For three years now, cryptographer Matt Blaze (previously) and his colleagues have hosted a Voting Village at Defcon, the annual hacker con in Vegas, in which all comers are welcomed to try to compromise a variety of voting machines that are in actual use in American elections. Read the rest

Few states have voting machines that are simultaneously more obviously defective and more ardently defended by the state government than Georgia, where 16-year-old touchscreen systems are prone to reporting ballots cast by 243% of the eligible voters and where gross irregularities in election administration sends voters to the wrong polling places or sends co-habitating husbands and wives to polls in different cities to cast their votes. Read the rest

Last summer, we published a comprehensive look at the ways that Facebook could and should open up its data so that users could control their experience on the service, and to make it easier for competing services to thrive. Read the rest

Election Systems & Software (ES&S) is America's leading voting machine vendor; they tell election officials (who are county-level officials who often have zero cybersecurity advice or expertise) not to connect their systems to the internet, except briefly to transmit unofficial tallies on election night. Read the rest

When the North Carolina State Board of Elections asked the voting machine companies whose products were used in state elections who owned those companies, both Election Systems & Software and Hart Intercivic claimed that the answers to the question were proprietary, confidential trade secrets that would devalue their companies if they were divulged. Read the rest

Securing Our Cyber Future, Stanford Cyber Policy Center's new report on election security, depicts a US electoral system whose glaring vulnerabilities are still in place, three years after the chaos of the 2016 elections. Read the rest

Florida Governor Ron DeSantis says that after the Mueller Report was published, the FBI came to him to explain its conclusion that at least two Florida county's voting machines were hacked by Russians during the 2016 election, but that they swore him to secrecy so he can't reveal which counties and which machines were hacked. Read the rest

The EU Copyright Directive was voted through the Parliament because a handful of MEPs accidentally pushed the wrong button; this week, it passed through the Council -- representing the national governments of the EU -- and as it did, the German government admitted what opponents had said all along: even though the Directive doesn't mention copyright filters for all human expression (photos, videos, text messages, code, Minecraft skins, etc etc), these filters are inevitable. Read the rest

No one knows who wrote this Unisyn optical vote-counting machine manual that has appeared in multiple sites served by the California-based vendor, but only because Unisyn won't comment on whether they wrote it. Read the rest

Why does Ivanka Trump need trademarks for nursing homes, sausage casing, and *voting machines* in China? Or do we not want to know. Read the rest

FTP -- the "file transfer protocol" -- is a long-supplanted Unix tool for transferring files between computers, once standard but now considered to be too insecure to use; so it's alarming that it's running on the voting information systems that will be used in elections in Wisconsin and Kentucky tomorrow. Read the rest

Brian Kemp is the Secretary of State for Georgia, where is he also running for governor, meaning that he is overseeing his own election -- and in that capacity, he has purged thousands of Black voters from the rolls (the total purge runs to the millions) and distinguished himself as one of the last holdouts for replacing his state's worst-of-breed insecure voting machines with ones that produce a paper audit trail that can be consulted if they are suspected of malfunction. Read the rest

Today Jimmy Carter, a former US President who also served as Governor of Georgia, has called for Georgia Secretary of State Brian Kemp's resignation. Kemp is accused of viciously robbing Georgians of their right to vote.

Conveniently, most of the people Kemp is accused of disenfranchising are in demographics largely assumed to be voting for his opponent.

Via NPR:

In his letter to Kemp, Carter said it was his decades of experience assisting elections abroad that persuaded him to wade into the bitter dispute now roiling the Georgia gubernatorial race. Kemp has been under fire for deciding to purge tens of thousands of voters from the voter rolls — months after declaring his intent to run for governor.

"In Georgia's upcoming gubernatorial election, popular confidence is threatened not only by the undeniable racial discrimination of the past and the serious questions that the federal courts have raised about the security of Georgia's voting machines, but also because you are now overseeing the election in which you are a candidate," wrote Carter, who served as Democratic governor of Georgia himself before winning the presidency in 1976.

Read the rest

$100 or so a pop. Here's a nice up-to-date Diebold machine. And here's a stack of the voter access cards that go with them. Brian Varner reports on how much can be learned from such items.

The hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the “Property Of” government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.

Even current models are shot through with comically obvious vulnerabilities--exposed USB ports, insecure smart card readers, operating systems that haven't been updated in 5 years--that aren't present in, say, ATMs made by the same companies. Sadly, the circles in the venn diagram marked "people with the power to fix this" and "people who want to fix this" do not overlap. Read the rest

Back in 2012, Symantec researcher Bryan Varner bought some used US voting machines on Ebay and found them to be incredibly insecure and full of real, sensitive election data; in 2016, he did it again and things were even worse. Read the rest

When security researchers report on the ghastly defects in voting machines, the officials who bought these machines say dismiss their concerns by saying that the tamper-evident seals they put around the machines prevent bad guys from gaining access to their internals. Read the rest

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest