A voting system which uses Radio Frequency Identification (RFID) technology to store electronic votes has been under scrutiny after election experts questioned its capacity to safeguard the integrity of election data. Though the voting system had been tested in a few Argentine jurisdictions, academics from around the world had not had a real chance to analyze it in detail until authorities from the Democratic Republic of Congo decided to use a similar system for the long-delayed elections of December, 2018. The decision to automate the controversial elections using an untested system drew criticism from U.S. diplomats. According to experts from The Sentry, it is possible to manipulate the information the RFID chip contains, since the use of this unique identifier technology and radio communications give off signals that can be easily detected at distances greater than expected. Experts recommend election officials to refrain from implementing this type of technology. RFID technology is well known for its usefulness in tracking inventories, but its use extends to other industries, from bookstores and apparel to health and transportation. The main benefit of having RFIDs is that it allows quick communication with remote sensors. Nonetheless, however useful RFID may be for certain industries, elections are an entirely different ballgame. The capacity to allow remote sensors to read the information it contains opens the door for bad actors to hack the votes.Full Article: e-lected blog (a view on electronic voting around the world).: Election experts warn against RFID-based voting systems.
Articles about voting from the blogosphere.
Voting Blogs: U.S. Elections Are Still Vulnerable to Foreign Hacking | Tim Lau/Brennan Center for Justice
Election officials warn that the time is running out for Congress to bolster security before the 2020 race. The warnings follow a recent statement from a senior U.S. intelligence official confirming that Russia, China, and Iran are attempting to manipulate public opinion ahead of the 2020 elections. And earlier this year, the Department of Homeland Security and the FBI reported that Russian hacking efforts in 2016 were more extensive than originally understood, targeting elections in all 50 states. Congress took a major step last year toward helping states boost their election security efforts by approving $380 million in grant funds through the Help America Vote Act (HAVA). States have started to put that funding to work and are expected to spend 85 percent of that money by the 2020 election, much of it on cybersecurity, updated voting equipment, and election audits, according to estimates by the Elections Assistance Commission (EAC). But despite those efforts, many election security projects at the state level remain unfunded or underfunded, as outlined in Defending Elections, a new paper authored by a bipartisan group of organizations including the Brennan Center, the Alliance for Securing Democracy, R Street Institute, and the University of Pittsburgh Institute for Cyber Law, Policy, and Security. Defending Elections provides case studies from six states analyzing how they allocated their HAVA grants and the outstanding needs for additional election security funding. “State and local election officials need support from the federal government,” said Liz Howard, who is a counsel in the Brennan Center’s Democracy Program, was the former deputy commissioner for the Virginia Department of Elections, and co-authored the Defending Elections report. “They are on the front lines, yet many, especially those in rural localities, simply lack the resources to implement additional election security projects to further strengthen our election infrastructure.”Full Article: U.S. Elections Are Still Vulnerable to Foreign Hacking | Brennan Center for Justice.
Voting Blogs: Stewards of Democracy: The Views of American Local Election Officials | Natalie Adona/Democracy Fund
Local elections officials (LEOs) are the stewards of our democracy, but oftentimes they are left out of important conversations about the future of our elections nationwide. The LEOs from our survey are the chief elections officers in their local jurisdictions. Not to be confused with poll workers, the LEOs surveyed in our new report oversee local election processes and are responsible for ensuring the voting process is fair, free, and secure. Among their many responsibilities, LEOs execute the election laws in their state, make decisions that define the voter experience, and train the permanent and temporary employees that interact with the electorate. It might be hard to imagine but (depending on how you count) between 7,000-10,000 local election officials manage the front line of elections in the United States. Despite their recognition as the people who run elections, LEOs are often left out of national conversations about reform and may not have a seat at the table when important policy decisions are made at the local, state, or federal levels—decisions that they alone will ultimately implement.Full Article: Stewards of Democracy: The Views of American Local Election Officials: Democracy Fund.
Voting Blogs: Pilots of risk-limiting election audits in California and Virginia | Andrew Appel/Freedom to Tinker
Orange County, CA Pilot Risk-Limiting Audit, by Stephanie Singer and Neal McBurnett, Verified Voting Foundation, December 2018.
City of Fairfax,VA Pilot Risk-Limiting Audit, by Mark Lindeman, Verified Voting Foundation, December 2018.
In order to run trustworthy elections using hackable computers (including hackable voting machines), “elections should be conducted with human-readable paper ballots. … States should mandate risk-limiting audits prior to the certification of election results.”
What is a risk-limiting audit, and how do you perform one? An RLA is a human inspection of a random sample of the paper ballots (or batches of ballots)—using a scientific method that guarantees with high confidence that if the voting machines claimed the wrong winner, then the audit will declare, “I cannot confirm this election,” in which case a by-hand recount is appropriate. This is protection against voting-machine miscalibration, or against fraudulent hacks of the voting machines.
That’s what it is, but how do you do it? RLAs require not only a statistical design, but a practical plan for selecting hundreds of ballots from among millions of sheets of paper. It’s an administrative process as much as it is an algorithm.
In 2018, RLAs were performed by the state of Colorado. In addition, two just-published reports describe pilot RLAs performed by Orange County, California and Fairfax, Virginia. From these reports (and from the audits they describe) we can learn a lot about how RLAs work in practice.Full Article: Pilots of risk-limiting election audits in California and Virginia.
This article was originally posted at Freedom to Tinker on November 14, 2018.
Well designed ballot layouts allow voters to make their intentions clear; badly designed ballots invite voters to make mistakes. This year, the Florida Senate race may be decided by a misleading ballot layout—a layout that violated the ballot design recommendations of the Election Assistance Commission. In Miami, Florida in the year 2000, the badly designed “butterfly ballot” misled over 2000 voters who intended to vote for Al Gore, to throw away their vote. (That’s a strong statement, but it’s backed up by peer-reviewed scientific analysis.) In Sarasota, Florida in the year 2006, in a Congressional race decided by 369 votes, over 18,000 voters failed to vote in that race, almost certainly because of a badly designed touch-screen ballot layout. In Broward County, Florida in the year 2018, it appears that a bad optical-scan ballot design caused over 26,000 voters to miss voting in the Senate race, where the margin of victory (as of this writing, not yet final) is 12,562 votes.
Voting Blogs: Counting Ballots Pursuant to Law is Not Stealing an Election | Steven F. Huefner /Election Law @ Moritz
It has been less than 72 hours since polls closed on the 2018 congressional midterm elections, and for candidates and their supporters who do not yet know the outcome of close contests, patience – not unsubstantiated or false allegations of election rigging – MUST be the order of the day. As any close observer of U.S. elections knows, once the polls close each state then conducts a carefully structured process of tallying the votes. Critically, as any close observer also knows, the Election Night “results” are not only unofficial, they are also still entirely preliminary and will almost inevitably change, perhaps considerably. With the dramatic rise in the use of mail-in absentee voting over the past decade, election officials increasingly must deal after Election Day with a significant volume of paper ballots that have arrived around Election Day (each state sets its own rules for when the ballots must arrive). Meanwhile, provisional ballots also require individual review and processing after Election Day. These post-election processes are not some mere afterthought; rather, they are critical components of determining the official election outcome, and they must be respected as essential to the overall integrity of the election.Full Article: Moritz College of Law | Election Law @ MoritzArticle - Election Law @ Moritz | Counting Ballots Pursuant to Law is Not Stealing an Election.
A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries. As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.Full Article: This Software is Exposing State Election Servers to Intruders.
Voting Blogs: Ten ways to make voting machines cheat with plausible deniability | Andrew Appel/Freedom to Tinker
Voting machines can be hacked; risk-limiting audits of paper ballots can detect incorrect outcomes, whether from hacked voting machines or programming inaccuracies; recounts of paper ballots can correct those outcomes; but some methods for producing paper ballots are more auditable and recountable than others.
A now-standard principle of computer-counted public elections is, use a voter-verified paper ballot, so that in case the voting machine cheats in counting the votes, the human doing an audit or recount can see the paper that the voter marked. Why would the voting machine cheat? Well, they’re computers, and any computer may have security vulnerabilities that permits an attacker to modify or replace its software. We must presume that any voting machine might, at any time, be under the complete control of an attacker, an election thief.Full Article: Ten ways to make voting machines cheat with plausible deniability.
Voting Blogs: CEIR voter registration database security report: Survey finds most states adopted best cybersecurity practices since ‘16 | electionlineWeekly
The Center for Election Innovation and Research (CEIR) has released a new report based on a survey of 26 states conducted between June and July of 2018 to assess the current state of security around voter registration databases (VRDBs). The survey results, released ahead of National Voter Registration Day, show that immense progress has been made in securing voter registration databases since 2016, though significant room for improvement remains for states to strengthen their defenses against hacking attempts. Voter registration databases have been a central focus of conversations around election security since the 2016 presidential election when several voter registration databases were scanned and at least one infiltrated by Russian operatives.Full Article: electionlineWeekly.
Voting Blogs: Creating a culture of proactive security: Colorado’s EPIC TTX prepares for almost any scenario | electionlineWeekly
There was a fire, a tornado, and the heating system went down in the ballot-tabulation room. There was fake news on social media and real news media in the room. Polls opened late and stayed open late. The state voter registration database went down. Tabulation machines failed to tabulate. There were concerned citizens and advocates demanding to know what was happening. And then there was Olga from Sputnik News who seemed overly curious about everything. Those were just some of the scenarios and situations faced by Colorado county elections officials and staff participating in the secretary of state’s EPIC table top exercise last week in Englewood.Full Article: electionlineWeekly.
Voting Blogs: Federal Court Expedites Motion to Compel Georgia to Use Paper Ballots for 2018 Midterm Elections | The Brad Blog
Plaintiffs in a Georgia lawsuit seeking to force the state to move to a hand-marked paper ballot system in time for this year’s midterm elections, promise to produce expert testimony to the court, demonstrating that “Georgia’s voting system is a catastrophically open invitation to malicious actors intent on disrupting our democracy.” The Coalition for Good Governanceand a group of multi-partisan individual plaintiffs filed a motion [PDF] on July 31, seeking a preliminary injunction in the federal case, to prevent Georgia from conducting this year’s midterms on the state’s notorious Diebold AccuVote TS (touchscreen) Direct Recording Electronic (DRE) voting machines. Instead, plaintiffs seek an order that Georgia’s election officials utilize, for in-person voting, the same already-certified, Diebold paper ballot-based optical-scan system currently used for tabulation of the Peach State’s absentee ballots. Last week, U.S. District Court Judge Amy Totenberg ordered an expedited briefing schedule on plaintiffs’ motion to compel the State of Georgia to adopt this simple method for conducting a verifiable paper ballot election on November 6, 2018.Full Article: Federal Court Expedites Motion to Compel GA to Use Paper Ballots for 2018 Midterm Elections | The BRAD BLOG.
Voting Blogs: Lawsuit Seeks Public Info About Controversial Voting Purge Letter | Brennan Center for Justice
The Brennan Center for Justice at NYU School of Law is suing the Justice Department today for refusing to turn over documents related to a controversial letter DOJ sent last year, which sought detailed information about how states maintain their voter rolls. Voting rights groups are concerned that it could be a prelude to pressuring states to engage in aggressive voter purges — the often-flawed process of deleting names from voter registration lists. “The public has a right to know why the Justice Department sent this letter, and what information it received from states in response,” said Jonathan Brater, counsel in the Brennan Center’s Democracy Program. “The Justice Department should be fighting to protect the voting rights of all Americans. We are concerned, though, that this letter may be part of a broader effort to undermine those rights, and we are going to court to find out.”Full Article: Brennan Center Sues Justice Department for Refusing to Disclose Documents Related to Controversial Voting Letter | Brennan Center for Justice.
In a wide-ranging set of indictments handed down on July 13, 2018, the U.S. Department of Justice (DOJ) charged 12 Russian intelligence officers with brazenly attacking U.S. election infrastructure during the 2016 presidential election. On that same day, Director of National Intelligence Dan Coats sounded the alarm that Russia is continuing its cyberattacks on the United States, ominously stating that “the warning lights are blinking red again,” just as they were before the terrorist attacks of 9/11. Coats went on to say that the nation’s election systems and other digital infrastructure are “literally under attack.” Yet, in the face of overwhelming evidence, for more than a year-and-a-half, President Donald Trump has cast doubt on these consistent warnings. It now is incumbent on Congress, key members of the administration, state and local officials, and other stakeholders to take aggressive steps within their respective purviews to secure our election infrastructure.Full Article: Time Running Out to Secure Against 2018 Election Cyberattacks.
On April 19, 2016, thousands of eligible Brooklyn voters dutifully showed up to cast their ballots in the presidential primary, only to find their names missing from the voter lists. An investigation by the New York state attorney general found that New York City’s Board of Elections had improperly deleted more than 200,000 names from the voter rolls. In June 2016, the Arkansas secretary of state provided a list to the state’s 75 county clerks suggesting that more than 7,700 names be removed from the rolls because of supposed felony convictions. That roster was highly inaccurate; it included people who had never been convicted of a felony, as well as persons with past convictions whose voting rights had been restored. And in Virginia in 2013, nearly 39,000 voters were removed from the rolls when the state relied on a faulty database to delete voters who allegedly had moved out of the commonwealth. Error rates in some counties ran as high as 17 percent.Full Article: Purges: A Growing Threat to the Right to Vote | Brennan Center for Justice.
Voting Blogs: States are applying for 2018 HAVA funds, how are they spending them? | electionlineWeekly
Earlier this year, the president signed Consolidated Appropriations Act of 2018 into law, the law includes $380 million in grants for states to improve their cybersecurity. To-date 32 states, America Samoa and the U.S. Virgin Islands have applied for their HAVA funds. Although states are allowed to draw down on their available funds in phases, most states seem to be applying for—and receiving—all their funds at one time. Once states have applied for their funds they have 90-days to provide a narrative on what they will be spending the money on. Part of the requirement for receiving the federal funds is a 5 percent match from states. How elections officials are getting those matches varies. Some states are relying on their Legislatures to allocate the funding and others are using existing funds allocated in state budgets.Full Article: electionlineWeekly.
My experience in voting with an absentee ballot in New Jersey in the 2012 and 2016 presidential elections, as well as the 2017 gubernatorial election, alerted my attention to flaws in the system. As an active voter, these experiences have left me to wonder if absentee voting is worth it. I am thankful that my home state of New Jersey has an absentee ballot system that allows me to vote as a New Jerseyite even though I go to school in Virginia. Although New Jersey’s absentee ballot rules are arguably less stringent than other states, I learned the hard way that absentee voting can be difficult.Full Article: Are Absentee Ballots as Helpful to Voters as They Appear to Be? - State of Elections.
Voting Blogs: Are Rhode Island’s Mail-In Ballots a “Gigantic, Illegal Loophole?” | State of Elections
Ken Block, a two-time former gubernatorial candidate, made headlines in early October 2017 over a provocative tweet regarding voter identification (“voter-ID”) and mail-in ballots. Mr. Block claimed that mail-in ballots violated Rhode Island’s voter-ID law and are effectively a “gigantic, illegal loophole” to performing widespread voter fraud. Block implored the Rhode Island legislature to attend to this matter immediately. In response, Mr. Stephen Erickson, a Rhode Island State Board of Elections member, considered such a measure as “another effort to limit people’s ability to vote.” Mr. Erickson asserted that the Board “regularly rejects mail[-in] ballots where there is a substantial difference between the two signatures or if the witnesses does not provide enough information so that they can be identified and questioned.”Full Article: Are Rhode Island’s Mail-In Ballots a “Gigantic, Illegal Loophole?” - State of Elections.
While states and localities are awaiting their share of the $380 million allotted by Congress to upgrade elections cybersecurity, there are two, totally free ways that they can start beefing up their security now. The Center for Internet Security (CIS), a nonprofit that harnesses the power of the global IT community to safeguard private and public organizations against cyber threats recently released A Handbook for Elections Infrastructure Security and also launched the Elections Infrastructure Sharing and Analysis Center (EI-ISAC).Full Article: electionlineWeekly.
Voting Blogs: Latest Threat to Democracy: Barcodes, Ballot Marking Devices (a.k.a. ‘Electronic Pencils’) | Brad Blog
A Ballot Marking Device (“BMD”) is a touchscreen computer that generates a computer-marked paper ballot or printout, which is then tallied on a computerized optical scanner. (Those computer-marked ballots can also, in theory, be counted by hand, but generally are not, as most election officials rely on optical scanners instead.) BMDs were initially designed for people who are unable to hand-mark paper ballots due to disability, old age, etc. But the state of Georgia and Los Angeles County, California are now at the forefront of an unfortunate new trend, which is to consider buying these expensive hackable “electronic pencils” for use by all voters at the polls, regardless of need.Full Article: Latest Threat to Democracy: Barcodes, Ballot Marking Devices (a.k.a. 'Electronic Pencils') | The BRAD BLOG.
The head of the National Security Agency and U.S. cyber command has told Congress that the White House hasn’t instructed him to block a Russian attack against U.S. election systems this fall. “If we don’t change the dynamic here, this is going to continue,” Adm. Michael Rogers said, adding to warnings from the secretary of state and chiefs of U.S. intelligence agencies that voting systems are vulnerable to attacks by foreign actors. Russian meddling in the 2016 election is now almost universally acknowledged. And while there’s no evidence that Moscow’s cyberactivity changed vote totals, we know Russian agents targeted voting systems in at least 21 states — and that whatever methods the Russians honed this past cycle they will likely use against us in the 2018 and 2020 elections.Full Article: Clear and Present Danger to U.S. Vote | Brennan Center for Justice.