Reliability of pricey new voting machines questioned

By FRANK BAJAK
February 23, 2020

Nearly 1 in 5 U.S. voters will cast ballots this year on devices that look and feel like the discredited paperless voting machines they once used, yet leave a paper record of the vote. But computer security experts are warning that these so-called ballot-marking devices still pose too much of a risk.

Ballot-marking machines were initially developed not as primary vote-casting tools but as “accessible” alternatives for the disabled. They print out paper records that are scanned by optical readers that tabulate the vote.

They cost at least twice as much as hand-marked paper ballots, which computer scientists prefer because paper can’t be hacked. That’s an important consideration as U.S. intelligence officials warn that malicious meddling in this year’s presidential contest could be worse than in 2016.

The machines have been vigorously promoted by the trio of privately held voting equipment vendors that control 88 percent of the U.S. market and are nearly unregulated at the federal level. They are expected to be used by some 40 million eligible voters more than in the 2018 midterm elections.

MORE

Server image mystery in Georgia election security case







July 3, 2019

By FRANK BAJAK

The case of whether hackers may have tampered with elections in Georgia has taken another strange turn.

Nearly two years ago, state lawyers in a closely watched election integrity lawsuit told the judge they intended to subpoena the FBI for the forensic image, or digital snapshot, the agency made of a crucial server before state election officials quietly wiped it clean. Election watchdogs want to examine the data to see if there might have been tampering, given that the server was left exposed by a gaping security hole for more than half a year.

A new email obtained by The Associated Press says state officials never did issue the subpoena, even though the judge had ordered that evidence be preserved, including from the FBI.

The FBI data is central to activists’ challenge to Georgia’s highly questioned, centrally administered elections system, which lacks an auditable paper trail and was run at the time by Gov. Brian Kemp, then Georgia’s secretary of state.

The plaintiffs contend Kemp’s handling of the wiped server is the most glaring example of mismanagement that could be hiding evidence of vote tampering. They have been fighting for access to the state’s black-box voting systems and to individual voting machines, many of which they say have also been altered in violation of court order.

Marilyn Marks of the Coalition for Good Governance, a plaintiff in the case, said that if the state failed to secure the data from the FBI — despite informing U.S. District Judge Amy Totenberg in October 2017 of its intent to do so with the subpoena — it clearly has something to hide.

MORE

Microsoft offers software tools to secure elections







May 6, 2019

By FRANK BAJAK

Microsoft has announced an ambitious effort to make voting secure, verifiable and subject to reliable audits by registering ballots in encrypted form so they can be accurately and independently tracked long after they are cast.

Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their voting systems.

The software is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA. Dubbed “ElectionGuard,” it will be available this summer, Microsoft says, with early prototypes ready to pilot for next year’s U.S. general elections.

CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle, saying the software development kit would help “modernize all of the election infrastructure everywhere in the world.”

Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems.

Open-source software is inherently more secure because the underlying code is easily scrutinized by outside experts but has been shunned by the dominant vendors whose customers — the nation’s 10,000 election jurisdictions — are mostly strapped for cash.

None offered bids when Travis County, Texas, home to Austin, sought to build a system with the “end-to-end” verification attributes that ElectionGuard promises to deliver.

MORE

 

Georgia governor’s race roiled by election security charges







November 5, 2018

By BILL BARROW and FRANK BAJAK

ATLANTA (AP) — The bruising race for governor of Georgia has been roiled by unsupported, eleventh-hour allegations from Republican candidate Brian Kemp, who is also the state’s chief election official, that Democrats sought to hack the voter registration system.

His Democratic opponent, Stacey Abrams, said he is making a baseless accusation to deflect attention from an apparently severe security flaw in the system Kemp is responsible for overseeing.

Here’s a look at the dispute, how it unfolded and what’s at stake.

THE ALLEGATION

Kemp asked the FBI on Sunday to investigate the Democratic Party, accusing it of trying to hack the system he controls as secretary of state. He offered no evidence in support of his request for a probe of the opposition.

The FBI declined to comment.

Kemp leveled the allegation after an attorney for election-security advocates notified the FBI and Kemp’s office on Saturday that a private citizen alerted him to what appeared to be a major flaw in the database used to check in voters at the polls.

Independent computer scientists told The Associated Press that the flaw would enable anyone with access to an individual voter’s personal information to log on to Georgia’s MyVoter registration portal and alter or delete any voter’s record, potentially causing havoc.

MORE

APNewsBreak: Georgia election server wiped after suit filed







A computer server crucial to a lawsuit against Georgia election officials was quietly wiped clean by its custodians just after the suit was filed, The Associated Press has learned.

The server’s data was destroyed July 7 by technicians at the Center for Elections Systems at Kennesaw State University, which runs the state’s election system. The data wipe was revealed in an email sent last week from an assistant state attorney general to plaintiffs in the case that was later obtained by the AP. More emails obtained in a public records request confirmed the wipe.

The lawsuit, filed July 3 by a diverse group of election reform advocates, aims to force Georgia to retire its antiquated and heavily criticized election technology. The server in question, which served as a statewide staging location for key election-related data, made national headlines in June after a security expert disclosed a gaping security hole that wasn’t fixed six months after he reported it to election authorities.

READ MORE