Spotlight on election security
- By Susan Miller
- Jan 27, 2020
States push for more election security assistance
Florida politicians welcomed a recent policy change that requires the FBI to alert states if local election systems are hacked, but many think notification should be more widespread.
Rep. Stephanie Murphy (D-Fla.) said she first learned of Russian hackers breaching Florida voter registration systems while reading Special Counsel Robert Mueller's report, nearly three years after the hacks are believed to have occurred.
Murphy and other members of Congress from the state didn't learn which counties were breached until May 2019, when they were briefed by FBI officials. Even then, they were told they could not publicly name the affected counties, both because the lawmakers were not considered victims and doing so could jeopardize sources and methods.
"Voters, elected officials, state, local and federal officials, the vendors" all need to alerted to breaches, Murphy said. "This siloed approach towards information just empowers the adversary and it weakens our defense efforts."
Read more on FCW.
California OKs online voting
California Secretary of State Alex Padilla issued conditional approval of the Voting Solutions for All People (VSAP) 2.0 voting system, a publicly owned, open-source solution that uses computerized ballot marking devices for use in the March 3 presidential primary election. It is the first publicly owned and designed voting system certified for use in the nation, officials said.
The system, developed by Los Angeles County, uses ballot marking devices that allow on-site voters to review their selections before printing their ballots. The devices do not connect to the internet, count votes or store data, according to the announcement.
“The certification of the first publicly owned voting system in the nation is a historic milestone for American democracy,” Padilla said. “VSAP is a big step forward in modernizing elections in Los Angeles County, which has been home to some of the oldest voting equipment in the state. Upgrading to a modern system will improve the long-term reliability and security of elections in the largest county in America.”
VSAP critics say the system could be hacked, and independent testers found several issues that make the system vulnerable to attack, including the ballot box being opened without detection, access to the USB port, according to a report in the Washington Post.
Washington's King County opts for voting portal
Voters in King County, Wash., will be able to vote for members of the King Conservation District board of supervisors online. The elections, conducted in partnership with King County Elections, Democracy Live, and Tusk Philanthropies aims to boost election participation by allowing voters to cast ballots by logging onto an online portal from a computer, tablet or smartphone to access their ballot. Voters may also vote by mail, drop off their ballots or vote in person through Election Day on Feb 11. The voting system verifies voters' identity with their name, birthdate and a signature, which will be compared to an on-file version. Elections officials will create an audit trail by printing out ballots electronically submitted ballots and counting the paper versions alongside the votes cast through traditional means.
Meanwhile, Washington's Secretary of State Kim Wyman proposed an election security bill that requests $1.8 million in state funding for security in county election offices that would make the state eligible for another $8.6 million in matching federal funds. The bill also would provide impose restrictions surrounding the collection of ballots and provide more thorough postelection audits for race recounts, the Seattle Times reported.
Iowa's caucus app
In Iowa, caucus managers will be able to use a mobile app on their personal smartphones to calculate and transmit results of the Feb. caucuses from the state's 1,679 precincts. The app, which has plenty of critics, is intended to reduce calculation errors and speed the reporting of results over the previous systems in which results were phoned in.
At an early-January press briefing, Iowa Democratic Party Chairman Troy Price said the app is "just one part of how the state’s vote is tracked, along with paper backups, a phone hotline and other, unspecified safeguards," NBC News reported.
Ohio hires CISO for election security
Ohio has hired a chief information security officer for the Ohio Secretary of State's office, as part of Senate Bill 52, which is designed to improve the state's election cybersecurity posture. Sean M. McAfee had been a cybersecurity officer with the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
POGO pushes encryption for election security
A group of election security advocates sent a letter to Attorney General William Barr pushing for continued strong encryption of personal devices to protect national security, including election security. The letter from the Project on Government Oversight said that "any effort to diminish the effectiveness of encryption will inherently diminish the security and, potentially, the integrity, of our elections." The letter cited the 3 million eligible active duty military and civilian overseas voters who "depend on encryption to safeguard their ballots when they are transmitted electronically."
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.