Chile: Voter records for 80% of Chile’s population left exposed online | Catalin Cimpanu/ZDNet

The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country’s entire population, was left exposed and leaking on the internet inside an Elasticsearch database. ZDNet learned of the leaky server from a member of the Wizcase research team, who passed the server’s IP to this reporter last week, in order to identify the nature and source of the leak. We found that the database contained names, home addresses, gender, age, and tax ID numbers (RUT, or Rol Único Tributario) for 14,308,151 individuals. ZDNet has confirmed the validity and accuracy of this information with several of the individuals whose data was contained in the leaky database. A spokesperson for Chile’s Electoral Service — Servicio Electoral de Chile (Servel) — also confirmed the data’s authenticity; however, they denied owning the leaky server.

National: State election offices made for an easy target for Russian hackers | Andrew Eversden/Fifth Domain

In the months before the 2016 presidential election, one U.S. state received a notification from a federally-backed cybersecurity group, warning about suspicious cyber activity directed at its networks. The state IT officials did not share the alert with other state government leaders and as late at January 2018, the same officials reported nothing “irregular, inconsistent, or suspicious” took place before the vote. In fact, GRU, Russia’s military intelligence agency, had scanned one of the state’s “election-related” domains, according to a new Senate report. In another state, leaders did not turn over to the Senate which of its systems had been targeted by Russians. Officials told Senate investigators they hadn’t seen evidence of scanning or attacks on its election infrastructure. Instead, they told the committee that they had seen a “probing” of its state systems. Again, DHS told the committee that GRU had scanned the state’s Secretary of State website. And in a third state, officials told Senate investigators they had not noticed a connection between their systems and the IP addresses listed in a warning from the federal government. And again, DHS told the committee that GRU scanned the state’s government domain.

National: Russia Targeted Elections Systems in All 50 States, Report Finds | David E. Sanger and Catie Edmondson/The New York Times

The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016, an effort more far-reaching than previously acknowledged and one largely undetected by the states and federal officials at the time. But while the bipartisan report’s warning that the United States remains vulnerable in the next election is clear, its findings were so heavily redacted at the insistence of American intelligence agencies that even some key recommendations for 2020 were blacked out. The report — the first volume of several to be released from the committee’s investigation into Russia’s 2016 election interference — came 24 hours after the former special counsel Robert S. Mueller III warned that Russia was moving again to interfere “as we sit here.” While details of many of the hackings directed by Russian intelligence, particularly in Illinois and Arizona, are well known, the committee described “an unprecedented level of activity against state election infrastructure” intended largely to search for vulnerabilities in the security of the election systems.

Iowa: Iowa will keep voter registration system for 2020 elections | Ryan J. Foley/Associated Press

Iowa’s 14-year-old voter registration system will live to see another presidential election. The Iowa Secretary of State’s office confirmed Thursday that a long-discussed plan to replace the I-Voters database will not be completed before the 2020 elections.  Spokesman Kevin Hall said the office remains in the information-gathering phase of the project, which was formally launched more than a year ago. He said the state plans to solicit information from potential vendors soon and to later move forward with a bidding process. “This is a big project and we owe it to the voters of Iowa to build it responsibly with the future of elections and security in mind,” he said. The project is expected to cost $7 million and the office doesn’t yet have all that funding, he added. Russian hackers tried to infiltrate Iowa’s elections system in 2016 but were not successful. Current and former state officials say they have confidence in the security of the I-Voters system and that they’ve taken steps to prevent intrusions, including two-factor authentication and cybersecurity training for users in all of Iowa’s 99 counties. Built in 2005 and launched the next year, the system has been upgraded numerous times and contains data on Iowa’s roughly 2 million registered voters.

Washington: State’s new voting system concerns county elections officials | Aaron Kunkler/Kent Reporter

County election officials are raising concerns about the new Washington state voting system ahead of the Aug. 6 primary election while state officials say they have confidence in it. The new voting system, VoteWA, is a $9.5 million program that came online last May and is meant to unify all 39 county voting systems in the state into a single entity. This will allow greater security and more easily facilitate same-day voter registration, said Washington’s Secretary of State Kim Wyman, who has advocated for the program. “I want people to know that our system is secure and that our counties are going to be ready for the August primary and the November general elections,” Wyman said. Several issues have made King County Elections officials less confident. The state shut down the old voting system on May 24 and spent several days transferring voter data to VoteWA. Following this, counties double-checked the new data with their previous voter records to ensure accuracy, which meant they were not able to register new voters in the system until June 9. In King County, this led to a backlog of 16,000 voters, said King County Elections director Julie Wise during a July 10 meeting of the county’s Regional Policy Committee. “There was a rush to get this system implemented, and it’s not ready to go,” Wise said. “I know that that’s concerning, and that it causes alarm for people, but I do want to say we are working diligently.”

National: Who Will Clean Up America’s Voter Rolls? | Mark Hemingway/RealClearPolitics

Los Angeles County has too many voters. An estimated 1.6 million, according to the latest calculations – which is roughly the population of Philadelphia. That’s the difference between the number of people on the county’s voter rolls and the actual number of voting age residents. This means that L.A. is in violation of federal law, which seeks to limit fraud by requiring basic voter list maintenance to make sure that people who have died, moved, or are otherwise ineligible to vote aren’t still on the rolls. Los Angeles County has made only minimal efforts to clean up its voter rolls for decades. It began sending notices to those 1.6 million people last month to settle a lawsuit brought by the conservative watchdog group Judicial Watch. Los Angeles County may be California’s worst offender, but 10 of the state’s 58 counties also have registration rates exceeding 100% of the voting age population. In fact, the voter registration rate for the entire state of California is 101%. And the Golden State isn’t alone. Eight states, as well as the District of Columbia, have total voter registration tallies exceeding 100%, and in total, 38 states have counties where voter registration rates exceed 100%. Another state that stands out is Kentucky, where the voter registration rate in 48 of its 120 counties exceeded 100% last year. About 15% of America’s counties where there is reliable voter data – that is, over 400 counties out of 2,800 – have voter registration rates over 100%.

Washington: ‘Not ready for prime time.’ Washington State election officials sound alarm over new voter registration system | Austin Jenkins/NW News Network

County election officials in Washington are warning that a new statewide voter registration database system is not ready for the state’s August 6 primary and could result in some voters getting incorrect ballots or no ballot at all. The concerns reached a crescendo on Tuesday at a work session of the Washington Senate’s State Government, Tribal Relations and Elections Committee. A panel of county auditors and election chiefs told members of the committee that the new VoteWA system is “not ready for prime time” and that they are proceeding with the primary election “on a hope and a prayer.” Washington Secretary of State Kim Wyman, a Republican, acknowledged that she decided to “go live” with phase one of the system over the objections of some county auditors, but defended that decision as necessary because of the age and security vulnerabilities of the old system.  “If you want to know why I made the decision that I made, it was I was so worried and freaked out by my security team that said we cannot keep operating this system,” Wyman told the committee members.

Washington: Problems with State’s new $9.5M voter-registration system leave officials racing to get ballots printed, mailed | Joseph O’Sullivan/The Seattle Times

County officials across Washington are racing to enter a backlog of voter-registration data into a new statewide elections system in time to get ballots printed and mailed by mid-July, for the Aug. 6 primary. That backlog — information such as new registrations and changes of address for more than 16,000 voters in King County alone — comes after voter databases shuttered for about a month while the state transitioned to the new VoteWA system. The software program is intended as a statewide voter-information database to replace the less centralized systems currently used among Washington’s 39 counties, which administer elections. VoteWA allows election administrators to see voter changes made across the state in real-time, which will help implement Washington’s new same-day voter-registration law. That law is now in effect for the Aug. 6 primary. But now, as election workers try to make up for lost time, they are finding the VoteWA system slowing to a crawl — and sometimes entirely shut down. On June 28, state officials had to take VoteWA, which now handles all Washington voter data, offline for the whole day, a Friday, and into the weekend. The situation prompted King County Elections Director Julie Wise to send home eight temporary elections workers who had shown up that Friday to help enter voter data. VoteWA — which has drawn scrutiny from Wise and some other elections officials after problems were discovered during testing last month — was down again Wednesday for a shorter period of time, according to auditors in Clark and Mason counties.

Rhode Island: Contract awarded to build central voter registration system | Associated Press

Secretary of State Nellie Gorbea says a contract has been awarded to build a new central voter registration system for the state. The Democrat announced Thursday that Stonewall Solutions, of Pawtucket, was awarded the contract. The computer database, designed in 2005, houses the state’s list of registered voters and acts as Rhode Island’s election management system. Gorbea says a modernized system will help ensure elections are secure and streamline the way election officials process voter records, update the voter list, check ballots and certify mail ballots.

Florida: Florida lawmakers rail against FBI for secrecy on voter breaches | Joseph Marks/The Washington Post

Florida lawmakers are railing against the FBI for taking more than two years to acknowledge Russian hackers penetrated some of the state’s voter files — and for remaining mum about which voters were affected. The long delay signals to voters in Florida and elsewhere that the government won’t level with them if and when their votes are manipulated, the lawmakers say. And that lack of public faith could do just as much damage as the Russian hacking and disinformation operation that upended the 2016 election and cast doubts on the legitimacy of President Trump’s victory. “This lack of transparency is counterproductive,” Rep. Stephanie Murphy (D) told me. “I’m really concerned that it can erode public confidence in the integrity of our elections almost as much as the actual hacking did.”

Florida: Hacked Florida counties could disclose their identities — if they wanted to | Marc Caputo/Politico

Local election officials in the two unnamed Florida counties where Russian agents hacked voter rolls in 2016 are able to publicly disclose whether they had been attacked. But the bureaucrats are clamming up instead. And voters in those counties have no right to know that information, according to the FBI. Nor is the state’s governor or its congressional delegation allowed to tell the public the names of those counties. That’s because the FBI made the governor sign a non-disclosure agreement in order to receive a classified briefing about the hack, along with the members of Congress. Some lawmakers are outraged at what they see as bizarre reasoning from the agency. For now, the information about the two counties is being kept officially secret — even though the identity of one of the hacking “victims,” Washington County’s election office, has leaked out.

California: California tech official rushed Motor Voter, despite testing issues | Bryan Anderson/The Sacramento Bee

The California government technology officials who developed an automatic voter registration program for the Department of Motor Vehicles last year raced to the finish line even though they acknowledged they should have slowed down. In April 2018, the state delayed the launch of its Motor Voter program by one week because of technical errors, inadequate testing and infrastructure concerns, according to records obtained by The Sacramento Bee. Amy Tong, director of the California Department of Technology, told colleagues working on the project the morning of the scheduled launch that, “In some strange way, this maybe (sic) a sign that we need to slow down in order to go fast again.” The one-week delay may not have been enough time.

New York: After Backlash, Personal Voter Information Is Removed by New York City | The New York Times

Bowing to fierce criticism from elected officials and privacy advocates, the New York City Board of Elections has removed the voter enrollment books that it had posted online, which had included every registered voter’s full name, party affiliation and home address. The books, spanning thousands of pages in searchable PDF format, were quietly posted in February, the first time they had been available on the Board of Elections website. Officials said the online publication was necessary given changes to election law at the state level. But after a series of news reports regarding the decision, some election and privacy experts warned that it could make sensitive personal information too readily available. And officials including Gov. Andrew M. Cuomo, Mayor Bill de Blasio and the New York City Council speaker, Corey Johnson, warned that the decision to publish the books could undermine public trust in the electoral process and jeopardize the security of voter information. By Tuesday, the voter rolls had been removed from the Board of Elections’ website. Michael Ryan, the board’s executive director, said the board had made the decision during a conference call on Monday, partly in response to public outrage following the media reports. “Up until a media inquiry into this matter, we had seen no complaints from anyone that this information was there,” Mr. Ryan said on Tuesday during a previously planned City Council hearing about election reform. But, he said, “Since people were getting upset, we took it down.”

New York: Amid Public Outrage, New York City Board Of Elections Pulls Private Voter Records From Internet | CBS

After massive public backlash, and the possibility for legal backlash as well, the New York City Board of Elections has quickly wiped the public’s private information from the internet. Voter rolls listing full names, home addresses that included apartment numbers, and party affiliations for all 4.6 million registered voters in New York City were dumped on the BOE’s website. On Tuesday, the board suddenly decided to remove that information from its site after beginning the information dump in February. Executive director Michael Ryan spoke to CBS2’s Marcia Kramer about the privacy scandal and admitted the media firestorm was responsible for the decision to end the short-sighted plan. “Yes we heard it. Yes we took it down. Do I think if someone was really looking to find somebody they’d go to the ad list books at the Boards of Elections? No I don’t quite frankly,” Ryan said defiantly.

New York: Public Records: Personal Information on New York City Voters Is Now Available for All to See | The New York Times

Are you registered to vote in New York City? If so, then anyone can find out your party affiliation, full name and home address down to the apartment number — all with a few mouse clicks. The city’s Board of Elections recently posted its voter enrollment lists to its website, a massive upload of thousands of pages, covered in tiny all-caps letters, that offer a district-by-district breakdown of voters sorted by party and street name — one line for each of the 4.6 million active registered voters. City officials said that the information was already public record, and that a new forum did not change its availability. But the move raised alarms among privacy advocates and some election experts, who said the ease of access could play into the hands of mail scammers, internet trolls and domestic violence perpetrators. It even drew oblique criticism from Gov. Andrew M. Cuomo, whose office emphasized the need for digital privacy. “The New York City Board of Elections’ decision was theirs to make, but we believe sensitive voter information should always be protected,” Caitlin Girouard, a spokeswoman for Mr. Cuomo, said in a statement. She added, “When it comes to the current administration, we need to be extra vigilant to ensure New Yorkers’ information isn’t being used for politically motivated ill will.”

Florida: Key to election security, Florida’s voter rolls have troubled tech history | Palm Beach Post

Long before Florida’s online voter registration system malfunctioned and temporarily throttled back new registrations last month, long before Palm Beach County Supervisor of Elections Susan Bucher called it a glitch-prone “mess” in need of review, Florida’s system for maintaining voter registration records was dogged by reports of serious flaws. Everything from software security to unauthorized access to voters’ personal information were among the problems cited in Auditor General reports and follow-ups from 2006 through mid-2015. Last month, Bucher discovered a new problem: Just as Floridians are poised to head to the polls for the most contested midterm elections in recent memory, the state’s brand new online voter registration system crashed. Voter registration, and how those registration records are kept, is more than a tech-induced headache. When Russian-sponsored hackers tried to worm their way into the elections systems of 21 states in 2016, state-housed voter registration records were prime targets.

Texas: Millions of Texas voter records exposed online | TechCrunch

massive trove of voter records containing personal information on millions of Texas residents has been found online. The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters. It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections. TechCrunch obtained a copy of the file, which was first found by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. It’s not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data.

Michigan: Despite explanation for election night glitches, calls persist for Wayne County primary audit | Michigan Radio

The Wayne County Board of Canvassers heard what went wrong with the county’s election results website last Tuesday, as questions and concerns linger about problems with the Aug. 7 primary election. The Grand Rapids-based company ElectionSource runs the site that reports Wayne County’s election results. As vote totals started coming in last Tuesday, the site initially reported the results of some races wrong before shutting the site down altogether for a few hours. ElectionSource CEO Ryan DeLongchamp told the board that was the result of an “internal error” caused by larger-than-expected data files from the county.

California: Marin County officials detail glitches behind election-night web foulup | Marin Independent Journal

Old code, software problems and server configuration combined with heavy traffic caused the blooper that made it impossible for the public to view results on election night June 5, county officials said this week. “We determined that it was a combination of three things,” said Liza Lowery Massey, director of Marin County’s Department of Information Services and Technology. The Registrar of Voters’ website, which had been redesigned to feature more graphs and other visual elements to make the data more accessible to the general public, remained inaccessible most of the night.

Zimbabwe: The Voters’ Roll Is Now Available Online And This Could Seriously Endanger Citizens | Techzim

ZANU-PF’s recent violation of privacy has been grabbing all the headlines. The political party sent out some unsolicited and scarily specific SMSs to some Econet subscribers. This has resulted in a lot of heated debate with people questioning where the party got these numbers and the specific constituency of subcribers. As we were taking a closer look at this situation we stumbled upon a website containing the voters’ roll for 30 July’s election. We downloaded the voters’ roll for the Harare Metropolitan and quickly we realised that the voters’ roll may be too detailed and this may leave citizens exposed to all kinds of risks for a long time.

Malaysia: Watchdogs believe flaws in voter list ‘tip of iceberg’ | Reuters

Electoral watchdog groups in Malaysia said the voter list for next week’s general election had major flaws, including the existence of a 121-year-old voter, raising the spectre of possible fraud. About 15 million Malaysians are registered to vote in next Wednesday’s (May 9) election pitting Prime Minister Najib Razak’s Barisan Nasional coalition, which has ruled for six decades, against a resurgent opposition led by former leader Mahathir Mohamad. A joint study of the voters’ rolls by electoral reform groups Bersih and Engage found more than 500,000 cases of voters registered with the same address, while more than two million were found to have no address. The groups highlighted 10 major irregularities they said affected hundreds of thousands of voters nationwide.

Minnesota: Citing Russian threat, Secretary of State asking for $1.4 million to update voter registration system | Twin Cities Pioneer Press

Citing national security officials’ warnings that Minnesota’s voter database had already been targeted by elements “at the behest of the Russian government,” the secretary of state is asking for funding to update its statewide registration system. Minnesota Secretary of State Steve Simon said he’s been in multiple meetings with Department of Homeland Security officials — including a meeting as late as February — relating to foreign attempts to affect the integrity of Minnesota’s voting system. “They are sobering,” Simon said of the meetings, for which he was recently given “secret” security clearance — meaning, he said, he couldn’t give too many details. In 2016, entities associated with the Russian government targeted 21 states, including Minnesota, national security officials have said. Two of those states — Illinois and Arizona — had their state databases penetrated.

Connecticut: State may limit access to state’s voter database | Associated Press

Marketing companies and other private entities would no longer be able to buy Connecticut’s state voter list for about $300 and use the data for solicitations and other purposes under new legislation being considered by state lawmakers this session. Instead, only political party committees, candidates, political action committees, journalists, academic researchers and governmental agencies could tap the cache of information, which includes full names, addresses, phone numbers, political affiliations and birth dates. The proposed change is being offered by Democratic Secretary of the State Denise Merrill, who also wants to prevent a voter’s full birthdate from being released.

Virginia: Fairfax County registrar to deny voter registrations over concerns with Virginia system | WTOP

Thousands of people who recently moved to Fairfax County from other parts of Virginia are set to receive notice in the next week or so that their voter registration requests have been denied. This move follows concerns about the way a state Department of Elections system handles requests submitted through the Department of Motor Vehicles, the county’s general registrar said. To start with, that means about 5,000 letters to people who submitted some of the most recent address updates. The county’s general registrar is accepting similar voter registration updates through the Department of Elections website.

California: Millions of California voter records exposed in unprotected MongoDB | SC Magazine

California officials are investigating a report that an unprotected MongoDB database has been discovered possibly containing the names of every California voter. Kromtech Security’s Bob Diachenko that earlier this month Kromtech came across an database named cool_db containing 19.2 million voter records gathered in two collections that was fully unprotected and thus open for anyone to view. One batch contained voter registration data for a local district and the other the millions of records. “Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery),” he said. 

National: An intern Cambridge Analytica left sensitive voter targeting tools online for nearly a year | Business Insider | Business Insider

An intern at the data mining and analysis firm Cambridge Analytica left online for nearly a year what appears to be programming instructions for the voter targeting tools the company used around the time of the election, raising questions about who could have accessed the tools and to what end. Social media analyst and data scientist Jonathan Albright discovered the election data processing scripts — or programming instructions — on what he said was the intern’s personal GitHub account. GitHub, a “Facebook for programmers,” is an internet hosting service mostly used for code. The account was scrubbed less than an hour after Albright published his findings on Medium, but the scripts had already been archi

South Africa: IEC goes online to capture voter addresses | ITWeb

The Independent Electoral Commission (IEC) has turned to technology to support its efforts to capture the addresses of over 26 million registered voters before 30 June 2018. In 2016, the Constitutional Court ordered the IEC to correctly capture the addresses of all registered voters on the voters’ roll before the 2019 general elections. Yesterday, the IEC unveiled MyIEC, an online portal that allows South African voters to submit or update their registration details when they have changed address or when there has been a change in their identity number. … The implementation of online systems in relation to the democratic voting process often brings up concerns of security, especially where citizens’ sensitive information is concerned.

Texas: Judge Blocks Texas Secretary Of State From Giving Voter Information To Trump Commission | KUT

A Texas district judge has issued a temporary restraining order preventing Texas Secretary of State Rolando Pablos from handing voter information to President Donald Trump’s voter fraud investigation commission. The order, which came out Tuesday, adds Texas to a growing list of states not complying with the president’s investigation into the 2016 elections, which Trump says suffered from large-scale voter fraud. Judge Tim Sulak of the Austin-based 353rd Texas Civil District Court issued the order in response to a lawsuit filed July 20 by the League of Women Voters of Texas, its former president Ruthann Geer and the Texas NAACP against Pablos and Keith Ingram, the Texas Elections Division director in the the secretary of state’s office. The lawsuit seeks to stop the state from handing over voter data from the state’s computerized voter registration files to the Presidential Advisory Commission on Election Integrity. The suit argues that doing so would reveal voters’ personal information, “which may be used to solicit, harass, or otherwise infringe upon the privacy of Texas voters.” The secretary of state’s office didn’t immediately return a request for comment for this article.

Alaska: Glitch Leaves Alaskan Voters Out in the Cold, SEC Reveals Breach | The VAR Guy

Oops!… They did it again. For what seems like the billionth time, U.S. voter records have been exposed, this time targeting Alaska. A cache of voter records containing the personal information of nearly 600,000 voters in Alaska was inadvertently exposed online. The culprit? An unsecured CouchDB database. And just, you know, a giant oversight. The cause of the hack was discovered by researchers at the Kromtech Security Research Center, who determined that the database of about 593,000 voters (that’s every registered voter in the state of Alaska) was accidentally configured for public access. That means it was just out there, floating in the breeze without any sort of password protection or security wall, making it accessible to anyone who knew where to look. No logging in, no verification, nada.

Pennsylvania: System glitch let non-citizens register to vote | Associated Press

Some people who are in the U.S. legally but who are not citizens were mistakenly allowed to register to vote in Philadelphia because of a glitch in Pennsylvania’s electronic driver’s licensing system, a city election official said Wednesday. Al Schmidt, a Republican who sits on Philadelphia’s three-member election commission, said that since 2006 at least 168 noncitizens registered to vote in the city through the motor voter driver’s licensing system. In some cases, they voted, and some of them voted in more than one election, Schmidt said. Schmidt said he became aware of those people because they had contacted his office. Many more noncitizens could have mistakenly registered through the system in Philadelphia and elsewhere in Pennsylvania, he said.