Verified Voting in the News

West Virginia: State moves forward with first mobile voting app, despite fears from security experts | TechRepublic

During the 2018 midterms, deployed military personnel from West Virginia will be the first in the nation to vote in a federal election on their smartphones using a blockchain-based app—despite numerous concerns from cybersecurity experts. Concern over voting security in the midterm elections is rising, after the Department of Homeland Security detected Russian hackers targeting voter registration databases in at least 21 states in 2016. While most of the systems were not breached, and there is no evidence that Russian agents were able to manipulate voter data or election results, it’s likely that the cybercriminals were scanning them for vulnerabilities to potentially exploit in the future, the department said. … Cybersecurity experts are less confident in the safety and viability of a system like Voatz. “This is the last thing that people need to be thinking about when it comes to voting right now,” said Joseph Lorenzo Hall, chief technologist at the nonpartisan Center for Democracy and Technology. “There are so many more boring pieces of low-hanging fruit, like two-factor authentication, password management, and defending against phishing attacks. But that’s unfortunately not as exciting to most people as the blockchain voting stuff.” Read More

National: Ahead of US election, angst over hacking threats | AFP

At a Boston technology conference last month, computer scientist Alex Halderman showed how easy it was to hack into an electronic voting machine and change the result, without leaving a trace. Halderman staged a mock election in which three conference attendees voted for George Washington, but an infected memory card switched the result to give a 2-1 victory to Benedict Arnold, the military officer who sold secrets during the Revolutionary War. Halderman’s demonstration was on a voting machine still in use in 20 US states, which had no paper ballots that could be compared to the electronic output, and thus no way to determine if vote totals had been altered. “What keeps me up at night is the threat that a hostile nation-state could probe every swing state or swing district (and) find the ones most weakly protected, to silently change the results of a national election,” the University of Michigan professor said. Read More

National: Are wireless voting machines vulnerable? | McClatchy

Barely a month before midterm elections, voting integrity advocates and electronic voting experts want the federal government to issue an official warning to states that use voting machines with integrated cellular modems that the machines are vulnerable to hacks, potentially interfering with the ballot counting. Once seen as a useful tool to provide quick election results, voting machines with cellular modems are now subject to fierce debate over how easy it would be to break into them and change the results. Such machines are certified for use in Florida, Illinois, Michigan and Wisconsin. … But a number of voting machine researchers take issue with such assertions, saying that cellular networks increasingly overlap with the internet and open avenues for hackers to interfere with unofficial early results even when there are paper ballots that can be tallied for a slower official count. They say interfering with unofficial early results, even when corrected later, could increase mistrust among voters and add uncertainty immediately after elections conclude. Read More

National: Congress falls flat on election security as midterms near | The Hill

Congress has failed to pass any legislation to secure U.S. voting systems in the two years since Russia interfered in the 2016 election, a troubling setback with the midterms less than six weeks away. Lawmakers have repeatedly demanded agencies step up their efforts to prevent election meddling but in the end struggled to act themselves, raising questions about whether the U.S. has done enough to protect future elections. A key GOP senator predicted to The Hill last week that a bipartisan election security bill, seen as Congress’s best chance of passing legislation on the issue, wouldn’t pass before the midterms. And on Friday, House lawmakers left town for the campaign trail, ending any chance of clearing the legislation ahead of November. Lawmakers have openly expressed frustration they were not able to act before the 2018 elections. Read More

National: Voting Machines Are Still Absurdly At Risk | WIRED

While Russian interference operations in the 2016 US presidential elections focused on misinformation and targeted hacking, officials have scrambled ever since to shore up the nation’s vulnerable election infrastructure. New research, though, shows they haven’t done nearly enough, particularly when it comes to voting machines. The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference’s Voting Village event. All of the models are in active use around the US, and the vulnerabilities—from weak password protections to elaborate avenues for remote access—number in the dozens. The findings also connect to larger efforts to safeguard US elections, including initiatives to expand oversight of voting machine vendors and efforts to fund state and local election security upgrades. Read More

National: After election hacking presentation, Katko pushes bill to boost security | Auburn Citizen

Dr. J. Alex Halderman inserted a memory card infected with malicious software into an electronic voting machine. It wasn’t an actual case of election hacking, but Halderman’s demonstration served a purpose: To show two members of Congress, including U.S. Rep. John Katko, what can happen if hackers gain access to voting machines. Halderman, director of the University of Michigan’s Center for Computer Security and Society, invited Katko, R-Camillus, and U.S. Rep. Mike Quigley, an Illinois Democrat, to cast votes using the Diebold AccuVote TS voting machine. Halderman programmed a mock election: A presidential race between George Washington and Benedict Arnold. There were two votes cast for Washington and one for Arnold. But the receipt printed from the voting machine revealed the effect of the malicious software. The paper showed Arnold received two votes and Washington netted one. Read More

Wisconsin: State expands use of post-election audits | StateScoop

Wisconsin officials were praised Friday by election-security advocates for expanding the state’s use of post-election audits. The Wisconsin Elections Commission announced that it voted unanimously Tuesday to require audits in 5 percent of precincts throughout the state after every vote, beginning with the Nov. 6 general election. The decision is evidence that the clock has not run out yet on states seeking to improve their ballot-security procedures before Election Day, said representatives of Verified Voting, which advocates for paper-based voting systems and Public Citizen, a consumers’ rights group. Under Wisconsin’s new system, election officials will randomly select at least 183, or 5 percent, of the state’s 3,660 precincts to review voting equipment. The audit sample will include at least one precinct from each of the state’s 72 counties, but no more than two precincts from any single municipality.  Read More

National: Defcon Voting Village report: bug in one system could “flip Electoral College” | Ars Technica

Today, six prominent information-security experts who took part in DEF CON’s Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. “Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election,” the authors of the report warned. Read More

National: DEF CON hackers’ dossier on US voting machine security is just as grim as feared | The Register

Hackers probing America’s electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms. The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps the findings of that village, during which attendees uncovered ways resourceful miscreants could compromise electoral computer systems and change vote tallies. In short, the dossier outlines shortcomings in the electronic voting systems many US districts will use later this year for the midterm elections. The report focuses on vulnerabilities exploitable by scumbags with physical access to the hardware. “The problems outlined in this report are not simply election administration flaws that need to be fixed for efficiency’s sake, but rather serious risks to our critical infrastructure and thus national security,” the report stated. “As our nation’s security is the responsibility of the federal government, Congress needs to codify basic security standards like those developed by local election officials.” Read More

National: Hackers warn about election security ahead of midterms | CNN

The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday — just over a month before the midterm elections. The findings are based on a project at the Voting Village at the Def Con hacking conference held in Las Vegas last month, where hackers were invited to attempt to break into voting machines and other equipment used in elections across the country. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report. Read More