Voting is broken. From the hanging chad debacle of 2000 to the 2018 midterms when decade-old touchscreen computers cast the wrong votes, to long lines outside polling places, our democratic right to elect our own officials is constantly at odds with unreliable equipment and balloting policies that vary from one district to the next. And this is all not to mention that voting machines are absurdly hackable. It’s enough to make people not want to vote at all. But what if you could vote however you wanted to vote? Which could mean at home or, if you’re a person with a disability, with the assistance of specialized hardware? What if you could go online later and ensure your vote was your vote, and that it counted? What if you could write your own piece of software to do a recount of, or audit, your small town’s mayoral election instantly? That’s the vision of ElectionGuard, a new project by Microsoft, which debuted this summer at the Aspen Security Forum. ElectionGuard is an open code standard, that anyone can audit, freely use, and plug into, to create secure digital voting machines that remove many of the barriers of voting. Microsoft teamed up with Tucker Viemeister, a renowned industrial designer who spent years at prestigious firms including Frog, Smart Design, and Rockwell Group designing devices like hair dryers and coffee makers, to build something of a concept car for the future of voting—mostly out of off-the-shelf parts.Full Article: Microsoft ElectionGuard aims to fix America's broken voting.
Rhode Island: Security expert offers solution to prevent hacking of election computers in Rhode Island next year | Edward Fitzpatrick/The Boston Globe
A computer security expert is proposing a solution that would let the state Board of Elections bolster its cybersecurity on Election Day without having to rip out modems that make the state’s election system vulnerable to cyberattacks. On Aug. 2, the Board of Elections asked Tony Adams, an information security professional who lives in Providence, to write a memo suggesting ways to reduce the risk of hacking on election night, when modems are used to quickly report unofficial results. In an Aug. 14 memo, Adams suggests having the modems report unofficial results to computers that are separate from the state’s core election computer system, which configures ballots and tabulates official results. That way, if hackers did penetrate the system on election night, they couldn’t change the official results or hold the whole system hostage with ransomware, for example, he said. “This idea is so elegant you have to ask: Why didn’t I think of that?” Board of Elections Vice Chairman Stephen P. Erickson said this week. “Because you don’t have to spend a lot of money, it’s relatively simple to implement, and it will substantially increase the level of security — and the perceived security, which is important.”Full Article: Security expert offers solution to prevent hacking of election computers in Rhode Island next year - The Boston Globe.
A Wisconsin Elections Commission security official is expressing concern that outdated operating systems are being used by local elections clerks across the state, raising the prospect of foreign interference in Wisconsin’s elections ahead of the 2020 presidential race. In a memo, Election Security Lead Tony Bridges details how a number of local clerks are using Windows XP or Windows 7 on office computers to access the WisVote voter database. According to Bridges, failure to maintain an up-to-date operating system poses “a tremendous risk.” Security patches on Windows XP have not been supported since 2014, while Windows 7 will reach its end-of-life cycle in January 2020, meaning Microsoft will no longer provide free security updates. Bridges pointed to a recent cyberattack in Georgia that brought down systems across Jackson County and warned a similar attack could “dramatically impact voter confidence in the electoral process” in Wisconsin. “It could, for example, expose confidential information, prevent the timely distribution of absentee ballots, prevent the timely printing of poll books, disrupt communications with voters, expose voters to potential cyberattack, destroy digital records, prevent the display of election night results,” he wrote recently.Full Article: Outdated operating systems could affect Wisconsin elections | Opinion | hngnews.com.
Outdated Windows systems could impact election security in Wisconsin. Officials say the Wisconsin Elections Commission (WEC) has started a pilot program to address concerns. The proposal, prepared by Election Security Lead Tony Bridges, cites concerns over aging computer systems. He states, “the strength or weakness of any one work station could affect the security of the entire state’s elections infrastructure.” Bridge then explained at least a handful of computers that access WisVote no longer receive security updates; that includes Windows XP which hasn’t been updated since 2014. WEC won’t specify which users are vulnerable due to privacy concerns. “We always want to be careful when we’re talking about elections security,” said WEC PIO Reid Magney. “We don’t want to divulge where there might be vulnerabilities in the system.”Full Article: Election security threats and the proposed solution - WXOW.
Wisconsin: Election officials trying to address outdated equipment | Lawrence Andrea/Milwaukee Journal Sentinel
Wisconsin elections officials are considering spending more than $800,000 to replace outdated equipment, update software and further address computer security as the state prepares for the 2020 presidential election. Among the proposals in a Wisconsin Elections Commission plan is to establish a program that would lend new computers to municipalities with outdated operating systems. More than 500 state elections system users are on computer systems that have reached the end of their life or will do so in the next six months, according to a commission memo. Some of these users have plans to update their systems, but the commission is proposing lending 250 devices to municipalities unable to replace them. The loans will be free and distributed on a first-come, first-served basis. The equipment is expected to cost up to $300,000. The commission staff knows “that at least a handful” of clerks are logging into the WisVote voter registration and election management system with operating systems that are no longer receiving security updates, according to the memo. It also notes that hundreds of clerks are using Microsoft Windows 7, which will stop providing free updates in January.Full Article: Wisconsin election officials trying to address outdated equipment.
Wisconsin: Expert: Many Wisconsin elections clerks use outdated systems | Todd Richmond/Associated Press
Hundreds of local clerks are using outdated computer systems or aren’t installing security patches, leaving Wisconsin’s election system vulnerable to potentially devastating cyberattacks, state elections officials fear. Election officials across the country have stepped up efforts to block hackers from wreaking havoc during the 2020 contests after Russians interfered with the 2016 presidential election. Congress has been warned that there could be more foreign interference next year, when Wisconsin is expected to be a presidential swing state again. But Wisconsin Elections Commission Election Security Lead Tony Bridges said in a memo to commissioners released Friday that some local clerks are still logging into the state election system using Windows XP or Windows 7. Microsoft stopped supporting Windows XP in 2014 and said it will stop providing free security updates for Windows 7 starting in January. Bridges wrote that it’s safe to assume a large percentage of clerks won’t upgrade before the deadline or pay for updates. Even clerks with current operating systems often fail to install security patches, he said. The failure to maintain current operating systems exposes state elections to tremendous risk, Bridges wrote. He pointed to an incident in March in which a ransomware variant called Ryuk shut down vital systems in Jackson County, Georgia, including computers supporting emergency dispatch. Ransomware is software designed to shut down computer systems or data until a ransom is paid.Full Article: Expert: Many Wisconsin elections clerks use outdated systems | | journaltimes.com.
The EAC will convene state and local election supervisors, federal officials and cyber experts to discuss the ramifications of Microsoft sunsetting support for Windows 7, which is still used in many voting systems. “It is essential that the election community and the EAC have a full appreciation not only for the scope of this specific software issue, but also the issues of patching and internet connectivity more broadly,” EAC Chairwoman Christy McCormick told Sen. Ron Wyden (D-Ore.) in a July 26 letter. Wyden had asked how the EAC was handling the issue, including whether it would decertify machines running Windows 7 before the Jan. 15, 2020, sunset. McCormick didn’t answer that question but noted that decertification “has wide-reaching consequences” and that the EAC has an established policy for when to initiate it. Election Systems & Software, one of the companies still selling Windows 7-based voting systems, has submitted new technology for certification that runs on Windows 10 and Windows Server 2016, McCormick told Wyden. “The test plan has been approved by the EAC,” she wrote, “and testing is underway.” Based on the EAC’s conversations with vendors, she said, “we are confident that they are working to address” the Windows 7 issue. The vendors “are in direct contact with Microsoft,” she added, and “have received commitments from Microsoft regarding software support.” She did not say whether Microsoft had promised free updates for these products; the company plans to charge everyone else for continued Windows 7 support.Full Article: Exclusive: EAC plans Windows 7 confab - POLITICO.
National: Microsoft Data Shows Hackers Still Targeting U.S. Elections | Alyza Sebenius and Kartikay Mehrotra/Bloomberg
State-backed hackers have attempted to infiltrate targets related to U.S. elections more than 700 times in the past year, furthering concerns about potential meddling in upcoming races, according to a blog posted Wednesday by Microsoft Corp. The hackers responsible are mostly from Russia and North Korea, said Tom Burt, Microsoft’s vice president for customer security & trust, in an interview. The company has counted nearly 10,000 hacks globally stemming from state-sponsored attacks in the past year. Of those, 781 have been to democracy-focused organizations, particularly non-governmental organizations and think tanks, and nearly all of those attacks, 95 %, are against U.S.-based organizations. “We have uncovered attacks specifically targeting organizations that are fundamental to democracy,” Burt wrote. “Democracy-focused organizations in the United States should be particularly concerned.” The attacks on democratic institutions are a likely precursor to hacking attempts on campaigns and election systems ahead of the 2020 presidential elections, according to the blog. However, the North Korea-based hackers may be conducting espionage on issues of special interest like nuclear disarmament, rather than seeking to hack elections, Burt said in the interview.Full Article: Microsoft Data Shows Hackers Still Targeting U.S. Elections - Bloomberg.
National: Top Democrat demands answers on election equipment vulnerabilities | Maggie Miller/TheHill
Sen. Ron Wyden (D-Ore.) is demanding answers from the Election Assistance Commission (EAC) as to how the federal agency plans to secure election equipment amid reports that most machines depend on software that will soon be out-of-date and vulnerable to cyber attacks. In a letter dated July 12 that was released on Monday, Wyden asked EAC Chairwoman Christy McCormick how the agency plans to address this “looming cybersecurity crisis.” “Intelligence officials have made it clear that Russian hackers targeted our elections in 2016, and that they expect similar threats in 2020,” Wyden wrote. “The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers. This is unacceptable.” The Associated Press recently reported that the majority of U.S. counties use election management systems that run on Windows 7, an outdated operating system that Microsoft will stop updating in January. The systems are responsible for programming voting machines and tallying votes. Wyden focused his questions on whether products created by Election Systems and Software (ES&S), one of the major U.S. voting equipment manufacturers, would be decertified by the EAC prior to the 2020 elections. According to EAC documentation, the equipment uses Windows 7. Wyden gave McCormick a July 26 deadline to respond to his questions.Full Article: Top Democrat demands answers on election equipment vulnerabilities | TheHill.
Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines, even as the tech giant said it had tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.” The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post. Its announcement was timed to coincide with the Aspen Security Forum, an annual conference of current and former intelligence, defense and homeland security officials that kicks off Wednesday in Aspen, Colorado — co-sponsored by Microsoft and others. NBC News is a media partner of the forum. Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft’s move signals that voting systems, long a technology backwater, are finally receiving attention from the county’s leading technical minds.Full Article: Microsoft will give away software to guard U.S. voting machines.
Microsoft has announced an ambitious effort to make voting secure, verifiable and subject to reliable audits by registering ballots in encrypted form so they can be accurately and independently tracked long after they are cast. Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their voting systems. The software is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA. Dubbed “ElectionGuard,” it will be available this summer, Microsoft says, with early prototypes ready to pilot for next year’s U.S. general elections. CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle, saying the software development kit would help “modernize all of the election infrastructure everywhere in the world.” Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems. Open-source software is inherently more secure because the underlying code is easily scrutinized by outside experts but has been shunned by the dominant vendors whose customers — the nation’s 10,000 election jurisdictions — are mostly strapped for cash. None offered bids when Travis County, Texas, home to Austin, sought to build a system with the “end-to-end” verification attributes that ElectionGuard promises to deliver. Two of the leading vendors, Election Systems & Software of Omaha, Nebraska, and Hart InterCivic of Austin, Texas, both expressed interest in partnering with Microsoft for ElectionGuard. A spokeswoman for a third vendor, Dominion Voting Systems of Denver, said the company looks forward to “learning more” about the initiative.Full Article: Microsoft offers software tools to secure elections.
National: Facebook and Microsoft briefed state officials on election security efforts today | TechCrunch
So much for summer Fridays. Yesterday, BuzzFeed reported that a dozen tech companies, including Facebook, Google, Microsoft and Snapchat, would meet at Twitter headquarters on Friday to discuss election security. For two of them, that wasn’t the only meeting in the books. In what appears to be a separate event on Friday, Facebook and Microsoft also met with the Department of Homeland Security, the FBI and two bodies of state election officials, the National Association of State Election Directors (NASED) and the National Association of Secretaries of State (NASS), about their election security efforts.Full Article: Facebook and Microsoft briefed state officials on election security efforts today | TechCrunch.
Microsoft says it has uncovered new Russian hacking attempts targeting US political groups before the midterm elections. The company said a group linked to the Russian government created fake internet domains that appeared to spoof two US conservative organisations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the Senate. Microsoft did not offer any further description of the fake sites. The revelation came just weeks after a similar Microsoft discovery led the senator Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.Full Article: Russian hackers targeting more US political groups, Microsoft says | US news | The Guardian.
Despite rumors on Twitter to the contrary, by almost all accounts the Microsoft app used to tally unverified caucus votes in Iowa worked exactly as it was supposed to. What broke were the web sites where Republicans and Democrats posted close to real-time information about those votes, which at times crashed under the crush of people eager for news of their candidates. That didn’t surprise Douglas W. Jones, the recording secretary for the Democratic caucus, precinct 4 in Iowa City, Iowa. “In the modern, media-driven world, we’re desperate for results,” he said. His son Nathaniel Douglas, 32, send their caucus results in to the county Democratic party using the app built by Microsoft for the purpose, which he said “worked as advertised.” In precincts where workers didn’t have smart phones, the older updating system of calling in and pressing buttons on a touch-tone phone after inputting a PIN for security was used. “Both systems worked fine,” Douglas said. … At their heart, they are a way for Iowa voters to chose delegates to county, district and state political conventions who will then go on to chose their candidate. That process is heavily scrutinized and has very reliable and very old security baked into it — “it all happens on paper, which we’ve been using for elections going back to Roman times,” said Jones, who is also a professor of computer science at the University of Iowa and an expert on online voting systems.Full Article: Iowa caucus vote tallying system worked perfectly.
Microsoft volunteered to provide the technology to help tally up the results of Iowa’s caucus, free of charge. Now it will be put to the test Monday night. The contests in both parties are expected to go down to the wire. And the spotlight will be on precinct officials who have been trained on a new Microsoft app, which is meant to cut down on human error and speed up the reporting process. Both the Republican and Democratic parties in Iowa have expressed strong confidence in Microsoft, dismissing late suspicion of corporate influence from the campaign of Sen. Bernie Sanders (I-Vt.) early last week. Party officials have said no errors have been spotted in caucus dry runs. But the Sanders campaign has created its own backup reporting system, as has the Hillary Clinton campaign. “It will be interesting to see what happens if and when there are discrepancies between the Microsoft system and either Democratic or Republican campaign tabulations,” Iowa State University professor Mack Shelley said.Full Article: Microsoft on the hot seat in Iowa | TheHill.
The campaign of Democratic presidential candidate Bernie Sanders is raising questions about the involvement of Microsoft in the Iowa Caucuses, now just days away, and has built an independent system to check the official results. For the first time this year, Microsoft partnered with the Iowa Democratic and Republican Parties to provide a technology platform with which the parties will run their caucuses. The software giant created separate mobile apps for each party, which officials at hundreds of caucuses across the state will use to report out results from individual precincts to party headquarters for tabulation. The arrangement has aroused the suspicions of aides to Sanders, who regularly warn that corporate power and the billionaire class are trying to hijack democracy. Pete D’Alessandro, who is running the Iowa portion of Sanders’ campaign, questioned the motives of the major multinational corporation in an interview with MSNBC: “You’d have to ask yourself why they’d want to give something like that away for free.” The Sanders campaign has built their own reporting system to check the results from the official Microsoft-backed app. It has trained its precinct captain on using the app, which is designed to be as user friendly as possible, and the campaign will also staff a hotline system as further redundancy.Full Article: Sanders camp suspicious of Microsoft's influence in Iowa Caucus | MSNBC.
People bank online and do their taxes online. But not many vote online. On Monday, Microsoft co-founder Paul Allen‘s venture-capital fund said it was betting that online voting will win over skeptics worried about security and gradually become the norm for elections world-wide. Vulcan Capital’s growth equity fund, based in Palo Alto, Calif., said it will invest $40 million in Scytl, a digital voting services company based in Barcelona with customers in more than 30 countries, including Canada, Mexico and Australia. Scytl, founded in 2001, sells a range of services aimed at modernizing elections, from training poll workers and registering voters to hosting elections online and counting votes. Scytl has previously received investments from Balderton Capital, Nauta Capital and Spinnaker SCR.Full Article: Microsoft Co-Founder Allen Bets on Online Voting; Funds Scytl - Digits - WSJ.
Editorials: Internet voting advocates ignorant of software, says computer scientist Barbara Simons | FierceGovernmentIT
Advocates of Internet voting typically form their opinions without real knowledge of how software works, said Barbara Simons, a computer scientist and board member of VerifiedVoting.org. She gave an Aug. 8 talk to the research division of Microsoft; the company posted a webcast of her presentation online. “They don’t understand why when we say you can’t find all the software bugs, you can’t,” Simons said. An analogous public policy example of how software can permit inadvertent flaws that enable later malicious exploitation is the U.S. tax code, she said. Congress periodically approves well-intentioned updates to that complex system which, once implemented, “turn out to benefit a single company in ways that have not been anticipated before the update,” she said.Full Article: Internet voting advocates ignorant of software, says Simons - FierceGovernmentIT.
Washington: State partners with Microsoft and Facebook – voter registration app set to launch soon | electionlineWeekly
Now, in addition to letting all their friends know about what they had for dinner last night, or their political views, what they are listening to on Spotify, or their relationship status, Facebook users in Washington State will soon be able to let all their friends know that they are registered to vote. The Washington Secretary of State’s Office has teamed up with Microsoft and Facebook to offer citizens in Washington a first-in-the-nation opportunity to register to vote via the social networking site. “Our estimate [through Pew’s Electronic Registration Information Center] is that we have potentially two million eligible, but unregistered voters,” said Dave Ammons, spokesman for the secretary of state’s office. “The Facebook app is a marvelous way to prompt people onto our MyVote site for both registration and updates, as well as our voter vault of customized information.” Ammons noted that the state has had online registration since 2008 and that it is quite popular, especially with the Millennials. About a third of the state’s registration traffic is online.Full Article: electionlineWeekly.
Tech giant Microsoft says it has detected more than 740 infiltration attempts by nation-state actors in the past year targeting U.S.-based political parties, campaigns and other democracy-focused organizations including think tanks and other nonprofits. However a company spokeswoman would not name or further characterize the targets. All of them subscribe to Microsoft’s year-old AccountGuard service, which provides free cyberthreat detection to candidates, campaigns and other mostly election-related groups. Microsoft did not say how many infiltration attempts were successful but noted in a blog post Wednesday that such targeting similarly occurred in the early stages of the 2016 and 2018 elections. “Cyberattacks continue to be a significant tool and weapon wielded in cyberspace,” Microsoft said. “In some instances, those attacks appear to be related to ongoing efforts to attack the democratic process. A year ago, Microsoft said it had detected attempts to infiltrate the networks of U.S. senatorial candidates and think tanks. “As we head into the 2020 elections, given both the broad reliance on cyberattacks by nation-states and the use of cyberattacks to specifically target democratic processes, we anticipate that we will see attacks targeting U.S. election systems, political campaigns or NGOs that work closely with campaigns,” Microsoft said.Full Article: Microsoft finds more election related cyber crimes in Russia and Iran.