Iowa Gov. Kim Reynolds signed a bill Tuesday that will deny county officials the ability to use a voter database to confirm missing or incorrect information on absentee ballot requests. The measure was inserted by Republicans into a massive budget bill on the final day of the legislative session. Reynolds signed the measure into law, opting not to kill the rule change with a line-item veto. Republican Rep. Gary Mohr defended the measure in floor debate as an election security measure that would help “ensure a person who applies for an absentee ballot is the one who casts the absentee ballot.”
National: Securing voter registration databases takes on added importance in pandemic, DHS official says | Sean Lyngaas/CyberScoop
The expansion of voting by mail during the coronavirus pandemic makes it all the more important that election officials secure voter registration databases from hacking, according to a senior Department of Homeland Security official. The greater amount of absentee voting and mail-in ballots “shifts the risk towards voter registration data security,” Matt Masterson, senior adviser at DHS’s Cybersecurity and Infrastructure Security Agency, said Wednesday during a virtual conference. People voting by mail generally won’t have access to the same provisional-balloting process that those voting in person can use if they’ve been left off of voter rolls due to an administrative error. That makes the integrity of voter registration data all the more important in the era of COVID-19, Masterson said. The novel coronavirus, which has killed more than 120,000 people in the U.S., has forced many states to postpone presidential primaries and ramp up voting-by-mail options. Forty-six states currently offer all of their voters some form of by-mail voting, according to the nonprofit Open Source Election Technology Institute (OSET).
Indonesia is probing how 2.3 million voters’ personal information was leaked online, the election commission said on Friday (May 22). The data breach, which included names, home addresses and national identification numbers, appeared to be from the 2014 election voter list, according to the General Election Commission. Agency commissioner Viryan Azis said an investigation had been launched into the source of the leak earlier this week.
Florida’s online voter registration system began experiencing “intermittent issues” Sunday that could have kept some residents from registering to vote online. Some users who went to RegistertovoteFlorida.gov on Sunday encountered a 503 error saying the service was unavailable. The Florida Department of State said Sunday evening that some users experienced issues but others have been able to submit voter registration applications. It said Sunday evening that the site appeared to be up and running. A reporter briefly encountered the error Monday morning, but the website came up when the site was refreshed. The state has added a notification to the website apologizing for any inconvenience and saying it’s working to resolve the issue “as expeditiously as possible.” It has not responded to a question of what caused the problem. The website issue comes at a time when some of the other channels for registering to vote are less available.
Georgia (Sakartvelo): Personal details for the entire country of Georgia published online | Catalin Cimpanu/ZDNet
The personal details for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum over the weekend, on Saturday. Personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers were shared online in a 1.04 GB MDB (Microsoft Access database) file. The leaked data was spotted by the Under the Breach, a data breach monitoring and prevention service, and shared with ZDNet over the weekend. The database contained 4,934,863 records including details for millions of deceased citizens — as can be seen from the screenshot below. Georgia’s current population is estimated at 3.7 million, according to a 2019 census. It is unclear if the forum user who shared the data is the one who obtained it. The data’s source also remains a mystery. On Sunday, ZDNet initially reported this leak over as coming from Georgia’s Central Election Commission (CEC), but in a statement on Monday, the commission denied that the data originated from its servers, as it contained information that they don’t usually collect.
Illinois: Secretary of State can’t explain latest voter registration gaffe | Neal Earley/Chicago Sun-Times
In the latest gaffe in the state’s voter rolls, 1,151 Illinois residents were improperly classified as not registered to vote in next week’s primary before officials caught the mistake. State election officials sent out letters Monday to local election authorities, ahead of the March 17 primary, alerting them to the problem and telling them to allow the people mistakenly listed as not registered, to vote. All 1,151 people affected by the problem were attempting to apply for REAL ID, but a spokesman for Illinois Secretary of State Jesse White said he does not know what caused the error, saying it could have been any one of a number of problems. A spokesman for the Illinois State Board of Elections said he doesn’t think anyone who was mistakenly listed as not registered was inappropriately turned away during early voting, which began last week, since anyone not registered to vote has the option to do so on the spot and election judges are trained to tell people about that option. “This is our way of making sure that these folks got registered in time for the election,” said Matt Dietrich, board spokesman. Dietrich said the 87 local election authorities impacted by the error should work to make sure those wrongly classified as not registered are allowed to vote.
Missouri: Kansas City’s Mayor Was Turned Away When He Tried to Vote | Matt Stevens/The New York Times
The mayor of Kansas City, Mo., was turned away from a polling place when he tried to vote in the state’s primary on Tuesday, a development he found frustrating and emblematic of broader problems with the American voting system. The mayor, Quinton Lucas, said on Twitter that he had been told he “wasn’t in the system” at a polling place he had used for more than a decade. The episode unfolded shortly after he made a video in which he discussed the importance of voting and encouraged people to show up at the polls. “If the mayor can get turned away, think about everyone else,” he wrote on Twitter. “We gotta do better.” The mayor’s experience was a high-profile hiccup in Missouri, one of the six states holding a primary or caucus on Tuesday — contests that could play a significant role in shaping the Democratic presidential race. Though Mr. Lucas said in an interview that he was later told that he was in fact on the voter rolls and had been turned away by mistake, he said the situation was illustrative of larger problems, namely how hard it can be to vote in America. Mr. Lucas, a Democrat who began his term in 2019, said he had used a utility bill to verify his identity, but during a 10-minute exchange with a poll worker, he was repeatedly told he could not be found on the voter rolls.
The LaSalle County government is seeing a big interruption to its services this week. The LaSalle County government is seeing a big interruption to its services this week. The county is dealing with a ransomware attack on its computers discovered by the Sheriff’s Office last Sunday around 3:30 a.m. Ransomware is a type of virus which locks up all the files on a computer, as hackers demand a ransom, usually money or Bitcoin, to release them. The county’s IT Director, John Haag, said this virus is locking up about 200 computers and about 40 servers in the county government. He said the two areas not affected are the county courts and circuit clerk’s office. About a week later, county employees still do not have access to their emails.
Israel: Voter Data of Every Israeli Citizen Leaked by Election Management Site | Scott Ikeda/CPO Magazine
While most of the attention of international media was on the voting snafus in the Iowa Democratic caucus earlier this month, a much more serious incident was developing in Israel. The registration data of all of Israel’s 6.5 million voters was leaked thanks to a faulty download site for the Likud party’s election management app. The breach included full names, addresses and identity card numbers for all users. The culprit in this breach was not a faulty app, but the public-facing website that directed interested parties to the app downloads. An app called Elector was used by Prime Minister Benjamin Netanyahu’s Likud party to deliver election-related news to supporters. However, in Israel each party is given access to the government’s database of basic contact information for all registered Israeli voters regardless of their party affiliation. The app’s official website leaked the administrative username and password via an unprotected API endpoint listed in the homepage source code. This did not require any hacking acumen to access; anyone who cared to view the source code for the page would see the admin login credentials listed in plaintext by simply clicking through the “get-admin-users” link.
Illinois: ‘Wake-up call’ led to focus on election security | Bernard Schoenburg/The State Journal-Register
As the March 17 Illinois primary approaches, state and local election officials say they are continually working to keep election records, information and vote totals safe from outside meddling. “What I always say is we’re confident that we’re doing everything we can to stay a step ahead of any cyber attacker,” said Matt Dietrich, spokesman for the Illinois State Board of Elections. “But all you can ever hope, when you’re dealing with cyber security, is to stay ahead of the next hacker.” Sangamon County Clerk Don Gray, whose office oversees elections in the county, said every election authority has been “working hard … protecting and defending our election apparatus. It is absolutely imperative today that we are proactive and being out in front of cybercriminals.”
Many Kansas counties’websites may be at risk as they lack basic protocols that make it easier for hackers to impersonate websites in order to install malware or trick individuals into giving out their personal information. Out of 105 counties, only eight of them have websites ending in .gov, a domain extension only government officials can control, and 60 counties’ URLs start with “http” rather than the more secure “https.” Experts say it could be a serious concern for smaller governments during a time of increasing cyberattacks, KCUR-FM reported. Local governments have in recent years become frequent targets of ransomware attacks, where hackers hold data hostage in exchange for money.
Israel: Data of All 6.5 Million Voters Leaked | Daniel Victor, Sheera Frenkel and Isabel Kershner/The New York Times
A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election. The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government’s entire voter registry, though it was unclear how many people did so. How the breach occurred remains uncertain, but Israel’s Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter — though it stopped short of announcing a full-fledged investigation. The app’s maker, in a statement, played down the potential consequences, describing the leak as a “one-off incident that was immediately dealt with” and saying it had since bolstered the site’s security. The flaw, first reported on Sunday by the newspaper Haaretz, was the latest in a long string of large-scale software failures and data breaches that demonstrated the inability of governments and corporations around the world to safeguard people’s private information, protect vital systems against cyberattacks and ensure the integrity of electoral systems.
Illinois: State officials: Implemented solutions to cyber attacks will improve Illinois’ election security| Mike Kramer/Pekin Daily Times
The well-documented 2016 infiltration of Illinois’ Voter Registration System by Russian hackers demonstrated that election infrastructure in the United States has become a focal point for foreign cyber attacks. According to Tazewell County Clerk John Ackerman, Illinois election officials have responded to the intrusions by working to upgrade the state’s cyber defenses. The upgrades are designed to protect voters and their ballots leading up to this year’s general election. ″(Election security) isn’t an issue that’s being discussed endlessly with no solution in sight,” said Ackerman. “There is a solution that has been provided and will be implemented throughout the state of Illinois before the 2020 elections. Here in Tazewell County, the solution went online just last week and I believe neighboring counties are similarly online. Other parts of the state still aren’t, but the goal is they will be before the March primary.”
National: House GOP introduces bill to secure voter registration systems against foreign hacking | Maggie Miller/The Hill
Republicans on the House Administration Committee on Wednesday introduced legislation that would seek to update a long-standing federal election law and secure voter registration databases from foreign hacking attempts. The Protect American Voters Act (PAVA) would require the Election Assistance Commission (EAC) to establish the Emerging Election Technology Committee (EETC), which would help create voluntary guidelines for election equipment, such as voter registration databases, not covered under the Help America Vote Act (HAVA). HAVA was signed into law in 2002 following problems with voting during the 2000 presidential election. The law established the EAC and set minimum election administration standards. The EETC would be empowered to bypass the existing Voluntary Voting Systems Guidelines process, which is a voluntary set of voting requirements that voting systems can be tested against to ensure their security and accessibility. The new bill would also establish an Election Cyber Assistance Unit within the EAC, which would help connect state and local election officials across the country with cybersecurity experts who could provide technical support.
It’s Nov. 3, Election Day: You go to the polls at the school where you’ve cast your ballots for the last 15 years, only to be told you are no longer on the voter registration list. And according to your state’s online database, you’re now supposed to be voting at a church 15 miles away. You’re confused, angry and late for work. So, you don’t vote. And your candidates of choice lose. How would you feel about those who won, much less the democratic process, after that? Attacking voter registration databases is one of the many ways threat actors could attempt to tamper with this year’s presidential election. After the 2016 election cycle, U.S. intelligence officials concluded that hostile nation-state actors attempted to access voter files in all 50 states and succeeded in some states, including Illinois. These and other kinds of compromises, such as ransomware that could deny election officials’ access to critical voter data during the 2020 election, could undermine confidence in U.S. institutions and the perceived legitimacy of those elected.
Illinois: Elections officials disclose fresh problems with voter registration | Sophia Tareen/Associated Press
Illinois elections officials disclosed fresh problems Wednesday with the state’s automatic voter registration program, including at least one eligible voter who said she registered to vote but ended up on an opt-out list. The program is already under fire for mistakenly registering over 500 people who indicated they weren’t U.S. citizens, of which 15 people voted in 2018 and 2019 elections. Election officials said at least eight of the people have long voting histories and were likely U.S. citizens, leaving seven voters in question. The individuals involved were applying for standard drivers’ licenses at secretary of state’s offices. Details were scarce on the new issues, disclosed at a State Board of Elections meeting. Brenda Glahn, an attorney with the secretary of state, said registrations of eligible voters who appeared to decline to be registered were still sent to election officials. The problems stem from those applying for a REAL ID, which requires proof of citizenship.
Iowa: Linn auditor’s complaint that voter registration vulnerable dismissed | Jason Clayworth/Des Moines Register
Linn County Auditor Joel Miller’s complaint that Iowa’s voting system is prone to hackers was dismissed Friday by a state commission without a public hearing on the allegations, an action Miller contends violates federal law. “We won’t rush to judgment on what to do next, but I think there is a good case to appeal because federal law is very clear that a hearing shall be heard and that didn’t happen,” Miller said. Miller in an August complaint filed with Iowa Secretary of State Paul Pate said Iowa’s voter registration system does not meet security safeguards mandated under the federal Help America Vote Act. He has declined to offer details about how the system could be hacked, citing confidentiality concerns. In its 2-to-1 vote Friday, Iowa’s Registration Commission approved a motion filed by the Iowa Attorney General’s Office to dismiss the complaint in part because of its lack of specifics.
National: Millions of Americans have been purged from voter rolls – and may not even realize it | Natasha Bach/Fortune
Millions of Americans have been purged from the voter rolls in recent years, as state governments seek to remove the names of individuals who have died, relocated, or have otherwise become ineligible to vote. But such purges have been widely criticized due to instances in which states have relied on bad information, unregistering eligible voters who are often unaware until they attempt to cast their ballots on Election Day. “The most important thing people get wrong is they forget that purges are a necessary and important part of administering our elections,” Myrna Pérez, director of the Brennan Center’s Voting Rights and Elections Program, told Fortune. “We all benefit when our rolls are clean, and sometimes we forget that purges—when done properly—are a good thing.” But large-scale systematic purges that remove hundreds of thousands of names at a time are more likely to round up individuals who should not be removed from the rolls.
Idaho: Voter registration system to be overhauled, according to election officials | Trevor Fay/KBOI
The Idaho State Voter Registration System (ISVRS) needs to be replaced, according to the Canyon County Clerk’s Office. CBS2 News spoke with election officials about what needs to happen to get the voting system up to speed. Chris Yamamoto, Canyon County Clerk, and Chief Elections Officer, worked with the Idaho Secretary of State to replace the ISVRS. Yamamoto wants the new system to be GIS-based, meaning it keeps track of voter addresses. He says the current system is known to crash when many people use it at once, like during elections.
Michigan: Audit pings state bureau of elections on voter file, training, campaign finance oversight | Beth LeBlanc and Craig Mauger/The Detroit News
Michigan’s Bureau of Elections failed to properly safeguard the state’s file of 7.5 million qualified voters, a discrepancy that allowed an unauthorized user to access the file and increased the risk of an ineligible elector voting in Michigan, according to a recent report from the Office of Auditor General. Elections officials lack proper training in more than 14% of counties, cities and townships, the audit also found. And the bureau did not make timely reviews for campaign statements, lobby reports and campaign finance complaints. The audit conducted between Oct. 1, 2016, and April 30, 2019, found in the qualified voter file “230 registered electors who had an age that was greater than 122 years, the oldest officially documented person to ever live,” according to the Friday report. The report came 2 1/2 months before the state’s March 10 presidential primary and a little over 10 months before Michigan voters cast ballots in the November general election. The reviewed information fell largely under the tenure of Republican former Secretary of State Ruth Johnson. Democratic Secretary of State Jocelyn Benson took office Jan. 1.
California: Hundreds of California voters are being registered with the wrong party. Is DMV to blame? | Bryan Anderson/The Fresno Bee
At least 600 Californians, including lifelong Republicans and Democrats, have had their voter registration unexpectedly changed, and several county elections officials are pinning much of the blame on the state’s Department of Motor Vehicles. Among those affected: the daughter of the California Senate’s GOP leader. “I was like, ‘Kristin did you register as no party preference?’” asked Sen. Shannon Grove, R-Bakersfield. “She said, ‘No, I’m a Republican.’” Grove’s daughter had recently visited the Department of Motor Vehicles to change her address. Shortly thereafter, Sacramento County sent her a postcard informing her she is now registered as a “No Party Preference” voter ahead of California’s March 3, 2020 presidential primary. Grove stumbled across the notice earlier this week at her daughter’s Sacramento home, and worries that hundreds more could soon experience a similar unwanted surprise. Elections officials across the state are linking many of the reported complaints to the state’s new Motor Voter program, which launched ahead of the 2018 midterms to automatically register eligible voters when they visit the DMV. The 2015 law was designed to help boost participation, but a rushed launch prompted 105,000 registration errors to occur following its roll-out.
Kansas: Cyberattacks vandalized Kansas county websites in August, exposing security weaknesses | Jonathan Shorman/The Wichita Eagle
Cyberattacks crippled the websites of about a dozen Kansas counties in early August — replacing their homepages with cryptic messages and an image of Mecca. One county, which was conducting an election during the assault, decided against posting results online. The attacks did not affect vote counting but meant citizens didn’t have access to normal government information, such as contacts for local agencies, for several hours. The hacks defaced websites, but did not affect other systems. It does not appear the hacker or hackers took data hostage, as has happened elsewhere in the country. State officials don’t think the hacking was connected to the August primary election. But the attacks — not widely known until now — showcased the cyber vulnerabilities of local governments in Kansas. And they took place as online threats are rising.
Illinois: Hackers got info for 76,000 Illinois voters in 2016. Here’s what’s being done in Macon County. | Tony Reid/Herald-Review
The person in charge of safeguarding Macon County’s electoral system from Russian hacker attacks or other nefarious onslaughts said he’s confident local ballots are secure. Macon County Clerk Josh Tanner, recently returned from a cybersecurity conference, said much has been done to beef up system firewalls and protections in the three years since Russian hackers infiltrated the Illinois voter registration database. Tanner said state grant money — he’s not allowed to reveal how much, but it’s into the thousands — paid for consultants who tested the county’s voting system earlier this year by trying to hack into it. They weren’t successful, but Tanner said the exercise produced a detailed report highlighting areas that needed beefing up. He said county clerks like himself have to be aware of defending against other threats. “There are other ways of causing mischief than just to penetrate the voting system,” said Tanner, a Republican elected in November. “There are denial of service attacks where they don’t actually penetrate your system but they can bombard it with traffic, slowing it down. The consultants help us focus on how to tie-down the system and protect it.”
The modernization of Montana’s voter registration system won’t happen in time for next year’s elections, because the state’s top election administrator has concluded the new software cannot be installed and its security assured in time. The decision was made by Secretary of State Corey Stapleton, who has something of a vested interest in his decision. He’s a leading GOP candidate for the state’s singular and reliably Republican seat in the House of Representatives in 2020. But Stapleton was pressed to make the decision by the association of the state’s county clerks, who said the system in place for 15 years was good enough for one more election. “It would seem more reasonable to begin this immense change-over outside of a presidential cycle, which could be one of the biggest in our lifetimes,” they told the secretary of state. “The current project development timeline is simply too aggressive and stands to put the election process in Montana at risk.”
Washington: Primary election tests new voter system, but ‘everything went according to plan’ | Joseph O’Sullivan/The Seattle Times
Washington’s same-day voter-registration law and new elections system faced a major stress test Tuesday as voters around the state returned ballots for the primary election. The new statewide voter management system, VoteWA, had a rocky rollout this spring, but county auditors Tuesday said it was running smoothly as the 8 p.m. election deadline came and went. “Everything went according to plan and worked out really well,” said King County Elections Director Julie Wise after Tuesday night’s election results posted. She previously had expressed concerns about the system being ready for the primary. Turnout in King County was projected to hit 36%, and possibly be a few points higher than that in Seattle, where seven City Council seats are up for grabs. VoteWA, which is rooted in a centralized voter-registration database, is expected to cut the risk of fraud, strengthen the security of the state’s elections and give many counties new elections capabilities.
Montana: After elections administrators voice concern, new voter system won’t roll out until 2021 | Holly K. Michels/The Missoulian
The secretary of state is backing away from plans to implement a new election system for Montana before 2020 after elections administrators around the state raised concerns about the aggressive timeline. In a July 24 letter to the head of the Montana Association of Clerks and Recorders, Secretary of State Corey Stapleton wrote that “it does not appear to me that we will be able to implement a new voter registration system this year.” County elections administrators had previously told Stapleton they had “grave concerns” over a plan to replace the existing MontanaVotes system with a new ElectMT system before 2020, as reported by the Montana Free Press. The 2020 elections are expected to see the highest voter turnout in Montana history — it’s a presidential election year, with two federal offices and all the statewide elected officials up for election, plus other state-level, legislative and local races, and ballot initiatives. “The whole association is extremely excited with the decision to wait and not roll it out in the 2020 election,” said Montana Association of Clerks and Recorders President Stephanie Verhasselt, who is the Richland County clerk and recorder. “We do believe when the new system comes out, once we get it working and everyone trained, I think it will have a lot of features we like.”
Rhode Island Secretary of State Nellie Gorbea joined GoLocalProv News Editor Kate Nagle on LIVE where she spoke to the office overseeing the rebuilding of the central voter registration system this year — and why she fears early voting not passing the General Assembly this year will have consequences in 2020. “We are in the process of making sure that our hardware an internet structures are secure — so Stonewall Solutions, I’m proud to say a Rhode Island company from Pawtucket — just won the RFP for rebuilding our central voter registration system, so we are secure to modern-day standards,” said Gorbea. “It was a great program back in 2003 when we first built it but now you know it needs to be upgraded.”
Illinois: 3 years after Russian hackers tapped Illinois voter database, officials spending millions to safeguard 2020 election | Rick Pearson/Chicago Tribune
Three years after Illinois’ voter registration database was infiltrated by Russian hackers, Illinois and local officials are spending millions to upgrade the cyber defenses protecting voters and their ballots leading up to the 2020 election. “It’s gone from being among the concerns to the paramount concern,” said Jim Allen, spokesman for the Chicago Board of Election Commissioners. “Now, every election official across the country is engaged in some level of a security program.” Efforts to prevent foreign hacking range from hiring internet security specialists to, in the case of Chicago and Cook County, making plans to buy new polling machines. The June 2016 breach of the state’s voter database remains the warning sign for election system vulnerability, with national security experts now saying all 50 states had been targeted for Russian intrusion. At least 21 states reported being contacted by addresses associated with Russia, largely by scanning public websites, but Illinois’ data breach was the most significant.
Washington: Key test for Washington state as Tuesday’s primary features new elections system, same-day registration | Joseph O’Sullivan/The Seattle Times
Substantial new changes to Washington’s elections system face a key test this week, as voters around the state cast ballots in Tuesday’s primary. Washington has adopted same-day voter registration, which allows eligible citizens to register and receive a ballot up until 8 p.m. Tuesday, the end of the election period. And elections officials are deploying a new, statewide voter-management system that has had a rocky rollout in some counties. Known as VoteWA, it is expected to make elections more secure, reduce the risk of fraud and give many counties an upgrade in their elections capabilities. At the root of the new system is a statewide voter database that is updated in real time. So if someone wants to register to vote in King County, for instance, elections workers should be able to immediately determine whether that person has already cast a ballot elsewhere in the state. The system’s data is also exported to create ballots, voter-registration cards and other materials provided to voters. The state’s actual vote-tabulation machines are separate from VoteWA and not connected to the internet, and thus not affected by any potential VoteWA issues.
National: Senator Feinstein introduces bill limiting use of voter data by political campaigns | Emily Birnbaum/The Hill
Sen. Diane Feinstein (D-Calif.) introduced a bill on Wednesday that would limit the use of voter data by political campaigns. The legislation is being touted as the first bill “directly responding to Cambridge Analytica,” the 2018 scandal that saw a right-wing political consulting firm use data on millions of American to target pro-Trump messaging at swing voters. Feinstein’s Voter Privacy Act seeks to give voters more control over the data collected on them by political campaigns and organizations. Under the legislation, voters would be allowed to access that data, ask political campaigns to delete it and instruct social media platforms like Google and Facebook to stop sharing personal data with those political entities. The legislation would intervene in the large and growing business around voter data, which campaigns increasingly use to direct their messaging.