieter than the typical big tech launch. No flashy lights or hordes of company employees cheering their own product, like Microsoft’s dual screen phone, its highly anticipated dual-screen laptop or its new Xbox Series X. And yet, if everything goes right, ElectionGuard could have an impact that lasts well beyond the flashy products in Microsoft’s pipeline.

Editorials: There’s always a threat to voting online | Huntingdon Herald-Dispatch

It shouldn’t take an MIT genius to figure out that any internet-based voting system can be hacked, but apparently it did. Last week researchers at the Massachusetts Institute of Technology said the Voatz app, which has been used in West Virginia and elsewhere by absentee voters and military personnel, has vulnerabilities that could allow hackers to change a person’s vote without detection. The Voatz developer said the analysts used an older version of the app. It accused them of acting in “bad faith.” So far the app has been used by fewer than 600 voters in nine pilot elections. Voatz was used in West Virginia’s elections in 2018 by fewer than 200 voters. No problems were reported. Last month, the Legislature approved a bill that would allow voters with physical disabilities to use the Voatz app in this year’s election. The bill awaits the governor’s signature or veto.

Florida: Experts Reiterate Cybersecurity Warnings for 2020 Election | Sarah Nelson/The Gainesville Sun

Cybersecurity experts warned in late 2019 that internet hacking has climbed to crisis level. And based on what they’ve seen in early 2020, a similar warning has now been issued: that hackers show no signs of letting up and will likely focus on the 2020 election. “What’s more likely is that these cybercriminals will cause disruption,” said Brett Callow, Emsisoft spokesman. “Because most elections operate at the county level, local governments need to prepare.” But because of this year’s tense political climate, and overall spike in cyberattacks, Callow predicts cybercriminals will zero in on the election. Kim Barton, supervisor of the Alachua County, Fla., Elections Office, says the department began to look at cybersecurity preventive security measures years ago, and officials work to keep up with the latest internet security updates. “Cybersecurity is an always evolving field, so our office expects that we will continually be updating our training, procedures, and systems to keep ourselves as protected as possible,” she said.

Georgia: Election Security Scandals in Georgia Heighten 2020 Concerns | Lucas Ropek/Government Technology

In 2016, a vulnerability was discovered in Georgia’s election system that exposed the information of some 6.7 million voters and would’ve given a hacker the ability to manipulate or delete any information within voting machines across the state, according to people familiar with the discovery. While the state has since taken steps to patch the holes, activists are still concerned that the state’s subpar election security practices will endanger the results of the 2020 presidential race. Marilyn Marks, executive director of the advocacy group Coalition for Good Governance, said that while Georgia has corrected some mistakes, it still hasn’t addressed its fundamental weaknesses. The group, which is currently engaged in one of several election-related lawsuits against the state, released a statement this week alleging that the state’s presidential primary was “at risk of failure.” With a highly contentious election looming and heightened concerns about foreign interference, the question remains: has Georgia done what it takes to protect voters and the democratic process?  

Iowa: Caucus app chaos shows why American elections should stay analog for now | Brinkwire

Like everything created by humans, code has flaws. One major way to defend against potential problems brought on by the flaws is testing an app before you use it. Unfortunately, it seems like the Iowa Democratic Party did little in the way of testing the app it used to track results from the Iowa caucuses, wreaking havoc on the tenuous Democratic presidential-nominating process. “The situation in Iowa makes the average voter’s confidence in the election process worse than before,” said Ron Gula, a former National Security Agency (NSA) white hat hacker who now invests in startup cybersecurity firms. “Whether or not they might believe the Russians hacked the election before, this is another thing that will make them go ‘wow, we really don’t trust this.’ It’s not a great situation for voter confidence in general.” This was a screw up on a state level, a state that happens to hold a lot of significance for U.S. democracy. “The situation with Iowa’s caucus reveals the risks associated with technology, in this case with a mobile app, but more importantly that there needs to be a low-tech solution in order to recover from technological failures — no matter the cause,” said Marian K. Schneider, president of Verified Voting, in a statement to Digital Trends. Verified Voting is a voting accuracy nonprofit that works to eliminate or reduce the use of systems that “cannot be audited or secured, such as internet voting.” Schneider noted it was lucky that Iowa kept paper records of the vote. “It’s clear that mobile apps are not ready for prime time,” she said.

Kentucky: Despite Security Push, Kentucky Struggles To Update Voting Machines | Ryland Barton/WFPL

Despite worries from election security experts, Kentucky will be one of only a few states in 2020 that’s still using some voting machines that don’t produce a paper trail — an industry standard to verify election results. The reason is one that Kentuckians have heard often: there isn’t enough money, especially in a state that places much of the burden of election administration on local governments. And despite recent transfusions of cash from the federal government for states to improve election security, the amount allocated to Kentucky in the most recent disbursement only represents about 10 percent of the overall need. But state election officials say that voters have nothing to worry about. The outdated electronic-only voting machines used in the vast majority of Kentucky counties aren’t connected to the internet and there’s no evidence that they’ve been hacked before.

Nevada: Democrats scramble to avoid Iowa-like chaos as Democratic caucuses approach | Kari Paul/The Guardian

Democratic party officials in Nevada are rushing to avoid the fate of Iowa, where technological and organizational failure left the first caucus in the 2020 presidential race without a clear winner. Nevada Democratic party officials had initially planned to rely on the same app that caused chaos in Iowa to transfer results from local precincts during the caucus on 22 February. But during the Iowa vote, a “coding issue” caused the app, developed haphazardly and on a low budget by the tech firm Shadow, to report only partial data from the state’s 1,700 caucus sites. Spotty cellphone coverage in some voting locations, poor training of some caucus volunteers and troubles with a backup phone line to report results compounded the chaos. Following the Iowa caucus, Nevada officials said they were determined to avoid similar problems. “NV Dems can confidently say that what happened in the Iowa caucus last night will not happen in Nevada,” the state Democratic party chair, William McCurdy II, said in a statement at the time. Since then, it has been difficult to pin down the Nevada Democratic party regarding what process it will use instead. It did not respond to the Guardian’s requests for comment and its website includes no information on the topic.

Wisconsin: Microsoft to deploy ElectionGuard voting software for the first time tomorrow | Catalin Cimpanu/ZDNet

Tomorrow, on February 18, residents of Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines that will be running Microsoft’s ElectionGuard software. These will be the first voting machines deployed in any US election that will be running Microsoft’s new voting software, which will face it’s first real-world test since being announced last year. ElectionGuard is a software development kit (SDK) that Microsoft made available for free on GitHub. The project’s goal was to create the voting software that uses strong encryption, was built by some of the world’s brightest cryptographers, and was extensively audited for bugs. Microsoft created ElectionGuard after numerous media reports over the past years about critical vulnerabilities being discovered in the (closed-source) software of multiple voting machine vendors. The OS maker purposely released ElectionGuard as open-source in an attempt to convince voting machine vendors to adopt it instead of their older obsolete and insecure systems. The project, which is viewed with optimism by US election officials, moved lightning-fast, going from a simple idea to an actual US election pilot program in only nine months.

Canada: 2019 election wasn’t without hitches, but no cyber disruptions: report | Rachel Aiello/CTV News

Election Canada’s delivery of the 2019 federal election wasn’t without some hitches, but the integrity of the vote was maintained from a cybersecurity perspective, according to Elections Canada’s first report into the fall campaign. The report, tabled in the House of Commons on Tuesday, provides a general overview of how the election was delivered by the federal elections agency, and identified issues that will require further analysis in the coming months. Among the issues highlighted: the timing of the vote; the impact of weather in some ridings; and the staffing of polling places. Topline numbers show that, while turnout was slightly down, the 40-day campaign saw an increase in the number of candidates, registered third parties, participants in advance polls, and the overall price tag. Some 18.3 million Canadians cast ballots. That’s 67 per cent of registered voters, which was down marginally from the 68 per cent turnout in 2015. A total of 2,146 candidates ran for 21 different political parties, up from 1,792 MP-hopefuls in 2015; and the number of registered third parties increased from 115 to 147.

National: Is technology consistent with electoral integrity? The hard lessons of Iowa | Sarah E. Hunt/Salon

In the modern era, much of American greatness is derived from the conception that the United States maintains the integrity of its elections, thus ensuring the fair representation of its citizens in the halls of government. Such elections brought about the suffragist and civil rights movements, which marked evolutionary tectonic shifts in American democracy that aligned the nation more closely with the ideals set forth in its Constitution. When revolutionary action is called for, our country has the ability and will to better itself and defend its values. The chaos surrounding the 2020 Iowa caucus two weeks ago was a bellwether, heralding another transformational moment. Our willingness to take action will define America’s trajectory. The events unfolding in the heartland of our country are a wake-up call to the entire nation. They highlight the importance of protecting the security and integrity of our electoral system.

National: The Simple Lessons from a Complicated Iowa Caucus | Gowri Ramachandran and Susannah Goodman/Just Security

The very high-profile failure of a new app that was supposed to help report Iowa Caucus results has generated some important lessons. Even though the New Hampshire primary was not plagued by the same kinds of gross technical failures, it would be a mistake to just quickly move on and forget the lessons of the first debacle. As the Nevada Caucus approaches, it’s clear some lessons have been learned, but not all. As is widely known now, the Iowa app technology was designed to help record results from rounds of caucusing and pull together the results from across the state. But the app didn’t work, and results were not delivered, raising questions about not just the technology but the implementation process for the system. Massive frustration and even conspiracy theories ensued. Fortunately, Iowa had paper records and was able to turn to those in the face of the tech failure to help confirm the results. The media, candidates, and the public had to be patient, but without the paper records, results wouldn’t have been just delayed; they would have been impossible to obtain. The first lesson is clear: Anything computerized can fail for a slew of reasons, from hacking to software defects to inadequate training of election workers. This includes tablets, voting machines, ballot scanners, electronic poll books, and apps on phones and tablets.

National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

Connecticut: Voting security in Connecticut: Not another Iowa, but other threats persist | Westfair

If you ask Connecticut’s Secretary of the State Denise Merrill if the state is in danger of repeating the infamous Iowa caucus debacle when tallying its primary and general election results this year, you will get a hearty laugh. “That’s not going to happen here,” she said. The reason, Merrill said, is simple: Connecticut’s voting process relies on paper ballots “that undergo a rigorous post-election audit and (is) run by election professionals at the state and local level. Although it may take a little longer to report results, Connecticut’s reliance on paper is our best defense against threats to our cybersecurity.” The Feb. 3 Iowa Democratic caucus, whose victor, Pete Buttigieg, wasn’t finalized until Feb. 9, was marred by the use of a vote tabulation app called Shadow, whose enormous technical errors contributed significantly to a three-day delay in reporting results. The Shadow app was distributed through mobile app testing platform TestFairy, instead of official app stores on Android and iOS, which boast higher security and performance requirements. The poor performance has already caused other states that had contracted Shadow to tally their results, like Nevada, to cancel those plans, and has resulted in any number of late-night TV hosts’ wisecracks.

Florida: Palm Beach County elections ransomware attack raises security questions | Anthony Man and Skyler Swisher/South Florida Sun-Sentinel

From Tallahassee to Washington, D.C., officials and citizens voiced concern Thursday over an until-now undisclosed ransomware attack on the Palm Beach County elections office during the 2016 election season. The bombshell disclosure about the attack came from Supervisor of Elections Wendy Sartory Link, who said Wednesday she learned in November about the ransomware attack. Link, who took office in January 2019, said some of the agency’s data was corrupted, but the problem apparently was corrected and didn’t affect the November 2016 elections. The picture was muddied by the response from Susan Bucher, the supervisor of elections at the time, who said it never happened. The current county elections chief said she wasn’t trying to alarm the public — but the disclosure heightened concerns for some, coming just five weeks before Florida’s presidential primary and the local government elections for 20 cities, towns and villages in Palm Beach County.

Minnesota: From disinformation to hackers, new ‘cybernavigator’ racing to protect Minnesota’s 2020 elections | Stephen Montemayor/Minneapolis Star Tribune

Bill Ekblad spent nearly three decades as a naval cryptologist, working from ships and planes stationed in the Middle East and Germany to fight cyberattacks coming from around the world. Now, the Minnesota native is back home and facing a uniquely tall order. Ekblad is the state’s first “cybernavigator,” hired by the secretary of state’s office to help local election workers guard against an increasingly expanding set of threats, from disinformation campaigns to foreign actors trying to penetrate election networks. “It’s a tale of surprises: I mean, I think that nobody really saw realistically the potential for foreign adversaries to meddle in elections prior to 2016,” Ekblad said in an interview from his office near the State Capitol. “And then in 2018, the game changed. It became less about the hard computer network operations and more about the soft skills of influence and hacking the mind of the voter.” Ekblad, hired through a federal election security grant, is now drawing on that history to pose a new question to the scores of local officials in Minnesota’s 87 counties who are in charge of running this year’s elections: “Why do we think 2020 will be something predictable?”

Nevada: Democrats Say They’ll Replace Their Caucus App With iPads And A Google Form | Kaleigh Rogers/FiveThirtyEight

In just two days, Nevadans will begin early voting in the state’s Democratic caucuses. For the past few weeks, it’s been unclear how those votes would be integrated into the overall vote tallies after Nevada Democrats were spooked by the chaos in Iowa’s Democratic primary and decided to toss a previous plan to use an app. But today, the state Democratic party revealed how it intends to incorporate those early votes into the live caucuses on Feb. 22: “a simple, user-friendly calculator.” What that means, exactly, is still a bit unclear. In a memo sent to campaigns Thursday and shared with FiveThirtyEight, the party wrote that “the caucus calculator will only be used on party-purchased iPads provided to trained precinct chairs and accessed through a secure Google web form.” The memo didn’t provide any specifics about whether the calculator would be accessed through the Google form, or whether the Google form itself is the calculator. It’s also not clear if early-vote tallies will live on the web, or if they’ll be pre-loaded onto each district’s iPad. The state party did not immediately respond to our request for further comment.

Ohio: Millions spent to safeguard Ohio elections: What’s really going on | Chris Stewart/Dayton Daily News

Officials say Ohio’s elections are safe despite worries fueled by 2016 foreign meddling, thousands of uncounted Miami County ballots in 2018 and this month’s collapse of a Democratic Party vote-counting app at the Iowa caucuses. Ballot-casting and counting infrastructure — fresh off an exhaustive update of security software, hardware and office procedures to fend off cyber attacks — is sound and secure, say state and local elections officials.“Your vote is safe, and it will be counted as it has always been counted, if it’s countable,” said Jan Kelly, director of the Montgomery County Board of Elections. But as millions of dollars are spent to guard against malicious computer attacks, it’s harder to thwart bad actors resorting to disinformation campaigns to diminish people’s confidence in the vote, said Ohio Secretary of State Frank LaRose, a Republican. “What our foreign adversaries have tried to do instead of actually tampering with elections, is tried to tamper with our own perception of elections,” he said. “They’ve tried to cause Americans to lose faith in elections.” “The really damaging part of that is it would cause the average person to start to wonder or worry that maybe their vote wasn’t going to be counted accurately,” he said.

Editorials: Paper ballots still the best election system | Medford Mail Tribune

Sometimes, the old ways are still the best ways. We would argue that especially applies to election systems, despite continuing pressure to offer voters the option of casting ballots using smartphones or other devices. Jackson County is one of two Oregon counties that experimented with a smartphone app that allowed county residents overseas — most of them in the military — to vote in the Nov. 5, 2019, special election. Of 213 Jackson County voters eligible to participate, only 27 did. One reason could have been that the November ballot had only one item on it — a proposed bond levy to upgrade the county’s emergency communications system. Maybe a full ballot would have enticed more county voters stationed overseas to use the smartphone app. Maybe not. But the turnout isn’t the primary concern here. Anything that gives voters more options to participate is a good thing, in theory. In practice, voting systems that use the internet to transmit votes are inherently more vulnerable to hackers seeking to manipulate the outcome. They are also more likely to simply fail to perform as designed.

International: Tech-augmented democracy is about to get harder in this half-baked world | Chris Duckett for Null Pointer/ZDNet

For the wondrous benefits the internet has brought, it is not without its drawbacks. This has manifested itself in two ways when it comes to democracy: A headlong rush into internet voting and a shattering of the polity. As a scientific critique on the act of voting, associate professor Vanessa Teague discussed electronic voting in her recent keynote at Linux.conf.au 2020. Teague has more than enough experience in this area, and has been involved in finding flaws in the iVote system that is increasingly used in New South Wales, as well as the Scytl system used in Swiss elections that iVote is based on. “I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation [via] software bugs,” Teague said last month. The issue Teague sees with remote voting is subtle bugs, such as those involved in shuffling and verifying votes, which can undermine the security of the whole system. “That’s a little bit different from the occasional problems that happen in paper-based systems because you don’t as a result of one little subtle problem hand over a capacity for total manipulation of all of the votes to one entity,” she said. “In summary, I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation on software bugs.”

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

National: Researchers Find Security Flaws in Voatz Mobile Voting App | Andrea Noble/Route Fifty

A mobile voting app used by West Virginia and several local governments in the 2018 midterm elections contains vulnerabilities that could allow hackers to determine how someone voted or even change their vote, according to a report released Thursday by security researchers. Researchers from the Massachusetts Institute of Technology found the security flaws in the Voatz voting app, which was originally designed as a way for overseas service members to cast ballots. The researchers said their findings underscore prior security recommendations that the internet not be used for voting. “Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” said Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. “Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.” In addition to West Virginia, several local governments, including ones in Washington state, Colorado, Utah and Oregon, have conducted their own pilots with the Voatz system. Additional states are also considering whether to use the app to assist absentee voters in upcoming elections.