Indiana: Tippecanoe County, companies shift to voting machines with printable paper ballots | Jordan Smith/Purdue Exponent

Four companies that manufacture voting equipment for Tippecanoe County presented new machines with printable paper ballots to a packed room of voters Monday night, seeking to instill trust in the updated technologies through public input. Each company had some variation of a similar technology. Candidates are selected on electronic machines — some use touchscreens while others use buttons — and a summary of choices displays when finished. The machines then print ballots, which can be reviewed by voters and then inserted into a scanner that counts them electronically and physically. The paper copies are then deposited into a locked bin connected to the scanner, while the machine’s memory drive stores the results separately. “There has been such a groundswell for paper ballots,” said Lawrence Leach of Hart InterCivic, Inc., a company offering a hybrid electronic-paper machine. “There’s a lot of focus on voting and everything around that process — you cannot get it wrong. It has to be done right, you have to be 100% correct, so we’re striving to make sure every vote gets counted correctly and audited.”

Illinois: Christian County Official Highlights Election Integrity Problems, Solutions | Mike Smith/NPR

A central-Illinois election official told a Congressional panel Thursday some of the voting machines Illinoisans used in the last election are still susceptible to tampering. But he said efforts are underway to prevent it from happening again. In 2016, Russian military hackers targeted Illinois’ statewide voter database. The State Board of Elections addressed the vulnerability by using more than $13 million in federal money to promote cybersecurity among smaller election authorities. But there are still significant needs among small communities. Election administration is decentralized in Illinois. The 108 separate jurisdictions range in size from the city of Chicago to counties of just a few thousand people. Christian County Clerk Michael Gianasi told members of Congress voting hardware in his jurisdiction is outdated. That county has just over 21,000 registered voters. “Those machines, although doing well up through and including the most recent elections, have seen better days,” Gianasi said. He said he’s leasing new machines, which have yet to be delivered, at a significant cost for his small county — $322,000 over six years. State officials have said replacing outdated equipment across Illinois would cost $175 million.

Ohio: Delaware County voting machine concerns addressed | D. Anthony Botkin/Delaware Gazette

Delaware County Board of Elections officials addressed Commissioner Gary Merrell’s concerns that he had encountered with the new voting equipment while working the polls during the Nov. 5 general election. “The machines didn’t work at the last election and what is the vendor doing to correct it?” Merrell declared in the commissioners’ Dec. 12 regularly scheduled session. “I realize we may not have all the answers until we actually use them in the spring, but all the more reason we need to have the understanding to hold the vendor responsible if they fail to perform.” Board of Elections Deputy Director Anthony Saadey said the problem the commissioner was talking about specifically was the barcode reader. “The scanners had issues on election day,” he said. “In the field technician logs, we found that 24 total out of the 844 deployed ballot marking devices had the same issue. Two of them happen to be at the commissioner’s location.”

National: Election vendors should be vetted for security risks, says watchdog group | Joseph Marks/The Washington Post

The federal government should start vetting companies that sell election systems as seriously as it does defense contractors and energy firms, a top election security group argues in a proposal out this morning. Under the proposal from New York University’s Brennan Center for Justice, government auditors would verify election companies and their suppliers are following a raft of cybersecurity best practices. They would also have to run background checks to ensure employees aren’t likely to sabotage machines to help Russia or other U.S. adversaries. The suggestion comes as Congress continues to fight over whether to tighten election security as candidates ramp up for the 2020 election. Senate Republicans, especially, have stalled further security measures, even as observers warn that the next election is ripe for hacking by foreign adversaries such as Russia, which interfered in the 2016 contest. Vendors of voting machines, however, have traditionally been exempt from close review by federal regulators. “These vendors are a critical part of securing our elections, but we haven’t really focused on them at all,” Lawrence Norden, director of Brennan’s election reform program and one of the authors, told me. “We need to understand that they’re critically important but also represent a vulnerability that there needs to be oversight for.”

Indiana: St. Joseph County Election Board recanvasses ballots after finding discrepancies | Monica Murphy/WNDU

The St. Joseph County Election Board, along with its attorney and election consultants, recanvassed ballots after finding discrepancies in the number of ballots cast. They noticed a 41-ballot difference and found discrepancies in 32 polling places. “So, this is just giving us a little more breathing room, since there weren’t that many discrepancies. It wasn’t affecting any races. It was sporadic all over,” St. Joseph Circuit Court Clerk Rita Glenn said. Glenn said it could have been a lot worse, making clear the recanvass will not impact election results. Here is what happened: They said there were no issues with the election equipment itself; rather, the majority of issues came from ballot jams. When there is a jam, the machine will give a message to poll workers saying “ballot cast,” so that would have meant not to reinsert the ballot. The board chair said some poll workers probably misunderstood the message and may have reinserted the paper, counting it twice.

Indiana: New voting machines cause some snags, delays in St. Joseph County elections | Caleb Bauer/South Bend Tribune

The implementation of new voting machines for Tuesday’s election came with hiccups and technical issues in St. Joseph County. Early results showed the wrong number of precincts reporting, technical malfunctions on the iPads used to scan voter IDs caused delays, many poll workers were unfamiliar with the new voting machines, and votes for a write-in candidate in South Bend were not immediately tallied. Still, members of the county Election Board were adamant that the problems didn’t impact vote counts. Rita Glenn, the county clerk and an election board member, said plans are already being put in place to provide more training for poll workers for future elections and to rectify the software issues that surfaced Tuesday. “We need to do a little bit more thorough training and get more people involved,” Glenn said. “Next year will be a bigger election, so we’re going to make sure we’re addressing issues ahead of time.” For about 20 minutes on Tuesday night, the election board’s YouTube live stream of results, which The Tribune and other local media use to release information to the public, showed incorrect tallies of the number of precincts reporting.

National: 5 big takeaways from Politico’s national survey of election offices | Eric Geller/Politico

Paperless voting machines are a glaring weakness in U.S. election infrastructure. They are dangerous, experts say, because they lack paper voting records, making them vulnerable to malfunctions or intrusions that could undetectably change votes. With top U.S. intelligence officials predicting the return of Russian hackers in 2020, cybersecurity experts have urged state and local governments to replace their paperless machines as soon as possible. Since March, POLITICO has been tracking their progress. The nationwide picture is mixed: Some states and counties are moving quickly to buy paper-based machines and others are doing nothing at all. Here are the five big takeaways from POLITICO’s nationwide survey:

1) Many counties don’t have enough money to upgrade

In hundreds of small counties, election officials can’t afford to buy new voting machines, however insecure their current systems are. Between schools, infrastructure, police, environmental protection and emergency services, counties have enough on their plate without having to worry about their voting machines.

The fact that these machines are used so infrequently is another reason they often slip down the list of counties’ spending priorities. It’s hard to justify buying new voting machines when there are overcrowded schools or crumbling hospitals. “It is a huge expense for small rural counties,” said Cheri Hawkins, the clerk in Shackelford, Texas. “I would love to be able to update!”

National: Multiple Bills Seek To Secure Elections: Will They Do It? | Taylor Armerding/Forbes

If the security of voting systems in the next election will be a function of the amount of legislation on the topic now pending in Congress, we’ve got nothing to worry about in November 2020. There is a growing pile of bills in both the House and Senate, most featuring several to dozens of cosponsors—sometimes even from both parties—accompanied by press releases with made-to-order endorsements from congressional leaders, advocacy groups and cybersecurity experts. They all call for securing U.S. elections and “protecting our democracy.” But, of course, the number of bills doesn’t matter. It’s about quality, not quantity. The things that do matter are what gets enacted into law and whether its mandates get done or get watered down. And that, as the predictable cliché goes, remains to be seen.

National: Who’s behind voting-machine makers? Money of unclear origins | Emery P. Dalesio/Associated Press

The voting-machine makers that aim to sell their systems in North Carolina are largely owned by private equity firms that don’t disclose their investors. The companies didn’t want the public to know even that much. North Carolina’s statewide elections board demanded the machine-makers’ ownership information last month after special counsel Robert Mueller’s April report into Russian efforts to sway the 2016 presidential election. Their concerns about potential foreign interference have grown since Maryland officials learned last year that a company maintaining that state’s election infrastructure did not disclose its financing by a venture fund whose largest investor is a Russian oligarch. The private-equity backers of the three voting systems vendors seeking approval to sell to county elections boards in North Carolina told The Associated Press they’re controlled by U.S. citizens. They claimed they have no ties to foreign oligarchs or other nefarious persons facing financial sanctions by Washington. But they didn’t provide information about the sources of the money they invest. And they asked the board not to share what they did disclose with the public. The elections board released the companies’ responses — as required by law — under a public records request from The AP. Election security watchdogs remain frustrated.

National: Thousands of election systems running software that will soon be outdated: report | Tal Axelrod/The Hill

The vast majority of the nation’s 10,000 election jurisdictions are using an operating system that will soon be outdated, according to an Associated Press analysis. Those jurisdictions using Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts will reach its “end of life” on Jan. 14 — meaning Microsoft will no longer provide technical support or produce “patches” to deal with vulnerabilities that hackers could possibly exploit. Microsoft told the AP in a statement Friday that it would offer continued Windows 7 security updates for a fee through 2023. The company did not immediately respond to a request for comment from The Hill. Critics told the AP that the obsolescence was an example of what happens when private companies determine the security level of election systems without federal guidelines. Vendors defended themselves, saying they’ve been making consistent improvements on security, but state officials said they were wary of federal involvement in state and local races.

Pennsylvania: Here’s who makes money from the voting machine requirement for Pennsylvania counties — and how those decisions are being made | Emily Previti & Ed Mahon|PA Post

As Jeff Frank strode out of his polling place on a recent Tuesday morning, poll watchers thanked him for voting. “Have a great day – enjoy the complaints as they come out the door,” Frank responded. Municipal elections tend to be relatively quiet – even in Montgomery, which consistently turns out a higher number of voters than any other county in the state but more-populous Philadelphia and Allegheny counties  But this year, several counties debuted new voting machines – and two, including Montgomery, went to an entirely different way of voting. “When I came and discovered what the process was, I said, okay, but it is ridiculous, a waste of time and will cause lines so long that people will not be here when the presidential election comes up,” Frank said. Other voters exiting the Temple Brith Achim Synagogue polling location in Upper Merion weren’t quite as animated over the switch from push-button machines to scannable paper ballots filled out by hand. “It’s even it’s better now that you actually get a confirmation ticket that your vote was cast. We never got that before,” said Tykia Turner.

National: Election tech vendors say they’re securing their systems. Does anyone believe them? | CyberScoop

The last few years have been an awakening for Election Systems & Software. Before 2016, very few people were publicly pressing the company to change the way it handled its cybersecurity practices. Now, the nation’s leading manufacturer of election technology has become a lightning rod for critics. Security experts say the small number of companies that dominate the nation’s election technology market, including ES&S, have failed to acknowledge and remedy vulnerabilities that lie in systems used to hold elections across the country. Once left to obscurity, the entire ecosystem has been called into question since the Russian government was found to have interfered with the 2016 presidential campaign. While there has never been any evidence to suggest that any voting machines were compromised, the Department of Homeland Security and FBI recently issued a memo that all 50 states were at least targeted by Russian intelligence. The peak of the criticism came after the Voting Village exhibition at the 2018 DEF CON security conference, where amateur hackers unearthed a bevy of flaws in the company’s tech. In a number of publications — including CyberScoop — ES&S disputed the notion that it didn’t take cybersecurity seriously, arguing its own due diligence was enough to satisfy any security worries. It didn’t help the Omaha, Nebraska-based company’s case when the Voting Village committee issued a report in September that found decades-old vulnerabilities in an ES&S ballot tabulator that has been used in elections in more than half of the states. In light of these issues, some of the election tech manufacturers are trying to change course, and ES&S is the most public about its efforts. With the country gearing up for the 2020 presidential election, the company has revamped its security testing procedures, putting together a plan to let penetration testers from both the public and private sector evaluate the safety of its systems. Furthermore, ES&S and its competitors are communicating in an unprecedented way about committing to a certain level of standards that can lift the entire industry to a better security baseline.

National: ‘They think they are above the law’: the firms that own America’s voting system | The Guardian

Maryland congressman Jamie Raskin is a newcomer to the cause of reforming America’s vote-counting machines, welcomed through baptism by fire. In 2015, Maryland’s main election system vendor was bought by a parent company with ties to a Russian oligarch. The state’s election officials did not know about the purchase until July 2018, when the FBI notified them of the potential conflict. The FBI investigated and did not find any evidence of tampering or sharing of voter data. But the incident was a giant red flag as to the potential vulnerabilities of American democracy – especially as many states have outsourced vote-counting to the private sector. After all, the purchase happened while Russian agents were mounting multiple disinformation and cybersecurity campaigns to interfere with America’s 2016 general election. “To say that they don’t have any evidence of any wrongdoing is not to say that nothing untoward happened,” Raskin said. “It’s simply to say that we don’t have the evidence of it.” The fact is that democracy in the United States is now largely a secretive and privately-run affair conducted out of the public eye with little oversight. The corporations that run every aspect of American elections, from voter registration to casting and counting votes by machine, are subject to limited state and federal regulation. The companies are privately-owned and closely held, making information about ownership and financial stability difficult to obtain. The software source code and hardware design of their systems are kept as trade secrets and therefore difficult to study or investigate.

National: Wyden lambastes voting machine makers as ‘accountable to nobody’ | Politico

Sen. Ron Wyden (D-Ore.) on Thursday attacked the small but powerful group of companies that controls the production of most voting equipment used in the U.S. “The maintenance of our constitutional rights should not depend on the sketchy ethics of these well-connected corporations that stonewall the Congress, lie to public officials, and have repeatedly gouged taxpayers, in my view, selling all of this stuff,” Wyden said during the Election Verification Network conference, a gathering of voting integrity advocates and election security experts in Washington. Wyden has been a leading voice among lawmakers who have criticized the voting machine industry as too opaque and not subject to enough oversight from Washington, especially as concerns grow among U.S. intelligence officials that elections will once again be a prime hacking target in 2020. “We’re up against some really entrenched, powerful interests, who have really just figured out a way to be above the law,” he said. “There is no other way to characterize it.” Furthermore, Wyden said, voting machine vendors have “been able to hotwire the political system in certain parts of the country.” He noted that newly elected Georgia Gov. Brian Kemp picked the top lobbyist for the voting giant Election Systems & Software as his deputy chief of staff. The companies, he said, “are accountable to nobody.”

Indiana: Johnson County to change election equipment before May Primary | FOX59

The Johnson County Election Board and Commissioners are cutting ties with software vendor that caused system crashes which resulted in thousands of voters waiting in lines for hours during the November 6 election. The Johnson County Commissioners voted Monday to adopt Election Board recommendations that the county terminate its contract with Omaha-based Election Systems and Software. “We just want to ensure that we have a good election,” said Johnson County Clerk Trena McGlaughlin.  “We don’t want to have any issues this year.  And we want to make everyone happy.” An investigation by Ball State’s VSTOP team, for the Indiana Secretary of State, determined ES&S systems were not properly set up for the high voter turnout the county saw on election day.  A system slow-down quickly brought voting to a standstill at multiple voting sites across the county.  Thousands of voters were left waiting in line for several hours as election officials and technical advisors struggled to get e-poll books back up to speed.

National: How Voting-Machine Lobbyists Undermine the Democratic Process | The New Yorker

In the past decade, Election Systems & Software (E.S. & S.), the largest manufacturer of voting machines in the country, has routinely wined and dined a select group of state-election brass, which the company called an “advisory board,” offering them airfare on trips to places like Las Vegas and New York, upscale-hotel accommodations, and tickets to live events. Among the recipients of this largesse, according to an investigation by McClatchy published last year, was David Dove, the chief of staff to Georgia’s then secretary of state, Brian Kemp. Kemp, the new governor of Georgia, made news in the midterm elections for his efforts to keep people of color from voting and for overseeing his own election. In March of 2017, when Dove attended an E.S. & S. junket in Las Vegas, Kemp’s office was in the market to replace the state’s entire inventory of voting machines. “It’s highly inappropriate for any election official to be accepting anything of value from a primary contractor,” Virginia Canter, the chief ethics officer at Citizens for Responsibility and Ethics in Washington, told McClatchy. “It shocks the conscience.” (Kathy Rogers, E.S. & S.’s senior vice-president for governmental affairs, told McClatchy that there was nothing untoward about the advisory board, which she said has been “immensely valuable in providing customer feedback.”)

Pennsylvania: Counties given new option for voting machine | The Sentinel

In April, the Pennsylvania Department of State informed counties that they must have voting machines that provide a paper record of each vote as a matter of election integrity. Paper ballots provide for more accurate and reliable post-election audits compared to direct recording electronic voting machines, like those used in Cumberland County, according to the Department of State. Gov. Tom Wolf earmarked $13.5 million in federal funds to help counties buy compliant machines, and the state is required to provide a 5 percent match to those funds, leaving more than $14 million available to counties. The Wolf administration said it wants new machines to be in place by the May 2020 primary.

Editorials: Voting Machines: What Could Possibly Go Wrong? | Jennifer Cohn/NYR Daily | The New York Review of Books

Since the 2016 election, there has been a good deal of commentary and reporting about the threats to American democracy from, on the one hand, Russian interference by Facebook and Twitterbot-distributed propaganda, and on the other, voter ID laws and other partisan voter suppression measures such as electoral roll purges. Both of these concerns are real and urgent, but there is a third, yet more sinister threat to the integrity of the November 6 elections: the vulnerability of the voting machines themselves. This potential weakness is critical because the entire system of our democracy depends on public trust—the belief that, however divided the country is and fiercely contested elections are, the result has integrity. Nothing is more insidious and corrosive than the idea that the tally of votes itself could be unreliable and exposed to fraud. 

National: Voting Machine Manual Instructed Election Officials to Use Weak Passwords | Motherboard

States and counties have had two years since the 2016 presidential election to educate themselves about security best practices and to fix security vulnerabilities in their election systems and processes. But despite widespread concerns about election interference from state-sponsored hackers in Russia and elsewhere, apparently not everyone received the memo about security, or read it. An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor’s tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor’s name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases—alternating between two of them—and in other cases to simply change a number appended to the end of some passwords to change them. Harri Hursti, founder of Nordic Innovation Labs and a longtime election security expert, told me he and his colleagues were conducting a risk-assessment in a county when they found the binder containing loose-leaf pages in an election office. The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices.

National: Private Equity Controls the Gatekeepers of American Democracy | Bloomberg

Millions of Americans will cast votes in Tuesday’s midterm elections, some on machines that experts say use outdated software or are vulnerable to hacking. If there are glitches or some races are too close to call — or evidence emerges of more meddling attempts by Russia — voters may wake up on Wednesday and wonder: Can we trust the outcome? Meet, then, the gatekeepers of American democracy: Three obscure, private equity-backed companies control an estimated $300 million U.S. voting-machine industry. Though most of their revenue comes from taxpayers, and they play an indispensable role in determining the balance of power in America, the companies largely function in secret. Devices made by Election Systems & Software LLC, Dominion Voting Systems and Hart InterCivic Inc. will process about nine of every ten ballots next week. Each of the companies is privately held and at least partially controlled by private equity firms. Beyond that, little is known about how they operate or to whom they answer. They don’t disclose financial results and aren’t subject to federal regulation. While the companies say their technology is secure and up-to-date, security experts for years have raised concerns that older, sometimes poorly engineered, equipment can jeopardize the integrity of elections and, more importantly, erode public trust.

National: US election integrity depends on security-challenged firms | Associated Press

It was the kind of security lapse that gives election officials nightmares. In 2017, a private contractor left data on Chicago’s 1.8 million registered voters — including addresses, birth dates and partial Social Security numbers — publicly exposed for months on an Amazon cloud server. Later, at a tense hearing , Chicago’s Board of Elections dressed down the top three executives of Election Systems & Software, the nation’s dominant supplier of election equipment and services. The three shifted uneasily on folding chairs as board members grilled them about what went wrong. ES&S CEO Tom Burt apologized and repeatedly stressed that there was no evidence hackers downloaded the data. The Chicago lapse provided a rare moment of public accountability for the closely held businesses that have come to serve as front-line guardians of U.S. election security. A trio of companies — ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas — sell and service more than 90 percent of the machinery on which votes are cast and results tabulated. Experts say they have long skimped on security in favor of convenience, making it more difficult to detect intrusions such as occurred in Russia’s 2016 election meddling. The businesses also face no significant federal oversight and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.

National: Election Equipment Vendors Play a Key, and Underexamined, Role in U.S. Democracy | Take Care

Every vote in the United States — for city council, state representative, or president — is cast using materials and equipment manufactured by third party vendors. There are vendors large and small, but the American election equipment industry is dominated by three vendors: ES&S, Hart, and Dominion. These vendors manufacture the machines that approximately 92% of eligible voters use on election day — and they wield extraordinary power with significant implications for our democracy. Because of this, it’s critical that elected officials and advocates pay attention to the role vendors play in the security and transparency of American election systems. Perhaps most concerning are vendor efforts to keep secret the technology upon which American elections rely while at the same time feteing state and local election officials with expensive trips and meals. Vendors have actively and increasingly pushed back on efforts to study and analyze the equipment that forms the basic foundation of our democratic processes.

Pennsylvania: Unisyn touts minimal human involvement | The Sharon Herald

The goal of Unisyn’s voting machine systems is to keep human beings out of the process as much as possible, “You’re taking that human element out of the process,” said Todd Mullen of RBM Consulting, which is marketing and servicing electronic voting systems for Unisyn Voting Solutions, based in Vista, Calif. “The more you handle a ballot, the more opportunity you have to mishandle it.” Mullen presented Unisyn’s systems Thursday for the Mercer County commissioners and the county’s elections staff in the second of three scheduled demonstrations of voting machine systems. All 67 counties in Pennsylvania are under a mandate by Gov. Tom Wolf to adopt a voting system by January 2020 that provides paper documentation of individual votes, while protecting voters’ identities. Election Systems & Software, based in Omaha, Neb., demonstrated its devices June 14. ES&S company’s products include the iVotronic, which Mercer County residents have been using to cast their votes since 2006. The current system lacks the required paper trail. Dominion Voting Systems of Denver will stop in Mercer County July 12 to present its wares.

National: Senator calls on voting machine makers to detail how they’ll prevent hacks | TechCrunch

One of the Senate’s main cybersecurity proponents wants assurances that voting systems in the U.S. are ready for their next major threat and he’s going straight to the hardware makers to get it. In a letter, Oregon Senator Ron Wyden — an outspoken member of the Senate Intelligence Committee — called on six of the main voting machine manufacturers in the U.S. to provide details about their cybersecurity efforts to date. The request comes on the heels of emerging details around Russia’s successful attempts to hack election systems in many states. Wyden’s line of inquiry is grounded in the pursuit of details, like if a company has been breached previously without reporting the incident and how often it has conducted penetration testing in cooperation with an external security firm. … Wyden’s appeal to voting machine manufacturers is the latest piece in the ongoing conversation around election system and voting machine security following revelations from the 2016 U.S. presidential election. Because states handle elections in a variety of ways, implementing different styles of machine and overseeing their own voter rolls, just how airtight these systems are is difficult to assess.