The U.S. Department of Homeland Security designated the nation’s election technology and systems as critical infrastructure, giving state election officials access to technical and policy aid from the agency. The move, announced Jan. 6, makes the election infrastructure in the United States part of the government-facilities critical infrastructure sector, one of the 16 sectors deemed crucial by the U.S. government. Other sectors include health care, energy and the defense industrial base. While some states have reportedly opposed the designation, the DHS assured election officials that states would still have full oversight and responsibility for running elections. … Election-security groups have long called for the infrastructure to be designated critical. Verified Voting, a group of voting experts, pushed for election systems to be deemed critical since 2013, Pamela Smith, president of Verified Voting, told eWEEK in an e-mail.“Voting systems should receive at least as much attention and care as other critical infrastructure systems do,” Smith said.
Verified Voting in the News
While Dave Jacobsen’s introduction hung in the air, more than 60 people rose to their feet for a standing ovation for Ion Sancho. Jacobsen had said the Leon County Elections Supervisor will be long remembered for his efforts to make voting easier and the ability to run a problem-free election. Sancho’s term as supervisor ends Tuesday. While Sancho was not available for comment for this story because his wife passed away on Wednesday, his decades-long career speaks for itself. Back in May 2016, Sancho beamed as he walked to the lectern at the Leon County Public Library. He wore an American flag bow tie. He’s an internationally-recognized elections experts and was featured in an HBO documentary 10 years ago. “The most basic civil right, no other right stands if you don’t get to vote for who represents you in government,” he said earlier when asked what he was going to talk about. Sancho has been strumming the same chord for 30 years — leafing through notebooks and recordings of radio, television or newspaper interviews the song remains the same. On this particular afternoon in May the chorus he wrote for the mix of retirees, downtown office workers, and university students was a ditty about career politicians and their bureaucratic henchmen attacking democracy’s foundation — fair, transparent elections.
Sanctions and the expulsion of Russian diplomats from the USA in response to alleged hacking intended to influence the U.S. presidential election are rare physical responses to growing cyberwars between nations. President Obama’s announcement of sanctions Thursday and Russia’s subsequent decision not to expel U.S. diplomats Friday may signal a larger engagement over events in cyberspace, one experts have long said was coming but that may seem like a strange new world to the public. Previous responses to cyberthreats were directed toward nation-states with no full nuclear deterrent capability, said Ian Gray, a cyberintelligence analyst with the Flashpoint company. Those include Iran and North Korea, cases that never escalated to full-blown sanctions. “The possible implications of two fully nuclear-armed powers escalates the potential for future conflict, making the implications unique,” Gray said.
National: Post-recount, experts say electronic voting remains ‘shockingly’ vulnerable | The Parallax
As the Obama administration took tough action against Russia for interfering with the 2016 U.S. election this week, two experts in U.S. voting-machine security offered evidence at Europe’s largest annual hacker conference here they say proves that while the voting machines used in the November presidential election were not hacked, U.S. voting systems remain “shockingly” exposed to hackers. “We knew on November 8 that hacking was possible,” J. Alex Halderman, a University of Michigan computer science professor who specializes in testing voting-machine security, said Wednesday in front of a crowd of more than 1,000 attendees of the 33rd annual Chaos Communication Congress. … “Shockingly—at least shockingly to me and many other people, even under these circumstances—approximately zero U.S. states were going to look at enough paper ballots to know whether the computers had been hacked,” Halderman said. “This is a major gap in our system.”
National: State election recounts confirm Trump win but reveal hacking vulnerabilities | The Guardian
The US presidential election was correct, according to a crowdfunded effort to recount the vote in key states, but the review also highlighted the unprecedented extent to which the American political system is vulnerable to cyberattack, according to two computer scientists who helped the effort to audit the vote. J Alex Halderman and Matt Bernhard, both of the University of Michigan, campaigned in favor of a recount of the US presidential election, which was eventually spearheaded by Jill Stein, the Green party candidate. Only the Wisconsin recount was substantially completed, with the recount in Michigan eventually stopped and a potential recount in Pennsylvania killed before it had even begun. But the researchers say the recounted counties and precincts were enough to give them confidence that Donald Trump is the genuine winner of the election. “The recounts support that the election outcome was correct,” Bernhard told the Chaos Communications Congress cybersecurity convention in Hamburg, where he and Halderman gave a talk summarising their findings.
After partial vote recounts in certain states, US election officials found no evidence that votes had been manipulated by a cyberattack on voting machines, security researchers told an audience at the Chaos Communication Congress hacking festival on Wednesday. But, the researchers called for a vast overhaul in voting machine security and related legislation, warning that an attack is still possible in a future election. “We need this because even if the 2016 election wasn’t hacked, the 2020 election might well be,” said J. Alex Halderman, a professor of computer science at the University of Michigan, during a presentation with Matt Bernhard, a computer science PhD student. Halderman’s and other security experts’ concerns made headlines in November when he participated in a call with the Clinton campaign about a potential recount in some states. Green Party candidate Jill Stein subsequently held a crowdfunding campaign to finance the recounts. “Developing an attack for one of these machines is not terribly difficult; I and others have done it again and again in the laboratory. All you need to do is buy one government surplus on eBay to test it out,” Halderman, who has extensively researched voting machine security, said during the talk.
The drumbeat of election rigging and foreign hacking of voting machines have energized ongoing efforts to develop a new model of digital election equipment designed to produce instantly verifiable results and dual records for security. Election experts say this emerging system, one of three publicly funded voting machine projects across the country, shows potential to help restore confidence in the country’s election infrastructure, most of which hasn’t been updated in more than a decade. “It’s the hardest thing I’ve ever done in my life. It’s taken years and years to get it done,” said Dana DeBeauvoir, the Travis County clerk and leader of the voting machine project. “Now that we’ve had this election, there’s renewed interest.” A prototype of the system, dubbed STAR Vote, sits in an engineering lab at Rice University, and bidding is open for manufacturers who want to produce it wholesale. Similar efforts to innovate voting systems are in the works in Los Angeles and San Francisco. “County clerks in these jurisdictions are the rock stars of running elections,” said Joe Kiniry, CEO of Free & Fair, an election systems supplier currently bidding on contracts to manufacture the designs of both Travis and Los Angeles counties. “If they have success in what they do, it will have, in my opinion, a massive impact on the whole U.S.”
In May 2006, Cleveland and Cuyahoga County, Ohio, launched an e-voting system, producing a nationally notorious election disaster in which every technical and management system failed. One of the largest election jurisdictions in the nation, the county used DRE touchscreens similar to Allegheny County’s. When the election tabulation database grew beyond what it was designed to handle — a flaw concealed by the manufacturer — it silently began dropping votes and other data, without notifying officials. An accurate recount was possible, however, because Ohio had required paper printouts of voters’ e-ballots. Recounts showed that some previously announced winners actually had lost. The hidden software problem did not extinguish anyone’s voting rights only because there was a paper trail. Experts in election technology have pointed out that most Pennsylvania counties — including Allegheny — use e-voting systems that have been outlawed by most states. The chief reason? The omission of voter-approved paper printouts that can be recounted and that allow for audits to check on the accuracy of the electronic machines. Even when voting systems are aged and vulnerable to hacking or tampering, durable paper ballots combined with quality-assurance audits can ensure trustworthy results. Cuyahoga County election officials, like many around the nation, have learned that, even though their voting machines are certified and function perfectly one day, on another day they may fail to count accurately. Software bugs — especially from updates, malware and errors in programming — can lead to unpredictable inaccuracies. Cuyahoga County now conducts an audit after every election, using paper ballots, which most Pennsylvania counties are unable to do.
Editorials: 3 Reforms for America’s Vulnerable Democracy in Light of the 2016 Election | Robert Schlesinger/US News
The end is near. All remaining political disputes – recounts, in this case – must be wrapped up by Tuesday, six days before Dec. 19 when the members of the Electoral College meet in their respective states and ratify Donald Trump’s election to the presidency. The last procedural twitches of controversy from the 2016 election, in other words, are drawing to their inevitable close. But the book closing on the 2016 elections is a good time to take stock and consider reforms that this year has made painfully clear the system needs. After all, this election has inarguably highlighted serious vulnerabilities in the political system that need to be remedied because they are not unique to this year. I’ve got three common-sense ideas on that score. The first two reforms we ought to undertake are interrelated and have to do with ensuring the security, and thus the legitimacy, of the vote, whether from error – manmade or mechanical – or malicious attacks.
Green Party Presidential Nominee Jill Stein’s recent requests for recounts in Pennsylvania, Michigan and Wisconsin highlight how few states routinely verify the accuracy of their vote counts: Twenty-two states do not require a post-election audit, and 15 states do not require paper records that could be compared against electronic vote tallies in a recount. With roughly 22.5 percent of registered voters living in election districts with paperless ballots, the pressure to audit vote counts is mounting. Modern electronic machines are susceptible to tampering, casting doubt on the security of the machines and the certainty of their final vote counts. Following the 2000 presidential election and the resulting legal challenges in Florida over inaccurate counts of votes cast on paper ballots, Congress distributed more than $3 billion to replace manual voting equipment with modern electronic machines. At the time, “there was a feeling among some election officials and state legislatures that it’d be best to avoid paper going forward,” said Larry Norden, deputy director of the Democracy Program at the Brennan Center for Justice. Instead, states opted for “computerized voting machines that just told you what the totals were and you wouldn’t have to deal with the messy process of trying to figure out voter intent.” But as it’s become clear that without a paper record there’s no way to verify vote tallies, computer scientists and election activists have begun pushing for states to not only keep a paper record but to also institute routine post-election audits. Since 2004, many states passed a law requiring audits.