Archives

Media Release: Verified Voting Applauds Oregon’s Senate for Passing Bill Requiring Robust Post-Election Audits to Verify Elections

Marian K. Schneider: “Oregon is leading the way towards better integrity and security with the passage of SB 944.”

The following is a statement from Marian K. Schneider, president of Verified Voting, on Oregon’s Senate passage of SB 944, offering counties the option to audit elections using a process known as risk-limiting audits, which are designed to bolster public confidence in elections. For additional media inquiries, please contact aurora@newheightscommunications.com  

“Oregon is leading the way towards better election integrity and security with the Senate’s passage of SB 944. This bill requires county clerks across the state to conduct audits after every election — not just general elections — and lets them choose between a partial hand count and risk-limiting audits (RLAs). An RLA examines a sample of the paper ballots to check if the election outcome is correct.  RLAs provide strong evidence when election outcomes are correct, and have a guaranteed large chance of correcting wrong outcomes or, outcomes that are wrong because of counting errors. Read More

International: 1 in 5 elections faced foreign cyber interference | Dylan Bushell-Embling/Technology Decisions

One in five national elections held worldwide since 2016 were potentially influenced by foreign interference, according to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS. An analysis of 97 national elections and 31 referenda that have been held since the 2016 US presidential election identified 20 countries with clear examples of foreign interference, including Australia. The analysis was limited to countries considered to be free or partly free countries. These incidents ranged from cyber attacks to voter registration systems, to DDoS attacks to national election commissions, to the use of Facebook to spread disinformation and discourage voter turnout. Read More

Counting Votes: Election Cybersecurity Legislation Hits a Wall, RobinHood Visits Baltimore, and of course Florida

“According to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS, one in five national elections held worldwide since 2016 were potentially influenced by foreign interference, … “Democracies around the world have been struggling to grapple with foreign interference from state actors during elections,” International Cyber Policy Centre head Fergus Hanson said. “More empirical data means they can respond in a more targeted way calibrating policy responses to the likely risk, methods and adversary.” Technology Decisions

In an extensive Roll Call article this morning, Gopal Ratnam reports that despite the best intentions of election officials and many lawmakers, in 2020 many jurisdictions will be using “voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results.”

In addition to eliminating direct recording electronic (DRE) voting machines and requiring routine post-election audits, many of the legislative efforts have addresses cybersecurity vulnerabilities in voting systems. Edgardo Cortés, election security advisor at the Brennan Center for Justice noted, “In some sense, anything that has an internet connection can be hacked. Wireless capability, even if the functionality can be turned off through hardware or software, poses risks of remote access by adversaries, he said.”

Verified Voting President Marian Schneider explained inthe article that beyond prohibiting voting equipment that can connect to the internet, “machines may still need to have some type of wireless communication system so that administrators can upload new ballot information ahead of each election. Some counties and precincts insert manual cartridges into machines to upload ballot information, but others push out that information wirelessly because it’s easier.”

“The software on new models of voting machines would also need routine updates, and that would require some type of connectivity,” Schneider continued, “the question is, how you do it safely? Because we can’t reduce the risk to zero, we need to do audits to check the results after. Post-election audits, in which samples of cast paper ballots are recounted, is considered the gold standard for verifying election results, but few states conduct them.”

The concern over election cybersecurity was reflected in the many federal election cybersecurity related bills that have been introduced in the past several days. Those bills met an icy reception yesterday, as Senate Rules Committee Chairman Roy Blunt (R-MO) said he doesn’t expect to hold hearings on any election security bills this Congress because he doesn’t think Senate Majority Leader Mitch McConnell (R-KY) will bring them to a floor vote.

On May 10 House Democrats introduced the Election Security Act, portions of which were included in H.R. 1, the For the People Act, an omnibus bill including a broad range of electoral reforms. Last Tuesday, a bipartisan group of senators introduced the Voting System Cybersecurity Act, which would require a cybersecurity expert from the Department of Homeland Security (DHS) be included on the committee tasked with developing voluntary voting system guidelines as part of the effort to make U.S. elections secure.

On Wednesday, Sen. Ron Wyden (D-OR) and a group of 12 other senators introduced a bill to mandate the use of paper ballots in U.S. elections and also ban all internet, Wi-Fi and mobile connections to voting machines in order to limit the potential for cyber interference. And on Thursday, Sen. Amy Klobuchar introduced a Senate companion for the Election Security Act, which has garnered the support so far of 38 co-sponsors, all Democrats or independents.

The EAC: Understaffed and Underfunded

With deadlines to complete a new iteration of the VVSG fast approaching, and forced to meet other responsibilities on a shoestring budget and short staff, the EAC commissioners visited the Hill last week seeking increased funding. Comparing the EAC’s role in working on “the infrastructure of our democracy,” the Commission’s vice chairman, Benjamin Hovland, told the committee. “What we need is an investment from Congress to help us do that work.” Hovland noted that “The commission’s budget request for fiscal 2020 is $7.95 million, which is about $1 million less than 2019 and lower than the annual money set aside by Kansas City, Missouri, to fix its potholes.

“With additional resources, the EAC would have the opportunity to fund additional election security activities within its election technology program,” said McCormick. “There is no shortage of ambition at EAC when it comes to supporting this work, but there is a stark shortage of funds for such activities.”

Derek Johnson, writing for FCW, notes that the “EAC’s budget has been chopped in half over the past decade, and the Trump administration has proposed further cuts in its 2020 budget.“ At the hearing McCormick revealed that the EAC doesn’t have any full-time employees dedicated to election security work and only four full-time employees working on certification of voting machines.

[Earlier today in CybersScoop, Sean Lygrass reported, the EAC had added Jessica Bowers, a former executive at Dominion Voting Systems and Paul Aumayr, a former Maryland election official, to its voting system certification program staff.]

Last month, a group of 31 Democratic Senators led by Rules Committee ranking member Amy Klobuchar (D-Minn.) sent a letter to the Senate Appropriations Committee urging them to fund the EAC at Fiscal 2009 levels, when it had nearly fifty employees and a budget of just under $18 million, citing cybersecurity as a top concern.

“As you know, our state and local government partners face significant and sophisticated cybersecurity threats from foreign actors,” the Senators wrote. “Against this backdrop, it is critical that our nation’s election officials have the support they need from the federal government in modernizing their voting systems, and the EAC has a responsibility to maintain a high-functioning certification program.”

Florida: Who Got Hacked?

Joseph Marks wrote in the Washington Post about the frustration expressed by Florida lawmakers learning that the FBI took more than two years to acknowledge Russian hackers had penetrated some of the state’s voter database. “This lack of transparency is counterproductive,” Rep. Stephanie Murphy (D) complained. “I’m really concerned that it can erode public confidence in the integrity of our elections almost as much as the actual hacking did.”

The Mueller Report noted that the FBI had determined two Florida counties had been hacked, but the identities have not been released. Explaining their cloak-and-dagger secrecy, the FBI says it defines the counties themselves — as opposed to the actual voters within them — as the victims of the hack. Therefore, it’s up to the counties involved to disclose their own identities, as reported by Marc Caputo at Politico.

Rep. Michael Waltz (R-FL), who was briefed with other congressional members Thursday about the counties’ identities, objected, “Basically, what they’re classifying as the ‘victim’ — which is the elections official — is a mischaracterization in and of itself. The victim is the voter.”

David Smiley at the Tampa Bay Times suspects that nearly identical “jargon-filled non-denials” issued by Washington and Sumter Counties might be clues.

The NGA Cybersecurity Summit in Shreveport and RobinHood in Baltimore

Dan Lohrmann reported for GovTech on the third National Governors Association National Summit on State Cybersecurity held in Shreveport, LA. In his keynote presentation, DHS cybersecurity director Chris Krebs described the actions of Russia in 2016 as “game-changers in the history of cybersecurity, because the hacking was not just for data, but was an attempt to undermine democracy.” While noting progress on election cybersecurity, Mr. Krebs cautioned that in addition to threats from nation-states, “ransomware and a host of other cyber trends were top priorities.”

On the subject of ransomware, the RobinHood ransomware attack on the Baltimore city government has prompted the creation of a Committee on Cybersecurity and Emergency Preparedness, even as the city works to restore the systems taken down by the debilitating attack Maggie Miller wrote  in The Hill. The attack took down several of the city’s services last week, including the Department of Elections. As Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology told Mindy Moretti in electionline Weekly “Ransomware is unfortunately one of the more challenging cybersecurity threats that election offices might face.”

Hall recommended that election offices keep all software is updated and back up critical systems, but observed that “Updating software may sound easy, but if an elections office has dependencies such as relying on the wider city or county infrastructure, this may be out of the election office’s hands and they may not be able to demand that the software they are using is updated as soon as new updates are available,” Hall said.

Threats to EU Elections

Responding to concerns by European and U.S. officials over cyber-attacks related to election meddling and intellectual property theft, the EC last week agreed on “new rules that will grant it authority to impose travel bans and asset freezes against individuals responsible for cyber-attacks that pose a significant threat to the bloc.”

 

The EU Parliament election this weekend will be the first since Russia’s disinformation campaign aimed at the 2016 US presidential election put other nations on high alert for similar behavior. Earlier this year, the security firm Fireeye reported that Russian hackers had been targeting European government agencies, as well media outlets in France and Germany.

Election Cybersecurity in Indonesia

The Jakarta Globe interviewed Fernando Serto, director of security technology and strategy at Akamai APJ, about efforts made by Indonesian officials to address the threat of election cyberattack. Noting that cybercrimes often happen during elections all over the world, Serto said “This is not unique to Indonesia; every time a country holds an election, we see a lot of hacking activity. We’ve seen it happen during elections in the Philippines and the US.”

“We see a lot of hacktivists, people who disagree with the policies of a particular candidate, trying to hack into their official website and put very aggressive messages on it,” Serto continued. “The role of the government is crucial in preventing hacktivists from creating cyber chaos during elections.”

National: Top Republican says Senate unlikely to vote on any election security bills | Maggie Miller/The Hill

Sen. Roy Blunt (R-Mo.), a member of Senate GOP leadership, said Wednesday that the chamber is unlikely to vote on any election security legislation, despite requests from a federal agency for more funding to improve election systems nationwide. Blunt made the remarks at a Senate Rules Committee hearing where Election Assistance Commission (EAC) officials highlighted what they said is an urgent need for more resources. His comments were in response to Senate Minority Whip Dick Durbin (D-Ill.) pointedly asking during the hearing whether the Rules Committee, chaired by Blunt, would mark up any election security bills already introduced this Congress. “At this point I don’t see any likelihood that those bills would get to the floor if we mark them up,” Blunt said. When Durbin asked why that was the case, Blunt said, “I think the majority leader is of the view that this debate reaches no conclusion. And frankly, I think the extreme nature of H.R. 1 from the House makes it even less likely we are going to have that debate.” Read More

National: Americans may vote in 2020 using old, unsecured machines | Gopal Ratnam/Roll Call

The first primary in the 2020 presidential race is a little more than 250 days away, but lawmakers and experts worry that elections will be held on voting machines that are woefully outdated and that any tampering by adversaries could lead to disputed results. Although states want to upgrade their voting systems, they don’t have the money to do so, election officials told lawmakers last week. Overhauling the nation’s election systems would mean injecting as much as $1 billion in federal grants that would then be supplemented by states, but top Senate Republicans have said they are unlikely to take up any election security bills or give more money to the states. The deadlock could mean that even as federal government and private companies spend tens of billions of cybersecurity dollars annually to protect their computers and networks from attacks, the cornerstone of American democracy could remain vulnerable in the upcoming elections. Read More

National: EAC rattles the cup on Capitol Hill | Derek B. Johnson/FCW

For the first time in nearly a decade, the Election Assistance Commission has a full slate of commissioners in place. Now, with the agency sitting at the center of several key election security debates, they’re asking Congress to make their budget whole too. At a May 15 Senate Rules Committee hearing, Christy McCormick, who chairs the EAC, said the commission is at “a critical crossroads with regard to having sufficient resources necessary to better support state and local election administrators and the voters they serve” and asked members of Congress for more funding. “With additional resources, the EAC would have the opportunity to fund additional election security activities within its election technology program,” said McCormick. There is no shortage of ambition at EAC when it comes to supporting this work, but there is a stark shortage of funds for such activities.” Read More

National: EAC hires 2 tech experts for testing and certification program | Sean Lyngaas/CyberScoop

The U.S. Election Assistance Commission has added two experienced hands to its voting system certification program amid concerns it had a shortage of technical experts overseeing election infrastructure. The agency is staffing up its crucial certification program by hiring Jessica Bowers, a former executive at Dominion Voting Systems, one of the country’s three largest voting system vendors, and Paul Aumayr, a former Maryland election official. Both new hires will work as senior election technology specialists. In an email announcement to staff obtained by CyberScoop, EAC Executive Director Brian Newby touted Bowers and Aumayr’s technical acumen. Bowers has “over 18 years of software development and product support experience,” while Aumayr is a “Microsoft-certified systems engineer,” Newby wrote. Read More

National: Here’s how the military’s hacking arm is gearing up to protect the 2020 election |The Washington Post

Russia viewed the midterm elections as a “warm-up” for 2020. The U.S. military’s hacking division is treating it that way, too. In the run-up to the presidential election, U.S. Cyber Command is surging election defense efforts that proved useful during the midterms, officials told reporters Tuesday — including probing allies’ computer networks to glean insights about Russian threats. Cybercom is also working more closely with election defense teams at the Department of Homeland Security and the FBI, and with industry sectors that are targeted by Kremlin hackers and might have early warnings about threats facing the election, my colleague Ellen Nakashima reported from that briefing. “Our goal is to have no interference in our elections,” said Maj. Gen. Tim Haugh, who heads the command’s cyber national mission force. “Ideally, no foreign actor is going to target our electoral process.” Cybercom is the only outfit among the myriad federal state and local government agencies tasked with protecting the 2020 election that is allowed to punch back against Russian hackers — and it’s using its new authorities granted during the Trump administration to be more aggressive in cyberspace. Read More

Florida: Florida lawmakers rail against FBI for secrecy on voter breaches | Joseph Marks/The Washington Post

Florida lawmakers are railing against the FBI for taking more than two years to acknowledge Russian hackers penetrated some of the state’s voter files — and for remaining mum about which voters were affected. The long delay signals to voters in Florida and elsewhere that the government won’t level with them if and when their votes are manipulated, the lawmakers say. And that lack of public faith could do just as much damage as the Russian hacking and disinformation operation that upended the 2016 election and cast doubts on the legitimacy of President Trump’s victory. “This lack of transparency is counterproductive,” Rep. Stephanie Murphy (D) told me. “I’m really concerned that it can erode public confidence in the integrity of our elections almost as much as the actual hacking did.” Read More

Florida: Which Florida counties were hacked? Maybe these non-denial denials are a clue. | David Smiley/Tampa Bay Times

Ever since a leaked classified intelligence document revealed that Russian hackers had tried to access Florida’s elections networks in 2016 by crafting malware-laced emails made to look like they came from a software vendor, reporters all over the country have been searching for electronic correspondence sent three years ago to the state’s 67 elections offices. But could emails crafted by the elections offices themselves hold the clue to determining which two jurisdictions were in fact hacked? This week, in response to hacking questions sent to every supervisor of elections in the state by the Tampa Bay Times and Miami Herald, two offices issued the same legalistic non-denial. Almost word-for-word, they gave the same response when asked if their voter registration networks were hacked in 2016, explaining that they could not answer questions because to do so could “directly or indirectly” help determine the answer — which has been deemed classified by the FBI. It now turns out that at least one of those two offices was, in fact, hacked. Read More

Louisiana: States Explore Opportunities at National Summit on Cybersecurity | Dan Lohrmann/Government Technology

The National Governors Association Center for Best Practices held their third National Summit on State Cybersecurity from May 14-15, 2019 at the Shreveport Convention Center. The unique event convened state homeland security advisors, chief information officers, chief information security officers, governors’ policy advisors, National Guard leaders, and others from all 55 states and territories to explore cybersecurity challenges and promising practices. Over the course of two days, participants engaged in a series of interactive sessions and breakouts to discuss countering the newest threats, disruption response planning, workforce development, and much more. … The sessions were packed with best practices, case studies, opportunities for improving cybersecurity in different areas and much more. Read More

Maryland: Baltimore creates cybersecurity review panel following ransomware attack | Maggie Miller/The Hill

Baltimore City Council President Brandon Scott announced the creation of a Committee on Cybersecurity and Emergency Preparedness on Thursday, as the city works to restore the systems taken down by a debilitating ransomware attack last week. “This cyber attack against Baltimore City government is a crisis of the utmost urgency,” Scott said. “That is why I will convene a select committee, co-chaired by Councilman Eric Costello and Councilman Isaac ‘Yitzy’ Schleifer, to examine the City’s coordination of cybersecurity efforts, including the Administration’s response to the cybersecurity attack and testimony from cybersecurity experts.” A type of ransomware known as “RobinHood” took down several of the city’s services last week, including some of the capabilities of the Baltimore City Department of Transportation, the Department of Public Works, and the Department of Finance. The city is also currently unable to send or receive email. Read More

Editorials: Don’t nickel & dime Pennsylvania’s democracy | David Hickton/Pittsburgh Tribune-Review

The front lines of today’s cyberwarfare battles are not just at Fort Meade. They are in Allegheny County’s Elections Division. And in Erie County. And Butler County. And Indiana County. And all across Pennsylvania. Our elections — and the integrity of your vote — are under threat from nation-state adversaries. As of today, Pennsylvania is not prepared to defend against what will almost certainly be unprecedented attacks in the next presidential election cycle. But there is still time to secure the 2020 election. The General Assembly, however, needs to help counties secure this most critical of battlegrounds. The Blue Ribbon Commission on Pennsylvania’s Election Security spent much of the past year studying current and future cyber-based threats to Pennsylvania’s elections. What we found was sobering. In the 2016 and 2018 elections, more than 80 percent of Pennsylvania voters were registered to vote in precincts that did not use paper-based voting systems, meaning that most of Pennsylvania’s counties would be unable to even detect the hack of a voting system, let alone recover from it. Read More

International: Cyber-enabled election interference occurs in one-fifth of democracies | Fergus Hanson and Elise Thomas/The Strategist

Cyber-enabled election interference has already changed the course of history. Whether or not the Russian interference campaign during the US 2016 federal election was enough to swing the result, the discovery and investigation of the campaign and its negative effects on public trust in the democratic process have irrevocably shaped the path of Donald Trump’s presidency. Covert foreign interference presents a clear threat to fundamental democratic values. As nations around the world begin to wake up to this threat, new research by ASPI’s International Cyber Policy Centre has identified the key challenges democracies face from cyber-enabled election interference, and makes five core recommendations about how to guard against it. ICPC researchers studied 97 national elections which took place between 8 November 2016 and 30 April 2019. The 97 were chosen out of the 194 national-level elections that occurred during the time period because they were held in countries ranked as ‘free’ or ‘partly free’ in Freedom House’s Freedom in the world report. Read More

Europe: EU Agrees Powers to Sanction, Freeze Assets Over Cyber-Attacks | Natalia Drozdiak/Bloomberg

The European Union on Friday agreed to new rules that will grant it authority to impose travel bans and asset freezes against individuals responsible for cyber-attacks that pose a significant threat to the bloc. The new rules come amid concerns by European and U.S. officials over cyber-attacks related to election meddling or intellectual property theft by actors linked to Russia and China. The measures, which aim to “deter and respond to cyber-attacks which constitute an external threat to the EU,” would apply to actors responsible for attacks originating outside the bloc, the Council of EU member states said in a statement. The bloc said it would also consider measures in response to attacks targeted at countries outside the EU or international organizations. Read More

Indonesia: Hacktivists, Bots, Elections: Indonesia Stepping Up Its Cybersecurity | Nur Yasmin/Jakarta Globe

The government should be thanked for their role in improving cybersecurity in Indonesia in the past five years, including during elections, an expert has said. “I’m seeing really good progress in Indonesian cybersecurity. A few years ago, it wasn’t as strong,” Fernando Serto, director of security technology and strategy at Akamai APJ said on the sidelines of the Akamai Security Summit in Jakarta at the end of last month. Serto is an expert in technology, specifically “zero-trust” web security and cybersecurity. He is a familiar face in Indonesia and has been assisting the government and local organizations with his expertise. Akamai APJ is the world’s largest and most trusted cloud delivery and security platform based in the United States. Serto said cyber attacks are increasing and constantly evolving, especially bot attacks.

Read More

Verified Voting Blog: Counting Votes: Paper Ballots and Audits in Congress, Crisis at the EAC?, Florida’s Mystery Counties

In her testimony at an election security hearing before the Committee on House Administration last week, Verified Voting President Marian Schneider joined advocates and election officials in calling on Congress to help states and local jurisdictions replace aging voting systems, conduct risk-limiting audits and enhance election infrastructure security. In order to prepare for 2020, Congress must provide “adequate financial investment in cyber security best practices, replacement equipment and post-election audit processes … immediately and continue at a sustainable level moving forward.”

Writing in Governing, Graham Vyse highlighted the significant bipartisan agreement between the two secretaries of state who testified, Jocelyn Benson (D-MI) and John Merrill (R-AL), on efforts needed to address emerging threats to election security. Significantly, the state election officials, along with all the witnesses, were unanimous in recommending the replacement of direct recording electronic voting machines with paper ballot voting systems and conducting post-election ballot audits.

Two days after the hearing, House Homeland Security Committee Chairman Bennie Thompson (D-MS), House Administration Committee Chairwoman Zoe Lofgren (D-CA) and Rep. John Sarbanes (D-MD), the chairman of the Democracy Reform Task Forcereintroduced The Election Security Act. Aimed at reducing risks posed by cyberattacks by foreign entities or other actors against U.S. election systems, the bill would establish cybersecurity standards for voting system vendors and require states to use paper ballots during elections.

Last month legislation was introduced in both chambers intended to strengthen election security by providing government grants to assist states, as well as local and tribal governments, in developing and implementing plans to address cybersecurity threats or vulnerabilities. This week Verified Voting wrote an open letter to the bills’ sponsors supporting their efforts and encouraging them to add provisions specifically prohibiting these funds from being used for internet-based voting. The letter notes that “[c]ybersecurity experts agree that no current technology, including blockchain voting, can guarantee the secure, verifiable, and private return of voted ballots over the internet.”

The departure of Ryan Macias from his position as acting head of the Election Assistance Commission’s head of voting system testing and certification program reflects an agency in crisis, according to Politico’s Morning Cybersecurity. Macias’ departure may be related to an exchange at an EAC field hearing, when Chairwoman Christy McCormick repeatedly asked Macias why EAC commissioners didn’t have final approval over the details of federal voting system standards.
Read More

Florida: Hacked Florida counties could disclose their identities — if they wanted to | Marc Caputo/Politico

Local election officials in the two unnamed Florida counties where Russian agents hacked voter rolls in 2016 are able to publicly disclose whether they had been attacked. But the bureaucrats are clamming up instead. And voters in those counties have no right to know that information, according to the FBI. Nor is the state’s governor or its congressional delegation allowed to tell the public the names of those counties. That’s because the FBI made the governor sign a non-disclosure agreement in order to receive a classified briefing about the hack, along with the members of Congress. Some lawmakers are outraged at what they see as bizarre reasoning from the agency. For now, the information about the two counties is being kept officially secret — even though the identity of one of the hacking “victims,” Washington County’s election office, has leaked out. Read More

Florida: Wyden seeks answers in Florida election hacking allegations | Politico

Sen. Ron Wyden (D-Ore.) has questions that a lot of people are still asking three years after the 2016 presidential race — what exactly happened with VR Systems, the Florida voter-registration software maker that the FBI apparently believes Russia hacked. The redacted version of special counsel Robert Mueller’s report indicated that in 2016 Russian hackers infiltrated a US maker of voter-registration software and installed malware on its network — information that was based on an FBI investigation. Furthermore, the 2017 indictment of Russian military officers for hacking Democratic computer systems that was based on the FBI investigation as well also asserted that a company fitting VR Systems’ description was hacked in 2016 and had malware installed on its network.. VR Systems, however, has long insisted it wasn’t hacked, though the company has never produced evidence showing it wasn’t compromised. Wyden wants to know whether the company ever engaged a third party to conduct a forensic examination of its computer networks and systems since the hacking assertions first came to light after the 2016 election and has asked to see a copy of a report from any such investigation, according to a letter he sent last week to VR Systems that his office shared with POLITICO. Read More

National: Report: U.S. political parties need to shore up cyber | Derek B. Johnson/FCW

Three years after the 2016 election, major political parties in the U.S. are still displaying sloppy digital security practices, according to a report from Security Scorecard. In new research released May 21, the company found vulnerabilities for the public facing, internet-connected digital assets of two major political parties. The Green Party and the Libertarian Party websites also displayed weaknesses. Vulnerabilities range from smaller sins like serving expired security certificates and sending unencrypted data to larger ones like leaking personally identifiable information and failing to put in place anti-spoofing protocols. In one case, an unnamed U.S. party was caught leaking data from a voting validation application containing the names, dates of birth and addresses of voters to the internet. Read More