In her testimony at an election security hearing before the Committee on House Administration last week, Verified Voting President Marian Schneider joined advocates and election officials in calling on Congress to help states and local jurisdictions replace aging voting systems, conduct risk-limiting audits and enhance election infrastructure security. In order to prepare for 2020, Congress must provide “adequate financial investment in cyber security best practices, replacement equipment and post-election audit processes … immediately and continue at a sustainable level moving forward.”
Writing in Governing, Graham Vyse highlighted the significant bipartisan agreement between the two secretaries of state who testified, Jocelyn Benson (D-MI) and John Merrill (R-AL), on efforts needed to address emerging threats to election security. Significantly, the state election officials, along with all the witnesses, were unanimous in recommending the replacement of direct recording electronic voting machines with paper ballot voting systems and conducting post-election ballot audits.
Two days after the hearing, House Homeland Security Committee Chairman Bennie Thompson (D-MS), House Administration Committee Chairwoman Zoe Lofgren (D-CA) and Rep. John Sarbanes (D-MD), the chairman of the Democracy Reform Task Force introduced The Election Security Act. Aimed at reducing risks posed by cyberattacks by foreign entities or other actors against U.S. election systems, the bill would establish cybersecurity standards for voting system vendors and require states to use paper ballots during elections.
Last month legislation was introduced in both chambers intended to strengthen election security by providing government grants to assist states, as well as local and tribal governments, in developing and implementing plans to address cybersecurity threats or vulnerabilities. This week Verified Voting wrote an open letter to the bills’ sponsors supporting their efforts and encouraging them to add provisions specifically prohibiting these funds from being used for internet-based voting. The letter notes that “[c]ybersecurity experts agree that no current technology, including blockchain voting, can guarantee the secure, verifiable, and private return of voted ballots over the internet.”
The departure of Ryan Macias from his position as acting head of the Election Assistance Commission’s head of voting system testing and certification program reflects an agency in crisis, according to Politico’s Morning Cybersecurity. Macias’ departure may be related to an exchange at an EAC field hearing, when Chairwoman Christy McCormick repeatedly asked Macias why EAC commissioners didn’t have final approval over the details of federal voting system standards.
After Macias leaves on May 17, the EAC will have only one employee working full-time on assessing voting machines based on federal standards: former Colorado voting security expert Jerome Lovato. According to an email announcement obtained by CyberScoop, the EAC has appointed Lovato to replace Macias, citing his experience with testing and piloting voting systems and his familiarity with risk-limiting audits.
Evan Halper at the Los Angeles Times, wrote about venture capitalist Bradley Tusk’s personal crusade to promote internet voting. As Halper writes “[t]he entrepreneur frames the fight as one pitting reformers against special interests invested in a low turnout that makes lawmakers unaccountable and easy to corrupt. He talks of the security concerns as if they are a sideshow.” “‘Magic beans,’ responds Josh Benaloh, a senior cryptographer at Microsoft, accusing backers who make claims for secure voting technology of peddling something that doesn’t exist.“ Noting that it was “an odd time for this to be gaining momentum,” Verified Voting President Marian Schneider warned “There are so many things that could go wrong.”
After a briefing last Friday with the FBI and DHS, Florida Gov. Ron DeSantis, revealed that, according to the Mueller investigation, election information in two Florida counties was accessed by Russian hackers in 2016. DeSantis said that although he was willing to identify the counties, he was not allowed, due to a nondisclosure agreement. This led inevitably to a chorus of denials from county election officials across the state. US Sen. Marco Rubio (R-FL) earlier this month clarified that while the Russians did not appear to have access to vote tallying systems, access to the statewide voter registration database could have allowed a hacker to modify voter information in any county.
The mystery was resolved in one case yesterday when two Washington County Florida officials, speaking on the condition of anonymity, confirmed that their database had been penetrated by the Russian military spy agency, the GRU. The identity of the the other county has not yet been disclosed.
Russian hacking aside, a respected former supervisor of elections observed that the state is in desperate need of upgrades to its election system. WJCT quotes longtime Leon County Supervisor Ion Sancho, who observed that to him “it’s been clear to me that the election infrastructure, not only in Florida but in the country, is not secure.” He went on to say he doubts the FBI will ever disclose which Florida county was hacked, “because the FBI has a policy of not telling the truth relative to the disclosure of the methods and sources of how they find out information.” Sancho added his voice to those calling for paper ballots and “scientifically valid” methods to assure accurate tabulation.
Appealing a January dismissal by a Cobb County Superior Court judge, the Coalition for Good Governance asked the Georgia Supreme Court to reinstate a lawsuit contesting the election of Lt. Gov. Geoff Duncan. The suit alleges that an analysis reveals an anomalous in the residual vote rate in the Lt. Governor’s race relative to previous elections and significantly other “down-ballot” contests. As AP reports, the “aberrant pattern” only appeared in votes reported cast on touchscreen voting machines, not those cast on paper absentee and provisional ballots, Brown wrote. The paper ballots followed the normal pattern.
Mindy Moretti at Electionline Weekly reports on the impact on election administrators of a ransomware infection of the Baltimore city government. Since the ransomware was discovered on May 6, the city’s email, phones and computers remain shut down, including at the Board of Elections. The State Board of Elections has also disconnected the local election office from state networks and asked all network administrators to analyze system logs and network traffic looking for unusual activity. Deputy director of the Baltimore election board Abigail Goldman told Moretti that though their computers were down “[w]hen people came in we were able to use paper forms.”
In US News and World Report, Susan Milligan reported on evidence suggesting that voters (some more or less than others) have less faith in the integrity of the election process in 2018 than they had in 2016. Polling comparisons indicate a dramatic decline in voter confidence over past election cycles. Richard Blumenthal, one of the bipartisan authors of (bill number), Richard Blumenthal (D-CT) warned of “… a real danger to such distrust in the integrity of our election system that has lasting damage.”
A 2016 Gallup poll found that nearly two-thirds of Americans were confident in the vote count, while similar polls from 2018 showed that over half of those surveyed said they did not think all votes would be counted in the November 2018 election.
Michael Bitzer, a politics and history professor specializing in Southern politics at Catawba College in North Carolina, highlighted that voters increasingly question the integrity not just of the candidates or the media but of the election process itself. “While in earlier campaigns,” Milligan writes, “the grousing was limited to a small number of activists and political players not attached to a campaign or party committee, the charges of fraud or fixing are coming from candidates and elected officials themselves.” Speaking for his home state, Bitzer suggested that “the combination of Russian interference [nationally] and the recent election fraud in the 9th [Congressional District] has probably taken a pretty good hit on voter confidence.”
And speaking of Russia, Moscow City Duma Chairman Alexey Shaposhnikov announced that an internet voting bill will receive a second reading in the State Duma. When the bill was first introduced in February, Dmitry Vyaltkin, one of the authors of the bill and the deputy of ruling party United Russia, claimed that internet voting would help avoid electoral fraud, which the deputy called “dirty electoral technologies.” Suggesting that the secret ballot was an exceptional feature in a voting system, he explained that the “blockchain technology would allow for the separate storage of the personal data of voters and the results of voting.”
Under the draft law, the test voting is to be conducted in only one city district. Alexander Brod, a member of the Presidential Council of Human Rights, has noted that internet voting would require changes and development of public control over the elections. As Max Yakubowski noted in Cointelegraph, last year Russia conducted a reportedly successful regional election with 40,000 participants in Saratov Oblast via the blockchain-driven electronic polling system, dubbed Polys, which had been developed by Kaspersky Lab in 2017.