Bartow County election officials released a report Thursday from a voluntary audit confirming the results of Georgia’s Jan. 5 Senate runoffs. The audit found an 89-vote discrepancy from the original tally, a 0.2% difference, which Bartow election supervisor Joseph Kirk attributed to human error in the counting process. Candidates can request a recount in Georgia if the margin of victory is less than half a percent – Sen. Jon Ossoff won his race by 1.2%, and Sen. Raphael Warnock won by 2%. Even though the Senate races were close, neither was close enough to require a recount, but in the report, Kirk said they decided to perform the audit to discredit the “mountain of misinformation” that was spread leading up to the election. In particular, Kirk was trying to dispel rumors that the Dominion voting machines used for the first time this election cycle were subject to hacking or malfunction. “Rather than engage in speculation on whether or not the system changed votes after they were cast (it didn’t) or whether it was connected to the internet (it wasn’t), we choose to respond with the simple fact that we know every voter’s vote was accurately counted in Bartow County because we checked – one ballot at a time,” Kirk wrote in the report. Party monitors were present to observe the audit, and the monitors chose which of the Senate races was going to be audited by flipping a coin.
Michigan Secretary of State Benson to audit results of state, 200 jurisdictions including Wayne, Antrim counties | Beth LeBlanc/The Detroit News
The Michigan Bureau of Elections will conduct a raft of audits in the coming weeks, including reviews at the state level, in Antrim and Wayne counties, and in 200 other jurisdictions. The undertaking is the “most comprehensive post-election audits of any election in state history,” the bureau said Wednesday. The preliminary plans come after more than a month of lawsuits, press conferences, committee hearings and protests questioning Michigan’s election results, which placed President-elect Joe Biden 154,000 votes ahead of President Donald Trump. Post-election audits are common, but those announced Wednesday by Secretary of State Jocelyn Benson are more than have ever been conducted before in an effort to demonstrate “the integrity of our election.” “Clerks across the state carried out an extremely successful election amidst the challenges created by record-breaking turnout and more than double the absentee ballots ever before cast in our state, a global pandemic and the failure of the Michigan Legislature to provide more than 10 hours for pre-processing of absentee ballots,” Benson said in a statement.
As local officials across the country scramble to hack-proof their voting systems ahead of the midterm elections, there’s one state that is paving the way as a leader in election security. Colorado has done virtually everything election experts recommend states do to stave off a repeat of 2016, when Russian hackers targeted 21 states as part of the Russian government’s massive election interference campaign. The state records every vote on a paper ballot. It conducts rigorous post-election audits favored by voting researchers. Nearly every county is equipped with up-to-date voting machines. Election officials take part in security trainings and IT workers test computer networks for weaknesses. Secretary of State Wayne Williams told me the state benefited from having some of those measures in place before 2016. Once the extent of Russia’s digital campaign in the presidential election became clear, he made it a priority to invest more in them, he said. “If people perceive a risk, they’re less likely to participate in voting,” Williams said. “We want to protect people from that threat, and we want to people to perceive that they are protected from that threat.”
New measures to bolster security for Michigan’s 2018 midterm elections were announced this month, but experts said they don’t address all past gripes with state procedures. During this year’s May election and November general election, Michigan will hand-count ballots for all precincts selected in the post-election audit, secretary of state spokesman Fred Woodhams said. The state currently uses paper ballots that are scanned through optical voting machines. Past elections’ audits required reviewing voting machine equipment as well as procedural compliance of poll workers, he said, but did not entail recounting paper ballots. … But the reforms don’t fully reassure Alex Halderman, a professor of computer science and engineering at the University of Michigan. He noted that under Michigan procedure, post-election audits occur after the results are already certified, rendering the practice moot when it comes to disputing a race outcome.
Media Release: Senate Intelligence Committee’s Recommendations Outline Urgent Need for Paper Ballots, Post-Election Audits
Marian K. Schneider: “The recommendations…make the case that states need immediate federal support to build a stronger defense.” (March 21 2018) — The Senate Select Committee on Intelligence released a report today about Russian targeting of election infrastructure during the 2016 election. Read the full set of recommendations here. The following is a statement from…
Media Release: Pennsylvania Special Election Underscores Urgent Need for Voter-Verifiable Paper Systems to Check Computer-Generated Votes
Marian K. Schneider: “All races should be audited – whether they are close or not.” The following is a statement from Marian K. Schneider, president of Verified Voting, formerly Deputy Secretary for Elections and Administration in the Pennsylvania Department of State, about Tuesday’s special election in Pennsylvania’s 18th Congressional District. For additional media inquires, please…
Russian hackers poked and prodded voting systems throughout the country during the election of 2016, failing to change votes or alter registration rolls but succeeding in pointing out where the United States is vulnerable. In just a few months, they’ll almost certainly be back again, and if not the Russians, then any one of a…
Editorials: Vote auditing can ensure integrity of Virginia’s elections | Audrey Malagon/Virginian-Pilot
It’s time for better quality control in our election processes. Virginia’s 94th District in the House of Delegates drew names after disputes over a single ballot’s validity. In the 28th District, many voters were told to vote in the wrong district. A single district can determine party control of the House, affecting health care, taxes and education. Yet how can we be sure the ballots we cast are even read and counted correctly? Mathematics makes checking the integrity of our elections simple and inexpensive, and Virginia should do this more often. My grandmother worked in a syringe factory in my hometown. Her supervisor used to pull a few syringes off the line and inspect them. He didn’t check every syringe, but if the ones he randomly checked looked OK, he was confident that the products going out were the right quality. This idea of random checking isn’t just for factories; we rely on it to make sure smoke detectors will save us in a fire and restaurants won’t make us sick.
State Rep. Kathleen Clyde, a Democratic candidate for Ohio secretary of state, said Wednesday she’s preparing to introduce a pair of bills designed to safeguard the state’s elections against cyberattacks. Clyde spoke about the bills at the Ohio Association of Elections Officials annual conference in Columbus. She was motivated to draft the legislation after it was reported that Russia attempted to interfere in the presidential election in 2016. “Many believe that this problem will only continue and we need to make sure that we are preparing for any attempts to hack our voting systems,” Clyde said in a phone interview prior to the conference. Unless Clyde is able to get Republican sponsors, her bill is unlikely to get through the GOP-dominated Ohio state legislature.
Editorials: Decertifying Virginia’s vulnerable voting machines is just the first step | Fredericksburg Free Lance Star
The Virginia State Board of Elections has belatedly decided that all electronic touchscreen voting machines still in use throughout the commonwealth cannot be used for the Nov. 7 general election because they are vulnerable to hacking, even though they are not connected to the internet. This revelation is not new. For more than a decade, computer scientists at Princeton, Johns Hopkins, and other top universities have demonstrated that hackers can surreptitiously change votes on these machines without leaving a trace. In 2005, Finnish computer programmer Harri Hursti successfully hacked into Diebold voting machines that were in a locked warehouse in Leon County, Fla., under the watchful eyes of elections officials, a feat still referred to today as the Hursti Hack. But it took another demonstration of successful hacking at the DEFcon cybersecurity conference in Las Vegas this summer to finally convince board members that they needed to immediately decertify all touchscreen voting machines still in use in Virginia. Better late than never, as the old saying goes, but that left 22 cities and counties that still use them to tabulate election results in the lurch. Decertification should have happened years ago.
Amid national news reports about potential election-hacking by Russia — and a machine ballot miscount in North Kingstown last year — state lawmakers have added audits of vote tallies to their special-session agenda. At a rare Friday afternoon meeting in September, the House Judiciary Committee is also scheduled to vote on a criminal-sentencing overhaul that stalled out in the 2016 legislative session, and then got caught up in end-of-session chaos this past June. … That was expected. But the committee will also likely approve — and send along to the full House for action at Tuesday’s special session — a bill requiring post-election audits to make sure that the state’s voting machines — which are actually optical scanners — got the winners and losers right. The Senate has already passed a version of the bill, sponsored by Sen. James Sheehan. But that bill — and a matching House version with Republican and Democrat-sponsors — had not made it all the way when the regular session ended abruptly in June.
To stop cyberattacks on voting, America should follow the state’s lead on paper ballots
There’s no evidence that hacking impacted the 2016 elections. But there’s growing evidence that elections in 2018 and 2020 could be at risk. The threat could come from North Korea, Iran, or any of a host of foreign adversaries. The challenges are getting clearer. In August, Chicago’s Board of Elections reported that sensitive information about the city’s 1.8 million registered voters was left exposed online for an unknown period. Earlier in the summer, the Department of Homeland Security confirmed that foreign agents targeted voting systems in 21 states in the last election. Other news reports found that hackers successfully compromised election technology vendors who program voting systems. In the fight to secure America’s voting systems, Alabama is already employing the most crucial defensive weapon: paper ballots. The transparency and simplicity of the state’s system is tough to hack and relatively easy to verify. To guard against a foreign attack on our nation’s election systems, we need action to ensure others follow Alabama’s example.
The Sedgwick County Commission is seeking state approval to do voting machine audits regularly. The commission is working to get legislation passed in 2018 that will allow audits of election results. Currently, the state of Kansas does not allow a review of ballots, except as it relates to specific election challenges. Lawmakers failed to pass a bill on election audits last year. Commissioner Jim Howell says there is broad support for the legislation for the upcoming 2018 session. He says Sedgwick County’s new voting machines are designed for audits. “We would like to do random sample auditing across our county, and that would add a lot of transparency and a lot of confidence in our election process, and right now we don’t have that,” Howell says.
On the second day of early voting in the November election, Jacob Montoya cast a ballot at the Hays County Government Center. He was a San Marcos mayoral candidate and eager to cast his ballot in that race and other local contests. But his vote ultimately went uncounted, one of 1,816 votes stored on a memory card that was misplaced and discovered weeks after Election Day on Nov. 6. “Do you think the younger generation is going to vote after something like this?” Montoya said. “My vote didn’t matter. First of all, they didn’t count it, and then when they did find it, they didn’t count it anyway.” … The confusion regarding the November election has led many Hays County residents to call for the use of paper ballots, which advocates say could give voters peace of mind that their vote has been accurately recorded.
You did your civic duty. You voted. You may even get a red, white and blue sticker to wear proudly on your T-shirt. But are you sure your vote will be counted — and counted properly? If your state uses computers for voting or counting results, there’s a chance it may not, experts say. “We know that computers can have some bugs or even cleverly-hidden malicious code called malware,” said Barbara Simons, president of Verified Voting, a non-profit, nonpartisan group encouraging secure and accurate elections. “As we learned in 2016, we also have to worry about the possibility of computers and voting systems being hacked,” she added. But if you live in Colorado, you’ll now have a better chance of finding out if your vote fell victim to a glitch or a hack.
States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”
The state of Colorado is moving to audit future digital election results, hiring a Portland-based startup to develop software to help ensure that electronic vote tallies are accurate. The startup Free & Fair announced on Monday that it had been selected by the state to develop a software system for state and local election officials to conduct what are called “risk-limiting audits.” A risk-limiting audit, or RLA, is a method that checks election outcomes by comparing a random sample of paper ballots to the accompanying digital versions. The development comes amid deepening fears on Capitol Hill about the possibility of foreign interference in future elections, following Russia’s use of cyberattacks and disinformation to influence the 2016 presidential election. According to the U.S. intelligence community, Moscow’s efforts also included targeting state and local election systems.
Russia’s meddling in the 2016 election may not have altered the outcome of any races, but it showed that America’s voting system is far more vulnerable to attack than most people realized. Whether the attackers are hostile nations like Russia (which could well try it again even though President Trump has raised the issue with President Vladimir Putin of Russia) or hostile groups like ISIS, the threat is very real. The question is this: Can the system be strengthened against cyberattacks in time for the 2018 midterms and the 2020 presidential race? The answer, encouragingly, is that there are concrete steps state and local governments can take right now to improve the security and integrity of their elections. A new study by the Brennan Center for Justice identifies two critical pieces of election infrastructure — aging voting machines and voter registration databases relying on outdated software — that present appealing targets for hackers and yet can be shored up at a reasonable cost. … The report identifies three immediate steps states and localities can take to counter the threat.
The FBI, NSA and CIA all agree that the Russian government tried to influence the 2016 presidential election by hacking candidates and political parties and leaking the documents they gathered. That’s disturbing. But they could have done even worse. It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief.
A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election. Halderman et al. have hacked a lot of voting machines, and there are videos to prove it. I believe him.
Halderman isn’t going to steal an election, but a foreign nation might be tempted to do so. It needn’t be a superpower like Russia or China. Even a medium-size country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet; bribing employees of election offices and voting-machine vendors; or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices.
Editorials: Peace of Mind for a Tumultuous Election: Paper Trails and Risk-Limiting Audits | Arlene Ash and Mary Batcher/Huffington Post
With increasingly heated allegations of “rigged elections,” things have probably not gotten better since a September 29 poll concluded that “more than 15 million voters may stay home on Election Day” over concerns about cyber-security. Equally problematic would be doubts about who won following November 8. A vibrant democracy requires trusted elections. Paper validation of ballots cast and meaningful audits of those ballots are important – and neglected – tools for bolstering trust. As statisticians working in healthcare and business, we frequently help researchers, patients, and business executives think about the probability and severity of potential risks. Based on the news coverage it receives, you might think that the problem of people who are not entitled to vote showing up at polling places is rampant. It is not. A comprehensive study of all American elections between 2000 and 2014 identified only 31 possible cases out of a billion votes cast. That is, only 0.000003 percent of votes might have been due to the kind of fraud that Voter ID laws could possibly prevent! In contrast, electoral malpractice, intentional or not – including confusing ballot designs, computer security breaches and malfunctions, long lines, partisan administration, misleading information about where and how to vote, poorly maintained voting lists, and overly aggressive voter list purges – plague every American election.
Standardizing voter registration processes, voting machines and vote tabulation is the key to eliminating most vulnerabilities plaguing U.S. elections, according to several cybersecurity experts. These standardizations would embed security, enable backups and eliminate many backdoors through which hackers and vote fraudsters currently can warp the results of an election. While voting is administered at the state and local levels, these remedies would need to be applied nationwide. The current web of diverse processes may increase the difficulty for wide-scale election tampering, but they also ensure that achieving security is too broad a challenge for any single remedy to be applied. This diversity also virtually ensures that some location will have a vulnerability that, if exploited effectively, could cast doubt on a nationwide election result. … Auditing capabilities are important, says Ron Bandes, network security analyst in the CERT division of the Software Engineering Institute of Carnegie Mellon University. He also is president of VoteAllegheny, a nonpartisan election integrity organization.
With the Democratic National Committee cyberattack far more widespread than originally thought, fears of foreign power using cyber-espionage to influence this November’s election are growing, and real. It’s also prompted concern that hackers may shift focus to an even more vulnerable target: your vote. Voters in 43 states will cast their ballot for the next president using aging electronic voting machines, many now ten years old with dated software lacking proper security. Despite machine manufacturers’ repeated claims of their integrity, high-profile studies have shown hackers can alter vote tallies on these notoriously-penetrable machines within minutes. Tactics available to hackers are numerous and growing: A distributed denial-of-service (DDoS) attack would disable voting machines or the back-end servers, preventing voters from participating in the election. Deleted voting records ahead of Election Day would expunge names from the registered voter rolls. And malware could be used to “steal” an election by tampering with voting machine hardware or software.
National: There’s work to be done to make US elections secure — and it has nothing to do with voter ID | Public Radio International
Recently, Homeland Security Secretary Jeh Johnson said the government was considering classifying voting systems part of the nation’s “critical infrastructure,” a designation currently held by systems such as the electric grid and banking networks. The announcement comes on the heels of reports of a vast infiltration of Democratic Party servers. “Everything we know about voting machines — electronic ones, computerized ones, is they’re not very secure,” says tech security expert Bruce Schneier. “They are not tested, they are not designed rigorously and in many cases there’s no way to detect or recover from fraud. So there really is a disaster waiting to happen.” Aviel Rubin, a professor of computer science at the Johns Hopkins University, agrees. “Unfortunately, I think the thing that’s improved the most in the last 10 years is the sophistication of the hackers and the number of incidents that we see that are occurring daily. If you look at the news you see that ransomware is becoming pretty common,” Rubin says. “The big change that I’ve seen has been just how sophisticated the hackers are today. And they’re sponsored by countries like Russia and China, which is a much more formidable adversary than we had in the past.”
This week, GOP presidential candidate Donald Trump openly speculated that this election would be “rigged.” Last month, Russia decided to take an active role in our election. There’s no basis for questioning the results of a vote that’s still months away. But the interference and aspersions do merit a fresh look at the woeful state of our outdated, insecure electronic voting machines. We’ve previously discussed the sad state of electronic voting machines in America, but it’s worth a closer look as we approach election day itself, and within the context of increased cyber-hostilities between the US and Russia. Besides, by now states have had plenty of warning since a damning report by the Brennan Center for Justice about our voting machine vulnerabilities came out last September. Surely matters must have improved since then. Well, not exactly. In fact, not really at all. … So electronic voting machines aren’t ideal. The good news is, it’s entirely possible to mitigate any potential harm they might cause, either by malice or mistake. First, it’s important to realize that electronic voting machines aren’t as commonplace as one might assume. Three-quarters of the country will vote on a paper ballot this fall, says Pamela Smith, president of Verified Voting, a group that promotes best practices at the polls. Only five states—Delaware, Georgia, Louisiana, South Carolina, and New Jersey—use “direct recording electronic” (DRE) machines exclusively. But lots of other states use electronic machines in some capacity. Verified Voting also has a handy map of who votes using what equipment, which lets you drill down both to specific counties and machine brands, so you can see what’s in use at your polling station.
Kansas: Kris Kobach proposes voting-machine audits, files new voter fraud cases | The Kansas City Star
Kansas Secretary of State Kris Kobach on Monday unveiled a plan that would require counties to perform audits of voting equipment for all elections starting in 2017. The proposal would provide for a percentage of precincts or districts to be manually audited after election day election day and before the vote is certified by county officials. Kobach presented his bill to the House Elections Committee, calling it a “robust” plan that would allow for a broader audit if discrepancies were found. “It goes well beyond what most states do,” Kobach said. Kobach had come under fire when he turned down requests from Beth Clarkson, a Wichita State University statistician, to review Sedgwick County voting machine tapes from 2014. Clarkson said she had identified anomalies in election results.
That’s because a new law will help enhance the voting process, state officials said on Wednesday after the General Assembly passed a Senate Bill: “An Act Strengthening Connecticut Elections.” Secretary of the State Denise Merrill joined the Registrars of Voters Association of Connecticut in praising Governor Dannel P. Malloy’s signing the bill into law. Officials said the law will establish qualification standards and certification for all Registrars of Voters. It will also establish qualification standards and certification for Registrars, require training and remove Registrars from office if they are found to be “in extreme cases of negligence or dereliction of duty,” according to a press release.
When auditing town expense accounts, would it make sense to exempt some departments? When inspecting trucks, would it make sense to exempt school buses? When inspecting restaurants, would it make sense to exempt diners? Any exemption is an opening for errors to go undetected and an opportunity for fraud. Equally it doesn’t make sense that the Connecticut’s post-election audit law exempts all votes on questions, election day registration, originally hand-counted ballots and absentee ballots from our post-election audit. Election integrity and public confidence demand that all ballots be subject to random selection for audit. Exempt ballots already determine many elections, while the number and percentage of exempt ballots is growing. Currently about 9 percent of ballots are absentee ballots, many elections and primaries are decided by much lower margins than 9 percent. If the State enacts early voting, following other states those numbers will almost certainly rise to over 30 percent within a few years. Compare that to the race for governor in 2010, which was officially decided by about 0.6 percent—more than triple the 2000 vote margin necessary for a recanvass. Since Connecticut recently initiated Election Day registration, we can anticipate those votes to reach 10 percent of votes in a few years, which will further add to the totals exempt from the audit.
The average voter who cast a ballot on Election Day in 2012 had to wait in line for three minutes less than he or she would have in 2008, while fewer people with disabilities or illnesses had problems voting, according to a new report measuring election administration procedures across the country. The report, published Tuesday by the Pew Charitable Trust’s State and Consumer Initiatives program, found a sharp increase in the number of states that offered online voter registration, the number of states conducting post-election audits and the number of states that offer a transparent look at the data they collect. Overall, the Pew researchers found, states that improved the most year over year embraced technological reforms that made the process function more smoothly, from evaluating absentee and provisional ballots to hurrying people through lines and judging their own effectiveness in order to spotlight areas for improvement.
In 2004, Verified Voting began working to make U.S. voting systems more secure. The organization sprang from the energy created when founder David Dill issued the Resolution on Electronic Voting, which today has 10,000+ endorsers including top computer security experts and elected officials. Dill was subsequently appointed to the California Ad Hoc Task Force on Touch Screen Voting by then-Secretary of State Kevin Shelley (now a Verified Voting Board member). Click here to read Dave and Kevin’s look back at the origin of their relationship… What a difference a decade makes! At the time, fewer than one-sixth of the states had a requirement for voters to be able to verify their vote on a paper record or ballot: today, nearly three-fourths do. Yet, this November, sixteen states will use voting systems that do not provide an independent means of verifying individual votes, and nearly half the states will not conduct post-election audits to verify the accuracy of election results.
On Monday, the Connecticut Citizen Election Audit released its report on the November 2013 post-election audits. Coalition spokesperson Luther Weeks noted, “When compared with audits in 2011 and 2012 we found little difference, positive or negative, on the issues previously identified and the level of concerns affecting confidence.” The report concluded that the official audit results do not inspire confidence because of the continued: Lack of consistency, reliability, and transparency in the conduct of the audit, and discrepancies between machine counts and hand counts reported to the Secretary of the State by municipalities.