National: Unintended consequence: Federal cybersecurity workforce a potential casualty of the shutdown | The Hill

The partial shutdown of the US government may well end up damaging cybersecurity but perhaps not in the way most commonly thought. The most common and understandable concern is that the country’s current ability to respond to an emergency in the cyber domain is hampered. This line of thinking rests on the belief that the United States is not operating at full strength and, therefore, its present capacity to cope with an urgency is diminished. Admittedly, the challenge with multiple players down is not to be underestimated: It is far from ideal to take and defend the field with an incomplete roster. Moreover, bad actors may be plotting how to seize advantage during this self-inflicted window of vulnerability. Frankly, it is hard enough to ensure cybersecurity on a good day, when all hands are on deck. Having said that, there is some cause for confidence, despite prevailing circumstances. For example, from the standpoint of the Department of Homeland Security, over 80 percent of its flagship component responsible for cyber incidents — namely, the National Cybersecurity and Communications Integration Center, known as NCCIC — remains staffed. This should stand us in reasonably good (if imperfect) stead, should a crisis arise. For instance, US authorities engaged fully during the spate of DNS (domain name system) hijackings reported recently.

National: The Messy Truth About Infiltrating Computer Supply Chains | The Intercept

In October, Bloomberg Businessweek published an alarming story: Operatives working for China’s People’s Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. This allegedly gave Chinese spies clandestine access to servers belonging to over 30 American companies, including Apple, Amazon, and various government suppliers, in an operation known as a “supply chain attack,” in which malicious hardware or software is inserted into products before they are shipped to surveillance targets. Bloomberg’s report, based on 17 anonymous sources, including “six current and former senior national security officials,” began to crumble soon after publication as key parties issued swift and unequivocal denials. Apple said that “there is no truth” to the claim that it discovered malicious chips in its servers. Amazon said the Bloomberg report had “so many inaccuracies … as it relates to Amazon that they’re hard to count.” Supermicro stated it never heard from customers about any malicious chips or found any, including in an audit it hired another company to conduct. Spokespeople for the Department of Homeland Security and the U.K.’s National Cyber Security Centre said they saw no reason to doubt the companies’ denials. Two named sources in the story have publicly stated that they’re skeptical of its conclusions.

National: America’s Election Security: How Vulnerable Are We Now? | Tom’s Guide

“Does new voting technology enable voting fraud, or does it prevent voting fraud?” rhetorically asked Blaze. “Yes.” He explained that the American election process has computers and software at every stage of the process, including voter registration and verification, the designing and distribution of ballots, the actual voting itself, and the tallying of votes and the communication of results. Machines at almost every step have been shown to be vulnerable to hacking, yet we can’t just go back to dropping envelopes in ballot boxes. “U.S. elections are the most complex in the world,” Blaze said. “You’re gonna need computers somewhere.” Fortunately, he said, policymakers and the general public are now aware of how vulnerable electronic voting systems are to tampering, and many states have taken at least initial steps to make them more secure. “Voting security is by far the hardest problem I have ever encountered,” said Blaze, who was recently a professor of computer and information services at the University of Pennsylvania but now holds the McDevitt Chair of Computer Science and Law at Georgetown University.

National: US intelligence warns of ‘ever more diverse’ threats | Associated Press

Russia’s efforts to expand its influence and China’s modernizing military are among the “ever more diverse” threats facing the U.S., according to a major intelligence report released Tuesday. The National Intelligence Strategy report, issued every four years, also singles out such potential threats as North Korea’s pursuit of nuclear weapons, the growing cyber capabilities of U.S. adversaries and global political instability. The report, which sets out the priorities for the various agencies that make up the U.S. intelligence community, notes that the United States “faces an increasingly complex and uncertain world in which threats are becoming ever more diverse and interconnected.” Director of National Intelligence Dan Coats said in a letter accompanying the report that the U.S. agencies must adapt to respond to what he calls a “turbulent and complex” environment.

National: How Voting-Machine Lobbyists Undermine the Democratic Process | The New Yorker

In the past decade, Election Systems & Software (E.S. & S.), the largest manufacturer of voting machines in the country, has routinely wined and dined a select group of state-election brass, which the company called an “advisory board,” offering them airfare on trips to places like Las Vegas and New York, upscale-hotel accommodations, and tickets to live events. Among the recipients of this largesse, according to an investigation by McClatchy published last year, was David Dove, the chief of staff to Georgia’s then secretary of state, Brian Kemp. Kemp, the new governor of Georgia, made news in the midterm elections for his efforts to keep people of color from voting and for overseeing his own election. In March of 2017, when Dove attended an E.S. & S. junket in Las Vegas, Kemp’s office was in the market to replace the state’s entire inventory of voting machines. “It’s highly inappropriate for any election official to be accepting anything of value from a primary contractor,” Virginia Canter, the chief ethics officer at Citizens for Responsibility and Ethics in Washington, told McClatchy. “It shocks the conscience.” (Kathy Rogers, E.S. & S.’s senior vice-president for governmental affairs, told McClatchy that there was nothing untoward about the advisory board, which she said has been “immensely valuable in providing customer feedback.”)

National: DNC targeted by Russian hackers beyond 2018 midterms, it claims | Naked Security

The Democratic National Committee (DNC) has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018. In its court filing, the DNC argues that not only did the campaign and several Trump operatives collude with Russia to steal electronic information, but that Russia was still attempting to hack DNC systems in the run up to last year’s midterm elections. The filing describes an alleged Russian cyberattack campaign that began in July 2015 and which stole information after a hack in April 2016, when the Russians allegedly placed proprietary malware known as X-Agent on the DNC network. It claims that they monitored the malware in real time and collected data including key logs and screenshots. Using malware called X-Tunnel, the hackers exfiltrated several gigabytes of DNC data over the following days to a computer located in Illinois leased by agents of Russia’s GRU military unit, it says. Russian operatives then placed a version of X-Agent on a DNC server in June that year and hacked DNC virtual machines hosted on Amazon Web Services (AWS) in September to steal voter data, the filing also alleges.

National: America avoided election hacking in 2018. But are we ready for 2020? | ABC

Director of National Intelligence Dan Coats had cautioned that “the warning lights are blinking red again,” and experts warned that voting systems, in particular, could be at risk. Russia had likely targeted them in all 50 states in 2016 and had gained access to voter-registration files in Illinois and Arizona. But despite myriad concerns about vulnerabilities—from voting machines to tabulation systems to phishing attacks on campaigns—election hacking, by and large, did not factor in the 2018 elections. A recent report from Coats’ office to the White House confirmed as much: U.S. intelligence officials had no evidence that voting systems had been compromised, although social-media disinformation aimed at American voters had continued apace. “The Russians didn’t need to do much in 2018. They enjoy all the turmoil in the U.S. and probably take credit for 2016 outcomes,” said James Lewis, senior vice president and director of the Technology Policy Program at the Center for Strategic and International Studies. “Midterms are confusing and the Russians probably couldn’t figure out the pressure points to swing voters. If they have new tricks, they are saving them for 2020.”

National: Moscow Skyscraper Talks Continued Through ‘the Day I Won,’ Trump Is Said to Acknowledge | The New York Times

President Trump was involved in discussions to build a skyscraper in Moscow throughout the entire 2016 presidential campaign, his personal lawyer said on Sunday, a longer and more significant role for Mr. Trump than he had previously acknowledged. The comments by his lawyer Rudolph W. Giuliani indicated that Mr. Trump’s efforts to complete a business deal in Russia waned only after Americans cast ballots in the presidential election. The new timetable means that Mr. Trump was seeking a deal at the time he was calling for an end to economic sanctions against Russia imposed by the Obama administration. He was seeking a deal when he gave interviews questioning the legitimacy of NATO, a favorite talking point of President Vladimir V. Putin of Russia. And he was seeking a deal when, in July 2016, he called on Russia to release hacked Democratic emails that Mr. Putin’s government was rumored at the time to have stolen. The Trump Tower Moscow discussions were “going on from the day I announced to the day I won,” Mr. Giuliani quoted Mr. Trump as saying during an interview with The New York Times. It was one of a flurry of interviews Mr. Giuliani did on Sunday amid fallout from a disputed report by BuzzFeed News that President Trump had personally directed his former lawyer and fixer, Michael D. Cohen, to lie to Congress about the negotiations over the skyscraper.

National: Four cybersecurity priorities for Congress to confront active threats | The Hill

The 116th Congress may have difficulty finding common ground on most issues. But there is at least one area that presents the opportunity for bipartisan action: cybersecurity. Cyber threats do not discriminate based on party affiliation. There are four key issues within cybersecurity where this Congress has the potential to make progress with impactful legislation that would make all Americans — and our democracy — more secure. The Department of Homeland Security has made considerable progress on election security over the past 18 months. But, with 10,000 local jurisdictions responsible not just for administering elections but now for protecting our democracy against nation-state threat actors, more must be done. The answer does not lie in funding alone. Paper ballots paired with risk-limiting audits are critical; and Congress should take a hard look at the vendors who play an outsized role in our democracy. We also must share expertise and training across jurisdictions and ensure that jurisdictions are prepared to recover in the face of a cyberattack. The election security provisions in the House Democrats’ first bill are an excellent start and should not fall way to partisan rancor.

National: The shutdown is breaking government websites, one by one | The Washington Post

As the government shutdown drags on, a rising number of federal websites are falling into disrepair — making it harder for Americans to access online services and needlessly undermining their faith in the Internet’s security, experts warn. In the past week, the number of outdated Web security certificates held by U.S. government agencies has exploded from about 80 to more than 130, according to Netcraft, an Internet security firm based in Britain. Various online pages run by the White House, the Federal Aviation Administration, the National Archives and the Department of Agriculture appear to be affected by the latest round of expirations, Netcraft said.

National: Facebook finds and kills another 512 Kremlin-linked fake accounts | TechCrunch

Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools. In a blog post today the company reveals another tranche of Kremlin-linked fake activity — saying it’s removed a total of 471 Facebook pages and accounts, as well as 41 Instagram accounts, which were being used to spread propaganda in regions where Putin’s regime has sharp geopolitical interests. In its latest reveal of “coordinated inauthentic behavior” — aka the euphemism Facebook uses for disinformation campaigns that rely on its tools to generate a veneer of authenticity and plausibility in order to pump out masses of sharable political propaganda — the company says it identified two operations, both originating in Russia, and both using similar tactics without any apparent direct links between the two networks.

National: Giuliani now says he has ‘no knowledge’ of Trump campaign colluding with Russia | The Hill

President Trump’s attorney, Rudy Giuliani, on Thursday sought to clarify widely publicized comments he made about possible collusion between President Trump’s campaign and Russia, saying that he had “no knowledge” of it taking place. “There was no collusion by President Trump in any way, shape or form,” Giuliani said in a statement to The New York Times. “Likewise, I have no knowledge of any collusion by any of the thousands of people who worked on the campaign.” He also argued that “the only knowledge I have in this regard is the collusion of the [Hillary] Clinton campaign with Russia, which has so far been ignored.”

National: State GOP Lawmakers Eye Changes to Ballot Measures – Passed and Future | Governing

Ballot measures have become a popular way to enact new policies — from minimum wage hikes and legalized marijuana to abortion restrictions and ethics reforms. But voter-approved measures are meeting more pushback. Republican legislators in several states are fighting ballot measures on two fronts: As was the case following the 2016 election, they are trying to overturn provisions of some laws that voters just passed in November. They are also seeking legislative changes that would make it harder for ballot measures to pass in the future. “Lawmakers are undermining the will of their constituents by unraveling these voter-approved changes and attacking the ballot measure process,” says Chris Melody Fields Figueredo, executive director of the Ballot Initiative Strategy Center, which promotes progressive ballot measures.

National: Democrats seek FEC assurance on campaign finance oversight during shutdown | Politico

The partial government shutdown, the longest in U.S. history, is affecting the Federal Election Commission’s ability to enforce campaign finance laws and investigate possible infractions, Democrats on the Senate Rules Committee wrote to the FEC on Wednesday. Ninety percent of the agency’s 300 employees have been furloughed, forcing it to skip its first scheduled meeting of the year, according to the letter, which was first reported by The Washington Post.

National: Court Blocks Trump Administration From Asking About Citizenship in Census | The New York Times

A federal judge blocked the Commerce Department from adding a question on American citizenship to the 2020 census, handing a legal victory on Tuesday to critics who accused the Trump administration of trying to turn the census into a tool to advance Republican political fortunes. The ruling marks the opening round in a legal battle with potentially profound ramifications for federal policy and for politics at all levels, one that seems certain to reach the Supreme Court before the printing of census forms begins this summer. The upcoming census count will determine which states gain or lose seats in the House of Representatives when redistricting begins in 2021. When the Trump administration announced last year it was adding a citizenship question to the census, opponents argued the results would undercount noncitizens and legal immigrants — who tend to live in places that vote Democratic — and shift political power to Republican areas.

National: Is This the Year for a Redistricting Revolution? | The Atlantic

Barack Obama and Arnold Schwarzenegger agree: Neither thinks Donald Trump has any business being anywhere near the White House, but the main political issue they’re going to focus on for the next two years is redistricting reform. The clock is ticking. The 2020 census, and the nationwide 2021 redistricting right after, are around the corner. Deadlines for ballot initiatives and legislation are already on the horizon for some states to change their procedures before then. Meanwhile, the Supreme Court could soon take up a case that would gut most of the efforts at redistricting reform that have, over the past 10 years, changed how states draw the maps that determine who runs where for Congress and their own legislatures.

National: The Shutdown Is Doing Lasting Damage to National Security | The Atlantic

As the longest government shutdown in American history drags on, it’s not just hurting the morale of America’s federal workforce and the broader American economy. It’s hurting our national security. Some of the damage is already plainly apparent—but in four crucial ways, its harms will persist long after the government reopens. We’re beginning to see indicators of short-term national- and homeland-security vulnerabilities. Airports are short on screeners; thousands of FBI agents, analysts, and staff are on furlough; and our government’s newest cybersecurity unit had barely launched before half of its staff was furloughed. Each of these lapses may cause specific problems: Dangerous weapons may slip through security, endangering the flying public; investigative leads may suffer from inattention, causing investigations of federal crimes to be delayed or go unfinished; and recent efforts to improve federal cybersecurity may be stopped before they ever really started. Moreover, given the importance this administration purports to place on immigration enforcement and border security, the irony of the Department of Homeland Security’s border agents and immigration officials not being compensated to perform their important work is hard to miss.

National: ‘Abandoned’ .gov websites malfunction during US shutdown | E&T Magazine

Dozens of federal websites are malfunctioning due to their security certificates expiring during the weeks-long US government shutdown, Buzzfeed News has reported. In the US, a government shutdown occurs when Congress or the President does not approve appropriations or resolutions for funding federal operations and agencies. The current government shutdown has arisen out of the House of Representatives’ refusal to grant $5.7bn (£4.5bn) in federal funds to build a US-Mexico border wall and President Donald Trump’s refusal to accept any bill that does not provide the funds. Trump memorably claimed during his election campaign that “Mexico will pay” for the border wall; the Mexican government has declined to do so. The government shutdown is well into its third week, making it the longest-running government shutdown in the US history. During the shutdown, approximately 400,000 federal workers remain without pay until the government reopens, while many others are required to continue to perform essential work without pay.

National: Incoming NASS leader rejects Democrats’ election security bill | Politico

The next president of the NASS has strong words for House Democrats considering a range of election security measures: Butt out. H.R. 1, a Democratic grab-bag bill with election security provisions, “seems to be a huge federal overreach,” Iowa Secretary of State Paul Pate told POLITICO. “No matter how well-intentioned, the provisions of the bill give the authority of overseeing and conducting elections and voter registration to the federal government.” (In fact, the bill would not do this.) Pate’s remarks, first reported by National Journal, mirror comments by former Georgia Secretary of State Paul Kemp in August 2016. Pate cited NASS’s long-standing opposition to federal mandates for election procedures — in October, the group warned against tying federal funds to regulations — and said state election offices like his are “better prepared than the federal government to determine what is right for their residents.” Despite Pate’s suggestion that “our country’s legal and historical distinctions in federal and state sovereignty” invest states with the exclusive authority to regulate elections, Article I Section 4 of the Constitution empowers Congress to “at any time by Law make or alter” election processes.

National: F.B.I. Opened Inquiry Into Whether Trump Was Secretly Working on Behalf of Russia | The New York Times

In the days after President Trump fired James B. Comey as F.B.I. director, law enforcement officials became so concerned by the president’s behavior that they began investigating whether he had been working on behalf of Russia against American interests, according to former law enforcement officials and others familiar with the investigation. The inquiry carried explosive implications. Counterintelligence investigators had to consider whether the president’s own actions constituted a possible threat to national security. Agents also sought to determine whether Mr. Trump was knowingly working for Russia or had unwittingly fallen under Moscow’s influence.

National: Trump has hidden details of his encounters with Putin from White House officials | The Independent

President Donald Trump has gone to extraordinary lengths to conceal details of his conversations with Russian President Vladimir Putin, including on at least one occasion taking possession of the notes of his own interpreter and instructing the linguist not to discuss what had transpired with other administration officials, current and former US officials said. Mr Trump did so after a meeting with Putin in 2017 in Hamburg that was also attended by then-Secretary of State Rex Tillerson. US officials learned of Mr Trump’s actions when a White House adviser and a senior State Department official sought information from the interpreter beyond a readout shared by Mr Tillerson. The constraints that Mr Trump imposed are part of a broader pattern by the president of shielding his communications with Mr Putin from public scrutiny and preventing even high-ranking officials in his own administration from fully knowing what he has told one of the United States’ main adversaries.

National: The Collusion With Russia Is in Plain Sight | The Atlantic

Perhaps even President Donald Trump is susceptible to the emotionalism of Beethoven’s Ninth Symphony. He listened to the piece surrounded by his fellow G20 summiteers, the leaders of the world who had gathered in Germany in the summer of 2017. Sitting in a balcony, he leaned forward and seemed to listen intently to jocular chitchat from the Macrons. A good rendition of the Ninth—and it’s hard to top the Hamburg Philharmonic—is the musical equivalent of a venti Red Eye, a thunderous jolt to the circulatory system. When Trump joined his colleagues for a post-concert dinner, he seemed unable to stay put in his chair. More specifically, he roamed the banquet hall and gravitated to an empty chair next to Russian President Vladimir Putin. This was likely not a maneuver that Trump had discussed with his aides in advance. Protocol permitted him to bring one translator to dinner—and his interpreter of choice spoke Japanese. Part of the peril of the improvised conversation was Putin’s cunning, his skill at rewriting reality by cleverly insisting on his own pattern of facts. There was also Trump’s strange tendency to genuflect in the direction of the Russian leader.

National: Here are the big election security measures in the House Democrats’ massive new bill | CyberScoop

A giant bill House Democrats proposed on Friday includes a number of measures aimed at improving election security and voter confidence. The measures in H.R. 1 draw on provisions from several bills that were proposed but failed since the 2016 election, which experts and officials concluded was targeted by a Russian-led influence operation. Key features include a requirement that federal elections be conducted with paper ballots that can be counted by hand or optical scanners, new grants that states and municipalities can use to improve and upgrade equipment, an incident reporting requirement for election system vendors and a number of other measures meant to keep election systems’ security up-to-date. Election security experts have criticized paperless voting machines because of their vulnerability to tampering with little recourse, since they produce no auditable paper trail of each vote. Such machines were used to some extent in more than a dozen states in the recent midterm elections, according to Verified Voting. In South Carolina and Georgia, voters sued the government under the premise that their votes aren’t being properly counted with paperless machines. The bill, also called the “For the People Act,” would statutorily do away with these machines for federal elections by 2022.

National: Trump Campaign in Legal Jeopardy Over Manafort’s Sharing Data with Russian Agent | Just Security

According to a court filing earlier this week, former 2016 Trump campaign chairman Paul Manafort shared presidential campaign polling data with Konstantin Kilimnik, a Russian citizen with ties to Russian intelligence. If the data Manafort shared with Kilimnik was used to materially guide spending by Russian nationals to influence the 2016 presidential election, then the Trump campaign seemingly received an “in-kind contribution” from the Russian nationals in the form of “coordinated expenditures” in violation of multiple federal campaign finance laws. A key link in the “coordination” here is the revelation of Manafort’s actions. U.S. campaign finance law for decades has provided that any expenditure “made by any person in cooperation, consultation, or concert, with, or at the request or suggestion of, a candidate, his authorized political committees, or their agents” is considered a contribution to such candidate subject to contribution limits. … Early in 2017, the U.S. intelligence community concluded that the Russian government had conducted an influence campaign in the U.S. 2016 presidential election, including through “overt propaganda.”

National: Democrats are more concerned about election security than Republicans, survey finds | The Washington Post

Democrats are far more concerned than Republicans that a foreign power will tamper with U.S. elections and they’re more cynical about the government’s ability to respond to a major cyberattack, according to a Pew Research Center survey released Wednesday. That partisan divide on basic cybersecurity questions is a troubling signal that government’s handling of an issue officials have called a greater threat than terrorism will be hampered by the sort of partisan bickering that has bedeviled health care, immigration and other topics, experts said. A whopping 87 percent of Democrats believe a hostile power will tamper with U.S. elections compared with 66 percent of Republicans. And just 47 percent of Democrats believe the U.S. government is prepared to deal with a major cyberattack according to Pew, compared with 61 percent of Republicans.

National: Gerrymandering lawsuits linger as next redistricting nears | Associated Press

As the 2019 state legislative sessions get underway, a busy year of legal battles also is beginning over lingering allegations that hundreds of electoral districts across the country were illegally drawn to the disadvantage of particular voters or political parties. First up was a court hearing Thursday in Virginia, where a federal judicial panel reviewed several proposals from an outside expert to redraw some state House districts. The court had previously determined that those districts were racially gerrymandered. The expert, University of California, Irvine political science professor Bernard Grofman, answered questions about his revisions. “My focus was on remedying constitutional infirmities,” he said.

National: Cybersecurity may suffer as shutdown persists | Roll Call

The partial government shutdown may be making some key federal departments and agencies running with skeletal staffs more vulnerable to cybersecurity breaches, experts said. Meanwhile, the House Homeland Security Committee, which oversees the Department of Homeland Security, said it remains in the dark about how the shutdown has affected the department’s mission to safeguard critical infrastructure from cyberattacks. “With so many cyber activities reliant on highly skilled contractors required to augment government personnel, government shutdowns significantly degrade the ability of the government function to meet all of their cyber mission requirements,” said Greg Touhill, president of Cyxtera Federal, a company that provides cybersecurity services to the federal government.

National: Court allows Republicans to pursue “ballot security” measures aimed at minority voters | Salon

federal court decision may open the door for the Republican National Committee to bring back “ballot security” measures allegedly designed to intimidate minority voters. The 3rd Circuit Court of Appeals on Monday upheld a district court decision that ended a longstanding order banning the RNC from using “ballot security” measures that have been seen as suppressing minority voters. With President Trump having taken over the RNC ahead of the 2020 election, voting rights advocates are concerned that Republicans will ramp up suppression efforts in the president’s re-election fight. The order had been in place since 1982, after the Democratic National Committee sued the RNC over “ballot security” measures the DNC claimed had “attempted to intimidate the minority voters” in a New Jersey gubernatorial election and violated the Voting Rights Act.

National: Donald Trump’s team had 100 contacts with Russian-linked officials: report | USA Today

Members of President Donald Trump’s campaign and transition team had more than 100 contacts with Russian-linked officials, according to a new report. The milestone illustrates the deep ties between members of Trump’s circle and the Kremlin. The findings, tracked by the Center for American Progress and its Moscow Project, come amid reports that special counsel Robert Mueller is nearing the conclusion of the two-year investigation into Russian collusion in the 2016 election and possible obstruction of justice by the president. “This wasn’t just one email or call, or one this or that,” said Talia Dessel, a research analyst for the left-leaning organization. “Over 100 contacts is really significant because you don’t just have 100 contacts with a foreign power if there’s nothing going on there.” The organization used publicly available court documents and reporting to tally up the number of contacts. Each meeting and message was counted as a separate contact.

National: American Statistical Association endorses post-election audits principles | EurekAlert

The American Statistical Association Board of Directors announces its endorsement of Principles and Best Practices for Post-Election Tabulation Audits. The December 2018 document–which updates a 2008 document with the latest statistical research and best practices–“is meant to provide guidance to relevant legislative bodies, state and local election administrators and vendors…” because a “healthy democracy requires widespread trust in elections… [and] people need to be sure that the official election outcomes match the will of the voters.” Imagine someone counted hundreds of blue, red and white marbles in a bag and concluded there are many more red marbles than blue marbles. How can you trust that conclusion? You could dump out the marbles and count each one. Or you could use statistics to do the job faster.