Humor columnist Dave Barry won the 1988 Pulitzer Prize for commentary — and answered questions from Slashdot's readers in 2003. That same year he convinced thousands of people to call a telemarketing company (which had filed a lawsuit protesting America's "Do Not Call" registry). He's criticized electronic voting machines, wrote Dave Barry in Cyberspace, and even helped popularize "Talk Like a Pirate Day."

But this week the 78-year-old humor columnist announced he's shutting his blog down. ("Actually, technically, TypePad is shutting it down, by going out of business September 30.") Dave Barry will be moving to Substack, where he'll write new humor columns — and where paying subscribers will also be able to comment and participate in chats.

On his TypePad blog, Barry wrote "GOODBYE, YOU CRAZY, WONDERFUL PEOPLE..." After [September 30th] this site will disappear, and I've made the decision not to attempt to migrate it to another platform. Everything, except Keith Richards, eventually comes to an end, and it just feels like it's time, after all these years, to let the Blog go to that Big Archive in the Sky.

It has been a fun couple of decades, hanging out here with you very funny folks — discussing the International Squirrel Conspiracy, and what WBAGNFARB, and all the entities, human and otherwise, that qualify for Florida drivers' licenses, and the many, many other random topics that made up whatever this weird thing has been. Thanks to all of you — the people who sent me all those news items; the excellent commenters; the lurkers — for being part of this. Really: Thank you. You made it work.
Dave Barry reminds readers that he'll continue blogging on TypePad until the end of September — and that after that they can still reach him at his new Substack blog (where "you don't have to subscribe to read my posts").

And his Substack blog already has a humorous "About" page... When people hear that I'm starting a Substack, the question they always ask is: "Dave Barry? Isn't he dead?"

I'm delighted to report that the answer is: Not yet! I'm still alive, and along with an estimated 85 percent of the Earth's population, I have a Substack, which I invite you to subscribe to...

In 2005 I stopped writing a weekly column, after which the newspaper industry — draw your own conclusions from this — collapsed. I've continued to write books, and every year I write a massive Year in Review, which is wildly popular with everyone except the people who hate it. But I've missed writing columns, which is why I started this Substack. I will use it to comment on the major issues of the day, ranging all the way from stories about snakes showing up in people's toilets to stories about completely different scary things showing up in people's toilets. I will sometimes even write about issues that are totally unrelated to toilets. That is how wide-ranging this Substack will be. I plan to occasionally do chats, and I may even do podcasts or interviews with my famous minor-celebrity friends if I can get them to return my phone calls. Also I'll publish the Year in Review here.

So that's the plan. I'm hoping to build a community of civic-minded people with a sincere interest in reading about and discussing useless and often wildly inaccurate things instead of doing something productive. Kind of like Congress, but without a dress code.
A frequently-asked questions list then promises the Substrack will "have much more writing from me, and more interaction between me and subscribers. The blog has always been something I did in my spare time, when I wasn't working on something else, usually a book. The Substack will be my main focus, essentially my day job." Q: [H]ow much does a paid subscription to your Substack cost?

A. Eleven million dollars.

Q. Whoa. That's expensive!

A. You drive a hard bargain! But OK, for you let's make it $5 a month, or $50 a year....

Q. What if I don't want to pay?

A. Burly men will barge into your home and confiscate your major appliances. [Barry then crosses this out using HTML strikethrough characters.] Nothing bad will happen to you. You can still see my Substack posts, though you won't be able to comment on posts or participate in chats.
Thanks to wiredog (Slashdot reader #43,288) for sharing the news.

For months, the Colorado Department of State inadvertently exposed partial passwords for voting machines in a public spreadsheet. "While the incident is embarrassing and already fueling accusations from the state's Republican party, the department said in a statement that it 'does not pose an immediate security threat to Colorado's elections, nor will it impact how ballots are counted,'" reports Gizmodo. From the report: Colorado NBC affiliate station 9NEWS reported that Hope Scheppelman, vice chair of the state's Republican party, revealed the error in a mass email sent Tuesday morning, which included an affidavit from a person who claimed to have downloaded the spreadsheet and discovered the passwords by clicking a button to reveal hidden tabs.

In its statement, the Department of State said that there are two unique passwords for each of its voting machines, which are stored in separate places. Additionally, the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance.

"The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the [country's] essential security infrastructure," The department said, adding that it is "working to remedy this situation where necessary." Colorado voters use paper ballots, ensuring that a physical paper trail that can be used to verify results tabulated electronically.

A writer for the New York Times editorial board argues we don't yet fully understand the impact of warehouses. "Thanks to the rise of online shopping and the proximity to so many American doorsteps, warehouses have become a major source of blue-collar employment," both in Bethlehem, Pennsylvania and beyond. "In Pennsylvania's Lehigh Valley, more than 19,000 people work in the warehouses that prepare our packages. Thousands more drive the trucks that deliver them."

But while the total number of warehouse-related jobs almost replaces the jobs lost from the closure of a major steel plant, "the political power that blue-collar workers once wielded has not been replaced." Despite their large numbers, their importance to the economy, and their presence in Northampton — a swing county in a crucial battleground state — warehouse workers don't form an influential voting bloc in the way that steelworkers did... It turns out that making stuff isn't the same as distributing it. Working in a steel mill is a communal act that lends itself to the pursuit of political power in a way that warehouse jobs do not. Steelworkers toiled alongside one another, forming lifelong bonds, bowling leagues and unions that delivered a reliable voting bloc. Back when thousands of workers streamed out of the gates of Bethlehem Steel at quitting time, "politicians would come out to shake our hands," Jerry Green, retired president of United Steelworkers Local 2599, told me.

Factories were so good at political mobilization, in fact, that some credit them for democracy itself. Women and working-class men won the right to vote in the United States, Western Europe and much of East Asia after about a quarter of those populations were employed in factories, according to recent research by Sam van Noort, a lecturer at Princeton. Warehouses, by contrast, have no such mystique. Nobody campaigns outside the Walmart distribution centers here. Workers tend to be hired by staffing agencies and many stay for only a few months. They work on their own and rarely socialize. They are notoriously difficult to organize. Alec MacGillis, author of "Fulfillment: America in the Shadow of Amazon," told me that the biggest challenge for labor organizers at Amazon warehouses was getting workers to stay on the job long enough to feel a sense of solidarity.

Malenie Tapia, who moved to Bethlehem from Queens, N.Y., five years ago and took a job as a "picker" in a Zara warehouse, explained why. For eight hours a day, she grabbed items off numbered shelves and delivered them to packers who packed them into boxes. Talking to co-workers was forbidden, she said, except during a brief lunch break. "Sometimes I would go to the section in the back, where there would be less eyes on you, and sneak in a little moment of conversation," she said.
Here's what happened when the reporter asked a pair of Latino workers about their political opinions: Most of all, they fretted about being replaced by machines. They spoke with dread about a fully automated McDonald's and a robot that unloads container ships. They didn't seem to see themselves as part of a working class that could band together to demand protections for their jobs.

The hot political issue around warehouses isn't the workers at all; it's the traffic and loss of green space associated with them. Both the Democratic and Republican candidates in the race for a state representative seat in Northampton have vowed to stop the proliferation of warehouses, which some citizens' groups say destroys their rural way of life. If warehouse workers had a political voice, they might push back. But they don't, so they won't. Warehouses have been an economic boon. But politically, for workers, they are a loss.

Politico reports U.S. states have no uniform way of policing the use of overseas subcontractors in election technology, "let alone to understand which individual software components make up a piece of code."

For example, to replace New Hampshire's old voter registration database, state election officials "turned to one of the best — and only — choices on the market," Politico: "a small, Connecticut-based IT firm that was just getting into election software." But last fall, as the new company, WSD Digital, raced to complete the project, New Hampshire officials made an unsettling discovery: The firm had offshored part of the work. That meant unknown coders outside the U.S. had access to the software that would determine which New Hampshirites would be welcome at the polls this November.

The revelation prompted the state to take a precaution that is rare among election officials: It hired a forensic firm to scour the technology for signs that hackers had hidden malware deep inside the coding supply chain. The probe unearthed some unwelcome surprises: software misconfigured to connect to servers in Russia ["probably by accident," they write later] and the use of open-source code — which is freely available online — overseen by a Russian computer engineer convicted of manslaughter, according to a person familiar with the examination and granted anonymity because they were not authorized to speak about it... New Hampshire officials say the scan revealed another issue: A programmer had hard-coded the Ukrainian national anthem into the database, in an apparent gesture of solidarity with Kyiv.

None of the findings amounted to evidence of wrongdoing, the officials said, and the company resolved the issues before the new database came into use ahead of the presidential vote this spring. This was "a disaster averted," said the person familiar with the probe, citing the risk that hackers could have exploited the first two issues to surreptitiously edit the state's voter rolls, or use them and the presence of the Ukrainian national anthem to stoke election conspiracies. [Though WSD only maintains one other state's voter registration database — Vermont] the supply-chain scare in New Hampshire — which has not been reported before — underscores a broader vulnerability in the U.S. election system, POLITICO found during a six-month-long investigation: There is little oversight of the supply chain that produces crucial election software, leaving financially strapped state and county offices to do the best they can with scant resources and expertise.

The technology vendors who build software used on Election Day face razor-thin profit margins in a market that is unforgiving commercially and toxic politically. That provides little room for needed investments in security, POLITICO found. It also leaves states with minimal leverage over underperforming vendors, who provide them with everything from software to check in Americans at their polling stations to voting machines and election night reporting systems. Many states lack a uniform or rigorous system to verify what goes into software used on Election Day and whether it is secure.
The article also points out that many state and federal election officials "insist there has been significant progress" since 2016, with more regular state-federal communication. "The Cybersecurity and Infrastructure Security Agency, now the lead federal agency on election security, didn't even exist back then.

"Perhaps most importantly, more than 95% of U.S. voters now vote by hand or on machines that leave some type of paper trail, which officials can audit after Election Day."

Hackers at the DEF CON conference in Las Vegas identified vulnerabilities in voting machines slated for use in the 2024 U.S. election, but fixes are unlikely to be implemented before November 5, organizers said. The annual "Voting Village" event, held away from the main conference floor due to security concerns, drew election officials and cybersecurity experts. Organizers plan to release a detailed report on the vulnerabilities found.

Catherine Terranova, an event organizer, said major systemic changes are difficult to make 90 days before an election, particularly given heightened scrutiny of election security in 2024. The process of addressing vulnerabilities involves manufacturer approval, recertification by authorities, and updating individual devices. This typically takes longer than the time remaining before the election, according to Scott Algeier, executive director of the Information Technology-Information Sharing and Analysis Center. The event comes amid ongoing concerns about foreign targeting of U.S. elections, including a recent hack of former President Donald Trump's campaign, reportedly by Iran.

According to The Record, New Hampshire will pilot a new kind of voting machine that will use open-source software to tally the votes. The Record reports: The software that runs voting machines is typically distributed in a kind of black box -- like a car with its hood sealed shut. Because the election industry in the U.S. is dominated by three companies -- Dominion, Election Systems & Software and Hart InterCivic -- the software that runs their machines is private. The companies consider it their intellectual property and that has given rise to a roster of unfounded conspiracy theories about elections and their fairness. New Hampshire's experiment with open-source software is meant to address exactly that. The software by its very design allows you to pop the hood, modify the code, make suggestions for how to make it better, and work with other people to make it run more smoothly. The thinking is, if voting machines run on software anyone can audit and run, it is less likely to give rise to allegations of vote rigging.

The effort to make voting machines more transparent is the work of a group called VotingWorks. [...] On November 8, VotingWorks machines will be used in a real election in real time. New Hampshire is the second state to use the open-source machines after Mississippi first did so in 2019. Some 3,000 voters will run their paper ballots through the new machines, and then, to ensure nothing went awry, those same votes will be hand counted in a public session in Concord, N.H. Anyone who cares to will be able to see if the new machines recorded the votes correctly. The idea is to make clear there is nothing to hide. If someone is worried that a voting machine is programmed to flip a vote to their opponent, they can simply hire a computer expert to examine it and see, in real time.

An anonymous reader quotes a report from Motherboard: The Synthetic Party, a new Danish political party with an artificially intelligent representative and policies derived from AI, is eyeing a seat in parliament as it hopes to run in the country's November general election. The party was founded in May by the artist collective Computer Lars and the non-profit art and tech organization MindFuture Foundation. The Synthetic Party's public face and figurehead is the AI chatbot Leader Lars, which is programmed on the policies of Danish fringe parties since 1970 and is meant to represent the values of the 20 percent of Danes who do not vote in the election. Leader Lars won't be on the ballot anywhere, but the human members of The Synthetic Party are committed to carrying out their AI-derived platform.

Leader Lars is an AI chatbot that people can speak with on Discord. You can address Leader Lars by beginning your sentences with an "!". The AI understands English but writes back to you in Danish. Some of the policies that The Synthetic Party is proposing include establishing a universal basic income of 100,000 Danish kroner per month, which is equivalent to $13,700, and is over double the Danish average salary. Another proposed policy change is to create a jointly-owned internet and IT sector in the government that is on par with other public institutions.

The Synthetic Party's mission is also dedicated to raising more awareness about the role of AI in our lives and how governments can hold AI accountable to biases and other societal influences. The party hopes to add an 18th Sustainable Development Goal (SDG) to the United Nations SDGs, which are goals relating to issues such as poverty, inequality, and climate change, to be achieved by all nations by 2030. The Synthetic Party's proposed SDG is called Life With Artificials and focuses on the relationship between humans and AI and how to adapt and educate people to work with machines. [...] So far, The Synthetic Party has only 11 signatures out of the 20,000 that would make it eligible to run in this November's election. If the party were to be in the parliament, [...] it would be the AI powering policies and its agenda, and humans acting as the interpreter of the program. "Leader Lars is the figurehead of the party. Denmark is a representative democracy, so would have humans on the ballot that are representing Leader Lars and who are committed to acting as a medium for the AI," said Asker Staunaes, the creator of the party and an artist-researcher at MindFuture.

"People who are voting for The Synthetic Party will have to believe what we are selling ourselves as, people who actually engage so much with artificial intelligence that we can interpret something valuable from them," Staunaes said. "We are in conversations with people from around the world, Colombia, France, and Moldova, about creating other local versions of The Synthetic Party, so that we could have some form of Synthetic International."

An anonymous reader quotes a report from Bloomberg: Hart InterCivic Inc., one of the largest voting machine makers in the U.S., will incorporate Microsoft's vote-tracking system into its in-person machines, adding a layer of security that may help reduce heightened attacks on the legitimacy of U.S. election results. The program will allow people to confirm their votes were counted after they're cast. The partnership makes Hart the first manufacturer in the U.S. to allow local voting jurisdictions to incorporate ballot-tracking software into machines, the companies said Thursday in a joint statement. The program will let voters track their choices and offer security experts using Hart's system the opportunity to independently audit results using Microsoft's ElectionGuard software.

The technology would not change the process for voters. In most cases, voters would still fill out their ballots the same way they did in November 2020, either using a touchscreen or by hand-marking a ballot. Once they submit their ballots, voters will receive a piece of paper with a verification or QR code, which they can input into their local election jurisdiction's website to track their ballot through the tabulation process. The process is done without revealing the content of the voter's ballot while maintaining the privacy and secrecy of their selections, according to the statement. The system will also allow third-parties, including political parties or news organizations, to write their own programs to confirm election tallies.

The U.S. agency overseeing elections has "quietly weakened a key element of proposed security standards..." reports the Associated Press, "raising concern among voting-integrity experts that many such systems will remain vulnerable to hacking." The Election Assistance Commission (EAC) is poised to approve its first new security standards in 15 years after an arduous process involving multiple technical and elections community bodies and open hearings. But ahead of a scheduled February 10 ratification vote by commissioners, the EAC leadership tweaked the draft standards to remove language that stakeholders interpreted as banning wireless modems and chips from voting machines as a condition for federal certification. The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained than the EAC bends too easily to industry pressure.

Agency leaders argue that overall, the revised guidelines represent a major security improvement. They stress that the rules require manufacturers to disable wireless functions present in any machines, although the wireless hardware can remain.

In a February 3 letter to the agency, computer scientists and voting integrity activists say the change "profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems." They demand the wireless hardware ban be restored...

The ban on wireless hardware in voting machines would force vendors who currently build systems with off-the-shelf components to rely on more expensive custom-built hardware, said EAC Chair Benjamin Hovland, which could hurt competition in an industry already dominated by a trio of companies. He also argued that the guidelines are voluntary, although many state laws are predicated on them... Hovland stressed that the amended guidelines say all wireless capability must be disabled in voting equipment. But computer experts say that if the hardware is present, the software that activates it can be introduced. And the threat is not just from malign actors but also from the vendors and their clients, who could enable the wireless capability for maintenance purposes then forget to turn it off, leaving machines vulnerable...

Experts are pushing for universal use of hand-marked paper ballots and better audits to bolster confidence in election results.

An anonymous reader quotes a report from The New York Times : For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be. Now it looks like the hackers -- in this case, evidence points to Russia's intelligence agencies -- may be exacting their revenge. FireEye revealed on Tuesday that its own systems were pierced by what it called "a nation with top-tier offensive capabilities." The company said hackers used "novel techniques" to make off with its own tool kit, which could be useful in mounting new attacks around the world.

It was a stunning theft, akin to bank robbers who, having cleaned out local vaults, then turned around and stole the F.B.I.'s investigative tools. In fact, FireEye said on Tuesday, moments after the stock market closed, that it had called in the F.B.I. The $3.5 billion company, which partly makes a living by identifying the culprits in some of the world's boldest breaches -- its clients have included Sony and Equifax -- declined to say explicitly who was responsible. But its description, and the fact that the F.B.I. has turned the case over to its Russia specialists, left little doubt who the lead suspects were and that they were after what the company calls "Red Team tools." These are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency -- to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.

The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention -- including FireEye's -- was focused on securing the presidential election system. At a moment that the nation's public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets. The hack was the biggest known theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still-unidentified group that calls itself theShadowBrokers. [...] The N.S.A.'s tools were most likely more useful than FireEye's since the U.S. government builds purpose-made digital weapons. FireEye's Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks. Still, the advantage of using stolen weapons is that nation-states can hide their own tracks when they launch attacks.

phalse phace shares a report from NPR: Christopher Krebs, the Department of Homeland Security director who had spearheaded a campaign to counter rumors about voter fraud, has been fired, President Trump tweeted on Tuesday. Trump, in two misleading tweets about the security of the U.S. election, said Krebs' termination was "effective immediately."

The CISA campaign, led by Krebs, was originally intended to target foreign interference. However, as the president continued to repeat dangerously misleading information about the security of the election, the agency's focus turned to rebutting many of the rumors and baseless allegations of widespread voter fraud that Trump had promoted from the White House. In response, Krebs tweeted, "Honored to serve. We did it right. Defend Today, Secure [Tomorrow]." As NPR points out, Krebs' firing came after his agency, the Cybersecurity and Infrastructure Security Agency (CISA), last week released a statement calling the 2020 election "the most secure in American history."

Trump's full tweet reads: "The recent statement by Chris Krebs on the security of the 2020 Election was highly inaccurate, in that there were massive improprieties and fraud -- including dead people voting, Poll Watchers not allowed into polling locations, 'glitches' in the voting machines which changed votes from Trump to Biden, late voting, and many more. Therefore, effective immediately, Chris Krebs has been terminated as Director of the Cybersecurity and Infrastructure Security Agency."

Long-time Slashdot reader leathered shares an investigation from the Correspondent about blockchain -- and " what's so terribly revolutionary about it? What problem does it solve...? I can tell you upfront, it's a bizarre journey to nowhere. I've never seen so much incomprehensible jargon to describe so little... And I've never seen so many people searching so hard for a problem to go with their solution...." [Y]ou can't do much with bitcoin. But blockchain, on the other hand: it's the technology behind bitcoin, which makes it cool. Blockchain generalises the bitcoin pitch: let's not just get rid of banks, but also the land registry, voting machines, insurance companies, Facebook, Uber, Amazon, the Lung Foundation, the porn industry and government and businesses in general. They are superfluous, thanks to the blockchain. Power to the users...!

The only thing is that there's a huge gap between promise and reality. It seems that blockchain sounds best in a PowerPoint slide. Most blockchain projects don't make it past a press release, an inventory by Bloomberg showed... Out of over 86,000 blockchain projects that had been launched, 92% had been abandoned by the end of 2017, according to consultancy firm Deloitte. Why are they deciding to stop? Enlightened — and thus former — blockchain developer Mark van Cuijk explained: "You could also use a forklift to put a six-pack of beer on your kitchen counter. But it's just not very efficient...."

[I]nformation and communications technology is like the rest of the world — a big old mess. And that's something that we — outsiders, laypeople, non-tech geeks — simply refuse to accept. Councillors and managers think that problems — however large and fundamental they are — evaporate instantaneously thanks to technology they've heard about in a fancy PowerPoint presentation. How will it work? Who cares! Don't try to understand it, just reap the benefits!

This is the market for magic, and that market is big. Whether it's about blockchain, big data, cloud computing, AI or other buzzwords...

Maybe this is blockchain's greatest merit: it's an awareness campaign, albeit an expensive one. "Back-office management" isn't an item on the agenda in board meetings, but "blockchain" and "innovation" are... Yes, it took a few wild, unmet promises, but the result is that administrators are now interested in the boring subjects that help make the world run a bit more efficiently — nothing spectacular, just a bit better.

The US Department of State announced today rewards of up to $10 million for any information leading to the identification of any person who works with or for a foreign government for the purpose of interfering with US elections through "illegal cyber activities." From a report: This includes attacks against US election officials, US election infrastructure, voting machines, but also candidates and their staff. The announcement was made today, less than 100 days until the 2020 US Presidential Election that will have incumbent Donald Trump face off against Democrat candidate Joe Biden. Nevertheless, the Department of State said the reward is valid for any form of election hacking, at any level, such as elections held at the federal, state, or local level as well.

Alfred Ng, writing for CNET: Building 83 doesn't stand out on Microsoft's massive Redmond, Washington, headquarters. But last week, the nameless structure hosted what might be the software giant's most important product of 2020. Tucked away in the corner of a meeting room, a sign reading "ElectionGuard" identifies a touchscreen that asks people to cast their votes. An Xbox adaptive controller is connected to it, as are an all-white printer and a white ballot box for paper votes. If you didn't look carefully, you might have mistaken all that for an array of office supplies. ElectionGuard is open-source voting-machine software that Microsoft announced in May 2019. In Microsoft's demo, voters make their choices by touchscreen before printing out two copies. A voter is supposed to double-check one copy before placing it into a ballot box to be counted by election workers. The other is a backup record with a QR code the voter can use to check that the vote was counted after polls close. With ElectionGuard, Microsoft isn't setting out to create an unhackable vote -- no one thinks that's possible -- but rather a vote in which hacks would be quickly noticed.

The product demo was far quieter than the typical big tech launch. No flashy lights or hordes of company employees cheering their own product, like Microsoft's dual screen phone, its highly anticipated dual-screen laptop or its new Xbox Series X. And yet, if everything goes right, ElectionGuard could have an impact that lasts well beyond the flashy products in Microsoft's pipeline. ElectionGuard addresses what has become a crucial concern in US democracy: the integrity of the vote. The software is designed to establish end-to-end verification for voting machines. A voter can check whether his or her vote was counted. If a hacker had managed to alter a vote, it would be immediately obvious because encryption attached to the vote wouldn't have changed. The open-source software has been available since last September. But Microsoft gets its first real-world test on Tuesday, when ElectionGuard is used in a local vote in Fulton, Wisconsin.

Argentinian police briefly detained and raided the home of a well-known security researcher last week on suspicion of hacking and leaking data from government systems. From a report: Following his release, Javier Smaldone, the security researcher, obtained and published court documents pertaining to his arrest on Twitter. The documents showed that authorities arrested and raided the security expert just for tweeting about a recent government hack, with no tangible evidence that he was involved. Smaldone claimed the entire affair was a witch-hunt, describing his arrest and raid as "political persecution." The researcher is a well-known cyber-security activist, previously testified in front of the Argentinian Senate against the use of electronic voting machines, and regularly publishes blog posts criticizing the government's plans to use such devices. Smaldone believes this is the government's revenge for past criticism.

An anonymous reader quotes a report from Engadget: The voting machines that the U.S. will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday. A number of flaws allowed the hackers to access the machines, including weak default passwords and shoddy encryption. The group says the machines could be hacked by anyone with access to them, and if poll workers make mistakes or take shortcuts, the machines could be infiltrated by remote hackers.

An anonymous reader quotes a report from Ars Technica: Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state's argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then. The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines. Georgia hopes to have the new machines in place in time for a presidential primary election in March 2020. In principle, that switch should address many of the critics' concerns.

The danger, security advocates said, was that the schedule could slip and Georgia could then fall back on its old, insecure electronic machines in the March primary and possibly in the November 2020 general election as well. The new ruling by Judge Amy Totenberg slams the door shut on that possibility. If Georgia isn't able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade. Alex Halderman, a University of Michigan computer scientist who served as the plaintiffs' star witness in the case, hailed the judge's ruling. "The court's ruling recognizes that Georgia's voting machines are so insecure, they're unconstitutional," Halderman said in an email to Ars. "That's a huge win for election security that will reverberate across other states that have equally vulnerable systems."

"Multiple members of congress, dozens of congressional staffers and members of the intelligence community are gathering in Las Vegas this weekend to rub shoulders with hackers at Def Con," reports CNN: Washington's embrace of the hacking community comes amid heightened awareness of the threat of cyber attacks in the wake of the 2016 US presidential election and lawmakers realizing they need to get to grips with technology, Phil Stupak, one of the organizers of Def Con's A.I. Village told CNN Business before the conference began... Hackers here are also demonstrating potential vulnerabilities in voting machines used by Americans. The convention's election village includes a room full of voting equipment where hackers can let loose...

It will likely be the largest presence the government has had since before 2013, when, in the wake of NSA analyst Edward Snowden's leaks, Def Con founder Jeff Moss formally requested "the feds call a 'time-out' and not attend Def Con this year." But that has since smoothed over. "I think the record presence of both representative and administration reflect the reality that technology and security are built into our society," Moss told CNN Business.

"We are trying to break down the barriers between the people in tech who know what they're doing and the people in Congress who know how to take that knowledge to make laws," said Stupak, who is also a fellow at Cyber Policy Initiative at the University of Chicago.
Speaking at Def Con this year was the top cybersecurity official for America's Department of Homeland Security, who stressed the importance of backup paper ballots, as well as "auditability."

Also attending Def Con is Senator Ron Wyden, who emphasized another important election safeguard to CNN: that no voting equipment should be connected to the internet.

An anonymous reader quotes a report from The New York Times: The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016 (Warning: source may be paywalled; alternative source), largely undetected by the states and federal officials at the time, but at the demand of American intelligence agencies the committee was forced to redact its findings so heavily that key lessons for the 2020 election are blacked out. Even key findings at the beginning of the report were heavily redacted. It concluded that while there is no evidence that any votes were changed in actual voting machines, "Russian cyberactors were in a position to delete or change voter data" in the Illinois voter database. The committee found no evidence that they did so. While the report is not directly critical of either American intelligence agencies or the states, it described what amounted to a cascading intelligence failure, in which the scope of the Russian effort was underestimated, warnings to the states were too muted, and state officials either underreacted or, in some cases, resisted federal efforts to offer help.

"Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines," reports NBC News.

Microsoft also said its AccountGuard service has already spotted 781 cyberattacks by foreign adversaries targeting political organizations -- 95% of which were located in the U.S. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to "enable a new era of secure, verifiable voting." The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post...

Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft's move signals that voting systems, long a technology backwater, are finally receiving attention from the county's leading technical minds. "We think that it's good when a technology provider as significant as Microsoft is stepping into something as nationally important as election security," Perez told NBC News. "ElectionGuard does provide verification and it can help to detect attacks. It's important to note that detection is different from prevention."
Microsoft also said its notified nearly 10,000 customers that they've been targeted or compromised by nation-state cyberattacks, according to the article -- mostly from Russia, Iran, and North Korea.

"While many of these attacks are unrelated to the democratic process," Microsoft said in a blog post, "this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives."