Pennsylvania: Voting machine problems: What are York County’s options? | York Daily Record

The York County voting machine programming error that allowed voters to vote twice in some races for the same candidate on Tuesday — once on the Republican ballot and once on the Democratic ballot — has left some office seekers in limbo. The county election board is to meet next week on that matter, and at this time it’s not clear what options the county may have to resolve the issue. The problem was limited to certain races where candidates cross-filed and appeared on both ballots, including the four-candidate judicial race for the York County Court of Common Pleas. The error did not affect the race for York mayor. Although the county is looking to the Pennsylvania Department of State for legal guidance, county spokesman Mark Walters said Wednesday that the problem is the county’s, and the county’s alone. The Department of State, which oversees state level elections, “doesn’t have a lot of authority over county elections,” a state department spokesman said. It is each county’s responsibility to purchase, program and test voting machines.

New Jersey: Bad voting machines replaced with bad voting machines, forcing use of paper ballots in Allentown | app

Voting machines here have been inoperable all morning, after faulty machines were replaced with new ones that also didn’t work, an election official said. “Voters are voting on emergency ballots,’’ said Allan Roth, chairman of the Monmouth County Board of Elections. “No voter has been turned away. They’re just voting on paper ballots.’’ Software problems were discovered in the borough’s four voting machines early this morning, around 6 a.m., Roth said.

New Jersey: New Jersey to replace thousands of aging voting machines | WHYY

Many of the 11,000 voting machines in New Jersey are so old, officials said, they will soon have to be replaced. Amid concerns about hacking, state lawmakers are examining how to make sure new machines will be more secure. While there’s no evidence of hacking, the machines are hackable, said Assemblyman Andrew Zwicker, D-Middlesex. And Princeton computer science professor Andrew Appel said he could quickly break the security seals on a voting machine, replace the chip that records the results, and reseal it so the tampering would be undetectable. “I was able to get a bunch of them and figure out what their weaknesses are,” he said during a hearing before lawmakers Thursday. “So if you have three or four seals on there, it’ll take me 10 minutes to get them off.”

Illinois: ‘Embarrassing’ Voter Data Leak Will Never Happen Again, Chicago Election Chief Says | DNAinfo

The head of the Chicago Board of Election Commissioners Tuesday apologized to aldermen for allowing the personal information of 1.8 million Chicago registered voters to be exposed on a public server. Executive Director Lance Gough said the Aug. 12 discovery that Election Systems & Software discovered backup files stored on a Amazon Web Services server that included voter names, addresses, and dates of birth. In many cases it also included the voters’ driver’s license and state identification numbers and the last four digits of Social Security numbers. “It was quite embarrassing,” Gough said. “I’m here to apologize. This will never happen again.”

New Jersey: Are New Jersey’s voting machines vulnerable to hacking? | NJTV

In his Princeton University office, computer science professor Andrew Appel held up a small computer chip from a New Jersey voting machine. It’s the program that tallies your vote behind the curtain, inside the polling booth. It’s used in every single voting machine in 18 out of New Jersey’s 21 counties. It’s also outdated technology, and if you really wanted to, it’s not all that difficult to hack. “If you put a fraudulent program that adds up the votes a different way, you can install it in the voting machine by prying out the legitimate chip in there now and installing this fraudulent chip in the socket,” he said. Appel knows because he did it. Almost all of New Jersey’s 11,000 computerized voting machines are AVC Advantage systems. The Mercer County Board of Elections has a warehouse where the systems have been decertified in most of the country, but not here.

Verified Voting in the News: Board of Elections Ends Use of Touch-Screen Voting Machines | Wall Street Journal

Election administrators in Virginia ordered the state’s remaining touch-screen electronic voting machines be taken out of service in advance of the coming statewide election, after hackers demonstrated vulnerabilities in an array of election technology at a recent security convention. Virginia, one of two states holding statewide elections for governor and state legislature this year, won’t use any touch-screen machines in the Nov. 7 general election after the State Board of Elections voted Friday to revoke the certifications on all such systems still being used in the state. Virginia will switch to paper ballots counted and processed by computerized scanners. James Alcorn, chair of the board, said in a statement the move was “necessary to ensure the integrity of Virginia’s elections.” … The decision by Virginia to stop using touch-screen electronic voting machines marks a victory for advocates who have long criticized paperless electronic voting systems as insecure and potentially vulnerable to tampering and mischief.

Verified Voting in the News: Virginia Is Getting Rid Of Its Vulnerable Voting Machines | Newburgh Gazette

The State Elections Board of Virginia, on Friday the 8th of September, approved a plan to replace the direct-recording electronic (DRE) voting machines used now in the state due to concerns about hacking in future elections. Additionally, the direct-recording electronic voting equipment in use in Virginia does not have a voter-verifiable paper audit trail, which is an important security feature provided by the paper systems, the statement added. As of today, the following 22 Virginia localities use DREs: Bath, Buchanan, Chesapeake, Colonial Heights, Culpeper, Cumberland, Emporia, Falls Church, Gloucester, Hopewell, Lee, Madison, Martinsville, Norfolk, Poquoson, Portsmouth, Rappahannock, Russell, Surry, Sussex, Tazewell, and Washington. Most states will not hold a major election until November 2018, but Virginia will elect a new governor and other statewide officials this November.

Virginia: Ahead of November Election, Virginia Scraps Use of ‘Hackable’ Voting Machines | WVTF

With only two months until election day, officials in Virginia have decided fully-electronic voting machines aren’t safe. Amid growing cyber-security threats, the Board of Elections is forcing localities to stop using the of the touch screen machines that leave no paper trail. … Alex Blakemore with Virginia Verified Voting has long advocated for the machines to be decertified. While he hasn’t seen what the latest testing shows, he does remember the results of a similar security review back in 2015. “The machines were unbelievably vulnerable. They had wifi on them which, why would you want wifi on a voting machine?” Blakemore asked. “You could hack in remotely, the password was abcde.”

Virginia: Registrars work to replace decertified voting machines across Virginia | WAVY

Some registrars across the commonwealth are working to acquire new, approved equipment so voters can cast ballots in less than two months. On Friday, the Department of Elections called for touchscreen voting booths to be decertified in Virginia. The State Board of Elections approved the request. The touchscreen method is being phased out because of concerns of hacking. “Our No. 1 priority is to make sure that Virginia elections are carried out in a secure and fair manner,” James Alcorn, Chair of the State Board of Elections, said in a release. “The step we took [Friday] to decertify paperless voting systems is necessary to ensure the integrity of Virginia’s elections.” Touchscreens were previously set to go away in 2020.

Verified Voting in the News: Board of Elections halts use of voting machines considered vulnerable to hacking | Reuters

Virginia on Friday agreed to stop using paperless touchscreen voting machines that had been flagged by cyber security experts as potentially vulnerable to hackers and lacking sufficient vote auditing capabilities. The action represented one of the most concrete steps taken by a U.S. state to bolster the cyber security of election systems since the 2016 presidential race, when U.S. intelligence agencies say Russia waged a digital influence campaign to help President Donald Trump win. Virginia’s board of elections voted to accept a recommendation from its state election director, Edgardo Cortes, to decertify so-called direct-recording electronic machines, which count votes digitally and do not produce paper trails that can be checked against a final result.

Virginia: Virginia Is Getting Rid of Its Vulnerable Voting Machines | Gizmodo

Virginia’s Board of Elections voted unanimously to decertify all of the state’s touchscreen voting machines, which are considered by cybersecurity experts to be vulnerable to manipulation by hackers. The race is now on to replace the machines, which are used in 22 counties, before Virginia’s elections in November. Industry experts and and the state’s elections department have recommended that the touchscreen machines be replaced with ones that record votes on paper instead of only electronically, so the votes can be audited and verified.

Virginia: Board of Elections bans touch-screen voting machines over hacking concerns | Associated Press

The Virginia State Board of Elections voted Friday to ban use of touch-screen voting machines in November’s closely watched gubernatorial contest, over concerns the equipment can be hacked. The three-person board voted unanimously at a hastily arranged meeting to decertify touch-screen voting machines, which are still used by counties and cities around the state. The vote came after a closed-door briefing on potential vulnerabilities to the touch-screen systems. “It was enlightening, to say the least,” said board member Clara Belle Wheeler, who said she had originally intended not vote for decertification because of the closeness to the Nov. 7 elections.

Virginia: In emergency meeting, Virginia elections board votes to scrap all touch-screen voting machines | Richmond Times-Dispatch

The Virginia State Board of Elections voted Friday to discontinue use of all touch-screen voting machines throughout the state because of potential security vulnerabilities, forcing 22 cities and counties to scramble to find new equipment just weeks before voting begins for the November gubernatorial election. Behind closed doors at an emergency meeting in Richmond on Friday afternoon, the board heard about specific vulnerabilities identified after a cybersecurity conference this summer in Las Vegas, where hackers showed they could break into voting machines with relative ease. After the July Defcon conference, Virginia’s Department of Elections asked the state’s IT agency to review the security of touch screens still in use in the state. Details of that review were kept confidential, but they caused the elections board to speed up the end of touch screens, which were already scheduled to be phased out of Virginia elections by 2020.

National: It took DEF CON hackers minutes to pwn these US voting machines | The Register

After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside. In less than 90 minutes, the first cracks in the systems’ defenses started appearing, revealing an embarrassing low level of security. Then one was hacked wirelessly. “Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how,” said Jake Braun, who sold DEF CON founder Jeff Moss on the idea earlier this year. “The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

National: Security vendor demonstrates hack of U.S. e-voting machine | Computerworld

A hacker armed with a $25 PCMCIA card can, within a few minutes, change the vote totals on an aging electronic voting machine that is now in limited use in 13 U.S. states, a cybersecurity vendor has demonstrated. The hack by security vendor Cylance — which released a video of it Friday — caught the attention of noted National Security Agency leaker Edward Snowden, but other critics of e-voting security dismissed the vulnerability as nothing new. The Cylance hack demonstrated a theoretical vulnerability described in research going back a decade, the company noted. The hack is “not surprising,” Pamela Smith, president of elections security advocacy group Verified Voting, said by email. “The timing of the release is a little odd.” … The Cylance demonstration was “not new and badly timed,” said Joe Kiniry, a security researcher and CEO at Free and Fair, an election technology developer. “This kind of attack has been demonstrated on almost all of the widely deployed machines used today.”

National: How to Hack an Election in 7 Minutes | Politico

When Princeton Professor Andrew Appel decided to hack into a voting machine, he didn’t try to mimic the Russian attackers who hacked into the DNC’s database last month. He didn’t write malicious code, or linger near a polling place where the machines can go unguarded for days. Instead, he bought one online. With a few cursory clicks of a mouse, Appel parted with $82 and became the owner of an ungainly metallic giant called the Sequoia AVC Advantage, one of the oldest and vulnerable, electronic voting machines in the United States (among other places it’s deployed in Louisiana, New Jersey, Virginia, and Pennsylvania). No sooner did a team of bewildered deliverymen roll the 250-pound device into a conference room near Appel’s cramped, third-floor office than the professor set to work. He summoned a graduate student named Alex Halderman, who could pick the machine’s lock in seven seconds. Clutching a screwdriver, he deftly wedged out the four ROM chips—they weren’t soldered into the circuit board, as sense might dictate—making it simple to replace them with one of his own: A version of modified firmware that could throw off the machine’s results, subtly altering the tally of votes, never to betray a hint to the voter. The attack was concluded in minutes. To mark the achievement, his student snapped a photo of Appel—oblong features, messy black locks and a salt-and-pepper beard—grinning for the camera, fists still on the circuit board, as if to look directly into the eyes of the American taxpayer: Don’t look at me—you’re the one who paid for this thing. Appel’s mischief might be called an occupational asset: He is part of a diligent corps of so-called cyber-academics—professors who have spent the last decade serving their country by relentlessly hacking it. Electronic voting machines—particularly a design called Direct Recording Electronic, or DRE’s—took off in 2002, in the wake of Bush v. Gore. For the ensuing 15 years, Appel and his colleagues have deployed every manner of stunt to convince the public that the system is pervasively unsecure and vulnerable.

Nevada: 6 losing GOP candidates file challenge, allege possible voting machine malfunctions | Las Vegas Review-Journal

Six Republican candidates for the Nevada Assembly who lost in the June 14 primary filed legal action Tuesday in Clark County District Court alleging “possible” malfunction of voting machines. The “statements of contest” seeks a judicial order requiring that the electronic vote tallies in their races be compared with the backup paper records. Those requesting the rare procedure are Diana Orrock, Steve Sanson, Connie Foust, Tina Trenner, Mary Rooney and Blain Jones. In a statement, Jones, who lost by 10 percentage points in Assembly District 21 to incumbent Assemblyman Derek Armstrong, R-Henderson, said the move is being sought to “ensure we know the full truth for each race.”

Virginia: Election Officials Discuss Voting Issues | WVIR

Virginia’s election officials say they have a lot of work to do before the presidential primary in a few months. Members of the Virginia State Board of Elections (SBE) met in Richmond Monday to discuss issues that came up during the recent elections: there were problems with some voting machines, as well as the commonwealth’s voter identification policy. Officials said, overall, things went smoothly earlier this month. However, they are concerned that more voters will likely come out to the polls for the March 1 primary, and issues must be addressed before then. “These machines are going to go down, and if you think it was a problem in this election, great balls of fire, what is going to happen if they go down on presidential, or even in the primary?” SBE Vice Chair Clara Belle Wheeler said.

National: Sequoia v. Dominion: Former Election Firm With ‘Hanging Chad’ Ties Sues New Owner | Wall Street Journal

The voting machine maker that was partly blamed for Florida’s infamous hanging chads in 2000 was taken over by a competitor years ago, but the lawyers who are handling the company’s unfinished business are suing its new owner for money. Lawyers in charge of Sequoia Voting Systems Inc., now basically a litigation vehicle, are accusing Dominion Voting Systems Inc. of paying too little for Sequoia Voting’s operations in 2010. The dispute led Sequoia Voting to file for bankruptcy last month as its lawyers push Denver-based Dominion Voting for money. But back to hanging chads: Sequoia Voting sent punch-card ballots to parts of Florida for the 2000 presidential election, when some machines left behind stuck or hanging chads and led some ballots to be thrown out, according to press reports.

National: Open Source Voting Machine Reborn After 6-Year War With IRS | Wired.com

In 2006, John Seles and Gregory Miller hatched a plan to rescue democracy. At the time, the United States was pumping nearly $4 billion into new voting machines, spurred on by Florida’s 2000 presidential election fiasco. But the shift to machines built by companies such as Election Systems & Software and Sequoia Voting Systems (now called Dominion Voting Systems) had introduced all sorts of new problems. Academics were finding deep flaws in the systems, and during every election, they seemed to fail somewhere. Earlier in 2006, voting machine problems marred primary elections in Cuyahoga County, Ohio, where officials scrambled to hire temp workers to reprocess thousands of unreadable optical-scan ballots. For Seles and Miller, the answer was open source software. As employees at Netscape in the late 1990s, they had helped usher in the internet age, and now they were eying another tech revolution. Voting machines seemed to be a perfect place for open source software to do what it does best: create standard pieces of technology everyone can freely share, review, and improve.

National: In Industry First, Voting Machine Company to Publish Source Code | WIRED

Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday — a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems. The company’s new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia. The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement. … Sequoia in fact has been a champion of security through obscurity since it’s been selling voting systems. The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software.