National: U.S. voter info has always been public — but now it’s getting weaponized | Kevin Collier/NBC

When John Ratcliffe, the top U.S. intelligence official, said at a news conference last week that Iran and Russia had obtained American voter registration information, he left out an important point: American voters’ data is already public and widely available. “We have confirmed some voter registration information has been obtained by Iran and separately by Russia,” Ratcliffe said last Wednesday. “This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion.” Iran had already weaponized some of that information in the form of threatening emails sent to some Democrats in Florida. The email campaign showed no signs of any successful effort to target Florida’s election infrastructure. But the campaign offered a stark reminder that voting in the U.S. comes with a strong chance that your personal information is shared online. While states’ readiness to share the information may not be common knowledge, it has been the reality for more than a century, said Eitan Hersh, a politics professor at Tufts University and author of a history of how political campaigns target voters.”I think there’s a pretty widespread view across the political spectrum that if you want to participate in the political process, having a public record about it is part of what that means,” he said. “It’s amazingly hard to not have your name, address and birthday in the public record.” State legislators periodically introduce bills to change state laws about sharing the information, but “the mainstream of both parties are committed to the idea that parties should be able to contact you, so these bills are squashed,” Hersh said.

Full Article: U.S. voter info has always been public — but now it’s getting weaponized

West Virginia: Division of Motor Vehicles is losing voter registrations | Register-Herald

State officials say the West Virginia Division of Motor Vehicles is losing voter registrations, but they don’t know how many and for how long. Donald Kersey, general counsel for Secretary of State Mac Warner’s office, said the DMV sends the Secretary of State’s office a daily list of voter registrations, but the secretary’s office estimate several registrations are lost per day because of technical problems at the DMV – “a systematic error,” he said. The problem, Kersey said, has been ongoing at least since the 2018 general election. During a five-day test period in January, 37 people, who were flagged as registering at the DMV, did not have their registration received by the Secretary of State. Kersey, who was previously elections director for the Secretary of State, noted that West Virginia law says the DMV should forward voter registrations to the Secretary of State’s office, which transfers it to county clerks. But he said that during early voting before the 2018 general election, dozens of people said they had registered at local DMVs to vote, but the Secretary of State’s office had no record of it.

Ohio: Thousands of voters given wrong polling location by Secretary of State website | Fayette Advocate

An apparent error on the Ohio Secretary of State’s website has caused thousands of voters to have the wrong polling location listed on their voter registration. According to the Pickaway County Board of Elections, “a large majority” of their county’s registered voters have been given the misinformation by the Secretary of State through the state’s official website voter registration portal. “We send a file to the Ohio Secretary of State and it appears they have addresses for several precincts incorrect,” Michele Lockard, director of the Pickaway County Board of Elections wrote in an email to a voter who inquired about the issue Thursday morning. It is unclear exactly how many voters have been impacted by the error, but Lockard said that she, herself, was also affected. It was also not made immediately clear to the Advocate if Pickaway County was the only county impacted by the error. The county has 34,339 registered voters.

National: Registered to vote? Your state may be posting personal information about you online. | The Washington Post

Americans routinely hemorrhage personally identifiable information (PII) across social media and other websites. On almost a weekly basis, PII bleeds out in dramatic breaches like the recent one at Toyota that exposed 3.1 million customers or another at Georgia Tech in which an “unknown outside entity” illegally accessed data for more than 1 million students, faculty members and alumni. Some 26 million Americans were victims of identity theft in 2016, according to the Bureau of Justice Statistics. One way thieves, scammers and psychopaths perform reconnaissance on their victims is to find them via Google or social media. A fair start — but information on the Internet is often inaccurate. If I were a malicious actor looking for a victim’s PII, I’d begin where the data is government-certified. Tax records and housing data are PII treasure troves but not all records are digitized. Political contributions can be valuable — if a person gave money to a candidate over a certain amount. Yet, an exposed area still exists. States hold important personal records of American voters through their secretary of state (SOS) websites. In most states, some or all of this information is accessible to anyone with an Internet connection. I have an Internet connection. And until recently, I ran the open source intelligence division at a cybersecurity firm. So, I tried to access all 50 states’ (and the District’s) online voter registration systems. In the process, I was able to obtain personal information about the citizens of 40 different states, from Alaska to Arkansas, West Virginia to Wisconsin, New Mexico to North Carolina. In some states, that PII included personal addresses, historic voter data and race.

California: Hackers attacked California DMV voter registration system marred by bugs, glitches | Los Angeles Times

California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come. Yet six days before the scheduled launch of the DMV’s new “motor voter” system last April, state computer security officials noticed something ominous: The department’s computer network was trying to connect to internet servers in Croatia. “This is pretty typical of a compromised device phoning home,” a California Department of Technology official wrote in an April 10, 2018, email obtained by The Times. “My Latin is a bit rusty, but I think Croatia translates to Hacker Heaven.” Although the email described the incident as the DMV system attempting “communication with foreign nations,” a department spokesperson later insisted voter information wasn’t at risk. The apparent hacking incident was the most glaring of several unexpected problems — never disclosed to the public — in rolling out a project that cost taxpayers close to $15 million. The Times conducted a four-month review of nearly 1,300 pages of documents and interviewed state employees and other individuals who worked on the project — most of whom declined to be identified for fear of reprisal. Neither the emails nor the interviews made clear who was ultimately responsible for the botched rollout, though an independent audit is expected to be released in the coming days.

New Hampshire: State Supreme Court denies access to voter database in suit over registration law | Legal Newsline

A request to produce a voters database that was ordered by a lower court as evidence in a lawsuit was denied by the New Hampshire Supreme Court. Chief Justice Robert Lynn issued a 10-page ruling on Jan. 24, vacating the New Hampshire Superior Court’s order in the lawsuit filed by the League of Women Voters of New Hampshire, the New Hampshire Democratic Party, and several individuals in a challenge to a voter registration law. The high court concluded that the Superior Court erred ordering the state’s secretary of state and attorney general to produce the New Hampshire Centralized Voter Registration Database, concluding that the list is “exempt from disclosure by statute.” The League of Women Voters of New Hampshire the New Hampshire Democratic Party sued over the validity of some state voting laws.

Pennsylvania: Officials work to correct a statewide election glitch ahead of voting in November | Your Erie

There are just three weeks to go until voters here in Pennsylvania head to the polls.  But, one of the big concerns heading into Election Day is whether or not your vote is secure. On Monday, the House State Government Committee met to discuss lingering issues with the state’s election system, Committee Chair Daryl Metcalf raising concerns about non-citizens being able to vote after the Department of State found that thousands of potential non-citizens were registered due to a technical glitch. Metcalfe says, “All of the talk about Russia’s interference with our elections. There’s real interference with our elections by foreign nationals in the state of Pennsylvania. And those foreign nationals are here legally, but registering illegally.”

Montana: Secretary of State plans to replace voter registration system | Bozeman Daily Chronicle

Montana Secretary of State Corey Stapleton plans to replace the state’s voter registration system and pay for improvements to its election cyber security programs with a $3 million federal grant. The money is part of $380 million in grants President Donald Trump budgeted for election security across the nation against a backdrop of threats from Russia and others. Montana is putting up $150,000 as a 5 percent match for the grant. Stapleton outlined the plan in a letter to members of the U.S. Election Assistance Commission, a group that administers the grants, sent out Wednesday. The state received the money, but the program required Stapleton provide details on how it would be spent.

Voting Blogs: CEIR voter registration database security report: Survey finds most states adopted best cybersecurity practices since ‘16 | electionlineWeekly

The Center for Election Innovation and Research (CEIR) has released a new report based on a survey of 26 states conducted between June and July of 2018 to assess the current state of security around voter registration databases (VRDBs). The survey results, released ahead of National Voter Registration Day, show that immense progress has been made in securing voter registration databases since 2016, though significant room for improvement remains for states to strengthen their defenses against hacking attempts. Voter registration databases have been a central focus of conversations around election security since the 2016 presidential election when several voter registration databases were scanned and at least one infiltrated by Russian operatives.

Virginia: State auditors to review Virginia elections agency after IT troubles | Richmond Times-Dispatch

State auditors will review the Virginia Department of Elections after a series of technical problems that have raised questions about the reliability of the software that powers the state’s voter system. Last month, the Joint Legislative Audit and Review Commission approved a resolution instructing its staff to conduct an in-depth review of the elections agency, which hasn’t been fully studied in almost 20 years. During that span, the agency implemented VERIS, the information system that local elections officials say has been spotty and slow. The IT problems have mostly meant headaches for the registrars who use the system. For the most part, they haven’t disrupted the election process, but a surge of would-be voters trying to register for the presidential election caused the registration website to crash right before the registration deadline. That failure prompted a federal judge to order the reopening of the state’s voter registration period to accommodate those who had been locked out.

National: State Voter Registration Systems Are Easier to Hack Than Anyone Wants to Admit | Mother Jones

Last weekend at the DEF CON conference—the annual get together for hackers, spooks, and computer enthusiasts—hackers showed how easily voting machines could be hacked, proving once more how vulnerable they are to cyber attacks. But conference organizers did not restrict the electoral hacking demonstration to voting machines. A virtual voter registration data base was also attacked, and defended, which experts say is just as worrisome. “If you look at all of the reports about foreign actors, malicious actors attacking US election infrastructure in the last election, they were not attacking the election machines,” Harri Hursti, an expert in hacking voting machines, and one of the co-organizers of the voting machine hacking exercises, tells Mother Jones. “They were attacking the back-end network, the underlying infrastructure. This was the simulation that showed how vulnerable [it is] and how hard it is to defend.”

Nebraska: Gale says he’s against creating federal voter registration database, spells out conditions for release of voter data | Omaha World Herald

In a letter to a federal voting commission, Nebraska’s top election official said he’s opposed to the creation of a federal voter registration database. Secretary of State John Gale said access to a federal database of some kind, however, could help local and state election officials confirm death records, citizenship status and other statuses to maintain clean voter rolls. Gale sent the letter on Friday to Kris Kobach, vice chairman of the voting commission, to formally ask how the commission intends to use the voter data it requested.

Maryland: Montgomery County election board to review registration practices | The Washington Post

Montgomery election officials said Monday they will review registration procedures in response to allegations from a conservative watchdog group that the county’s rolls are packed with ineligible voters. Judicial Watch said in a letter earlier this month there was “strong circumstantial evidence” that Montgomery’s lists are filled with names of voters who have died, moved out of state or are non-citizens. It said the charge is supported by data showing more registered voters in the county than there are citizens of voting age (18 and over). … The state board, which oversees county panels, said last week that it will also review practices in response to Judicial Watch. But county election staff and voting rights groups raised questions Monday about the legitimacy of Judicial Watch’s claim.

Arizona: Dispute arises from state query about election system | Tucson News Now

At present, 13 of the state’s 15 counties are linked into the state system, but the two counties each maintain their own voter systems and databases. Pima County recently spent $4 million upgrading and implementing its system. The Secretary of State is exploring the possibility of replacing the statewide system with a more modern platform. The Arizona system was one of two systems nationwide that was hacked last summer. Following an FBI investigation, it was thought to be by Russian hackers. During the investigation, the state system, as well as the 13 counties on the system, were shut down for a week. “Maricopa and Pima Counties were able to keep working, processing voter requests, processing whatever we needed to do,” said Pima County Recorder F. Ann Rodriquez.

Arizona: Secretary of State Reagan to attorney general: Is what I did legal? | The Arizona Republic

The rocky relations between Secretary of State Michele Reagan and Arizona’s county recorders continue. The flash point: Voter registration. Last fall, and again in early February, her office tapped into the voter-registration databases run by Maricopa and Pima counties. The two large counties were perplexed — and more than a little peeved. They said this had not happened since a test on the system in 2010. Plus, Reagan should have forwarded whatever request for information her office was researching to them, instead of just logging in, Maricopa County Recorder Adrian Fontes and Pima County Recorder F. Ann Rodriguez said. And to add insult to injury, they complained they couldn’t get answers on why Reagan’s office was, in their view, snooping in their data.

Indiana: State Police chief reports cases of voter fraud | Los Angeles Times

Indiana’s top cop suggested Friday that investigators had uncovered several instances of voter fraud in the state, an allegation that adds fuel to a fiery debate over whether elections are “rigged” and subject to abuse. Indiana State Police Supt. Douglas Carter said in a local TV interview that Gov. Mike Pence “absolutely did not misspeak” this week when he warned supporters of potential voter fraud during a campaign stop in Nevada. Carter said he believed there was voter fraud in “every state,” including Indiana. Carter refused to provide details about how many instances of voter fraud police have found, or the exact nature of the fraud — whether investigators found, for example, cases of people registering to vote multiple times or whether those ineligible to vote tried to register. … Experts have found voter fraud to be extremely rare, with one study from a Loyola Law School professor finding just 31 credible claims of fraud amid more than 1 billion ballots cast since 2000. The head elections officers in most presidential battleground states are Republicans. … Officials for Indiana Voter Registration Project, which is connected to Washington-based nonprofit Patriot Majority USA, have denied the fraud accusations and said Pence and other Republicans are targeting the group to suppress votes.

Indiana: Election official clarifies registration fraud probe | Indianapolis Business Journal

A day after warning of potential widespread voting fraud, Indiana’s secretary of state acknowledged Wednesday that many of the thousands of altered registration forms she flagged might just be from residents rushing to correct their names or birth dates ahead of the election. Republican Secretary of State Connie Lawson told The Associated Press she wanted Indiana State Police to investigate to ensure there was no widespread fraud after her office found a heavier than usual number of changes to voter registration forms this election cycle. “It’s very possible that because of heightened activity this year that many of those changes are changes that the individual made,” Lawson told the AP. “… That should give Indiana voters the comfort that we are vigilant and we are protecting their rights and the elections here are not rigged.” Indiana is the home state of Gov. Mike Pence, the Republican vice presidential nominee, and also has contentious races for governor and U.S. Senate on the ballot.

National: Election Hackers Could Erase You | The Daily Beast

With 23 days until Election Day, state and local election officials, as well as the FBI and the Department of Homeland Security, are on their highest-ever level of alert for hackers trying to meddle with the vote. But it’s not vote rigging or the takeover of electronic voting booths that has officials most concerned. … Rather, officials are more concerned by the discovery in recent weeks that hackers, including ones believed to be working for the Russian government, are trying to access voter registration files, perhaps to alter or delete them, inmore than 20 states. … This unprecedented focus on election security was prompted both by a suspected Russian campaign to hack emails and documents from U.S. political organizations, as well as the news that, last summer, election systems were compromised by hackers in Arizona and Illinois, where the perpetrators are believed to have absconded with files on 200,000 voters. “When you suddenly had two states with reports of registration breaches, regardless of the effect or the impact, which appear to have been minor, it gave everybody a sense that this isn’t necessarily theoretical anymore,” Pam Smith, the president of Verified Voting, a nonprofit group that advocates transparency and security in U.S. elections, told The Daily Beast.

National: Elections at Risk in Cyberspace, Part I: Voting Lists | Signal Magazine

As U.S. elections increasingly are digitized, the same threats faced by other users of cyberspace loom as potential vulnerabilities to voting and ballot tallies. Candidates and interest groups have expressed concern about the validity of the upcoming election based on real and perceived cyber threats. Voting systems connected to the Internet as well as those that are isolated are susceptible to intrusions that could shake up an election. The threat to an election can take two forms. One is an attack that actually changes the outcome by altering the vote count to favor one candidate over another. The other threat is tampering that may not clearly change the outcome but sows doubt among the electorate and reduces public trust about the validity of an election and the sanctity of the democratic system. The Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security (DHS) issued a joint statement on October 7 expressing confidence that the Russian government “directed the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations. … These thefts and disclosures are intended to interfere with the U.S. election process.”

California: New voter database clears path for 16-year-old pre-registration, other laws | The Sacramento Bee

After years of technology glitches and vendor problems, California Secretary of State Alex Padilla made it official Monday: the state’s new voter registration database is finally complete. Padilla’s certification of VoteCal as the system of record for voter registration in California clears the way for the state to begin pre-registering 16- and 17-year-olds via paper registration forms. Starting in January, people will be able to register to vote on Election Day. Also, Monday’s announcement checks off a requirement of 2015 legislation to offer automatic registration of voters at the DMV when they apply for a new license or file a change of address . That system is scheduled to working by July 2017.

California: VoteCal Reaches Key Milestone | Times Publishing Group

Thirty-eight California counties, home to 68% of California’s total population, have now successfully deployed VoteCal, the voter registration database that will ultimately serve the entire state. Los Angeles, Glenn, Fresno, Kern, and Napa counties all deployed VoteCal December 14. VoteCal will replace the existing 58 county voter registration databases throughout the state. Gail Pellerin, Santa Cruz County Clerk said, “I think it is a good system. We go live (online in Santa Cruz County) in February (2016). Los Angeles is definitely the big test!”

Georgia: Brian Kemp releases Georgia data breach report | Atlanta Journal-Constitution

A long-awaited state report detailing how Georgia gave out more than 6 million voters’ Social Security numbers and other private data put the blame squarely on a employee fired for the breach last month. That employee, longtime state programmer Gary Cooley, flouted office protocol and policy within Georgia Secretary of State Brian Kemp’s office, according to the internal report about the data breach released Monday by the office and the state Department of Human Resources. The breach, it said, “was due to Mr. Cooley working outside of and circumventing established policies and procedures,” the report concluded. It called for more training, clearer policies and more active management of sensitive data.

California: Electronic voting machines leased by Del Norte County | The Triplicate

The county will lease almost two dozen new voting machines as part of a statewide effort to improve election administration and enhance accessibility for voters. Last week the Del Norte County Board of Supervisors approved an agreement with Dominion Voting Services, sole certified provider of voting machines compliant with both federal and state regulations. The new electronic devices will be more accessible to the vision- and hearing-impaired, said county clerk-recorder Alissia Northrup. They will also tally votes in real time, meaning results will come in much sooner after polls close on a given election day. The agreement lasts through 2021 at more than $110,000 per year. By leasing rather than purchasing, the county will have an easier time complying with any yet-upcoming technology requirements in six years hence. It’s not too hard to imagine those standards changing in short time, since the state is currently processing a small flurry of voting-related legislation.

California: Here’s how California’s new voter registration law will work | Los Angeles Times

When people go to the DMV to obtain or renew a driver’s license, or to get a state identification card, they’ll be asked for the usual information in such transactions, such as their name, date of birth and address. They’ll also be asked to affirm their eligibility to vote and will be given the choice of opting out of registering at that time. Information about anyone who does not decline registration will be electronically transmitted from the DMV to the secretary of state’s office, where citizenship will be verified and names will be added to the voter rolls. … The law goes into place on Jan. 1, 2016, but the DMV said in a statement that it would not send information to the secretary of state until that office “develops regulations, completes a statewide database system and funding is secured to implement this program.” The regulations, which must be agreed upon between the DMV and the secretary of state, will have to settle basic procedural issues, such as how the “opt-out” question will be phrased and how often the DMV will transmit data.

California: Gov. Brown approves automatic voter registration for Californians | Los Angeles Times

Targeting California’s recent record-low voter turnout, Gov. Jerry Brown on Saturday signed a measure that would eventually allow Californians to be automatically registered to vote when they go the DMV to obtain or renew a driver’s license. The measure, which would also allow Californians to opt out of registering, was introduced in response to the dismal 42% turnout in the November 2014 statewide election. That bill and 13 others the governor signed Saturday, will “help improve elections and expand voter rights and access in California,” Brown’s office said in a statement. Some 6.6 million Californians who are eligible to register to vote have not registered, according to Secretary of State Alex Padilla, who supported the legislation as a way to increase voter participation.

Kansas: Culling voter records to take weeks in some Kansas counties | Lawrence Journal World

Some Kansas counties expect to take at least several weeks to cancel incomplete voter registrations from residents who haven’t documented their U.S. citizenship, local election officials said Monday. Local officials also said even when they’re done culling the more than 31,000 records as required under a new rule from Secretary of State Kris Kobach, the canceled registrations still will be accessible in their voter registration databases. Kobach has directed counties to cancel incomplete registrations older than 90 days, with most from prospective voters who haven’t met the proof-of-citizenship requirement. A 2013 state law requires new voters to produce a birth certificate, passport or other citizenship papers when registering. Kansas is only one of four states with such a law, and its incomplete registrations ballooned to nearly 37,700 last week.

California: VoteCal database makes debut in Sacramento, Orange counties | The Sacramento Bee

The long-awaited replacement for California’s aging voter registration database has started to deploy, with Sacramento and Orange counties serving as test counties for the VoteCal system that will begin expanding to other counties this fall. All 58 counties will be covered by June 2016 if the process stays on schedule. VoteCal’s debut comes more than a dozen years after the Florida election debacle in the 2000 presidential election prompted Congress to order a revamp of states’ voting procedures with the Help America Vote Act. Since it went live in Sacramento and Orange counties, VoteCal already has helped voting officials identify about 400 seemingly duplicate registrations, said Neal Kelley, Orange County’s registrar of voters. Reconciling the duplicates, which usually stem from people moving, used to rely on a paper-based system. “That’s a big deal,” Kelley said.

Wisconsin: Audit prompts changes at election agency, officials decry budget cuts | Wisconsin State Journal

Wisconsin’s election agency moved Wednesday to make a series of changes in response to a state audit, but leaders said that Gov. Scott Walker’s proposed budget could set the efforts back. “We appreciate the governor’s efforts to streamline the budget, but this could cripple our effectiveness in providing services to voters,” Government Accountability Board director and general counsel Kevin Kennedy told board members. The GAB is one of several state agencies that would see its budget, finance, human resources, payroll, procurement and information technology functions consolidated as part of a pilot program that would be operated by the state Department of Administration.

Illinois: State proposal would require county to buy laptop for each precinct | The Edwardsville Intelligencer

Madison County would be required to purchase more than 225 laptops if a proposal pending in Springfield becomes law. It would require larger counties to provide laptops at each of its precincts, and while that may be fine in Cook or DuPage counties, it’s too costly and impractical for most. If the law passes, counties with more than 200,000 residents would have to provide each precinct with an electronic poll book on Election Day, allowing voters to connect to that county’s voter registration database. But unlike many northern counties, Madison County has large pockets of rural areas that render Wi-Fi and cell tower coverage spotty in some places and non-existent in others.