National: More Government Websites Encrypt as Google Chrome Warns Users Non-HTTPS Sites are ‘Not Secure’ | Goverment Technology

Google Chrome, the most widely used Internet browser, has officially started warning users that unencrypted Web pages are “not secure.” Among those “not secure,” as of Aug. 9: The front pages of the official government websites for 14 states and four of the nation’s 10 most populous cities. Encryption — most easily represented with an “HTTPS” rather than “HTTP” in front of a site’s Web address — is the practice of encoding data traveling between a website and its visitor so that any third parties who are able to peek into the data don’t know what’s happening. With encryption, users can reasonably expect that their connection is private. Without it, bad actors can do things like steal information and change a Web page’s content without the user realizing it. It has become more or less the standard for the Internet. According to Google, 93 percent of Web traffic on Chrome takes place on encrypted pages. The tech giant started labeling non-HTTPS pages as “not secure” to push laggards toward encryption.

National: U.S. census citizenship question panned by scientists, civil rights groups | Reuters

As the U.S. government closed a public comment period on Wednesday on its plans for the 2020 census, scientists, philanthropists and civil rights groups used the occasion to again criticize plans to include a question about U.S. citizenship. The comment period gave any member of the public a chance to comment on aspects of the census which is a mandatory, once-a-decade count of the U.S. population that next occurs in April 2020. The comments have not yet been published, but some groups and individuals reinforced their opposition to the Trump administration’s plan to ask census respondents whether they are U.S. citizens.

National: Michael McCaul presses Senate to pass critical bipartisan cyber and election security legislation | Washington Times

Warning of continuing threats to U.S. interests across cyberspace, House Homeland Security Chairman Rep. Michael McCaul on Wednesday again urged the Senate to pass legislation intended to rename and reorganize the Department of Homeland Security’s primary cyber protection wing. The proposal, which the House passed in December, would streamline DHS’s primary operation currently overseeing the defense of federal networks and U.S. critical infrastructure from cyber threats, known as the National Protection and Programs Directorate (NPPD). The bill creates a stand-alone organization for that mission with a more logical name, the Cybersecurity and Infrastructure Security Agency (CISA).

National: Trump team isn’t doing enough to deter Russian cyberattacks, according to our panel of security experts | The Washington Post

The White House insists that it’s mounting a robust response to digital offensives against election systems and other critical infrastructure. We asked The Network, a panel of more than 100 cybersecurity leaders from government, academia and the private sector, to share their opinions in our ongoing, informal survey. (You can see the full list of experts here. Some were granted anonymity in exchange for their participation.) Our survey revealed broad doubts among experts about the country’s deterrence strategy, after President Trump chose not to back the U.S. intelligence community’s conclusions that Moscow directed the cyberattacks aimed at disrupting the 2016 presidential election at a July press conference with Russian President Vladimir Putin.

National: “A Horrifically Bad Idea”: Smartphone Voting Is Coming, Just in Time for the Midterms | Vanity Fair

Almost a year ago, the Department of Homeland Security alerted roughly half of all U.S. states that their election systems had been the targets of hackers linked to Russia. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, later confirmed the attacks. “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,” she told NBC News in February. Even worse, experts have warned that Russia’s attempts at meddling did not end in 2016. “They’re still very active—in making preparations, at least—to influence public opinion again,” Feike Hacquebord, a security researcher at Trend Micro, told the Associated Press in January. The Trump administration, meanwhile, is doing painfully little to prevent future attacks. The president’s repeated denials of Russian meddling is another form of malign neglect. With less than three months to go until Americans return to the polls en masse, the United States remains deeply vulnerable to any hackers who might like to cast a vote of their own.  Enter Voatz. With a name reminiscent of a plot device in Idiocracy, Voatz is a mobile election-voting-software start-up that wants to let you vote from your phone. In the upcoming midterm elections, West Virginians serving overseas will be the first in the U.S. to be able to vote via a smartphone app using Voatz technology, CNN reported Monday. The Boston-based company raised $2.2 million earlier this year, helped along by buzzwords such as “biometrics” and “blockchain,” which it claims allows it to secure the voting process. Its app reportedly requires voters to take and upload a picture of their government-issued I.D., along with a selfie-style video of their face, which facial-recognition technology then uses to ensure the person pictured in the I.D. and the person entering a vote are the same. The ballots are anonymized and recorded on the blockchain.

National: States have a lot of work to do on cybersecurity, and they shouldn’t wait for kids to find the problems | Washington Examiner

Today in Michigan, Ohio, Kansas, Washington, and Missouri, voters head to the polls to vote in primaries. But how safe are state websites with voter information? If you ask the organizers of the kids’ program at DEFCON, the answer is, so unsafe that a kid could probably figure out how to hack it. DEFCON, a top tier cybersecurity conference, has a program for kids called “r00tz,” and this year, part of the agenda is to have them hack replicas of state elections websites. The goal of the event is to both teach the participants basics of hacking, but also scare states into taking action to safeguard web security.

National: Hackers Already Attacking Midterm Elections, Raising U.S. Alarms | Bloomberg

The U.S. midterm elections are at increasing risk of interference by foreign adversaries led by Russia, and cybersecurity experts warn the Trump administration isn’t adequately defending against the meddling. At stake is control of the U.S. Congress. The risks range from social media campaigns intended to fool American voters to sophisticated computer hacking that could change the tabulation of votes. At least three congressional candidates have already been hit with phishing attacks that strongly resemble Russian sabotage in the 2016 campaign. Among them was Senator Claire McCaskill, a Missouri Democrat in one of the year’s most hotly contested races.

National: Cyberattacks Haven’t Stopped but Neither Have Bills to Fight Them | Nextgov

When they took the podium at Thursday’s White House press briefing, national security and intelligence chiefs had one resounding message for the American people: The country is still under attack. “Russia attempted to interfere with the last election and continues to engage in malign influence operations to this day,” said FBI Director Christopher Wray. “This is a threat we need to take extremely seriously and to tackle and respond to with fierce determination and focus.” Wray was joined by Director of National Intelligence Dan Coats, Homeland Security Secretary Kirstjen Nielsen, National Security Agency chief Gen. Paul Nakasone and National Security Adviser John Bolton, all of whom reiterated their commitment to defending against foreign influence campaigns. The briefing came the day after internet researchers urged the government to take more targeted actions against online misinformation campaigns at a Senate Intelligence Committee hearing.

National: Amid cybersecurity fears, tech firms are offering to help secure the U.S. elections for free or at a discount | Fast Company

American democracy is under attack, with foreign spies and trolls throwing wrenches into the workings of U.S. elections—be it attempts to hack candidate websites, scramble voter rolls, or spread fake news on social media platforms. While Washington bickers about whether it’s spending enough on security upgrades ($380 million has been allocated, with Democrats repeatedly asking for more), the overtaxed cities and counties that actually run the polls are scrambling to catch up. Although Silicon Valley has come under fire for its role in recent elections around the world, enabling the social media vandalism of 2016, for instance, several tech firms are now stepping up to boost election security with free or discounted services. “We saw that tech was being used to undermine elections. And the question was, could we be a tech company that was helping to provide our services to help support those elections?” says Matthew Prince, CEO of the content-delivery network and security service Cloudflare.

National: The 2020 census could be a prime target for hackers | The Washington Post

The Census Bureau is trying to quell concerns that it’s not prepared to protect Americans’ data from cyber intrusions when it conducts the first fully digital census in 2020. Kevin Smith, the Census Bureau’s chief information officer, used a little-publicized quarterly meeting Friday to explain how the agency is working with the Department of Homeland Security and using tools such as encryption to safeguard the troves of information it will gather in the next population count. “I want to stress that protection of the data we collect is census’s highest priority,” he said. Smith outlined some fairly basic steps, which are unlikely to satisfy a growing group of critics who say the bureau has for months avoided answering questions about its cybersecurity preparations. These critics, including members of the House Oversight Committee and former senior national security officials, argue the bureau, which is part the Commerce Department, has fallen behind on important equipment tests and left the public in the dark about whether it had implemented even minimal cybersecurity practices. They want more transparency at a time when Russian election hacks and other data breaches are increasingly putting Americans’ personal information at risk.

National: Judge Shuts Down Multimillion-Dollar Loophole In Election Law | NPR

A widely used loophole for funneling secret “dark money” into political ads closed quietly last weekend, as a federal judge concluded it thwarted Congress’ intent to have broad disclosure of political money. Chief Judge Beryl Howell, of the U.S. District Court for the District of Columbia, threw out a regulation adopted by the Federal Election Commission in 1980. The rule said that “non-political” groups, such as 501(c) nonprofit organizations, could ignore a disclosure law if donors’ contributions were earmarked for specific advertisements — an exception that wasn’t in the law passed by Congress. Howell’s decision was issued Friday evening.

National: Kris Kobach used flawed research to defend Trump’s voter fraud panel, experts say | The Washington Post

After Matthew Dunlap, one of the members of President Trump’s disbanded voting fraud panel, released documents from the commission showing that it had failed to turn up any evidence of widespread voter fraud last week, the panel’s vice chair, Kansas Secretary of State Kris Kobach, made his case for the commission’s existence. One of the foremost proponents of stricter voter identification laws, Kobach, who is running in the primary Tuesday for the Republican nomination for the state’s governorship, has been undeterred since a federal judge struck down a restrictive voting law he had advocated for in the state. And in a statement sent to The Washington Post, Kobach accused Dunlap of being “willfully blind to the voter fraud in front of his nose,” pointing to studies from two conservative groups about the supposed voter fraud that he has been so vocal about: a database from the Heritage Foundation that found 983 convictions in state, local and federal elections dating back decades, and a study from the Government Accountability Institute, a nonprofit founded by Stephen K. Bannon and another Breitbart editor, that purported to find 8,400 instances of double voting in the 2016 election.

National: Homeless Americans Can Vote, But It Isn’t Easy | HowStuffWorks

If voting is the cornerstone of American democracy, then why does it have to be such a pain? Election Day in the U.S. is always a Tuesday, smack in the middle of the work week. If you move to a new state or county, you need to re-register. State voter ID requirements change all the time, so you could show up to a polling station, wait in line and still get blocked from voting. Now imagine that you’re homeless in America. You move so frequently that it’s nearly impossible to maintain a stable mailing address. You’ve never had a driver’s license and your Social Security card was lost years ago. You can’t afford transportation to the county elections office or your local polling place. And frankly, you have a lot more pressing problems than registering to vote. So, while homeless people have every right to vote in U.S. elections (and may want to if only to influence policy on housing and poverty), the obstacles to successfully registering and voting while homeless can be insurmountable.

National: Local Officials Call Federal Election Funds ‘A 10-Cent Solution To A $25 Problem’ | WGBH

States across the country are in the process of receiving grants from the federal government to secure their voting systems. Earlier this year Congress approved $380 million in grants for states to improve election technology and “make certain election security improvements.” But how states use that money is up to them. In Texas, officials say they want to use the bulk of their grant to secure the state’s voter registration database. According to federal officials, Russians tried to hack a Texas election website in 2016. Dana Debeauvoir, who runs elections in Austin, Texas, as the Travis County clerk, says running elections has become increasingly more expensive and technologically complicated. She says she cast her first ballot on a lever machine — a big metal box with a bunch of tiny metal handles voters crank to select the candidate of their choice. These machines, and others, were banned by Congress when lawmakers passed the Help America Vote Act in 2002. “So they are now no longer used — also right along with punch card voting,” Debeauvoir says.

National: Trump’s ‘bizarre’ voter fraud panel found none, former member Matthew Dunlap says | The Washington Post

Maine Secretary of State Matthew Dunlap, one of the 11 members of the commission formed by President Trump to investigate supposed voter fraud, issued a scathing rebuke of the disbanded panel on Friday, accusing Vice Chair Kris Kobach and the White House of making false statements and saying that he had concluded that the panel had been set up to try to validate the president’s baseless claims about fraudulent votes in the 2016 election. Dunlap, one of four Democrats on the panel, made the statements in a report he sent to the commission’s two leaders — Vice President Pence and Kobach, who is Kansas’s secretary of state — after reviewing more than 8,000 documents from the group’s work, which he acquired only after a legal fight despite his participation on the panel. Before it was disbanded by Trump in January, the panel had never presented any findings or evidence of widespread voter fraud. But the White House claimed at the time that it had shut down the commission despite “substantial evidence of voter fraud” due to the mounting legal challenges it faced from states. Kobach, too, spoke around that time about how “some people on the left were getting uncomfortable about how much we were finding out.” 

National: Trump’s voter fraud claim untrue, election official says | USA Today

There’s no proof to support President Donald Trump’s repeated claims of widespread voter fraud during the 2016 election, according to a member of the disbanded commission set up to examine abuse at the ballot box. Maine Secretary of State Matthew Dunlap, who sat on the Presidential Advisory Commission on Election Integrity, wrote Friday that a review of documents shows the panel’s evidence of voter fraud is “glaringly empty.” Dunlap said the documents confirmed the commission’s “troubling bias” that assumed widespread fraud going into the review before any data had been collected.

National: Red state and GOP efforts to purge voter rolls have been stymied | Salon

As a key deadline approaches next week on updating statewide voter rolls before the November election, it appears a controversial data-mining operation mostly used by red states to purge legitimate voters is withering, or at least dormant, in 2018. The Interstate Voter Registration Crosscheck program, known as Crosscheck, has been blasted in the press, academia,legal briefs, and federal court rulings for sloppy analytics that generate tens or hundreds of thousands of suspected duplicate voter registrations in member states. (It uses few data specifics, including common names, producing false positives.) Some of those states have used Crosscheck’s analyses to turn a bland voter roll bookkeeping process (removing dead people, people who moved) into a partisan cudgel. This June, a federal district court issued a restraining order against Indiana election officials to not use Crosscheck to prematurely purge its voter rolls.

National: Democratic House candidate claims Russians tried to hack campaign website | The Hill

The Democrat challenging Rep. Martha Roby (R) for her Alabama House seat says that her campaign website faced more than 1,400 hacking attempts, most of them from Russia. Tabitha Isner told Business Insider that the attempts were first brought to her attention when the company that she uses to host her website advised her to upgrade her services because of a spike in traffic. That’s when she had her web administrator examine the uptick, she told the news outlet. The web administrator, Kristopher Vilamaa, said that when he looked into it, he discovered that many Russian IP addresses had been blocked from the site.

National: Why the Government Wants to Know Your Citizenship Status | The New York Times

Are you an American citizen? The Trump administration really wants to know. In March, it added to the 2020 census a question asking people, for the first time in more than half a century, about their citizenship status. Administration officials have claimed, in public and before Congress, that the Justice Department needs the question answered in order to properly enforce the Voting Rights Act. But late last month, the government turned over a batch of emails as part of a federal lawsuit that casts significant doubt on those claims. The push to include the question has also set off concerns about the way such data might be used in the next decennial redistricting cycle, which begins in 2021. For perspective, the editorial board spoke with Vanita Gupta, president of the Leadership Conference on Civil and Human Rights, a coalition of groups that is opposing the citizenship question. From 2014 to 2017, Ms. Gupta served as the acting head of the Justice Department’s civil rights division. The new documents give us evidence in black and white of something that many of us already suspected to be the case: The rationale that the Justice Department needs to go door-to-door to find out who is a citizen in order to enforce the Voting Rights Act is obviously a ruse.

National: DEF CON plans to show US election hacking is so easy kids can do it | The Register

DEF CON Last year, the hackers at DEF CON showed how shockingly easy it was to crack into voting machine software and hardware. Next week, the 2018 conference’s Vote Hacking Village will let kids have a shot at subverting democracy. Beginning on Friday, August 10, teams in three age ranges, 8-11, 12-14 and 15-16, will be let loose on replica American government websites that report election results. In elections in the Ukraine and Ghana, these were hacked to spread confusion about the voting process and its results – and the village’s organizers hope the youngsters can do the same with US-style tech. “It’s just so easy to hack these websites we thought the grown-up hackers in the vote hacking village wouldn’t find it interesting,” Jake Braun, cofounder of the Vote Hacking Village and executive director of the University of Chicago Cyber Policy Initiative, told The Register. “When I was discussing it with a colleague, they noted ‘it would be child’s play’ and I said ‘good f**king point!’ and started planning the event with the Capture the Packet crew and the r00tz Asylum group, which trains young hackers.”

National: Russia Is ‘Keyboard Click’ From Major Election Hack, Coats Warns | Bloomberg

Russian efforts to interfere in upcoming U.S. midterm elections have yet to reach the intensity of the Kremlin’s campaign to disrupt the 2016 presidential vote, but they’re only “a keyboard click away” from a more serious attack, Director of National Intelligence Dan Coats said. “We have not seen that kind of robust campaign from them so far,” Coats said in a briefing at the White House on Thursday. Coats was among five top national security leaders — including National Security Adviser John Bolton, FBI Director Christopher Wray, Homeland Security Secretary Kirstjen Nielsen and General Paul Nakasone, director of the National Security Agency — who blasted Russian efforts to interfere in U.S. elections. The White House is looking to tamp down criticism that President Donald Trump has appeared reluctant to hold Russia accountable for election tampering. He provoked an uproar at the July summit with Vladimir Putin in Helsinki by casting doubt on U.S. intelligence findings that Russia interfered in the 2016 election.

National: How the U.S. Is Fighting Russian Election Interference | The New York Times

Senior Trump administration officials warned on Thursday that Russia is trying to interfere in November’s midterm elections and the 2020 presidential election and vowed to combat Moscow’s aggression. The high-profile alarm sounded at the daily White House briefing was striking for the officials’ unequivocal warnings, a departure from President Trump’s fumbling acknowledgments that Moscow undertook an influence campaign in 2016 to exploit partisan divisions in the American electorate and sow discord. “This is a threat we need to take extremely seriously and to tackle and respond to with fierce determination and focus,” said the F.B.I. director, Christopher A. Wray. 

National: Facebook Grapples With a Maturing Adversary in Election Meddling | The New York Times

They covered their tracks, using software to camouflage their internet traffic. They created Facebook pages for anti-Trump culture warriors, Hispanic activists and fans of alternative medicine. And they organized protests in coordination with real-world political groups. The people behind an influence campaign ahead of this year’s elections, which Facebook disclosed on Tuesday, copied enough of the tactics used by Russians in the 2016 races to raise suspicion that Russia was at it again. But the new efforts also revealed signs of a maturing adversary, adapting and evolving to better disguise itself, while also better imitating real activists. The coordinated activity — a collection of memes, photos and posts on issues like feminist empowerment, indigenous rights and the Immigration and Customs Enforcement agency — show the enormity of the challenge ahead of Facebook, as it tries to weed out impersonators. As the forces behind the accounts become harder to detect, the company is left to separate the ordinary rants and raves of legitimate users from coordinated, possibly state-backed attempts to sway public opinion.

National: Trump knocked by both parties as not doing securing US elections | Associated Press

As alarms blare about Russian interference in U.S. elections, the Trump administration is facing criticism that it has no clear national strategy to protect the country during the upcoming midterms and beyond. Both Republicans and Democrats have criticized the administration’s response as fragmented, without enough coordination across federal agencies. And with the midterms just three months away, critics are calling on President Donald Trump to take a stronger stand on an issue critical to American democracy. “There’s clearly not enough leadership from the top. This is a moment to move,” said Maryland Sen. Chris Van Hollen, head of the Democratic Senatorial Campaign Committee. “I don’t think they are doing nearly enough.”

National: The DNC Enlists Kids in Its Fight Against Hackers | WIRED

Voting systems in the United States are so woefully hackable, even an 8-year-old could do it. At least, that’s the conceit of a competition cosponsored by the Democratic National Committee at next week’s Def Con hacker conference in Las Vegas. The contest will include children, ages 8 to 16, who will be tasked with penetrating replicas of the websites that secretaries of state across the country use to publish election results. They’ll vie for $2,500 in prize money, $500 of which will come from the DNC and be awarded to the child who comes up with the best defensive strategy for states around the country. The DNC’s chief technology officer, Raffi Krikorian, says he was inspired to team up with Def Con after scoping out an event at last year’s conference called Voting Village, where attendees—grown-ups this time—got to hack into various models of voting machines and find flaws. “We wanted to figure out how we could use this to our advantage,” Krikorian tells WIRED. “Let’s get those lessons back to secretaries of state.”

National: Senate Republicans block additional funding for election security | FCW

Senate Republicans successfully beat back another attempt by Democrats to extend hundreds of millions of dollars in grant funding to assist states and localities looking to upgrade the security of their election systems. Sen. Patrick Leahy (D-Vt.) introduced an amendment to “minibus” appropriations legislation that would have allocated $250 million in federal funding to replace outdated and insecure voting machines, provide security training for election workers, upgrade voter registration software and fund other state and local initiatives related to election security. Sen. James Lankford (R-Okla.), one of the original co-sponsors of the Secure Elections Act that initially proposed grant funding to states, took to the floor to oppose the amendment. Lankford said he was opposing the measure because Congress voted in favor of giving $380 million to states earlier this year.

National: As midterm elections approach, a growing concern that the nation is not protected from Russian interference | The Washington Post

Two years after Russia interfered in the American presidential campaign, the nation has done little to protect itself against a renewed effort to influence voters in the coming congressional midterm elections, according to lawmakers and independent analysts. They say that voting systems are more secure against hackers, thanks to action at the federal and state levels — and that the Russians have not targeted those systems to the degree they did in 2016. But Russian efforts to manipulate U.S. voters through misleading social media postings are likely to have grown more sophisticated and harder to detect, and there is not a sufficiently strong government strategy to combat information warfare against the United States, outside experts said. Despite Facebook’s revelation this week that it had closed down 32 phony pages and profiles that were part of a coordinated campaign, technology companies in general have struggled to curb the flow of disinformation and hacking and have received little guidance from the U.S. government on how to do so.

National: On the Ballot in Some States Ahead of 2020: The Right to Vote | Wall Street Journal

Voters will get the chance this fall to expand or limit access to the polls in a wave of ballot initiatives ahead of the 2020 presidential election. Seven states have ballot measures this year involving election rules, such as ID requirements and easier registration, the National Conference of State Legislatures said. Maine voters already approved a measure, and Michigan could join the fray if a campaign clears a signature hurdle. Together, that equals the number of similar ballot measures from 2014 and 2016 combined, according to NCSL. “This entire decade has been roiling with concerns on both sides—integrity and access—to voting rights,” said Wendy Underhill, director of elections and redistricting at NCSL.

National: Senate rejects additional election security spending even as experts warn of growing foreign threat | ABC

Even as experts on cybersecurity and foreign interference told lawmakers Wednesday that the threat from Russia and other states seeking to influence American democracy is getting worse, the Senate failed to approve $250 million for state election security in the coming fiscal year. The specialists were testifying about the threat specifically as it relates to social media, but they were arguing that the U.S. government needs to mount a more aggressive and comprehensive approach to counter threats from foreign governments’ efforts to undermine U.S. institutions including elections. “As we focus on the past, we are missing what is happening and what will happen again,” Laura Rosenberger, director of the Alliance for Securing Democracy and a fellow at the German Marshall Fund, told the Senate Intelligence Committee.

National: The Government Needs Better Data to Stop Election Meddling | Nextgov

Online platforms need to be more transparent with government to help fight increasingly sophisticated online misinformation campaigns led by Russia and other adversaries, social media experts and internet analysts told lawmakers on Wednesday. Government leaders must also make it clear to adversaries there will be consequences if they attempt to disrupt elections, they said. Nearly two years after officials first uncovered Russia’s attempts to meddle in the U.S. election, the conversation on Capitol Hill is shifting away from what happened in 2016 to how to stop similar campaigns in the years ahead. In their testimony before the Senate Intelligence Committee, witnesses said Russian attempts to influence American politics continue even today and the government has a responsibility to lessen the impact of information warfare on society. They said that role could include alerting the public when influence attempts are uncovered, deterring foreign leaders from engaging in such campaigns and identifying potential threats in new technologies like artificial intelligence before bad actors can exploit them.