The manufacturer of the digital voting machines used across the state filed suit in Travis County district court this week, seeking to block the Texas secretary of state from certifying rival machine makers whose devices produce a paper receipt of votes cast. The lawsuit adds to the growing controversy surrounding the security of voting systems across the country — prompted, in part, by fears of potential hacking and by unsubstantiated claims by President Donald Trump that millions of illegal votes were cast in the 2016 election. The lawsuit filed by Hart InterCivic — the manufacturer of the eSlate voting machines used in Travis County — asks a district court judge to preemptively rule that voting machines that produce a paper record do not comply with state laws requiring the use of electronic voting machines for all countywide elections. The Texas secretary of state’s office declined to comment. Hart Intercivic’s attorney did not return calls from the American-Statesman.Full Article: Voting machine maker sues to block rivals' paper-using devices.
“Anyone who says they’re un-hackable is either a fool or a liar.” Jake Braun, CEO of Cambridge Global Advisors and one of the main organizers of the DEFCON Voting Village, said the U.S. election industry has an attitude similar to what had been seen with the air and space industry and financial sectors. Companies in those sectors, Braun said, would often say they were un-hackable their machines didn’t touch the internet and their databases were air-gapped — until they were attacked by nation-states with unlimited resources and organized cybercrime syndicates and they realized they were “sitting ducks.” … Candice Hoke, law professor and co-director of the Center for Cybersecurity and Privacy Protection, said in a DEFCON talk the laws surrounding investigations of potential election hacking were troublesome. “In some states, you need evidence of election hacking in order to begin an investigation. This is an invitation to hackers,” Hoke said. “We all know in the security world that you can’t run a secure system if no one is looking.”Full Article: Hacking voting machines takes center stage at DEFCON.
It took less than a day for attendees at the DefCon hacking conference to find and exploit vulnerabilities in five different voting machine types. “The first ones were discovered within an hour and 30 minutes. And none of these vulnerabilities has ever been found before, they’ll all new,” said Harri Hursti, co- coordinator of the event. One group even managed to rick-roll a touch screen voting machine, getting it to run Rick Astley’s song “Never Gonna Give You Up,” from 1987. … The groups weren’t able change votes, noted Hursti, a partner at Nordic Innovation Labs and an expert on election security issues. “That’s not what we’re trying to do here today. We want to look at the fundamental compromises that might be possible,” he said.Full Article: Hackers at DefCon conference exploit vulnerabilities in voting machines.
National: U.S. elections are an easier target for Russian hackers than once thought | Los Angeles Times
When Chris Grayson pointed his Web browser in the direction of Georgia’s elections system earlier this year, what he found there shocked him. The Santa Monica cybersecurity researcher effortlessly downloaded the confidential voter file of every registered Georgian. He hit upon unprotected folders with passwords, apparently for accessing voting machines. He found the off-the-shelf software patches used to keep the system secure, several of which Grayson said could be easily infected by a savvy 15-year-old hacker. “It was like, holy smokes, this is all on the Internet with no authentication?” Grayson said in an interview. “There were so many things wrong with this.” … Among the most alarmed have been pedigreed computer security scholars, who warn that a well-timed hack of a vendor that serves multiple states could be enough to cause chaos even in systems that were thought to be walled off from one another. And they say security lapses like those in Georgia reveal the ease with which hackers can slip in.Full Article: U.S. elections are an easier target for Russian hackers than once thought - LA Times.
Russia’s meddling in the 2016 election may not have altered the outcome of any races, but it showed that America’s voting system is far more vulnerable to attack than most people realized. Whether the attackers are hostile nations like Russia (which could well try it again even though President Trump has raised the issue with President Vladimir Putin of Russia) or hostile groups like ISIS, the threat is very real. The question is this: Can the system be strengthened against cyberattacks in time for the 2018 midterms and the 2020 presidential race? The answer, encouragingly, is that there are concrete steps state and local governments can take right now to improve the security and integrity of their elections. A new study by the Brennan Center for Justice identifies two critical pieces of election infrastructure — aging voting machines and voter registration databases relying on outdated software — that present appealing targets for hackers and yet can be shored up at a reasonable cost. … The report identifies three immediate steps states and localities can take to counter the threat.Full Article: Combating a Real Threat to Election Integrity - The New York Times.
As new reports emerge about Russian-backed attempts to hack state and local election systems, U.S. officials are increasingly worried about how vulnerable American elections really are. While the officials say they see no evidence that any votes were tampered with, no one knows for sure. Voters were assured repeatedly last year that foreign hackers couldn’t manipulate votes because, with few exceptions, voting machines are not connected to the Internet. “So how do you hack something in cyberspace, when it’s not in cyberspace?” Louisiana Secretary of State Tom Schedler said shortly before the 2016 election. But even if most voting machines aren’t connected to the Internet, says cybersecurity expert Jeremy Epstein, “they are connected to something that’s connected to something that’s connected to the Internet.” … While it’s unclear if any of the recipients took the bait in the email attack, University of Michigan computer scientist Alex Halderman says it’s just the kind of phishing campaign someone would launch if they wanted to manipulate votes.Full Article: If Voting Machines Were Hacked, It Might Not Be Obvious : NPR.
Revelations that Russian hackers tried to break into Dallas County’s web servers, likely with the intention of accessing voter registration files, in the lead up to last November’s election renewed concerns about Texas election security. Both Wednesday night’s news out of Dallas and a Bloomberg report on Monday—which said that the Russian hacking attempts affected 39 states—are forcing states to look inward and re-examine the security of their local and state-level electoral technologies. The particular targets of Russian hackers were the accounts of elections officials and voter registration rolls, which are connected to the internet and are unlike the voting systems that actually do the recording and vote tallying. But a possible security breach of one area of electoral technologies has the potential to ripple out and affect the integrity of other ones. “The reason why this whole Russian hacking thing is a wake-up call is because we’ve been caught not paying as much attention as we should have in an area that all of us didn’t think was that vulnerable,” Dana DeBeauvoir, the Travis County clerk since 1987, says. “And yet it has turned out to be extremely vulnerable in ways we did not expect.”Full Article: Could Travis County Have The Best Bet Against Election Hacking?.
Hackers will target American voting machines—as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar’s Palace in Las Vegas at the end of July for DEFCON, the world’s largest hacking conference, organizers are planning to have waiting what they call “a village” of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks.Full Article: Top hacker conference to target voting machines - POLITICO.
In January, America’s main intelligence agencies issued a report concluding that Russia interfered in the 2016 election, using a combination of cyber-intrusion, espionage, and propaganda. In addition to the details provided in this account, media outlets have since reported that several election databases were hacked before and after the election. While the Department of Homeland Security found no evidence any of these efforts manipulated vote tallies, the assaults have left many Americans asking: Just how safe are voting machines from cyberattack? The answer is not reassuring. For more than a decade, independent security experts have repeatedly demonstrated that many electronic voting machines are dangerously insecure and vulnerable to attack and manipulation by bad actors.Full Article: The Voting Technology We Really Need? Paper - The Atlantic.
Elections clerks across Montana could find themselves increasingly challenged to serve voters with severe physical disabilities because of a dwindling supply of polling equipment designed especially for people who cannot use traditional voting machines. Existing inventories of voting machines for disabled voters are antiquated, some nearly two decades old. Many units are in disrepair and elections officials have been unable to replace the aging machines with newer, modern equipment because of state law. In 2008, a disabled voter sued Missoula County for not being in full compliance with federal law when it did not have a backup unit for a malfunctioning machine specially designed for people who do not have full function of their limbs.Full Article: Aging voting machines pose challenges for disabled, counties | The Herald.
At an April 4 Election Assistance Commission public hearing, a senior Department of Homeland Security official sought to stress one thing: The designation of election systems as critical infrastructure doesn’t cut into states’ autonomy. Concerns over DHS control have simmered since then-Secretary Jeh Johnson first suggested the critical infrastructure designation last summer. Yet Neil Jenkins, DHS’ director of the Enterprise Performance Management Office, said at the EAC hearing that his agency sees the National Association of Secretaries of State (NASS) Election Cybersecurity Task Force as the main point of contact for deciding when DHS system-scanning tools are needed. Jenkins also said he sees the EAC as a critical point of contact for local officials who may be interested in utilizing DHS scanning and security products.Full Article: Questions, concerns continue to swirl around election security -- GCN.
At least once a year, staffers in one of Texas’ largest election offices scour the web for a relic from a bygone technology era: Zip disks. The advanced version of the floppy disk that was cutting edge in the mid-1990s plays a vital role in tallying votes in Bexar County, where like other places around the U.S., money to replace antiquated voting equipment is scarce. “I’d be dead in the water without our technical support people looking online to buy the pieces and parts to keep us going,” said Jacque Callanen, elections administrator in the county that includes San Antonio and had 1 million-plus registered voters in the 2016 election. Purchased in 2002, Bexar County’s voting equipment is among the oldest in Texas. The Zip disks the county uses to help merge results and allow paper ballots to be tallied with final election totals are no longer manufactured, so staff members snap them up by the dozens off of eBay and Amazon.Full Article: States scramble to replace aging machines | AP.
Georgia: FBI investigating alleged breach in Georgia at KSU’s elections center | Atlanta Journal-Constitution
The Federal Bureau of Investigation is investigating an alleged data breach in Georgia at the Center for Election Systems at Kennesaw State University, The Atlanta Journal-Constitution has learned. The situation is still developing, although the Secretary of State’s Office said Friday that the investigation is not related to its own network and is not a breach of its database containing the personal information on Georgia’s 6.6 million registered voters. The office referred all other questions to both university and federal officials.Full Article: FBI investigating alleged breach in Georgia at KSU’s elections c.
The Secretary of State’s office finalized its contract to replace the state’s ailing voting machines with new equipment in time for the August 2018 primaries. The Board of State Canvassers on Tuesday approved a plan the State Administrative Board previously authorized. It could grant vendors up to $82.1 million over the next 10 years to replace the state’s voting machines with new optical scanners expected to be up and running by August 2018. The new machines still use paper ballots, so not much changes for voters in the polling booth, said state Elections Director Chris Thomas. But the new technology will make things easier for election workers by setting up a statewide repository showing results all in one place. “The voters themselves are not gonna notice a whole lot,” Thomas said. “Just to have a statewide repository for all elections – it just doesn’t exist right now. It’s a big step forward. No question.”Full Article: State finalizes $82M contract for new voting machines.
Counties across the state say they need a major upgrade to voting equipment to prevent system failures in the next election. They fear aging and potentially failing machines could get in the way of a successful electoral process. Officials say providing new machines for nearly the entire state would cost around $34 million. Some want to split the cost in the Governor’s budget over two years which could have the entire state up and running by the next major election. Current problems include the voting machine operating software. “The biggest one I think is they say that they run off Windows XP and that is no longer being supported by Microsoft,” said State Rep. Trevor Drown (R/Dover). “So there’s nothing that’s upgradeable in regards to the equipment.”
Secretary of State Ruth Johnson is moving forward with plans to replace aging voting machines around the state with “next generation” systems by August 2018. The State Administrative Board on Tuesday unanimously approved up to $82.1 million in spending over the next 10 years under contracts with three vendors who will supply new tabulator machines, election-management software and maintenance agreements. The state is expected to cover about $40 million of the spending, including most up-front costs, leaving local communities to foot the rest of the bill. Cost-sharing requirements will vary by community depending on which vendor local clerks select. “The new equipment offers voters all the speed and convenience of the latest ballot-scanning and election-night reporting technology while at the same time featuring a good, old-fashioned paper ballot that we can always go back and look at if we need to,” Johnson said in a statement.Full Article: Michigan moves on $82M voting machine plan.
Editorials: Running for president showed me how our elections are broken. We can fix them | Jill Stein/The Guardian
After a divisive election, with record levels of public distrust for a political system dominated by Super Pacs and lobbyists, ordinary Americans joined together to begin healing our wounded democracy – by verifying the vote in three key states. For three weeks, a historic recount campaign pushed forward in Michigan, Wisconsin and Pennsylvania, defying political blockades, bureaucratic hurdles, legal maneuvering and financial intimidation. This unprecedented effort by more than 10,000 volunteers and 161,000 donors coalesced in a matter of days. It affirmed the determination of the American people to raise the bar for our democracy. At its core, the recount essentially asked one question: do we have a voting system we can trust, that is accurate secure and just, and free from modern-day Jim Crow in our elections? The answer, we found, is a resounding “no”.Full Article: Running for president showed me how our elections are broken. We can fix them | Jill Stein | Opinion | The Guardian.
Citing increasingly sophisticated cyber bad actors and an election infrastructure that’s “vital to our national interests,” Homeland Security Secretary Jeh Johnson announced Friday that he’s designating U.S. election systems critical infrastructure, a move that provides more federal help for state and local governments to keep their election systems safe from tampering. “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law,” Johnson said in a statement. He added: “Particularly in these times, this designation is simply the right and obvious thing to do.” The determination came after months of review and despite opposition from many states worried that the designation would lead to increased federal regulation or oversight on the many decentralized and locally run voting systems across the country. It was announced on the same day a declassified U.S. intelligence report said Russian President Vladimir Putin “ordered” an influence campaign in 2016 aimed at the U.S. presidential election. The declassified report said that Russian intelligence services had “obtained and maintained access to elements of multiple U.S. state or local electoral boards.” None of the systems targeted or compromised was involved in vote tallying, the report said.Full Article: US designates election infrastructure as 'critical' | Political News | US News.
Jill Stein’s bid to recount votes in Pennsylvania was in trouble even before a federal judge shot it down Dec. 12. That’s because the Green Party candidate’s effort stood little chance of detecting potential fraud or error in the vote — there was basically nothing to recount. Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There’s almost no way to know if they’ve accurately recorded individual votes — or if anyone tampered with the count. More than 80 percent of Pennsylvanians who voted Nov. 8 cast their ballots on such machines, according to VotePA, a nonprofit seeking their replacement. VotePA’s Marybeth Kuznik described the proposed recount this way: “You go to the computer and you say, ‘OK, computer, you counted this a week-and-a-half ago. Were you right the first time?'” These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system. Like many electronic voting machines, they are vulnerable to hacking. But other machines typically leave a paper trail that could be manually checked. The paperless digital machines open the door to potential election rigging that might not ever be detected.Full Article: Recounts or no, US elections are still vulnerable to hacking | National politics | stltoday.com.
Editorials: The ticking time bomb in Pennsylvania’s election system | Dan Lopresti/Philadelphia Inquirer
Our state’s voting machines are inherently flawed, and they cannot be trusted to accurately record or reflect the votes cast by the people of Pennsylvania. Whether it happens this month or not, the electronic voting systems in our state must undergo a full forensic evaluation by independent computer security experts. Without that evaluation and subsequent changes both in the machines and the procedures for using them, votes cast for our local, state and federal government will always be at risk for error or manipulation, and we can never be fully certain that the outcomes of our elections reflect the will of the voters. A number of years ago, I acquired two different electronic voting machines (known as DREs) from government surplus sales – the type used in Philadelphia County and the type used in Montgomery County – and, with Lehigh students, dismantled and examined them. In my assessment, none of the DREs used in Pennsylvania are capable of retaining a permanent physical record of each vote cast, which is required by the Pennsylvania Election Code. Many of the voting machines used in Pennsylvania, including those used in Philadelphia, create no permanent, physical record of each vote cast – in other words, these machines leave no paper trail. As anyone with a computer knows, data stored electronically is easily lost or corrupted. It would be comforting to think that voting machines are more sophisticated or secure than home or office computers, but in many ways, they are not. They are computers running software like all other computers running software, and they are vulnerable to the same kinds of problems as all of our other computers. Computer memory, including the memory that stores the votes in the voting machines used throughout the last election across Pennsylvania, can be written or rewritten with incorrect data as a result of software, hardware and human error, or as a result of intentional interference.Full Article: The ticking time bomb in Pennsylvania's election system.