As the midterm congressional primaries heat up amid fears of Russian hacking, an estimated 1 in 5 Americans will be casting their ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say the lack of a hard copy makes it difficult to double-check the results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society. Georgia, which holds its primary on Tuesday, and four other states — Delaware, Louisiana, New Jersey and South Carolina — exclusively use touch-screen machines that provide no paper records that allow voters to confirm their choices.
National: Top Republican Senator Says ‘No Reason to Dispute’ That Russia Favored Trump | The New York Times
The Republican at the helm of the Senate’s investigation into Russian interference in the 2016 presidential election backed on Wednesday the assessment by American intelligence agencies that Moscow favored Donald J. Trump in the race, contradicting both the president and fellow Republicans in the House. Senator Richard M. Burr of North Carolina, the chairman of the Senate Intelligence Committee, said in a statement that he saw “no reason to dispute” the intelligence assessment, which was delivered in the final weeks of the Obama administration. Mr. Burr’s statement, while indirect, offered a clear rebuke to Mr. Trump’s most ardent supporters in the Republican Party and in the right-wing news media, who have sought to cast the assessment as the shoddy work of Obama loyalists bitter over Mr. Trump’s election victory. Russia’s only goal, those supporters have insisted, was to sow chaos, and thus it could not have colluded with a campaign it cared little about.
The White House eliminated the position of cybersecurity coordinator on the National Security Council on Tuesday, doing away with a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons. A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team. Cybersecurity experts and members of Congress said they were mystified by the move, though some suggested Mr. Bolton did not want any competitive power centers emerging inside the national security apparatus. The decision was criticized by Mark R. Warner, a senator from Virginia and the ranking Democrat on the Senate Intelligence Committee. “I don’t see how getting rid of the top cyber official in the White House does anything to make our country safer from cyber threats,” he wrote on Twitter.
Faced with cyber-security threats to their voting systems, Florida election supervisors are eager to get access to some of the $19 million in federal election security money Congress sent states nearly two months ago. But they say all they’re hearing from the state is crickets. “We sure wish the money was available. It’s frustrating,” said supervisor Mark Earley in Tallahassee’s Leon County. “This is a big deal. There’s certainly room for improvement, especially in smaller counties.” Congress included $380 million in a 2018 budget bill and in March directed the U.S. Election Assistance Commission to distribute the money to states. President Donald J. Trump signed the budget bill on March 23. “The EAC is releasing this money quickly so that the grants can have an immediate impact,” the commission said on March 29. The money will help counties “immediately begin system upgrades.”
When a WWE wrestler, especially one known for his demonic antics and a move called the “tombstone piledriver,” runs for mayor of your county, you know your election is going to get more attention than usual. But in Knox County, Tenn., it wasn’t the fact that Glenn Jacobs, also known to wrestling fans as Kane, was running for mayor that gained national attention on the county primary day, May 1. It was that the county’s election website, at the time the site was supposed to begin posting election results, came under attack. Malicious cyber actors shut down the county website and broke into the web server, according to county officials and a report done by the cyber security firm Sword and Shield. …”Any web server by definition, is connected to the internet, so it’s directly vulnerable to attacks from the internet,” said Doug Jones, an elections cyber security expert at the University of Iowa.
Texas: Asked to propose a fix to voting rights violation, Texas offers few answers | The Texas Tribune
Told it was breaking the law and asked to propose a fix, Texas seems to have mostly declined in a new filing the state’s legal adversaries have called “bad faith foot-dragging.” Following a ruling last month that Texas was violating a federal law designed to ease the voter registration process, U.S. District Judge Orlando Garcia orderedboth the state and the voting rights advocacy group that sued Texas to submit detailed plans for fixing the violation. The Texas Civil Rights Project submitted its plan Thursday afternoon. About three hours later, Texas responded with a document criticizing that group’s proposal as overly broad and once again disputing the judge’s ruling. It did not present a clear, specific solution of its own.
Washington Gov. Jay Inslee and Secretary of State Kim Wyman said Tuesday that Washington state will pay for prepaid postage on mail-in ballots in this year’s primary and general elections in an attempt to boost turnout – but not for voters in King County, where local officials approved their own measure last week. The decision Tuesday came at Wyman’s request and was prompted by King County’s plans. Wyman said it would be unfair if voters in the most populous county could mail their ballots for free while those elsewhere had to pay for stamps, and she asked Inslee to let her spend nearly $2 million to reimburse all 39 counties on prepaid postage this year.
U.S. and European governments have failed to effectively respond to growing threats from Russia and elsewhere to meddle in elections, according to former officials including former Vice President Joe Biden who say they’re going to help close that gap. More than 20 elections in North America and Europe over the next two years will provide ‘’fertile ground’’ for interference like that seen during the U.S. presidential election in 2016, former U.S. Homeland Security Secretary Michael Chertoff told reporters Friday in Washington. “We’re at a stage now that it’s important to make sure we have a well-rounded exploration of the ups and downs of various policy choices, but that we also treat this with some urgency — we have elections this year,” said Chertoff, who’s co-chairman of the new Transatlantic Commission on Election Integrity with Anders Fogh Rasmussen, the former NATO Secretary General and Danish prime minister.
As many as five million people went to the polls in Burundi on Thursday to vote on a referendum to alter the country’s constitution. I came here as one of the few foreign reporters with a visa and accreditation to cover the scenes at the polls, where voters are deciding on some significant changes. The biggest change of the new constitution would be the extension of the presidential term, from five years to seven years. Pierre Nkurunziza, who has been president of Burundi since 2005, is widely expected to use the new constitution — if it passes — to run in 2020. Under the new rules, he could stay in power until 2034 — and then run again (and again) after sitting out for just one term. Most foreign correspondents were denied access, and two weeks ago the government suspended the BBC and Voice of America from broadcasting inside the country. With help from local journalists, I visited polls in the northern province, home to both Burundi’s president and his biggest challenger, Agathon Rwasa, and I spoke with those casting their ballots. These ladies posed for a photo as they waited after the president left his polling station.
When Ariles López takes a break from her fruit stall and begins to describe her life in Venezuela, there is a moment when she chokes up and begins to cry. That will not come as a surprise, when you hear her story. López, who’s 47, is among those Venezuelans who say they will vote in Sunday’s election, despite a widely held view that it’s a fraudulent exercise calculated to keep President Nicolás Maduro in power. She is desperate for change, after a year of personal hardship that underscores the scale of the multilayered catastrophe that is engulfing Venezuela: hyperinflation, widespread hunger, deaths from preventable diseases, and a wave of deadly crime.
Lawmakers are concerned about a major blind spot in the government’s ongoing effort to protect U.S. elections from hackers. Agencies like the Homeland Security Department have little insight into the cybersecurity practices of election technology vendors. This lack of visibility opens the door to supply chain attacks, according to the Senate Intelligence Committee, which could be otherwise potentially detected or stopped by government cybersecurity experts. The Senate committee’s first installment of a larger report on Russian targeting of the 2016 presidential election was released late Tuesday night. It focuses on assessing the federal government’s response to security threats and provides recommendations for future elections.
As America heads toward the 2018 midterms, there is an 800-pound gorilla in the voting booth. Despite improvements since Russia’s attack on the 2016 presidential race, the U.S. elections infrastructure is vulnerable — and will remain so in November. Cybersecurity expert Bruce Schneier laid out the problem to an overflowing room full of election directors and secretaries of state — people charged with running and securing elections — at a conference at Harvard University this spring. “Computers are basically insecure,” said Schneier. “Voting systems are not magical in any way. They are computers.” Even though most states have moved away from voting equipment that does not produce a paper trail, when experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won. Much of that process is digital.
With the midterm congressional primaries about to go into full swing, the Department of Homeland Security has completed security reviews of election systems in only about half the states that have requested them so far. The government’s slow pace in conducting the reviews has raised concerns that the nation’s voting systems could be vulnerable to hacking, especially after U.S. intelligence agencies warned that Russia plans to continue meddling in the country’s elections. Among those still waiting for Homeland Security to conduct a risk assessment is Indiana, one of four states with primaries on Tuesday. Its ballot includes several hotly contested races, including a Republican primary for U.S. Senate. Indiana Secretary of State Connie Lawson said she is confident state officials have done what they can to safeguard Tuesday’s voting, but acknowledged: “I’ll probably be chewing my fingernails during the entire day on Election Day.”
Amid suspicions of interference in the 2016 elections, states must be more careful than ever to provide heightened security in this year’s primaries. Yet, West Virginia has just introduced a more vulnerable form of voting for deployed military personnel. West Virginia is now the first state to pilot blockchain technology, to allow some deployed soldiers to vote through mobile phones. Yet cyber security experts warn that this technology, also used for cryptocurrencies, poses dangers for voting. Instead of pioneering voting’s future, West Virginia is paving the way for future election hacking. Blockchain technology addresses only part of the security process currently used by those administering U.S. elections. It’s like installing a high-tech lock and alarm system in your home, and then leaving a front door key and the alarm pass code under the doormat. The alarm system may work perfectly, but until the keys and pass codes are also secure, your home won’t be secure, either.
As the Alaska Legislature held a Thursday hearing examining the security state’s election system, the Alaska Division of Elections responded to claims that a hacker penetrated its systems on Election Day 2016. Earlier this week, the Anchorage Daily News published details of a previously undisclosed penetration of the division’s computer systems. The division has previously said Alaska was among the 21 states identified by the Department of Homeland Security as targets of Russian vulnerability scans, but it had not discussed an event on the morning of Election Day itself. In that event, exposed by emails first obtained by the ADN (and subsequently obtained by the Associated Press and the Empire), a hacker identified on Twitter as @cyberzeist published pictures of the administrative tools the division uses to share election results with the public.
As local officials across the country scramble to hack-proof their voting systems ahead of the midterm elections, there’s one state that is paving the way as a leader in election security. Colorado has done virtually everything election experts recommend states do to stave off a repeat of 2016, when Russian hackers targeted 21 states as part of the Russian government’s massive election interference campaign. The state records every vote on a paper ballot. It conducts rigorous post-election audits favored by voting researchers. Nearly every county is equipped with up-to-date voting machines. Election officials take part in security trainings and IT workers test computer networks for weaknesses. Secretary of State Wayne Williams told me the state benefited from having some of those measures in place before 2016. Once the extent of Russia’s digital campaign in the presidential election became clear, he made it a priority to invest more in them, he said. “If people perceive a risk, they’re less likely to participate in voting,” Williams said. “We want to protect people from that threat, and we want to people to perceive that they are protected from that threat.”
Electronic voting hasn’t guaranteed fairness in elections so far. But digital-scanning technology has the potential to increase transparency in elections — if election officials flip the right switches. Digital scanners capture images of each paper ballot cast and use the images to count results. The machines can preserve the images, providing a quick and easy way to verify election results. But the settings can be adjusted to discard the images after the results are tabulated. Some election officials are quick to defend their right to trash the ballot images, despite the fact that the machines count the images, not the paper ballots. The latest contest over ballot image preservation is currently underway in Ohio, where the Green Party candidate for governor, Constance Gadell-Newton, filed an expedited lawsuit against Cuyahoga County, Franklin County, and Secretary of State Jon Husted (R).
Investigators found evidence of a “malicious intrusion” into a Tennessee county’s elections website from a computer in Ukraine during a concerted cyberattack, which likely caused the site to crash just as it was reporting vote totals in this month’s primary. Cyber-security experts hired by Knox County to analyze the so-called “denial of service” cyberattack, said Friday that “a suspiciously large number of foreign countries” accessed the site as votes were being reported on May 1. That intense activity was among the likely causes of the crash, according to the report by Sword & Shield Enterprise Security. “Given the circumstantial evidence_especially the simultaneous proven malicious intrusion from a Ukraine IP address_I think it is reasonable to at least hypothesize that it was an intended event,” David Ball, the county’s deputy director of information technology, added in an email to The Associated Press.
Google has banned all adverts relating to the Irish abortion referendum from its platform, amid fears of overseas organisations taking advantage of loopholes in campaign funding laws to target voters before polling day. The decision will mean an end to advertisements relating to the referendum appearing alongside Google results and on YouTube during the final fortnight of the campaign. “Following our update around election integrity efforts globally, we have decided to pause all ads related to the Irish referendum on the eighth amendment,” a spokesperson said.
Pakistan: Impossible to incorporate electronic voting in 2018 elections, observes Supreme Court | The Express Tribune
The Supreme Court observed on Thursday that it is impossible to incorporate an electronic voting system for the upcoming general elections in the country. The bench, headed by Chief Justice Mian Saqib Nisar, resumed hearing of a petition filed in 2012 by Pakistan Tehreek-e-Insaf (PTI) chief Imran Khan which sought removal of alleged bogus votes from the voter lists issued by the Election Commission of Pakistan (ECP).
Dr. Vanessa Teague is one frustrated cryptographer. A researcher at the University of Melbourne in Australia, Teague has twice demonstrated massive security flaws in the online voting systems used in state elections in Australia — including one of the largest deployments of online voting ever, the 2015 New South Wales (NSW) state election, with 280,000 votes cast online. The response? Official complaints about her efforts to university administrators, and a determination by state election officials to keep using online voting, despite ample empirical proof, she says, that these systems are not secure.
If you’re a politically inclined technologist, this is your moment. There have never been more rewarding career opportunities for your wonky, nerdy kind. Unless someone wants to hire you to figure out what to do about Russia. That job would suck, because it seems like nobody has any idea how to do it. The consensus last week at CampaignTech East, a two-day conference in Washington, D.C., put on by the trade publication Campaigns & Elections, was that tech-enabled shenanigans—whether masterminded by Vladimir Putin and friends or other bad hombres—are only going to further infect the U.S. political system. Everybody at CampaignTech seemed wracked by the worst-case scenarios that have happened already and are yet to happen. Half a dozen panels and presentations dealt with the specter explicitly—e.g., “Social Disinformation and Cyber Interference in the 2018 Midterms.” And sessions not directly focused on the threat still had a tendency, at one point or another, to circle back to the topic.
Editorials: Crosscheck is ineffective and insecure. But states aren’t withdrawing | Aaron Sankin/Salon
At least eight states have stopped using Kansas’ anti-voter fraud program because of its ineffectiveness, but put citizens’ personal data at risk by not formally withdrawing. The Interstate Voter Registration Crosscheck Program was supposed to help states scrub ineligible voters, but many states have for years found the program’s data to be inaccurate and burdensome to verify. Rather than immediately cancelling the free program, these states continued to send sensitive voter information — in one case, for nearly a full decade — through a system with serious cybersecurity vulnerabilities. Sending data through this insecure system had the potential of opening up millions of American citizens to identity theft. Based on interviews with state election officials and communications obtained through public record requests, the following states have sent voter registration data to Crosscheck without using the analysis received in return to clean their voter lists: South Carolina, Kentucky, West Virginia, Georgia, North Carolina, Nevada, Louisiana and Colorado. None of the states listed have submitted voter data into the Crosscheck program since these cybersecurity vulnerabilities were made public late last year.
Arkansas: Justices halt voter-ID ruling; voters must prove identities at polls this month | Arkansas Democrat-Gazette
The Arkansas Supreme Court on Wednesday cleared election officials to enforce the state’s controversial voter-ID law in this month’s primary and judicial elections. Only last week, Pulaski County Circuit Judge Alice Gray declared the 2017 law unconstitutional, but the high court, in a one-page order, halted Gray’s injunction. Since August last year, the law — Act 633 of 2017 — has required voters to show government-issued identification to poll workers to ensure their votes are counted. Secretary of State Mark Martin appealed Gray’s ruling, asking the state’s high court to stay the circuit judge’s decision until after the May 22 election, when the matter can be fully heard. Chief Justice John Dan Kemp would’ve denied Martin’s request, the court’s order notes. Early voting for the May 22 primary begins Monday.
Georgia: Nonprofit Sues Georgia, Seeking to Prevent Voting on All-Electric Systems in November | GovTech
Georgia’s Secretary of State office is facing a lawsuit over its use of an all-electronic voting system with no paper ballot verification backups, one of five states that currently use such a system. The U.S. District Court for the Northern District of Georgia is holding proceedings for Donna Curling v. Brian Kemp. Plaintiff attorney David Cross said his clients are asking the judge for a preliminary injunction to stop Secretary of State Brian Kemp from using Georgia’s current all-electronic voting system in the November elections. The lawsuit stems from the alleged 2016 discovery of cybersecurity vulnerabilities in Georgia’s Direct Recording Equipment (DRE) voting system. The plaintiffs claim that the Secretary of State’s ignored repeated warnings from cybersecurity experts and told them, in essence, to go away, according to a copy of the amended complaint. The complaint asserted that there is an “incompatibility between the functioning of the current electronic voting system and the voters’ right to cast a secret ballot and have that vote accurately counted.”
New York: Win for Election Transparency as Court Rules Ballot Images Are Public Records | WhoWhatWhy
Election-integrity advocates hailed the recent decision of a state court that could have a sweeping effect on election transparency throughout the country. At issue was whether electronic ballot images — the kind captured by optical and digital ballot scanners — are public records and therefore subject to freedom of information laws. That is particularly important because most Americans cast their ballots through some kind of electronic voting machine — despite their proven vulnerability — and ballot images provide the public with at least some measure that their votes are counted accurately. Therefore, easy access to these images is crucial. Knowing that the public has some measure of verification is an important deterrent against tampering with elections. That is precisely why this case from upstate New York is a major victory for transparency advocates.
Editorials: Ahead of the 2020 election, let’s address Pennsylvania’s election security so your vote can count | David Hickton & Paul McNulty/Philadelphia Inquirer
Exercising our right to vote is the purest expression of our faith in democracy. Without a shared sense of trust in the integrity of that vote, we risk becoming a nation dangerously divided against itself. Great vigilance would be in order, then, even if Pennsylvanians could rely on secure, resilient election systems and architecture. The reality, however, is otherwise. Today our state is among the most vulnerable in the country to hacking and cyber attack – a democratic four-alarm blaze just waiting to happen. Pennsylvania’s role as a perennial swing-state brings with it high stakes, close presidential elections, and even closer scrutiny. In 2016, Donald Trump’s margin of victory here – fewer than 70,000 votes – was barely one percent of the nearly six million votes cast statewide. We know that faith in the validity of our elections is a quality much harder to earn than to lose. That’s why, as proud Pennsylvanians who have dedicated our careers to justice, law, and education, we feel strongly that the time is now to address this vulnerability. We must come together as a commonwealth, as communities, and as citizens to make an honest assessment of Pennsylvania’s election security architecture, to diagnose and discuss its strengths and weaknesses, and to plan for a better, more secure future.
The shutdown of a county website in Tennessee — which briefly disrupted the display of election-night results in primary races — is under investigation, and occurred as officials around the country fear cyber attacks in this fall’s midterm elections. A server crashed, shutting down the Knox County website just as polls closed Monday night for local government offices, according to a statement from Knox County Mayor Tim Burchett. The website was down for about an hour before officials restored it. “Although the crash didn’t affect the vote tallies or the integrity of the election, this is not something that should happen,” Burchett said. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”
The new electronic ballot-counting device for the upcoming Iraqi elections is easy to be programmed and could be used to tamper votes from one party to another, an official from the Kurdistan Region’s electoral commission warned on Wednesday. Iraqi parliamentary elections are scheduled to be held on May 12 across the country. It is the first time Iraq will use an electronic vote counter. Voters are still required to place their votes on paper ballots, but machines will do the counting. “An electronic system for elections is good, but it should be used in a country that has the rule of law—in a country that does not have militias or some political parties which have full control over the system,” Ismael Khurmali, the Kurdistan Region’s Election Commission Council’s decision-maker, told Kurdistan 24.
A trial of voter ID has seen people in England turned away from polling booths for the first time for not carrying the necessary documents, with other issues reported including abuse of voting staff and some confusion over what evidence needed to be shown. The local elections saw the scheme tested out in five boroughs in an attempt to crack down on voter impersonation, with the possibility it could be extended nationwide in future elections. The main issues appeared to be in Bromley and Woking where, along with Gosport, people had to show one piece of photo ID or two from a list of other documents. In the other two test areas, Swindon and Watford, only a polling card was required. In Bromley, south-east London, tallies by the opposition Labour group found at least 13 people turned away from just one ward, Crystal Palace. There were also reports of some voters being angry and abusive to polling station workers when asked to show ID.