Category Archives: Voting

ICYMI: In Case You Missed It, Instant Summer Reading Recommendations

The Nevada Independent has several excellent articles about the health insurance ‘reform’ battle in the state,  I’d recommend starting with ‘Senator Cortez-Masto’s denunciation of the Senate health bill,” and move on to ‘Dispatches from Washington.’

The Reno Gazette Journal reports (video) on Rep. Jacky Rosen’s (D-NV3) decision to run for Senator Dean Heller’s seat.

Please note TPM’s report from the conference of Secretaries of State concerning election data security.  If this conclusion doesn’t disturb us, it should:

“But both Republican and Democratic Secretaries of State, who are responsible for carrying out elections in many states, said they have been frustrated in recent months by a lack of information from federal intelligence officials on allegations of Russian meddling with the vote. They say that despite the best efforts by federal officials, it may be too late in to make substantive changes.”

Interestingly enough, vote suppression advocate Chris Kobach was a no-show at the meeting.  Perhaps this is because some election experts have identified major flaws in Kobach’s “election integrity” plans.

And, now we get to “muddle time” during which the current administration tries to muddy the waters about the  other election problem — Russian interference.  Spokespersons and advocates are on the air-waves saying that “Gee, it’s not 17 intelligence agencies, it’s actually just a handful of people who reached the conclusion that the Russians meddled,”  which is one tactic to discredit the reports that are unequivocal in their assessment that, yes, the Russians interfered.   Following this comes the Gee Whiz moment in which the apologist who says that “we’ve not actually seen the evidence of this.”  A statement such as this is simply a variation on the previous talking point:  We’ve investigated this enough, there’s nothing there, move along please.

Speaking of elections, please take a look at the bill introduced by Rep. Mark Amodei (R-NV2) HR 2101, the Prior Approval Reform Act:  To amend the Federal Election Campaign Act of 1971 to expand the ability of trade associations to solicit contributions from the stockholders and executive or administrative personnel of their member corporations, and for other purposes.  The effective date, January 1, 2018, would allow more “corporate” money in politics just in time for 2018 campaign season.   The Associated General Contractors would be pleased to see this enacted. [pdf]  Those disturbed by the dark, and darker money, flowing into our campaigns should track this bill.

Comments Off on ICYMI: In Case You Missed It, Instant Summer Reading Recommendations

Filed under Amodei, Health Care, health insurance, Heller, Nevada politics, Politics, Vote Suppression, Voting

Nevada Secretary of State’s Office, Where 3 Is Greater than 520

There are a couple of news items which should cause us some concern, other than the inability of the current President to speak the words, “The Russians hacked into our elections.”

First, there are the efforts by the Russians to continue their intrusions into our elections:

“Since the November election, US intelligence and law enforcement agencies have detected an increase in suspected Russian intelligence officers entering the US under the guise of other business, according to multiple current and former senior US intelligence officials. The Russians are believed to now have nearly 150 suspected intelligence operatives in the US, these sources said. Officials who spoke to CNN say the Russians are replenishing their ranks after the US in December expelled 35 Russian diplomats suspected of spying in retaliation for election-meddling.”  [CNNI]

Secondly, there’s James Clapper’s assessment that the Russians are prepping the battlefield for 2018. (video)  This should raise some concerns from Nevada’s election officials.

Thus far Nevada’s chief election official, the Secretary of State, has agreed to hand over such Nevada voter registration data as is a matter of public record to the Pence/Kobach Commission, and not the full list of information Kobach’s Commission has requested…without any reference as to whether his Commission will pay for the data as any other political institution or agency would be asked to do.  The security of the information, given the increased Russian interest in our elections, is highly questionable.  Nor is the question answered about the rationale for the Commission in the first place.  However, it does sound a bit like Nevada’s Election Integrity Task Force which receives plaudits and plenty of attention in the Secretary of State’s Biennial Report for 2015-2016. (pdf)

The EITF ferreted out some cases of voting irregularities rising to the level of prosecutable offenses: One case of double voting in Clark County in 2012; one case of an undocumented immigrant voting in Washoe County in 2014; and one case in Nye County of improperly completed voter registration forms in 2016.  That’s IT.  Three cases.  Adding a soupçon of context:  In 2012 there were 1,016,664 votes cast.  In 2014 there were 552,326 votes cast, and in 2016 there were 1,125,429 votes cast in Nevada.  In 2012 there were a total  of 1,082,705 active voters on Nevada rolls; there were 1,193,194 active voters on Nevada rolls in 2014; and, in 2016 there were 1,334,959 active voters on the rolls.  [NVSoS]  Somehow, this context wouldn’t seem to justify a “Task Force” on any subject.

There are some other numbers which seem to call for greater attention and concern, and these are located in the Nevada Executive Budget for FY 2016-2017 (pdf).  One of the performance measures included in the Secretary of State’s budget concerns the number of electronic viruses neutralized by its IT personnel.  The actual numbers are available for 2011 (300), 2012 (375), 2013 (391), and 2014 (407), with projected numbers for 2015 (442), 2016 (480), and 2017 (520).  See a trend? The budget descriptors don’t indicate if these were malware, spyware, or someone trying to hack into corporate records, but the steadily increasing number from 2011 onward isn’t comforting…and now we have more Russians running loose in the country, “setting up the battlefield for 2018.”

However, our Secretary of State seems to have her own battlefield, as of last April, when she alleged there was voting by non-citizens in the 2016 election as a result of Department of Motor Vehicles practices (based on a March memo of understanding about the practices which bears her signature.)  It’s July, and Secretary of State Barbara Cegavske has yet to make public any information confirming or substantiating her allegations.   We might be excused for believing, on the basis of this information that in her office 3 is of greater concern than 520.

 

Comments Off on Nevada Secretary of State’s Office, Where 3 Is Greater than 520

Filed under Nevada politics, Politics, Vote Suppression, Voting

The Happy Hackers Act HR 634: A Second Look

Let’s return for a moment to HR 634, otherwise known in this space as the “Happy Hackers Act of 2017.”

The link above should take you to the text of the bill as introduced by Rep. Gregg Harper (R-MS).  In one page the bill terminates the Election Assistance Commission, puts the OMB in charge of “transition,” fobs the duties off on the dysfunctional FEC, and off we go into the wild west of happy hackers.

The bill was introduced on January 24, 2017 and was reported out on a 6-3 party line vote in the House Committee on Administration on February 7th, the same day Democrats filed objections  (pdf) to the measure with the House Committee on Administration.  Democrats noted that the EAC plays a “critical role in holding voting machine vendors accountable and ensuring certification standards remain high.”

Placing jurisdiction over federal election system regulation in the hands of the FEC is cynical at best and destructive at worst.  Atlantic magazine reported in December 2013 that the FEC was “broken” amid a flood of cases of questionable money flowing into campaigns, with feuds boiling between commissioners, and a hack attack attributed to agents of the Chinese government. Two years later the New York Times reported the FEC was incapable of curbing election abuses in the upcoming 2016 elections.   On February 20, 2017 the Chairwoman of the FEC resigned.   It is into the hands of this commission, now with one independent,  three Republicans, one Democrat, and one vacant seat, that the House Administration Committee wants to place the future of voting machines and certification standards.   The ill-advised HR 634 would place certification standards in the hands of an underfunded, understaffed (300 employees to cover 8,000 election jurisdictions in 50 states plus the District of Columbia) agency.  This is conducive to yet another layer of backlogs as questions raised about voting machine security and certification standards would be added to an already debilitated commission. If the intention is to slash oversight on voting machine/system security HR 634 would certainly accomplish that goal.

We’ve been the unfortunate recipient of hacking into our elections at the hands of the Russian government (2016) a conclusion reached by 16 intelligence agencies and the intelligence community leadership, despite the President’s feckless commentary on the subject; and if security standards are unenforced then we’re at even greater risk of intrusion into what has heretofore been unavailable to Russian hackers — the actual vote tally itself.

It’s unfortunate the bill was reported out of committee last February, it would be even more lamentable if the bill were to make it to the floor for a vote; and yet

more calamitous should the bill pass the House of Representatives.


Representative Mark Amodei (R-NV2) can be reached at 5310 Kietzke Lane #103, Reno, Nevada 89511; 905 Railroad Street #104D, Elko, NV 89801; or 332 Cannon Building, Washington, DC 20515.

Representative Ruben Kihuen (D-NV4): 313 Cannon Building, Washington, DC 20515; 2250 North Las Vegas Blvd #500, North Las Vegas, NV 89030

Representative Jacky Rosen (D-NV3): 8872 S. Eastern Avenue #220, Las Vegas, NV 89123; 413 Cannon Office Building, Washington, DC 20515.

Representative Dina Titus (D-NV1): 2464 Rayburn Office Building, Washington, DC 20515; 495 S. Main St. 3rd floor, Las Vegas, NV 89101.

Comments Off on The Happy Hackers Act HR 634: A Second Look

Filed under Congress, Nevada politics, Politics, Voting

The Happy Hackers Bill approved by House Republicans

One of the major ironies of the past few days is that the administration’s fraudulent anti-voting fraud commission is asking for bundles of private voter information from the 50 states, all the while dismissing Russian interference in the 2016 election as a hoax, AND submitting a budget which we’ve known for some time would eliminate the ONE federal agency tasked with assisting state and local governments with election security.

“House Republicans are taking aim at a small federal agency that helps provide election oversight and guidance, saying its functions are no longer necessary.

A spending bill from the House Appropriations Committee unveiled Thursday would give the Election Assistance Commission 60 days to terminate itself. The small agency was created after the tightly contested 2000 presidential election. It has an annual budget of about $10 million and had just 31 employees on its rolls as of March. The agency writes election management guidelines and develops specifications for testing and certifying voting systems, among other tasks.” [GovExec]

The bill, introduced by Rep. Gregg Harper (R-MS), would hand the powers and duties of the Election Assistance Commission to the Federal Election Commission, and the little agency responsible for “developing specifications for testing and certifying voting systems” would fold up and go away under the terms of HR 634.

The tribulations and gridlock in the Federal Election Commission are well known and documented: Investigations stalled, dark money flowing freely, enforcement delayed and denied. In short a scene of “dysfunction and deadlock.”  [NYT]  Failures to investigate, and 3-3 vote ties stifling further investigations. [NBC] Thus, the Harper bill would deliver election security responsibilities to a commission already in the throes of partisan gridlock and as they say so politely, “dysfunction.”

Republicans on the Administration Committee [Harper (R-MS), Davis (R-IL), Comstock (R-VA), Smith (R-NE),  Walker (R-NC), and Loudermilk (R-GA)] voted to send the bill forward;  Democratic Representatives Brady (D-PA), Lofgren (D-CA) and Raskin (D-MD) voted “no.”  So, what do these lawmakers want to hand over the the stalemated FEC?  The part which should interest us the most at the moment is this segment from the EAC:

“EAC Certification Program is to provide clear procedures to Manufacturers for the testing and certification of voting systems to specified Federal standards consistent with the requirements of HAVA Section 231(a)(1).

Under this program, the testing and review process requires the completion of an application, employment of an EAC-accredited laboratory for system testing, and technical analysis of the laboratory test report by the EAC. The result of this process is an Initial Decision on Certification.”

It doesn’t take much effort to interpret this task as the foundation of standards for the certifying and testing of election systems.   Republicans may argue that this could be done under the auspices of the Department of Homeland Security, but this seems hollow since the bill doesn’t transfer the duties to DHS, it just wipes the EAC off the map.  The EAC already maintains a list of certified election systems,  and those which have been terminated.   The Republicans appear quite pleased to take the constable off the beat, and hope that someone, somewhere, will prevent the development and certification of voting systems from becoming the Wild West of slackers, partisan backers, and hackers.

If eliminating the EAC isn’t the answer, what might be?   The Brennan Center issued a report on “Security Election Systems from Foreign Interference,”  in a forward by former CIA Director James Woolsey,” he observes:

“In the last few months, we have learned extraordinary details about a Russian assault on our election infrastructure. While there is no evidence that this assault altered the vote count, that fact should be cold comfort as we look to protect ourselves against future attacks.”

One doesn’t have to be an expert on cybersecurity or election technology to understand how dangerous this is. Based on my experience, as a former Director of Central Intelligence, and in service to this country under both Democratic and Republican Presidents, I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections. In particular, their history of interfering in other nations’ politics, their antipathy to the United States and Western democracies generally, and their proven ability to multiply the impact of their actions through cyberattacks should put us on the highest alert, and spur us to take all necessary actions to protect ourselves from further attack.”

In summary form, Ambassador Woolsey is convinced the Russians will be back, they will apply “lessons learned” evaluations, and they will attempt to cause even more damage in the future.  If the former CIA Director is correct, and there’s no logical reason to believe otherwise, this is hardly the time to terminate any programs to help state and local election officials secure their systems.  In fact, it’s time to do more, as outlined by the Report:

“What more must be done? The key security measures detailed in this report are the right place to start: replace paperless electronic machines, upgrade the hardware and software that supports voter registration, and conduct post-election audits to confirm the results.

These are common-sense solutions that will increase security and public confidence in the integrity of our system. Importantly, they will do so without interfering with the right of any eligible citizen to participate in the choice of who will govern the nation.”

Some of these recommendations are squarely in the EAC wheelhouse, others will require additional support for local and state election officials.

The good news is that the decentralization of American voting systems makes a concerted attack extremely difficult, there are 8,000 voting jurisdictions, and about 100,000 polling places.  However, this doesn’t mean that we should be taking much comfort from our fragmented system, because the bad news is that some jurisdictions are using antiquated equipment with operating systems no longer supported by vendors (and thus are easier to attack.)  States and localities have made progress toward greater technical voting system security since 2004, but now is no time to rest upon laurels and declare “we’re Safe!” merely because vote totals are difficult to alter.

There’s also the matter of voter registration data security.  Again, the Brennan Center recommends:

“State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis, but that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time.”

Putting a more blunt perspective on it:  The risk assessment tools used to evaluate the security of voter registration data which were judged “state of the art” just a couple of years ago may now be as outdated as that Motorola StarTAC clam shell mobile phone  sitting in the bottom of someone’s junk drawer.   Add to this the notion that the Administration’s fraudulent Fraud Commission wants to centralize voter registration data from 50 states all in one convenient place — thus making it a handier target for our adversaries — and we lose the advantages of decentralization while making life easier for those wishing to practice their “foreign interference.”

There is a bill in the Congress well worth supporting, introduced by Derek Kilmer (D-WA), HR 1344, under its terms the Department of Homeland Security would assist local and state government officials as follows:

“The Department of Homeland Security (DHS) may award states with planning and biennial implementation grants under the program to:

adopt cybersecurity best practices;
mitigate talent gaps in government workforces;
protect public safety answering points, emergency communications, and continuity of communications during catastrophic disruption;
mitigate threats to critical infrastructure or key resources;
coordinate with neighboring states or countries, National Guard units, or information sharing and analysis organizations; and
establish scholarships or apprenticeships to provide financial assistance to state residents pursuing cybersecurity education who commit to working for state government.
The bill sets forth requirements for distribution of awarded amounts to local and tribal governments within states and for consultation with local and regional officials.

The Committee for Cyber Resiliency Grants is established to: (1) promulgate guidance for states to develop applications for such cyber resiliency grants; (2) provide DHS and states with recommendations regarding the approval of state plans or applications; and (3) evaluate, and report to Congress regarding, the progress of states in implementing plans.”

We’d be well advised to contact our Representatives and recommend they oppose HR 634 (perhaps on the theory that the fact we have a Navy doesn’t obviate the need to also have a Coast Guard) and to support HR 1344.

This is hardly the time to make the hackers any happier.

Local Contact Information: 

Representative Mark Amodei (R-NV2) Phone: (775) 686-5760

Representative Dina Titus (D-NV1) Phone: (702) 220-9823

Representative Ruben Kihuen (D-NV4)  (702) 963-9360

Representative Jacky Rosen (D-NV3)  (702) 963-9500

Comments Off on The Happy Hackers Bill approved by House Republicans

Filed under Nevada Congressional Representatives, Nevada politics, Politics, Vote Suppression, Voting

Election Integrity in Nevada: How Safe Is Safe?

We have a President of the United States of America who appears singularly uninterested in investigating Russian meddling in the 2016 elections.  Nothing has originated from the Oval Office to indicate he is curious about (a) Russian intrusions into some 21 to 39 state election systems; (b) Russian disinformation efforts during the 2016 elections; and (c) European efforts to blunt Russian cyber attacks on their elections.  Perhaps there’s nothing surprising about this, he’s shown precious little interest in:

(1) Bolstering NATO nation confidence in US support for their interests in addressing Russian incursions into Crimea, Ukraine, and the Baltic States; (2) Extending or enhancing sanctions on Russia for these incursions; (3) Maintaining the sanctions initiated by the Obama Administration including the removal of the Russians from two facilities used for intelligence purposes.   And, now the President wants to have something to “offer” the Russians during the upcoming meetings of the G20.

“President Donald Trump has asked National Security Council staff to come up with “deliverables” that he can offer to Russian President Vladimir Putin during their meeting on the sidelines of the G-20 summit in Germany next week, The Guardian reported Thursday.”  [Business Insider]

At this juncture it would seem necessary for citizens in Nevada to multi-task.  On one hand we need to insure that the Administration isn’t encouraged to promote its voter suppression program, at present in the form of Chris Kobach’s extensive request for voter data which will be massaged into a report which will no doubt encourage more voter suppression legislation.  There’s nothing wrong with sharing the information any county chairperson can obtain from the voting registrar or the county clerk, but there’s all manner of things wrong with asking for military status,  Social Security numbers or portions thereof, voting history, and other personal data NOT previously part of the public record.  The Nevada Secretary of State has responded in the following press release:

“Many people have asked whether or not the Secretary of State’s office plans to comply with the request from the Presidential Advisory Commission on Election Integrity for voter registration information in Nevada.  Other than the previously identified confidential information, state law (NRS 293.558) prohibits election officials from withholding voter registration information from the public.  In addition, the state’s Public Records Act requires government entities to allow for inspection of public records.  As a result, the Secretary of State’s office will provide the Presidential Advisory Commission on Election Integrity with only the publicly available voter registration information under Nevada law.”

Thus much for Kobach’s grand plan for a 50 state data accumulation of personal voting histories and “targets” for vote suppression.  However, we can reasonably predict that this will not be the end of Kobach and Von Spakovsky’s efforts to impede voting by the elderly, the young, and minority ethnic group members; in short, people who are likely to vote for Democratic candidates.

On the other hand, we need to watch out for insecurities in our own electoral systems.  One element, of course, is the integrity of our mechanical and electronic voting machines.  For those wishing to delve into the weediest of the weeds should refer to NAC Chapter 293B which specifies how these are to be maintained, tested, and audited, which led Verified Votin g.Org to declare Nevada’s overall performance as “generally good.”  Additional information concerning Nevada’s audit limitations can be found on this Verified Voting page.   We have some soft spots, but none of these seem like major issues at the moment, and most appear to be capable of repair by a legislature paying attention to the details.

Now, we need a third hand.  Since the intelligence agencies at the Federal level haven’t released the names of those states (21 to 39) which suffered Russian intrusion, we don’t know if Nevada is among the list.  The only ones which have self-identified to date are Illinois and Arizona.  This situation raises more questions:

(1)  Is the voter registration data maintained by the Secretary of State’s office fully secure and safe from hacking?  Is access to this information secured in such a way as to prevent unlawful or illicit compromise?  What tests are performed to verify the security, and by whom are the tests conducted?  To whom are the results reported? Are those receiving the test reports empowered to fix any and all issues discovered?

(2) Is the voter registration data maintained at the local level secure from unauthorized access?  Is there sufficient funding and expertise at the local level to conduct tests of access security?  Is the ‘calendar’ of security testing at the local level adequate to prevent unauthorized or illicit access?  Are there “gaps” in access security, such that some localities are more secure than others?

(3) Are local voting systems/machines secure from unauthorized access and tampering?  Is the State (or local agencies) doing adequate security testing and auditing of results? Are our present systems safe, or is there more we could be doing?  Do we need to consider more in the way of risk limitation auditing .

It’s now beginning to look like we need to have some more hands involved, rather more like an octopus to get a handle on all the questions.

There are some things that Nevada may not have the capacity to do on its own.  We probably shouldn’t be required to conduct our own “elves vs. trolls” in the manner of the Lithuanian government’s efforts to fight off disinformation campaigns.  Germany, the United Kingdom, France, the Baltic nations, Sweden and the European Union have all devised national and cross-border efforts to publicize and blunt Russian efforts. [WP]

It would be extremely helpful to have a federal Executive Branch more engaged in countering Russian meddling than in vote suppression and declaring the obvious FACT of Russian cyber assaults to be Fake News.

Comments Off on Election Integrity in Nevada: How Safe Is Safe?

Filed under Nevada, Nevada politics, Politics, von Spakovsky, Vote Suppression, Voting

They’ve Only Just Begun: Hacking the Silver State?

If the President of the US isn’t all that interested in how the Russians hacked and meddled in the 2016 election, voters and voting officials in the US should be, and this includes the state of Nevada.  There are several layers to the issues, the voting itself and the processes which are elements of the total election system.

Voting Machine Vulnerability

The good news is that Nevada has a relatively robust voting system in place that is more difficult for a foreign power — read Russian operatives — to hack, the bad news is that the Sequoia (Dominion) system could still have some issues most related to “insider” attacks

“The software suffers from numerous programming errors, many of which have a high potential to introduce or exacerbate security weaknesses. These include buffer overflows, format string vulnerabilities, and type mismatch errors. In general, the software does not reflect defensive software engineering practices normally associated with high-assurance critical systems. There are many instances of poor or absent error and exception handling, and several cases where the software behavior does not match the comments and documentation. Some of these problems lead to potentially exploitable vulnerabilities that we identified, but even where there may not be an obvious vulnerability identified, the presence of such errors reduces our overall confidence in the soundness of the system as a whole.” [VerifiedVoting]

The problems associated with Nevada’s voting machines are mostly of the variety perpetrated by “insiders,” those who have control of the machines during set up, maintenance, and handling.  This is good news for preventing ‘rigging’ issues in terms of election outcomes being vulnerable to outside forces.  A statement from the Secretary of State describes the election audit system. (pdf)

Voter Registration Record Security

The election voter data isn’t quite so reassuring.  Nevada is a “member” of the Cross Check system.   The system certainly can be used to remove individuals from the voter rolls with deleterious effect, and the exchange between

voting officials and the Nevada ACLU isn’t all that comforting:

Wayne Thorley, Nevada’s deputy secretary of state for elections, counters that the program just matches data and doesn’t target anyone. “Just because someone comes back as a match on the Interstate Crosscheck list, it doesn’t automatically trigger cancellation of their account,” he said. “And then, further investigation is done by the state.” He said Nevada also uses the Electronic Registration Information Center to match names from the Crosscheck list with DMV records. Voters then get a postcard to verify their address and if they don’t respond and don’t vote in two elections, they’re dropped from the rolls. Tod Story, executive director of the Nevada ACLU, worries that the postcard system could be problematic. “It does not seem to be fair and certainly would affect more low-income and minority voters, who tend to be more transient, who are going to move more frequently,” he said. Thorley said that is certainly not the intent. “If that has a disparate impact on members of minority communities, I’m not aware of that,” added Thorley. “But it’s not targeted that way at all. We’re simply following the federal law.”

First, Mr. Thorley should be aware of “that” — there is, and has been demonstrated to be a disparate impact on members of minority groups.  Secondly, the post-card system is, and has been demonstrated to be, an ineffective way of contacting individuals who are ‘challenged’ under the Cross Check system.  [RS]  The results of using the Cross Check system are also not reassuring:

“The program has since expanded to 30 states, according to the National Conference of State Legislatures (NCSL), but it’s been controversial from the start. For one thing, it’s resulted in very few actual cases of fraud being referred for prosecution, as alleged cases of double voting in multiple states turned out to be clerical and other errors. One tally found that while the program has flagged 7.2 million possible double registrants, no more than four have actually been charged with deliberate double registration or double voting. Meanwhile, some states including Florida dropped out of the program due to doubts about the reliability of its data — though others, including the swing state of North Carolina, joined despite those issues.”  [TVN]

Get that? Out of 7.2 million ‘flagged’ 4 individuals have been charged with double registration or double voting.  In addition to obviously being ineffective (A 0.00005.5% catch rate doesn’t seem worth the effort) the collection would appear to be a grand place for a hacker to start if he or she has mischief in mind.

Initial Russian assaults are still a matter of confidentiality, no Secretaries of State have yet been cleared to receive the reports of hacking collected by our security agencies although there is testimony that 21 states were subjected to attacks of some kind. [LAT]  We do know that Illinois was one on the states in which voter registration rolls were hacked.

“The hack had nothing to do with counting the votes in elections in Illinois. The hackers looked at voting registration data: name, address, date of birth, gender and the last four digits in the Social Security number.

The hackers searched through about 80,000 records overall, with the elections board confirming that the records of just under 3,000 voters were viewed by the hackers.” [CST]

The Chicago Sun Times reported how the hack was accomplished, and how it was detected.   The state of Arizona also had a major scare, as reported by Michele Reagan, AZ Secretary of State:

Reagan said she was alerted to the hack after the Federal Bureau of Investigation found a credential — a username and login — for the state system for sale on the dark web.

“It was really frightening and scary considering we’re in charge of almost four million people’s information,” Reagan said.

Reagan said her office had a lot of decisions to make in short amount of time to protect voter safety and took the system offline.

“At that moment in time, the most important thing was what do we do with that database,” she said. “How do we inspect it? We need to make sure that no information was taken, no information was altered, a virus wasn’t inserted into that system.”

She said, while the voter database was hacked, the voting registration system was not.

“We got lucky once,” she said, adding that the state has added multi-factor authentication, required the changing and strengthening of passwords and made other tweaks to better protect the system. [KTAR]

It would be reassuring to know if Nevada has implemented “multi-factor authentication” and other measures to better secure Nevada voter data.

I’ve not read any reports to date assuring me that the Russian hacking was a “one-off” and unlikely to be replicated.  Indeed, nearly every article asserts that what we’ve seen in 2016 was only the beginning.  A few intrusions in anywhere from 21 to 39 states, a peek into voter information data, some attempts to ‘phish” their way into systems — and many warnings that this indicates increasing interest in going deeper into US elections rather than any foray for temporary recreational purposes.

Recommendations

Retain the sanctions placed on the Russians by the Obama Administration, and enact new and greater sanctions on them as proposed by the U.S. Senate.  House Republicans have stalled the bill which passed the Senate on a 98-2 vote. [NYT] As of June 23, 2017 the White House indicated it would step up lobbying efforts against the Russian sanctions bill. [WP]  Those tracking the progress of this bill will want to follow GovTrack S 722.

Review and potentially revise Nevada voter data security processes and products.  Have issues revolving around the infamous Cross Check program been resolved?  Have procedures been adopted that would prevent access such as happened in Illinois and Arizona?

Russian probing, and interference, will not stop…it will be up to the US Congress and the 50 states, to reject their efforts.

 

1 Comment

Filed under Nevada politics, Politics, Vote Suppression, Voting

Good Morning: The Administration wants all your voting data, and wants to make it public

The President’s “election commission,” established to cover his allegations that millions of illegal voters prevented His Vulgarity from attaining triumph in the popular vote, is requesting voter roll data from all 50 states. Nevada is included in this list.

“On Wednesday, all 50 states were sent letters from Kris Kobach — vice chair for the Presidential Advisory Commission on Election Integrity — requesting information on voter fraud, election security and copies of every state’s voter roll data.

The letter asked state officials to deliver the data within two weeks, and says that all information turned over to the commission will be made public. The letter does not explain what the commission plans to do with voter roll data, which often includes the names, ages and addresses of registered voters. The commission also asked for information beyond what is typically contained in voter registration records, including Social Security numbers and military status, if the state election databases contain it.” [ProPublica]  (emphasis added)

There are many layers of just how wrong this is.   First, and most obviously, why worry about Russian hacking into voter roll information for the purpose of making mischief if everything they want is right out there in public view?  Nothing like One Stop Shopping for voter data for the Kremlin?

Secondly,  conspicuously absent from the letter is any indication about what processes and procedures will be applied to protect voters’ privacy.  Mr. Kobach’s documented sloppy handling of his Cross Check program data is not reassuring.

Third, while full Social Security numbers may not be included, even partial number releases may be a bridge too far for those concerned with identity theft; and, does the Pentagon really want the status of members of the Armed Forces right out there for all the world to see?  How handy for the Bad Guys to have an instant way of finding out a soldier’s home address?

Finally (for the moment) there’s the purpose for which all this data is sought — rest assured, it’s NOT for the purpose of “election integrity,” in fact given the participation of Kobach and Von Spakovsky the obvious intent is to scramble the data for inclusion in a “report proving” that there’s a “need” for more voter suppression.

Nevada citizens who do NOT want their voter data/records shared in this haphazard and insecure way should call the office of Nevada’s Secretary of State: 775-684-5708, fax 775-684-5725; or e-mail at <sosmail@sos.nv.gov>

1 Comment

Filed under Nevada, Nevada politics, Politics, von Spakovsky, Vote Suppression, Voting