As new reports revealed that Russia’s cyberattack on the U.S. electoral system was far more widespread than has been publicly disclosed, Pam Fessler at NPR asked the critical question: “If Voting Machines Were Hacked, Would Anyone Know?” Noting that the phishing campaign that has been described is just the kind of attack someone would launch if they wanted to manipulate votes, University of Michigan computer scientist Alex Halderman explained that “before every election, the voting machines have to be programmed with the design of the ballots — what are the races, who are the candidates.” Access to the election management software that is used to program ballots would allow an attacker to infect it with malicious software that could “spread to the individual machines on the memory cards, and then change votes on Election Day.”
Adding to information a classified National Security Agency document leaked earlier this month, three people with direct knowledge of the U.S. investigation detailed a wave of attacks in the summer and fall of 2016, hit voting systems in as many as 39 states. This week, Maryland’s State Board of Elections revealed that it had detected “suspicious activity” on the computer system it uses for online voter registration before last fall’s election and called in cybersecurity experts to evaluate it, The newest disclosures of potentially deep vulnerabilities in the U.S.’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling. “They’re coming after America,” Comey told the Senate Intelligence Committee investigating Russian interference in the election. “They will be back.”
Days before a closely-watched special election run-off in Georgia’s 6th District, a security researcher disclosed a gaping security hole at Kennesaw State University’s Center for Election Systems, where the state’s election technology is programmed. The security failure left the state’s 6.7 million voter records and other sensitive files exposed to hackers, and may have been left un-patched for seven months. Georgia still uses the un-auditable Diebold AccuVote touchscreen DREs statewide (yes, the same machines that researchers at Princeton hacked over a decade ago) – and of course there is no paper trail.
In a Washington Post oped, Patrick Marion Bradley described the personal stories of disenfranchisement resulting from restrictive voter id requirements. Such individual stories are all too easily lost in rhetoric and political calculations.
In the latest effort to combat partisan redistricting, voting-rights advocates filed suit in Pennsylvania state court to nullify the state’s congressional-district map as an unconstitutional partisan gerrymander. The decision to challenge the maps in state court means that if the plaintiffs prevail, the ruling would set no precedent for challenges in other states. Plaintiffs inMaryland, North Carolina and Wisconsin have current challenges to partisan redistricting pending in federal courts.
After an overwhelming vote in favor of statehood in a boycott-plagued referendum, Puerto Rico Governor Ricardo Rosselló demanded that the U.S. government recognize his commonwealth as the 51st state. There is little chance that his demands will be acknowledged however given the current political environment in Congress.
The Texas Monthly reported on Travis County’s project to create STAR-Vote (Secure, Transparent, Auditable, and Reliable), an end-to-end encrypted electronic voting system. The Travis County Clerk’s office, the Texas elections office, Rice University professors Dan S. Wallach and Michael D. Byrne, and other academics came together to create the system, which encrypts votes cast and stores them in a database. It is the hope of Dana DeBeauvoir, the Travis County this new approach could reinvent electoral technology security.
Expatriate Canadians, who lose their voting rights after five years abroad, are questioning whether the Liberal government is deliberately allowing legislation aimed at restoring their voting rights to expire. Just before a scheduled hearing in February, the Supreme Court of Canada agreed to a government request for an adjournment given the introduction of Bill C-33 in late November of 2016. However, as Gill Frank, one of two expats spearheading the constitutional battle, “Nothing has happened since.”
Responding to a series of cyberattacks on government internet systems, Angela Merkel’s Christian Democratic Union (CDU) is calling for a law that would allow Germany to “hack back” and wipe out attacking servers. Germany’s education ministry is backing a new cybersecurity school where politicians and IT officials are taught to spot and react to hacking. In April the armed forces set up a cyberdefense unit that will soon employ 12,000 soldiers and 1,500 civilians.