Voting Blogs: Safely opening PDFs received by e-mail (or fax?!) | Andrew Appel/Freedom to Tinker

Many election administrators in U.S. states and counties need to receive and open PDF files from voters. Some of these administrators receive these PDFs as e-mail attachments. These may be filled-out voter registration forms, or even voted ballots from UOCAVA (overseas and military) voters. We all know that malware can lurk in e-mail attachments; how can those election officials protect themselves from being hacked? Internet return of voted ballots is inherently insecure; that’s a separate issue and I’ll discuss it below. For now, how can one safely open a PDF attachment? I discussed this question with Dan Guido, cybersecurity consultant and CEO of trailofbits.com. The safe way to view a PDF is inside the Chrome or Firefox browser. Printing a PDF directly from Chrome (or Firefox) to your printer is reasonably safe. The unsafe way to view a PDF is with your favorite PDF-viewer app such as Adobe Reader. The reason is simple: Google (for Chrome) and Mozilla (for Firefox) have put enormous effort into making their PDF viewers safe, putting them inside a “sandbox” that the hackers can’t get out of — and they’ve largely succeeded.

Florida: Bill Nelson sues to block fax, email votes from Bay County | Miami Herald

Less than 24 hours since his last suit was filed, Bill Nelson is suing Bay County again. The incumbent candidate for U.S. Senate, who has filed three other lawsuits in the past week, is suing Bay County Supervisor of Elections Mark Andersen to stop any ballots received via email or fax from being counted. The second round of unofficial returns is due from the counties at 3 p.m. Thursday. The supervisor told the Herald/Times Monday that 11 ballots were accepted by email and 147 ballots were domestically faxed in, though state statute does not allow emailed ballots, and faxing in ballots is only permitted for military and voters overseas. Andersen was not aware that a lawsuit had been filed until he received a call from a reporter Thursday inquiring about the filing.

National: Email No Longer a Secure Method of Communication After Critical Flaw Discovered in PGP | Gizmodo

If you use PGP or S/MIME for email encryption you should immediately disable it in your email client. Researchers have discovered a critical vulnerability they’re calling EFAIL that exposes the encrypted emails in plaintext, even for messages sent in the past. “Email is no longer a secure communication medium,” Sebastian Schinzel, a professor of computer security at Germany’s Münster University of Applied Sciences, told the German news outlet Süddeutschen Zeitun. The vulnerability was first reported by the Electronic Frontier Foundation (EFF) in the early hours of Monday morning, and details were released prematurely just before 6am ET today after Süddeutschen Zeitun broke a news embargo. The group of European researchers are warning people to stop using PGP entirely and say that, “there are currently no reliable fixes for the vulnerability.” You can read more about what the researchers are calling the EFAIL vulnerability at https://efail.de/.

Editorials: Hurricane Matthew could have devastating consequences for the election | Richard Hasen/Slate

If Hurricane Matthew is as devastating to Florida as forecasters have predicted, it could be a human tragedy costing people their lives, health, homes, and personal property. Beyond that initial tragedy, though, the storm also may have dire electoral implications, potentially affecting the outcome of the 2016 presidential election and landing emergency election litigation from Florida once again before the (now-deadlocked) United States Supreme Court. Florida is seen as a state key to Donald Trump’s chances of victory over Hillary Clinton for the presidency, and this storm could have major impacts on voter registration and voting. Voter registration in Florida closes in just five days. According to Professor Dan Smith of the University of Florida, in the last five days of registration in 2012, 50,000 Florida voters signed up to vote. Many who might normally sign up to vote at the last minute are now following Florida Gov. Rick Scott’s order to flee the affected areas of the state, and they are not likely to register to vote on their way out or drop ballots in closed post offices or soon-to-be-flooded post office boxes. Hillary Clinton’s campaign has already called for voter registration deadlines to be extended, but the Republican governor has already turned down that request.