National: ‘No One Is Accountable for This’: Why the 2020 Campaigns Are Struggling With Security | Uri Friedman/The Atlantic
It’s the eve of Election Day 2020, and political reporters have just received an incendiary email. Donald Trump’s campaign has sent out grainy cellphone footage of his Democratic challenger, Joe Biden, at a private meeting with wealthy donors, ridiculing Americans who voted for the president in 2016 and plotting how to trick them into backing him instead. Except Biden never made the remarks and Trump never shared them. A few overeager journalists post the video on Twitter before fully investigating its authenticity, causing the clip to spread on social media faster than the presidential campaigns and the press can expose it as a fraud. U.S. authorities will eventually attribute the deception to North Korean hackers, impersonating the Trump campaign’s domain name and deploying deepfake technology to keep their preferred nuclear-talks counterpart in office. But that won’t happen for weeks, well after Americans have chosen their next leader. Such a hypothetical scenario isn’t implausible. In fact, it’s a type of threat that the email-security firm Agari flagged in a recent report. Three and a half years have passed since John Podesta, the chairman of Hillary Clinton’s presidential campaign, fell for a phishing email—granting Russian hackers, and thereby the world, access to his Gmail account and coming to embody the devastating ways foreign governments can meddle in democratic politics. In light of that trauma, the current crop of presidential campaigns has made progress in fortifying their digital operations. But according to those who have worked with the campaigns on these efforts, they nevertheless remain vulnerable to attack and lack cybersecurity best practices. “The risk is more than reasonable that another Podesta-like attack could take place,” Armen Najarian, Agari’s chief marketing officer, told me.National: New NSA cyber lead says agency must share more info about digital threats | Joseph Marks/The Washington Post
The NSA is the U.S. government’s premier digital spying agency and it has a well-earned reputation for keeping secrets. But the agency needs to stop keeping so many things confidential and classified if it wants to protect the nation from cyberattacks. That’s the assessment from Anne Neuberger, director of NSA’s first Cybersecurity Directorate, which will launch Oct. 1 and essentially combine the work of many disparate NSA divisions dealing with cybersecurity, including its offensive and defensive operations. The directorate's mission is to “prevent and eradicate” foreign hackers from attacking critical U.S. targets including election infrastructure and defense companies, Neuberger said yesterday during her first public address since being named to lead the directorate in July. Neuberger acknowledged the difficulty of her mission during an onstage interview at the Billington Cybersecurity Summit, but also said the growing hacking threats from Russia, China and other U.S. adversaries mean the nation “must” achieve it. “The nation needs it … the threat demands it and the nation deserves that we achieve it,” Neuberger said. That mission also means, however, that NSA, which was once colloquially known as “no such agency” and has traditionally kept mum to protect its own hacking operations and secret sources, must start sharing more threat data with cybersecurity pros in the private sector, she said. And the NSA will have to share that information far more quickly than it has in the past when many recipients hcomplained that, by the time they get the information, it's no longer useful, she said. In some instances, the agency will have to look for “creative approaches” to share that information, Neuberger told reporters after her talk.National: Blue Dog Democrats urge action on election security | Maggie Miller/The Hill
The leaders of the House Blue Dog Coalition and the House Blue Dog Task Force on National Security on Thursday sent a letter to House and Senate leaders calling for action to prevent foreign interference in U.S. elections and to secure election systems. The House Blue Dog Coalition, a group of 26 moderate Democrats, urged congressional leaders to “put politics aside and pursue bipartisan solutions” to bolster election security ahead of 2020. “We are calling on Congress to take further action to secure our elections, punish Russia for its attempts to meddle in the 2016 and 2018 elections, and deter our adversaries from meddling in future U.S. elections,” the leaders of the Blue Dog Coalition and the Task Force wrote. “The threat to our national security could not be more clear.” The letter was sent to Speaker Nancy Pelosi (D-Calif.), House Majority Leader Steny Hoyer (D-Md.), Minority Leader Kevin McCarthy (R-Calif.), Senate Majority Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Charles Schumer (D-N.Y.). The House has passed two major election security bills earlier this year, both along party lines. The SAFE Act, passed in June, would provide states with $600 million for election security efforts, and would also ban voting machines from being connected to the internet and from being manufactured outside the U.S. The House also approved the For the People Act, which includes sweeping language on election security and voting reform. Both bills have been blocked from a vote in the Senate by Republicans, who cite concerns around federalizing elections.California: Los Angeles County Offering New Ballot Casting Process For Voters in 2020 | R.J. Johnson /KFI
Los Angeles County's antiquated voting system is getting a badly needed upgrade in time for the upcoming 2020 elections. Starting next year, more than 5.2 million residents will have the chance to use the Voting Solutions for All People, or VSAP, which aims to make voting for residents easier, more secure and transparent. The new Ballot Marking Devices were designed by the Registar-Recorder/County Clerk in response to the aging system and meant to make it easier for voters to to customize their voting experience to fit their needs. Voters will be able to access 13 languages, adjust the touch screen to a comfortable angle, change the display settings such as text size and contrast or go through the ballot using the audio headset and control pad. Rest assured, the Ballot Marking Device is NOT connected to any kind of a network or the internet. If you're not as technically-savvy as others, don't worry, the easy-to-follow instructions guide voters through the voting process without any need for assistance.Ohio: Secretary of State to ask for $1.7 million to monitor cyber-security threats | Jim Provance/Toledo Blade
Ohio’s top elections official on Monday will ask a state budgetary panel to allow him to tap just more than $1.7 million in federal funds to monitor county boards of elections for potential cyber-security threats going into the 2020 presidential election. If approved, Ohio would become just the third state, following Nevada and Florida, to have such devices in all of its counties. Secretary of State Frank LaRose has asked the bipartisan Ohio Controlling Board to release the funds made available through the federal Help America Vote Act to contract with the Center for Internet Security. The New York-based nonprofit organization is the sole vendor approved by the U.S. Department of Homeland Security and has staff at the National Cybersecurity and Communications Integration Center in Washington. “The security directive is intended to protect that infrastructure that is connected to the Internet — stations where board staff work, email systems, voter registration databases, the board of election website…,” Mr. LaRose said. Voting machines and tabulating equipment would not be included since they are not connected to the Internet.Russia: Masked man tasers Russian election chief before regional vote | Reuters
A masked man broke into the home of Ella Pamfilova, the head of Russia’s Central Election Commission, in the early hours of Friday morning and repeatedly tasered her, Russia’s Ministry of Internal Affairs said. The attack came two days before Russians vote in regional elections, including in Moscow. The vote in the Russian capital has triggered weeks of protests after Pamfilova and her colleagues refused to register a slew of opposition-minded candidates. Election officials said the barred candidates had not collected enough genuine signatures to take part in Sunday’s election, an allegation the candidates denied. “The masked intruder broke in through a window and got onto the house’s terrace and repeatedly tasered the home owner (Pamfilova) and then fled,” the ministry said in a statement.National: Big Tech Companies Meeting With U.S. Officials on 2020 Election Security | Mike Isaac and Davey Alba/The New York Times
Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election. The daylong meeting, held at Facebook’s headquarters in Menlo Park, Calif., included security teams from the tech companies, as well as members of the F.B.I., the Office of the Director of National Intelligence and the Department of Homeland Security. The agenda was to build up discussions and strategic collaboration ahead of the November 2020 state, federal and presidential elections, according to Facebook. Tech company representatives and government officials talked about potential threats, as well as how to better share information and detect threats, the social network said. Chief executives from the companies did not attend, said a person briefed on the meeting, who declined to be identified for confidentiality reasons.National: DNC move against phone-in caucuses pits cybersecurity vs. voter participation | Joseph Marks/The Washington Post
The Democratic National Committee’s decision to recommend scrapping phone-in virtual caucuses in Iowa and Nevada is pitting security hawks, who say those systems are ripe for hacking, against Democratic activists who want to increase voter participation. The DNC announcement on Friday comes after a test of the phone-in systems showed they were vulnerable to hacking, as my colleagues Isaac Stanley-Becker and Michael Scherer reported. That confirmed the suspicions of cybersecurity experts who have long argued there’s no way to ensure the authenticity of votes that aren’t cast in person — including votes cast by email, websites or mobile phones. But it was a blow to activists who want to make it easier for people to participate in the democratic process — and who say lengthy in-person caucuses exclude people who work long hours or are caring for young children. Iowa and Nevada developed their phone-in systems after the DNC urged caucus states in 2018 to either switch to primaries — which are speedier — or make it easier for people to participate remotely. The Iowa system would have allowed voters to register for a unique PIN number and use that PIN when they called in to vote for a candidate, my colleagues reported. The DNC move also sparked the ire of some 2020 presidential hopefuls.Iowa: A Virtual Iowa Caucus Would Have Been A Hacking Nightmare | Maggie Koerth-Baker/FiveThirtyEight
When the Democratic National Committee put the kibosh on plans for virtual caucuses in Iowa and Nevada, they may have pissed off the people who saw the event as a chance to give more people the opportunity to vote. But at least the DNC made the cybersecurity community happy. “It was absolutely the right decision,” said Herb Lin, senior research scholar at Stanford’s Center for International Security and Cooperation. Lin and other experts praised the DNC for deciding the risks of a virtual caucus outweighed the benefits of making the time-consuming and byzantine caucus system more accessible. Yes, that has thrown state parties into a bit of chaos as they scramble to come up with new plans by a Sept. 13 deadline. But, Lin and others told me, there’s no getting around the fact that a virtual caucus would be massively hackable — easy to steal, and even easier to simply disrupt. If anything, they said, they wished more political leaders would take the same stance against such schemes, both in the U.S. and abroad.Pennsylvania: Election security advocates criticize Pennsylvania Department of State over re-examination of voting machines | Ed Mahon and Emily Previti/PA Post
Election security advocates are criticizing the Pennsylvania Department of State over the way it re-examined an electronic voting machine from a leading election technology company. “We are profoundly disappointed that the Secretary’s office has conducted this re-examination in secret, without transparency or public engagement, which we believe to be in contravention of the requirements of the Commonwealth and the provisions of the Stein settlement,” Susan Greenhalgh, vice-president of programs for the National Election Defense Coalition, said in a news release. “We are examining our options for further action.” Several other groups, including Protect Our Vote Philly and the Pennsylvania-based Citizens for Better Elections, joined in criticizing the state department. In July, Greenhalgh and other election security advocates submitted a petition to the Department of State, requesting a re-examination of the ES&S ExpressVote XL electronic voting machine. The petition included 200 signatures from voters across the state. “They’ve never refused to let the public come in and observe these systems,” said petitioner and VotePA founder Mary Beth Kuznik. “It’s distressing.”Russia: Anger over alleged Moscow election tampering spurs protest | Nataliya Vasilyeva/Associated Press
Thousands of people marched across central Moscow on Saturday to protest the exclusion of some city council candidates from the Russian capital's local election, but did not result in riot police making mass arrests and giving beatings like at earlier demonstrations. Opposition-led protests erupted in Moscow this summer after election officials barred more than a dozen opposition and independent candidates from running in the Sept. 8 election for the Moscow city legislature. Some marchers on Saturday held placards demanding freedom for political prisoners: 14 people arrested in earlier protests face charges that could send them to prison for up to eight years. The only police seen along the route to Pushkin Square were traffic officers, a contrast to the previous unsanctioned demonstrations where phalanxes of helmeted, truncheon-wielding riot police confronted demonstrators. At earlier protests, authorities did not allow key opposition figures to get anywhere near the places they were held. Individuals were detained outside their homes and sent them to jail for calling for an unpermitted protest. This time, the protest leaders attended the gathering unhindered.Verified Voting Blog: Report on Rhode Island Risk Limiting Audit Pilot Implementation Study Released
Download the Full Report (PDF)
In October 2017, Rhode Island Governor Gina Raimondo signed into law a groundbreaking election security measure. Now, state law requires Rhode Island election officials to conduct risk-limiting audits, the “gold standard” of post-election audits, beginning with the 2020 primary. A risk-limiting audit (“RLA”) is an innovative, efficient tool to test the accuracy of election outcomes. Instead of auditing a predetermined number of ballots, officials conducting an RLA audit enough ballots to find strong statistical evidence that outcomes are correct. The law, enacted in the aftermath of two critical events relating to the 2016 elections, stems from decades of advocacy aimed at increasing the efficiency, transparency, and verifiability of political contests in the state. Rhode Island is now the second state, joining trailblazing Colorado, to mandate use of this modern tool statewide.
Following the law’s enactment, a group of professionals with expertise in election security and election administration formed the Rhode Island Risk-Limiting Audit (“RIRLA”) Working Group. As its name suggests, the RIRLA Working Group was established to assess the conditions in Rhode Island to help the state as it prepares to implement the law. The RIRLA Working Group recommended – and Rhode Island officials agreed – that the state should conduct pilot RLAs in advance of the 2020 deadline. The Rhode Island Board of Elections chose January 2019 as the date for the pilots and, based on several factors, selected Bristol, Cranston, and Portsmouth, Rhode Island as participating municipalities.
Leading up to the pilots, the RIRLA Working Group had regular conference calls, meetings, and other correspondence to gain greater familiarity with Rhode Island’s election laws, practices, and voting equipment. In partnership with the state, the RIRLA Working Group set a goal to plan and develop a trio of pilot audits that would both meet the state’s needs and adhere to the Principles and Best Practices for Post-Election Tabulation Audits. Ultimately, the RIRLA Working Group drafted three separate audit protocols, step-by-step instructions to guide those who would conduct the RLAs over the course of two days.