In the wake of Robert Mueller’s investigation into Russian interference in the US electoral system, experts warn the nation is just as exposed as it was in 2016, raising new concerns about the 2020 presidential election. More than two years after intelligence agencies exposed Moscow’s efforts to exploit weaknesses in the US democratic system, technology companies and state governments have yet to come to terms with a foreign power’s meddling in domestic affairs of state. When it comes to the 2020 presidential vote, the US faces many of the same vulnerabilities that made its electoral system a prime target In 2016 — and perhaps some new ones, said Doug Lute, a former American ambassador to Nato and retired Army lieutenant-general who has taken up the cause of US election security. “We are more prepared in the sense that we are more aware. But we are little better prepared in terms of actual security,” said Mr Lute. He noted that Russia’s strategy in 2016 resembled an age-old Russian military doctrine: to attack on a broad front, assess strengths and weaknesses, then prepare to reattack vulnerabilities — a potentially dangerous scenario for 2020.Full Article: US ripe for Russian meddling in 2020 vote, experts warn | Financial Times.
Verified Voting in the News
The 2018 midterm elections were hardly a glowing reflection on the state of America’s voting technology. Even after Congress set aside millions of dollars for state election infrastructure last year, voters across the country still waited in hours-long lines to cast their ballots on their precincts’ finicky, outdated voting machines. Now, a new report published by New York University’s Brennan Center for Justice finds that unless state governments and Congress come up with additional funding this year, the situation may not be much better when millions more Americans cast their vote for president in 2020. In a survey that the center disseminated across the country this winter, 121 election officials in 31 states said they need to upgrade their voting machines before 2020—but only about a third of them have enough money to do so. That’s a considerable threat to election security given that 40 states are using machines that are at least a decade old, and 45 states are using equipment that’s not even manufactured anymore. This creates security vulnerabilities that can’t be patched and leads to machines breaking down when the pressure’s on. The faultier these machines are, the more voters are potentially disenfranchised by prohibitively long lines on election day. “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting up,” one South Carolina election official told the Brennan Center’s researchers, noting that he feels “lucky” to be able to find spare parts.Full Article: States Need Way More Money to Fix Crumbling Voting Machines | WIRED.
Secretary of State Jocelyn Benson today announced an Election Security Commission to recommend reforms and strategies for ensuring the security of elections in Michigan. The first-of-its-kind effort brings together 18 local and national experts on cybersecurity and elections to secure elections and protect the integrity of every vote. Together they will advise the secretary of state and Bureau of Elections on best practices. … The commission will convene in early April to begin its review and assessment of election security in Michigan. It later will host hearings throughout the state and invite citizen and expert input on election problems and security. The commission will deliver a set of recommended reforms and actions to the secretary of state by the end of 2019. Its work is funded through a federal grant for election security. Benson has named David Becker, executive director of the nonprofit Center for Election Innovation & Research, and J. Alex Halderman, professor of computer science and engineering at the University of Michigan, as co-chairs of the commission. It will be staffed and facilitated by designated secretary of state employees.Full Article: Secretary Benson forms Election Security Commission.
Editorials: Texas Bill promises better election security. Let’s be sure to get it right. | Dan Wallach/Austin American-Statesman
Election security experts in Texas and nationwide have been pushing for the use of paper ballots in elections to defend against cyber attacks and bolster public confidence in election results. The Texas Legislature has finally taken notice. This week, the Senate heard testimony on Sen. Bryan Hughes’s election security bill, which would require a paper record of every vote and implement post-election audits of every election. This change is long overdue—but the details matter. As a cybersecurity and elections security expert, I know those details well. In fact, my colleagues from across Texas are joining me in pushing for an even stronger bill. Legislators must recognize that paper ballots are the means to a much more important end: ensuring the final results are correct, even when sophisticated adversaries try to interfere. This requires implementing “risk limiting” post-election audits, where auditors randomly sample paper ballots to make sure they match up with the digital records. Discussion about “paper trails” and “voter-verified paper audit trails” can seem complicated. Unfortunately, not all paper trails are created equal. When it comes to elections, “paper” can mean three things: paper ballots filled out (“marked”) by hand, paper ballots marked by a machine (a “ballot-marking device”), or a paper receipt of some kind printed by an electronic voting machine. What makes a good paper ballot? It must be human-readable (not a bar code or other non-English symbols) and auditable (by human auditors, not just machine scanners). Voters must be able detect errors on machine-marked paper ballots and have opportunity to correct them (e.g., “spoil” the ballot and start over), as they can with hand-marked ballots.Full Article: Commentary: Bill promises better election security. Let’s be sure to get it right. - Opinion - Austin American-Statesman - Austin, TX.
For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.
The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.
But DARPA and Galois won’t be asking people to blindly trust that their voting systems are secure—as voting machine vendors currently do. Instead they’ll be publishing source code for the software online and bring prototypes of the systems to the Def Con Voting Village this summer and next, so that hackers and researchers will be able to freely examine the systems themselves and conduct penetration tests to gauge their security. They’ll also be working with a number of university teams over the next year to have them examine the systems in formal test environments.Full Article: DARPA Is Building a $10 Million, Open Source, Secure Voting System - Motherboard.
One of the toughest things for the digital world to manage is keeping a transaction private while at the same time assuring everyone it has accurately recorded the deal. That’s what Virginia Wesleyan University mathematician Audrey Malagon, an adviser to the non-profit group Verified Voting, has been telling legislators. Her concern is with a particular transaction: voting when voters far from their polling place return their ballots electronically. Del. Nick Rush, R-Christiansburg, wants to launch a pilot program to allow military personnel serving overseas to do just that. He’s hoping the same kind of blockchain technology used in cybercurrency dealings will make it easier for them to vote. But the problem, Malagon told legislators, is preserving the anonymity of the voting booth or absentee ballot while letting both voter and vote-counter know that a vote was accurately recorded.Full Article: Electronic return of ballots worries aired - Daily Press.
Rhode Island: Russia Wants to Undermine Trust in Elections. Here’s How Rhode Island Is Fighting Back | Time
When a group of Rhode Island’s top officials gathered in a chilly warehouse in Providence in mid-January to fight foreign interference in U.S. elections, the mood was festive. After Secretary of State Nellie Gorbea’s name was pulled out of a knit Patriots hat, the crowd applauded and cheered uproariously. And when she leaned over a plastic table to roll a 10-sided die typically used for Dungeons and Dragons, people watched intensely. Then the work began. The number generated from 20 rolls of the dice was used to pick the ballots that would be pulled and tested to see if November’s vote counting had been done correctly, a final fail-safe against a hacked election, all done in plain view of the public. “Democracy and elections are only as good as whether people trust them or not,” Gorbea said. “Confidence in our democracy is critical to every other public policy issue.” Voting experts say this kind of election audit is critical to thwarting attempts to meddle with American democracy. It not only detects problems with ballot counting, but the open nature of the audit itself also helps restore voters’ confidence in the system.Full Article: Rhode Island Seeks to Restore Voters' Trust in Elections | Time.
“Does new voting technology enable voting fraud, or does it prevent voting fraud?” rhetorically asked Blaze. “Yes.” He explained that the American election process has computers and software at every stage of the process, including voter registration and verification, the designing and distribution of ballots, the actual voting itself, and the tallying of votes and the communication of results. Machines at almost every step have been shown to be vulnerable to hacking, yet we can’t just go back to dropping envelopes in ballot boxes. “U.S. elections are the most complex in the world,” Blaze said. “You’re gonna need computers somewhere.” Fortunately, he said, policymakers and the general public are now aware of how vulnerable electronic voting systems are to tampering, and many states have taken at least initial steps to make them more secure. “Voting security is by far the hardest problem I have ever encountered,” said Blaze, who was recently a professor of computer and information services at the University of Pennsylvania but now holds the McDevitt Chair of Computer Science and Law at Georgetown University.Full Article: America's Election Security: How Vulnerable Are We Now?.
After Georgia’s 2018 elections focused stinging criticism on the state’s outdated election system, a study commission voted Thursday to recommend the use of machines that record votes and print a record. Members of the panel tasked with considering a potential replacement chose that option over hand-marked paper ballots favored by cybersecurity experts. The Secure, Accessible and Fair Elections, or SAFE, Commission voted 13-3 for a draft of a report to be sent to lawmakers, who are expected to decide on criteria for a new system during the legislative session that begins Monday. The commission includes lawmakers, political party representatives, voters and election officials. … Verified Voting, a nonprofit group that advocates ensuring the accuracy of elections, last week urged the commission to recommend hand-marked paper ballots. “A paper ballot that is indelibly marked by hand and physically secured from the moment of casting is the most reliable record of voter intent,” president Marian Schneider wrote in a Jan. 4 letter. “A hand-marked paper ballot is the only kind of record not vulnerable to software errors, configuration errors, or hacking.”Full Article: Commission recommends machine-marked ballots for Georgia - ABC News.
Three Michigan cities are testing a new process designed to provide strong statistical evidence that the election outcome is correct. The “risk-limiting audit” is a relatively new election security measure being tested across Michigan this week. It’s designed to detect irregularities that could influence reported election outcomes, including cyber-attacks and unintentional machine or human errors. The goal of the pilot will be to determine how risk-limiting audits could be rolled out statewide. Kalamazoo, Lansing and Rochester Hills will also pilot the procedure during the first week of December. “Our goal as election administrators is to foster confidence in the electoral process, the results of that process, and ultimately our democratic institutions,” said Kalamazoo City Clerk Scott Borling. “Michigan voters put their faith in us to conduct free and fair elections. The Risk-Limiting Audit provides another tool and opportunity to demonstrate their trust is well placed.”Full Article: ‘Risk-Limiting’ Audits Could Provide Election Assurances.
Patrick McDaniel said elections in the United States have historically been fair and secure, but there are challenges. McDaniel is the Weiss Professor of Information and Communications Technology at Penn State and one of the organizers of the Symposium on Election Security, held Monday at the Penn Stater Conference Center. At a time when the integrity of elections is in the headlines, the conference drew experts and national leaders in election security. McDaniel said the more that can be done by the 2020 election, the better. That includes having voter-verified paper ballots used in all states.Full Article: Paper Ballots, Secure Voting The Focus Of Election Symposium At Penn State | WPSU.
On Monday, Dec. 3, Rochester Hills will conduct Michigan’s first pilot of a risk-limiting post-election audit. Risk-limiting audits provide a check on election results. The procedure is designed to detect irregularities that may include intentional cyber attacks or unintentional error that may change the reported election outcomes. “Michigan voters put their faith in us as election administrators to conduct free and fair elections,” said Rochester Hills Clerk Tina Barton. “This procedure will provide us with another opportunity to confirm their trust is well placed.” The pilot is one of three to be conducted the first week of December and part of the first multi-jurisdictional risk-limiting audit pilot in the country. Lansing and Kalamazoo will hold their pilots later in the week.Full Article: Rochester Hills to conduct post-election audit | Local News | theoaklandpress.com.
Australia: NSW government finally released ‘net vote system review, says everything’s just fine Including, wait for it, ‘security through obscurity’. No, really | The Register
Australia’s New South Wales Electoral Commission has given its electronic voting system a clean bill of health, dismissing hacking fears as “theoretical,” and accepting a PWC report saying the system to date was protected by “security through obscurity”. Reviews of election processes are routine, and in 2016, the NSW Joint Standing Committee on Electoral Matters kicked off the Wilkins report. It was completed in May of this year, but was only recently made public (PDF). NSW’s “iVote” system was used by nearly 300,000 citizens in the 2015 election, a week after Melbourne University crypto-boffins Dr Vanessa Teague and Dr Chris Culnane demonstrated a FREAK-bug-like “theoretical attack”.Full Article: NSW government finally released 'net vote system review, says everything's just fine • The Register.
Whitney Quesenbery knows a well-designed ballot when she sees it: lower-case letters, left-aligned text, a clean sans-serif font. Quesenbery has been assessing ballot design for nearly two decades. Los Angeles County’s is one of the best she has seen. “Look at those instructions,” she says, admiring the ballot’s simple wording and standout color. “They’re beautiful.” A co-founder of the Center for Civic Design, Quesenbery regularly advises election boards on best practices for their ballots. Some places, like Los Angeles, have incorporated the design principles espoused by the center. But, Quesenbery says, many other counties are stuck using ballots that look as if they came out of the last century. “There are still people voting on pre-2000 voting systems,” she says. “I do.”Full Article: Why Are So Many Election Ballots Confusing? : NPR.
National: Here’s Why Blockchain Voting Isn’t the Solution Voters Are Looking For | Strategic Tech Investor
Now that we’re past Election Day, a certain sort of “silly season” has begun. I’m talking about folks coming up with big ideas on how to fix our outdated voting system. And one of the big ideas out there is using blockchain for voting. Let’s stop that conversation – now. The other day, the Twitter cryptoverse blew up after Alex Tapscott, co-founder of the Blockchain Research Institute, had his op-ed on the matter published in The New York Times. In it, Tapscott presents his case for using a blockchain to carry out online voting. He apparently believes such a process would be much more decentralized and safe from hacking. The only downside, he claims, is a potential delay in the voting process. Let me just tell you straight up: This is a terribly ill-considered idea, for a variety of reasons.Full Article: Here's Why Blockchain Voting Isn't the Solution Voters Are Looking for.
Election experts have long warned about the nation’s aging fleet of voting equipment. This week’s elections underscored just how badly upgrades are needed. Across the country, reports poured in Tuesday amid heavy voter turnout of equipment failing or malfunctioning, triggering frustration among voters and long lines at polling places. Scanners used to record ballots broke down in New York City. Voting machines stalled or stopped working in Detroit. Electronic poll books used to check in voters failed in Georgia. Machines failed to read ballots in Wake County, North Carolina, as officials blamed humidity and lengthy ballots. Those problems followed a busy early voting period that revealed other concerns, including machines that altered voters’ choices in Texas, North Carolina and Georgia.Full Article: Midterm Voting Exposes Growing Problem of Aging Machines - The New York Times.
Experts this week warned against entertaining the idea that blockchain could fix the voting system despite growing frustration with the long lines and malfunctioning machines that caused problems during the midterm election. “If you’re trying to convince Walmart it needs blockchains to track avocados or whatever, be our guest,” Arvind Narayanan, an associate professor of computer science at Princeton, tweeted. “But if you’re messing with critical infrastructure, you’ve crossed a line.” Blockchain is technology that uses computers to build a shared, secure and decentralized digital ledger. Blockchain is best known as the basis for the cryptocurrency Bitcoin but in recent years has attracted interest from a variety of industries that see a benefit in using the ideas behind blockchain.Full Article: After a stressful election, experts warn blockchain is not the answer.
California: California doesn’t need better voting machines — it needs better audits, experts say | The Peninsula Press
When voters in Alameda and Santa Clara County head to the polls on Nov. 6, about one percent will cast their ballots on electronic voting machines that have known security vulnerabilities. California has safeguards in place. In addition to requiring paper records for votes cast on electronic machines, California also manually audits one percent of all ballots cast, to make sure there’s no discrepancy in the numbers. Now, experts like David Dill, a computer science professor at Stanford and founder of Verified Voting, are saying that isn’t enough, and are pushing states like California to implement more rigorous auditing methods. “The problem of protecting machines is pretty unmanageable, even with the best and most modern hardware … so what you need to do is select a bunch of ballots at random and hand count them in order to make sure the electronic counts are accurate,” says Dill.Full Article: California doesn’t need better voting machines — it needs better audits, experts say - Local: In The Peninsula.
Americans voting in this year’s midterm elections face a range of obstacles, from long lines to concerns over voter suppression. Some US citizens are also dealing with more unexpected challenges around exercising their right to vote—for instance, the weather. Across Georgia, heavy rain is an added hurdle for voters, though it’s not altogether deterring them. And humidity—a far less visible weather issue—is having an even larger impact. North Carolina’s State Board of Election (SBOE) reports that some precincts in Wake County are having trouble feeding ballots through the voting machines. “Initial reports from county elections offices indicate this issue is caused by high humidity levels,” North Carolina’s SBOE said in a release. Why is a little extra water vapor in the air making such a big difference? Joseph Lorenzo Hall, chief technologist with the Washington, DC-based nonprofit Center for Democracy and Technology (CDT) and an election technology and cybersecurity expert, explains that ballots are made of a thick stock paper, the specifics of which are determined by voting machine vendors. There are three main makers of voting machines in the US. Local election officials have to work with paper vendors to get paper supplies that will function correctly with the machines and have safety requirements such as watermarks.Full Article: Midterms 2018: How humidity affects voting machines — Quartz.
After Russia’s misinformation campaign rattled the 2016 United States election season, scrutiny over this year’s midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks. Officials haven’t attributed most of it to an actor yet, but the situations include suspicious attempted logins on election systems like voter databases and municipal network compromises. Even in July, Microsoft said it had spotted four incidents of attempted campaign phishing. … The government won’t go it alone. Verified Voting, a group that promotes election system best practices, is part of the nonpartisan Election Protection coalition, which offers a hotline for voter information and issues. Verified Voting particularly specializes in fielding questions about technology issues related to voting. Some of those have already come up; in Texas and Georgia, outdated software and poor design features on paperless voting machines have caused a small but jarring number of incidents in which votes appear to be switched from a voter’s selection.Full Article: Midterms 2018: The Unprecedented Effort to Secure Election Day | WIRED.