State Rep. Kathleen Clyde, a Democratic candidate for Ohio secretary of state, said Wednesday she’s preparing to introduce a pair of bills designed to safeguard the state’s elections against cyberattacks. Clyde spoke about the bills at the Ohio Association of Elections Officials annual conference in Columbus. She was motivated to draft the legislation after it was reported that Russia attempted to interfere in the presidential election in 2016. “Many believe that this problem will only continue and we need to make sure that we are preparing for any attempts to hack our voting systems,” Clyde said in a phone interview prior to the conference. Unless Clyde is able to get Republican sponsors, her bill is unlikely to get through the GOP-dominated Ohio state legislature.
Editorials: Decertifying Virginia’s vulnerable voting machines is just the first step | Fredericksburg Free Lance Star
The Virginia State Board of Elections has belatedly decided that all electronic touchscreen voting machines still in use throughout the commonwealth cannot be used for the Nov. 7 general election because they are vulnerable to hacking, even though they are not connected to the internet. This revelation is not new. For more than a decade, computer scientists at Princeton, Johns Hopkins, and other top universities have demonstrated that hackers can surreptitiously change votes on these machines without leaving a trace. In 2005, Finnish computer programmer Harri Hursti successfully hacked into Diebold voting machines that were in a locked warehouse in Leon County, Fla., under the watchful eyes of elections officials, a feat still referred to today as the Hursti Hack. But it took another demonstration of successful hacking at the DEFcon cybersecurity conference in Las Vegas this summer to finally convince board members that they needed to immediately decertify all touchscreen voting machines still in use in Virginia. Better late than never, as the old saying goes, but that left 22 cities and counties that still use them to tabulate election results in the lurch. Decertification should have happened years ago.
Amid national news reports about potential election-hacking by Russia — and a machine ballot miscount in North Kingstown last year — state lawmakers have added audits of vote tallies to their special-session agenda. At a rare Friday afternoon meeting in September, the House Judiciary Committee is also scheduled to vote on a criminal-sentencing overhaul that stalled out in the 2016 legislative session, and then got caught up in end-of-session chaos this past June. … That was expected. But the committee will also likely approve — and send along to the full House for action at Tuesday’s special session — a bill requiring post-election audits to make sure that the state’s voting machines — which are actually optical scanners — got the winners and losers right. The Senate has already passed a version of the bill, sponsored by Sen. James Sheehan. But that bill — and a matching House version with Republican and Democrat-sponsors — had not made it all the way when the regular session ended abruptly in June.
To stop cyberattacks on voting, America should follow the state’s lead on paper ballots. There’s no evidence that hacking impacted the 2016 elections. But there’s growing evidence that elections in 2018 and 2020 could be at risk. The threat could come from North Korea, Iran, or any of a host of foreign adversaries. The challenges are getting clearer. In August, Chicago’s Board of Elections reported that sensitive information about the city’s 1.8 million registered voters was left exposed online for an unknown period. Earlier in the summer, the Department of Homeland Security confirmed that foreign agents targeted voting systems in 21 states in the last election. Other news reports found that hackers successfully compromised election technology vendors who program voting systems. In the fight to secure America’s voting systems, Alabama is already employing the most crucial defensive weapon: paper ballots. The transparency and simplicity of the state’s system is tough to hack and relatively easy to verify. To guard against a foreign attack on our nation’s election systems, we need action to ensure others follow Alabama’s example.
The Sedgwick County Commission is seeking state approval to do voting machine audits regularly. The commission is working to get legislation passed in 2018 that will allow audits of election results. Currently, the state of Kansas does not allow a review of ballots, except as it relates to specific election challenges. Lawmakers failed to pass a bill on election audits last year. Commissioner Jim Howell says there is broad support for the legislation for the upcoming 2018 session. He says Sedgwick County’s new voting machines are designed for audits. “We would like to do random sample auditing across our county, and that would add a lot of transparency and a lot of confidence in our election process, and right now we don’t have that,” Howell says.
On the second day of early voting in the November election, Jacob Montoya cast a ballot at the Hays County Government Center. He was a San Marcos mayoral candidate and eager to cast his ballot in that race and other local contests. But his vote ultimately went uncounted, one of 1,816 votes stored on a memory card that was misplaced and discovered weeks after Election Day on Nov. 6. “Do you think the younger generation is going to vote after something like this?” Montoya said. “My vote didn’t matter. First of all, they didn’t count it, and then when they did find it, they didn’t count it anyway.” … The confusion regarding the November election has led many Hays County residents to call for the use of paper ballots, which advocates say could give voters peace of mind that their vote has been accurately recorded.
You did your civic duty. You voted. You may even get a red, white and blue sticker to wear proudly on your T-shirt. But are you sure your vote will be counted — and counted properly? If your state uses computers for voting or counting results, there’s a chance it may not, experts say. “We know that computers can have some bugs or even cleverly-hidden malicious code called malware,” said Barbara Simons, president of Verified Voting, a non-profit, nonpartisan group encouraging secure and accurate elections. “As we learned in 2016, we also have to worry about the possibility of computers and voting systems being hacked,” she added. But if you live in Colorado, you’ll now have a better chance of finding out if your vote fell victim to a glitch or a hack.
States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”
The state of Colorado is moving to audit future digital election results, hiring a Portland-based startup to develop software to help ensure that electronic vote tallies are accurate. The startup Free & Fair announced on Monday that it had been selected by the state to develop a software system for state and local election officials to conduct what are called “risk-limiting audits.” A risk-limiting audit, or RLA, is a method that checks election outcomes by comparing a random sample of paper ballots to the accompanying digital versions. The development comes amid deepening fears on Capitol Hill about the possibility of foreign interference in future elections, following Russia’s use of cyberattacks and disinformation to influence the 2016 presidential election. According to the U.S. intelligence community, Moscow’s efforts also included targeting state and local election systems.
Russia’s meddling in the 2016 election may not have altered the outcome of any races, but it showed that America’s voting system is far more vulnerable to attack than most people realized. Whether the attackers are hostile nations like Russia (which could well try it again even though President Trump has raised the issue with President Vladimir Putin of Russia) or hostile groups like ISIS, the threat is very real. The question is this: Can the system be strengthened against cyberattacks in time for the 2018 midterms and the 2020 presidential race? The answer, encouragingly, is that there are concrete steps state and local governments can take right now to improve the security and integrity of their elections. A new study by the Brennan Center for Justice identifies two critical pieces of election infrastructure — aging voting machines and voter registration databases relying on outdated software — that present appealing targets for hackers and yet can be shored up at a reasonable cost. … The report identifies three immediate steps states and localities can take to counter the threat.