In the face of overwhelming evidence that the Russians meddled in the 2016 U.S. presidential election, states are adopting auditing measure to detect any possible direct ballot fraud and give voters confidence in the results. After clear evidence emerged that Russia attempted to influence the results of the 2016 U.S. presidential election by social media, and more directly by hacking election systems, state governments are embarking on a variety of efforts to use statistical auditing to verify election results. On Nov. 15, Colorado kicked off its first statewide statistical audit of its most recent election by using a statistical technique known as risk-limiting audits to establish the integrity of the vote. Because of mail-in ballots from voters serving in the military, the state had to wait eight days to receive all votes and initiate the audit. Risk-limiting audits, or RLAs, allow election officials to verify the outcome of an election by sampling a much smaller subset of ballots compared to a full recount. Verifying the results of presidential elections in each state from 1992 to 2008, for example, only requires an average of 307 ballots per state. The number of ballots required to verify the vote, however, increases as the contests become closer and eventually defaults to a full recount, in the case of an extremely close race. Colorado’s legislature voted to adopt an election-wide audit in 2010, and election officials began piloting RLA in 2013.
Verified Voting in the News
Judging strictly by how the Center for Election Systems at Kennesaw State University is described on its official website, everything is peachy when it comes to the fact that the center is charged by the Secretary of State with ensuring the integrity voting systems throughout Georgia. “The Center maintains an arms-length working relationship with the Secretary of State and the vendor, ensuring both independence and objectivity in its work,” the center states on its website. But if you ask Marilyn R. Marks, executive director of the Coalition for Good Governance, a university has no business playing such a critical role in the oversight of a state’s election infrastructure. It’s an argument that Marks says is underscored by the fact that voter data in Georgia was exposed on the Internet for a significant period of time leading up to key elections in Georgia — a fact uncovered by a cybersecurity expert named Logan Lamb, who reported it to the center. KSU only took action when a second cybersecurity expert — Chris Grayson — found the same security gaps and reported them to Andrew Green, a colleague and KSU faculty member who lectures on information security and assurance, according to lawsuit filed by Marks’ coalition.
When Logan Lamb visited the website of Georgia’s Center for Election Systems in Aug. 2016, what he found left him speechless. Although the cybersecurity researcher had no password or special authorization, he was able through a Google search to download the state’s voter registration list, view files with Election Day passwords, and access what appeared to be databases used to prepare ballots, tabulate votes, and summarize vote totals. He also discovered a vulnerability that would allow anyone to take full control of a server used for Georgia’s elections. It was everything a Russian hacker – or any malicious intruder – might need to disrupt the vote in Georgia. “Had the bad guys wanted to just completely own the central election system, they could have,” Mr. Lamb told the Monitor in an interview … There are only a handful of states in the US that are currently performing audits that start with voter-verified paper ballots. Many counties in California have conducted pioneering work with such audits. New Mexico hires an independent CPA to oversea an audit of a few key races in that state. And Rhode Island recently enacted a law to develop a voter-verified audit system. But the single most important development in this area is about to take place in Colorado.
Pennsylvania: Is your vote safe? Penn State panel casts doubts, but county elections chief says not to worry | Press & Journal
A Nov. 1 forum on election security at Penn State Harrisburg raised concerns about the vulnerability of voting systems nationally and in Pennsylvania to cyber attack. … Marian Schneider, a former special adviser to Gov. Tom Wolf on election policy and one of three speakers at the Penn State Harrisburg event, said it is “irrelevant” whether Russian meddling in the 2016 presidential election actually altered the outcome in any way. She quoted former FBI Director John Comey saying that the Russians “will be back, and they will be bolder.” “If you conclude that they had some success with the election last year, they may embolden other actors, whether nation-state attackers or within the United States,” said Schneider, who was deputy secretary for elections and administration in the Pennsylvania Department of State from 2015 to 2017. “I think this is the new normal in elections and the Russian effort shows us what could possibly happen.
Boardwalk “claw” machines. Laundry scales. Boiled linseed oil. All three are subject to more state regulation than voting machines in New Jersey. And with Tuesday’s election for governor — one of the first two statewide contests in the U.S. since last year’s presidential race — some voting-rights activists are expressing concern that New Jersey’s vote could be vulnerable. Despite consumer-protection laws that mandate testing of pharmacy scales, gas pumps, amusement park rides and hundreds of other types of equipment — and regulations governing everything from the size of peach baskets to the temperature at which commercial linseed oil must be boiled — the state has comparatively few regulations on voting machines. It does not require machines to leave a verifiable paper trail. Nor does it mandate audits of elections. New Jersey does limit the types of voting machines counties can choose from, but leaves it to counties to test the machines.
Georgia: Georgia Wiped Its Election Server While Advocates Fought for Security Investigation | Gizmodo
A server that held data central to Georgia’s elections was wiped this summer, destroying the potential for a forensic investigation to determine whether or not the server was compromised by hackers, the AP reports. The data destruction was revealed in an email last week from an associate state attorney general to a group that is suing Georgia in an attempt to force additional security measures into the election system. The lawsuit was filed on July 3rd and data was reportedly destroyed on July 7th. In August, backups of the wiped server were also destroyed. “The lawsuit was filed, and right after the lawsuit was filed, they wiped their server. After it was moved to federal court, they did it again,” Marian Schneider, the president of Verified Voting, an organization that advocates for election security and has worked with the group of Georgia advocates involved in the lawsuit, told Gizmodo.
State election officials, worried about the integrity of their voting systems, are pressing to make them more secure ahead of next year’s midterm elections. Reacting in large part to Russian efforts to hack the presidential election last year, a growing number of states are upgrading electoral databases and voting machines, and even adding cybersecurity experts to their election teams. The efforts — from both Democrats and Republicans — amount to the largest overhaul of the nation’s voting infrastructure since the contested presidential election in 2000 spelled an end to punch-card ballots and voting machines with mechanical levers. One aim is to prepare for the 2018 and 2020 elections by upgrading and securing electoral databases and voting machines that were cutting-edge before Facebook and Twitter even existed. Another is to spot and defuse attempts to depress turnout and sway election results by targeting voters with false news reports and social media posts.
The best laid plans of mice, men and elections officials often go awry and that’s exactly what happened to 12 years of studying and planning for Travis County, Texas Clerk Dana DeBeauvoir. Long before anyone ever thought to mention Russians and elections in the same breath, Travis County began looking for a way to improve the security of the county’s voting system and provide a verifiable paper trail. DeBeauvoir was upset that activists were attacking elections administrators for the design of voting systems and the purchase of DRE voting systems that did not have a paper trail.
Top election officials in two states say the Department of Homeland Security gave them faulty information last week when it said Russian hackers scanned their election systems last year. The accusations underscore the persistent barriers in information sharing as the federal government and states try to respond to hacking in last year’s election. DHS informed election officials in 21 states on Friday that Russian hackers had tried to access voter information, the first time many states found out they had been targeted. DHS has faced criticism for being slow to share information with states. Now election officials in Wisconsin and California say DHS has provided them with additional information showing that Russian hackers actually scanned networks at other state agencies unconnected to voter data. In Wisconsin, DHS told officials on Tuesday that hackers had scanned an IP address belonging to the Department of Workforce Development, not the Wisconsin Elections Commission. … Scott McConnell, a DHS spokesman, said in a statement the agency stood by its assessment that 21 states were targeted by Russian hackers last year. He suggested hackers still could have targeted election records, even if they did not target the IP addresses of the state’s election body.
A handful of lawmakers began the discussion Friday about what it might take to move Georgia to a new election system, an important but incremental step toward replacing the state’s aging voting machines. The meeting of the state House Science and Technology Committee represents a start. Any decision will likely take a few years and, depending on the type of system officials pick, could cost more than $100 million. Cheaper options are available, but the state’s leaders all need to agree on what they want. “We all want to have a system that is best in class and does all the things technology can provide for us,” said committee Chairman Ed Setzler, R-Acworth. Beginning that conversation now, he added, means the “committee starts out of session to look at these things and to look at what technological options can serve our state well.” Georgia’s current system, considered state-of-the-art when it was adopted 15 years ago, is now universally acknowledged by experts to be vulnerable to security risks and buggy software. Only a handful of states still use similar electronic systems, which voters know for their digital touch screens. A majority — 41 states — either have or are moving toward voting done entirely on paper or on a hybrid system that incorporates some kind of paper trail.