Four US senators, members of the US Senate Select Committee on Intelligence, sent a letter on Wednesday to Election Systems and Software (ES&S), the largest voting machine vendor in the US, asking for clarifications on why the vendor is trying to discourage independent security reviews of its products. From a report: The four senators who signed the letter are Kamala D. Harris (D-CA), Mark Warner (D-VA), Susan Collins (R-ME), and James Lankford (R-OK). The senators sent the letter to ES&S following the conclusion of the Voting Village at the DEF CON 26 security conference held in Las Vegas at the start of the month, where security researchers found several security vulnerabilities in the company's products. "We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing," the letter reads. "Many of the world's leading electronics and software companies have opened their arms to the research community, maintaining active presences at the largest security research conferences and inviting 'white hat' hackers to probe their products to identify how they can improve product security," the letter continued. At DEF CON, security researchers found vulnerabilities in the voting machines of other vendors. Only ES&S is mentioned in the senators' letter because of the company's dismissive approach to external security research.

U.S. President Donald Trump accused social media companies on Friday of silencing "millions of people" in an act of censorship, but without offering evidence to support the claim. From a report: "Social Media Giants are silencing millions of people. Can't do this even if it means we must continue to hear Fake News like CNN, whose ratings have suffered gravely. People have to figure out what is real, and what is not, without censorship!" Trump wrote on Twitter, not mentioning any specific companies. Trump also criticized social media outlets last week, saying without providing proof that unidentified companies were "totally discriminating against Republican/Conservative voices." Mr. President's Friday remarks comes days after he expressed concerns over Twitter and Facebook regulating the content on their own platforms. He found such practice "very dangerous."

A former government contractor who pleaded guilty to leaking U.S. secrets about Russia's attempts to hack the 2016 presidential election was sentenced Thursday to five years and three months in prison. From a report: It was the sentence that prosecutors had recommended in the plea deal -- the longest sentence ever given for a federal crime involving leaks to the news media -- for Reality Winner, the Georgia woman at the center of the case. Winner was also sentenced to three years of supervised release and no fine, except for a $100 special assessment fee. The crime carried a maximum penalty of 10 years. U.S. District Court Judge J. Randal Hall in Augusta, Georgia, was not bound to follow the plea deal, but elected to give Winner the amount of time prosecutors requested. Winner, 26, who contracted for the National Security Agency, pleaded guilty in June to copying a classified report that detailed the Russian government's efforts to penetrate a Florida-based voting software supplier. Further reading: How a Few Yellow Dots Burned the Intercept's NSA Leaker.

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

A new voting system that uses open-source software for counting ballots has been approved by California elections officials. "The certification of the new tally system for the county paves the way for other improvements, including redesigned absentee ballot packets, in the Nov. 6 election," reports Los Angeles Times. "It is the first election system of its kind, using publicly available source code that has been certified for use in California." From the report: The ballot-counting equipment is part of a broader redesign of Los Angeles County's voting system, which will include new equipment while relying on a traditional paper ballot. The county's existing system, portions of which are now decades old, has been targeted for replacement for several years.

The Democratic National Committee contacted the FBI on Tuesday after it detected what it believes was the beginning of a sophisticated attempt to hack into its voter database, a Democratic source tells CNN. From a report: The DNC was alerted in the early hours of Tuesday morning by a cloud service provider and a security research firm that a fake login page had been created in an attempt to gather usernames and passwords that would allow access to the party's database, the source said. The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details. The source said the DNC is investigating who may have been responsible for the attempted attack, but that it has no reason to believe its voter file was accessed or altered.

From a report: On Tuesday, nine Senators introduced a bill that would require state and local governments to use paper ballots in an effort to secure elections from hackers. The bill would also require rigorous audits for all federal elections to ensure that results match the votes. "Leaving the fate of America's democracy up to hackable election machines is like leaving your front door open, unlocked and putting up a sign that says 'out of town,'" Sen. Ron Wyden, a Democrat from Oregon, said in a release. "Any failure to secure our elections amounts to disenfranchising American voters." The Protecting American Votes and Elections Act of 2018 was drafted amid intense scrutiny of voting systems ahead of the mid-term elections in November. Russian interference in the 2016 presidential election has elevated concern over the security of the country's voting systems. The senators said rigorous audits will ensure votes are legitimate. Currently, 22 states don't require post-election audits, according to the release.

retroworks shares a report: Hackers linked to Russia's government tried to target the websites of two right-wing U.S. think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft said. The software giant said it thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords. There was no immediate comment from Russian authorities, but the Kremlin was expected to address the report later on Tuesday. It has regularly dismissed accusations that it has used hackers to influence U.S. elections and political opinion. Casting such allegations as part of an anti-Russian campaign designed to justify new sanctions on Russia, it says it wants to improve not worsen ties with Washington. Further reading: Microsoft Reveals First Known Midterm Campaign Hacking Attempts, and Microsoft Launches Pilot Program To Provide Cybersecurity Protection To Political Campaigns and Election Authorities.

Anonymous readers share a report: Sen. Bill Nelson, a Florida Democrat, has reaped the political whirlwind in the 10 days since he proclaimed that Russian hackers had "penetrated" some of his state's county voting systems. The governor of Florida, Rick Scott, a Republican who is running against Nelson for his U.S. Senate seat this fall, has blasted his claim as irresponsible. The top Florida elections official, also a Republican, said he had seen no indication it's true. And The Washington Post weighed in Friday with a 2,717-word fact check that all but accused Nelson -- without evidence -- of making it up. However, three people familiar with the intelligence tell NBC News that there is a classified basis for Nelson's assertion, which he made at a public event after being given information from the leaders of the Senate Intelligence Committee. The extent and seriousness of the threat remains unclear, shrouded for reasons of national security.

[...] Through a spokesman, Nelson declined to comment. At a, Aug. 7 campaign event in Florida's capital, Nelson said Intelligence Committee leaders asked that he "let supervisors of elections in Florida know that Russians are inside our records." He added that Russian hackers "have already penetrated certain counties in the state and they now have free rein to move about." "Either Bill Nelson knows of crucial information the federal government is withholding from Florida election officials, or he is simply making things up," said Scott, who is seeking to take Nelson's Senate seat, which the senator has held since 2001. But Scott, who as governor has a security clearance, has not actually disputed Nelson's assertion. His spokesman said the governor had not personally called anyone at the Department of Homeland Security to seek a classified briefing to get to the bottom of the matter.

A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers. From a report: Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations. The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters. [...] As of August 7, 36 of 50 states had installed Albert at the "elections infrastructure level," according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations [Editor's note: the link may be paywalled; alternative source], WSJ reports. From the report: Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries. The change was described as an "offensive step forward" by an administration official briefed on the decision, one intended to help support military operations, deter foreign election influence and thwart intellectual property theft by meeting such threats with more forceful responses. The Trump administration has faced pressure to show that it is taking seriously national-security cyberthreats -- particularly those that intelligence officials say are posed by Moscow.

An anonymous reader quotes a report from TechCrunch: In an effort to provide more transparency and deliver on a promise to Congress, Google just published an archive of political ads that have run on its platform. Google's new database, which it calls the Ad Library, is searchable through a dedicated launch page. Anyone can search for and filter ads, viewing them by candidate name or advertiser, spend, the dates the ads were live, impressions and type. For anyone looking for the biggest ad budget or the farthest reaching political ad, the ads can be sorted by spend, impressions and recency, as well. Google also provided a report on the data, showing ad spend by U.S. state, by advertiser and by top keywords.

The United States voiced deep suspicion on Tuesday over Russia's pursuit of new space weapons, including a mobile laser system to destroy satellites in space, and the launch of a new inspector satellite which was acting in an "abnormal" way. From a report: Russia's pursuit of counterspace capabilities was "disturbing," Yleem D.S. Poblete, U.S. Assistant Secretary of State for Arms Control, Verification and Compliance, told the U.N.'s Conference on Disarmament which is discussing a new treaty to prevent an arms race in outer space. A Russian delegate at the conference dismissed Poblete's remarks as unfounded and slanderous. Russian Foreign Minister Sergei Lavrov, at the Geneva forum in February, said a priority was to prevent an arms race in outer space, in line with Russia's joint draft treaty with China presented a decade ago.

About 30 percent of House candidates running for office this year have significant cybersecurity issues with their campaign websites, according to a new study. Reuters: The research was unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations. A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security. Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation. The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party's national, state and campaign operations.

UnknowingFool writes: At this year's DEFCON, a group of 50 children aged 8 to 16 participated in a hack of 13 imitation election websites. One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes. Overall, more than 30 of the 50 children were able to hack the websites in some form. The so-called "DEFCON Voting Machine Hacking Village" allowed kids the chance to manipulate vote tallies, party names, candidate names and vote count totals. The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.

The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

Top officials at the Environmental Protection Agency pushed through a measure to review applications for using asbestos in consumer products, and did so over the objections of E.P.A.'s in-house scientists and attorneys, internal agency emails show. From a report: The clash over the proposal exposes the tensions within the E.P.A. over the Trump administration's efforts to roll back environmental rules and rewrite other regulations that industries have long fought. Asbestos, a naturally occurring mineral and known carcinogen, was once common in insulation and fireproofing materials, but today most developed countries ban it. The United States still allows limited use in products including gaskets, roofing materials and sealants. The proposed new rule would create a new process for regulating uses of asbestos, something the E.P.A. is obliged to do under a 2016 amendment to a toxic substances law.

An anonymous reader quotes a report from Gizmodo: The Democratic nominee for governor of Colorado, U.S. Representative Jared Polis, wants to add blockchain to the list of items voters consider this year. Polis currently represents Colorado's 2nd district in the House, and he won the Democratic gubernatorial nomination last month. He's held his seat in the House for about a decade and has been a fairly solid progressive. On Wednesday, Polis added a set of limited proposals regarding blockchain to his gubernatorial platform that at least give us an idea of what it means for a politician to campaign on blockchain. Polis told us he would like to resolve some of the "ambiguity" in federal rules, encourage fintech company investment, remove some licensing requirements for token securities, and exempt cryptocurrencies from state money transition laws. He says these companies are "trying to fit what they're doing into an obsolete, outdated, and often obsolete federal law."

Polis also wants to explore how blockchain could be used for voting security. Polis isn't ready to necessarily endorse moving all voting to the blockchain system. He likes paper ballots and told us, "this would be more how the information is generated and stored from those paper ballots rather than doing so in a centralized database it would be done across a distributed ledger." The congressman also thinks that blockchain could be used to streamline the process for storing public records and making them available to the public. "We're talking more about everything from Colorado contracts, expenditures, titles, a lot of the data-intensive aspects of state government can be more secure and more accessible through distributed ledgers," he said.

Vice President Mike Pence on Thursday laid out details for President Donald Trump's proposed new branch of the U.S. military responsible for protecting national security in outer space. From a report: In a speech at the Pentagon, Pence said the new Space Force would be established by 2020. "As President Trump has said, in his words, it is not enough to merely have an American presence in space -- we must have American dominance in space. And so we will," Pence said. "Space is, in his words, a war-fighting domain just like land and air and sea." He added, "History proves that peace only comes through strength, and in the realm of outer space, the United States Space Force will be that strength in the years ahead." The Space Force would ultimately become the sixth branch of the U.S. Armed Forces and would be equal to the other five, Pence said. The Department of Defense has prepared a report laying out the phases of creating the new branch, which will ultimately have to be reviewed and approved by Congress.

"In Chicago, it used to be claimed that even death couldn't stop a person from voting," writes Slashdot reader lunchlady55. "But in the Deep South, there are new reports of discrepancies in voter turnout with the approval of new electronic voting systems." Ars Technica reports: [I]f any state is a poster child for terrible election practices, it is surely Georgia. Bold claims demand bold evidence, and unfortunately there's plenty; on Monday, McClatchy reported a string of irregularities from the state's primary election in May, including one precinct with a 243-percent turnout.

McClatchy's data comes from a federal lawsuit filed against the state. In addition to the problem in Habersham County's Mud Creek precinct, where it appeared that 276 registered voters managed to cast 670 ballots, the piece describes numerous other issues with both voter registration and electronic voting machines. (In fact it was later corrected to show 3,704 registered voters in the precinct.) Multiple sworn statements from voters describe how they turned up at their polling stations only to be turned away or directed to other precincts. Even more statements allege incorrect ballots, frozen voting machines, and other issues. "George is one of four states in the U.S. that continues to use voting machines with no ability to provide voters a paper record so that they can verify the machine counted their vote correctly," the report adds.

West Virginians serving overseas will be the first in the country to cast federal election ballots using a smartphone app, a move designed to make voting in November's election easier for troops living abroad. But election integrity and computer security experts expressed alarm at the prospect of voting by phone, and one went so far as to call it "a horrific idea." CNN: The state's decision to pioneer mobile voting comes even as the United States grapples with Russian interference in its elections. A recent federal indictment outlined Russia's attempts to hack US voting infrastructure during the 2016 presidential race, and US intelligence agencies have warned of Russian attempts to interfere with the upcoming midterm election. Still, West Virginia Secretary of State Mac Warner and Voatz, the Boston company that developed the app, insist it is secure. Anyone using it must first register by taking a photo of their government-issued identification and a selfie-style video of their face, then upload them via the app. Voatz says its facial recognition software will ensure the photo and video show the same person. Once approved, voters can cast their ballot using the Voatz app.