National: Experts: Switch Off Wi-Fi and Ditch Paperless Voting Machines | Infosecurity Magazine

A bipartisan group of former state election specialists, intelligence officials and voting experts have urged local state officials to ditch paperless voting machines as part of a $380m security overhaul. The funds were released by Congress to help states upgrade their election systems in the wake of Russian cyber-attacks ahead of the 2016 presidential election. The Department of Homeland Security (DHS) claimed last year that a total of 21 state systems were targeted by Kremlin hackers ahead of the election. Although actual compromises were confined to a small number of states, there are fears that the hackers will use the intelligence they gained to potentially cause greater disruption next time around.

National: Senate panel to examine Trump officials’ election security efforts | The Hill

The Senate Homeland Security Committee will meet Tuesday to examine the federal government’s cyber mission, focusing in part on work to secure election systems from cyberattacks, according to opening remarks from Chairman Ron Johnson (R-Wis.). Lawmakers will have the opportunity to question a top cyber official at the Department of Homeland Security who is leading efforts to provide cyber vulnerability scans of election systems and other services to states that request them. “The midterm elections are fast approaching, and I am glad to see the Administration and DHS working diligently to engage with the states, election agencies, and election service providers,” Johnson will say, according to a copy of his planned remarks obtained by The Hill.

National: Senators chart path forward on election security bill | The Hill

Senators are working to again revise legislation designed to help guard digital voting infrastructure from cyberattacks after meeting with state officials. Sen. James Lankford (R-Okla.) told The Hill that he expects to work out the final details of the bill within “weeks,” after state election officials expressed some remaining concerns with the current version. Lankford and a slate of bipartisan co-sponsors originally introduced the legislation, called the Secure Elections Act, last December, months after the Department of Homeland Security acknowledged that Russian hackers tried to break into voting systems in 21 states as part of a broader effort to interfere in the 2016 presidential election.

National: Voting Laws for Felons Can Be Hard to Follow. Here’s an Overview. | The New York Times

If a person is convicted of first-degree murder in the state of Vermont, he or she will retain the right to vote — even while incarcerated. But a person who commits perjury in Mississippi could be permanently barred from casting a ballot there. It is up to states — not the federal government — to say whether convicted felons can vote, and which ones, and when. So the rules for convicted criminals can change, sometimes drastically, from one state to the next. (The issue can be knotty within states, too: This past week, New York’s governor announced plans to sidestep a resistant State Legislature to give the vote to felons on parole.) It’s a lot to keep track of, but here’s an overview of where states stand — at least for now — on felons’ voting rights.

National: ‘Protecting our democracy’: DNC chair defends suit against Trump and Russia | The Guardian

Chairman Tom Perez on Sunday defended the Democratic National Committee’s decision to sue Russia, WikiLeaks and the Trump campaign over Russian election interference, saying the DNC was “protecting our democracy” and could “walk and chew gum” when it came to keeping its focus on the midterm elections. The multimillion-dollar civil suit was filed on Friday in federal court in the southern district of New York, claiming senior Trump officials conspired with the Russian government in an attempt to damage Hillary Clinton. The suit seeks damages for the hacking of DNC email servers.Donald Trump tweeted about the suit over the weekend, seemingly promising a legal counter move. “So funny, the Democrats have sued the Republicans for Winning,” he wrote on Saturday. “Now he [sic] R’s counter and force them to turn over a treasure trove of material, including Servers and Emails!” It was unclear why Republicans would sue to obtain Democratic party emails, many of which are already public owing to Russia-directed hacking that began in April 2016.

National: America Continues to Ignore the Risks of Election Hacking | The New Yorker

Last month, when Congress authorized three hundred and eighty million dollars to help states protect their voting systems from hacking, it was a public acknowledgement that, seven months out from the midterm elections, those systems remain vulnerable to attack. America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. “This guy—we randomly called him Rasputin—was in a high-profile forum in the darkest of the darkest of the darkest corner of the dark Web, where hackers and reverse engineers, ninety-nine per cent of them Russian, hang out,” Christopher Ahlberg, the C.E.O. of Recorded Future, told me. “There was someone from another country in the forum who implied he had a government background, and he wanted to get his hands on this stuff. That’s when we decided we would just buy it. So we did, and took it to the government”—the U.S. government—“and the sale ended up being thwarted.” (Ahlberg wouldn’t identify which government agency his company had turned the data over to. The E.A.C., in a statement, referred questions about “the investigation or information shared with the government by Recorded Future” to the F.B.I. The F.B.I., through a Justice Department spokesperson, declined to comment.)

National: Elections officials explore security options | GCN

Since elections were declared critical infrastructure nearly 17 months ago, state and local officials have been working to protect the integrity of the 2018 elections, but security holes in elections systems and voting equipment still exist. As part of the omnibus spending bill passed in March, Congress authorized $380 million in new Help America Vote Act funds to the states to help them secure elections systems in their counties and local jurisdictions. On April 17, the Elections Assistance Commission distributed the award packets to states along with instructions on how to apply for funding. States have 90 days to respond, and the funds must be used within five years. However, the new funding did not stop elections officials from asking for more support ahead of the 2018 elections at an April 18 EAC public forum.

National: Democratic Party Alleges Trump-Russia Conspiracy in New Lawsuit | The New York Times

The Democratic National Committee opened a surprise legal assault on President Trump on Friday, filing a lawsuit in federal court alleging that the organization was the victim of a conspiracy by Russian officials, the Trump campaign and WikiLeaks to damage Hillary Clinton’s presidential run. The 66-page complaint, filed in federal court in New York, uses the publicly known facts of the investigation into Russia’s election meddling to accuse Mr. Trump’s associates of illegally working with Russian intelligence agents to interfere with the outcome of the election. In the document, the committee accuses Republicans and the Russians of “an act of previously unimaginable treachery.”

National: First-of-its-kind forum on election security gathers state and local officials with Election Assistance Commission | CyberScoop

A top U.S. election official says that the allegations of Russian meddling in the 2016 presidential election came with a silver lining: At least we’re now focusing on election security. Christy McCormick, a member of the Election Assistance Commission, told a crowd of state and local election officials from across the country on Wednesday that the events of 2016 jump-started a focus on election security that was not as prominent before. “I know that election officials have always focused on these problems to some degree. Not so laserly focused on election security but I think this has brought this to the forefront for us in the last couple of years. So if there’s a good consequence to what happened, that is one of them,” McCormick said Wednesday at a public forum the EAC hosted in Miami to allow the state and local officials to discuss their election security plans ahead of upcoming elections.

National: Reducing Voters’ Paperwork Might Expand The Voter Rolls | NPR

Political brawls over voting laws have consumed states across the country for the past decade. But below the surface, a movement to automatically register eligible voters to vote is rapidly gaining traction. By next year, more than a quarter of all Americans will live in states where they no longer have to fill out registration forms in order to cast a ballot. The latest state to implement automatic voter registration is California, which had been scheduled to start on Monday although it’s been delayed while officials conduct more testing. Everyone who meets the legal requirements to vote in California will be automatically registered when they update their driver’s license or state ID at the Department of Motor Vehicles, a move that election officials expect will help move some of the more than 6 million eligible, but unregistered, residents onto the state’s voter rolls.

National: Prosecutors suspected Manafort was a ‘back channel’ between Trump campaign and Russia | Los Angeles Times

Paul Manafort, President Trump’s former campaign chairman, came under scrutiny by the special counsel because prosecutors suspected he might be a back channel between the Trump campaign and Russian efforts to interfere in the U.S. election, a Justice Department lawyer said Thursday. The disclosure came as lawyers for Manafort tried to convince a federal judge to throw out one of two federal cases against him, arguing that special counsel Robert S. Mueller III had no authority to hit him with criminal charges unrelated to the Russian meddling. An attorney for Mueller’s office, Michael Dreeben, told the court that the prosecution of Manafort’s alleged financial crimes arose because Manafort had “long-standing ties” to Russians, and investigators wanted to know if those connections provided a “back channel to Russia.”

National: Election security bill still needs work in some areas, state officials tell Senate sponsors | CyberScoop

Several secretaries of state are telling the main backers of a Senate election security bill that the legislation might need tweaks to how it addresses information sharing, state-federal communication channels, funding mechanisms and post-election audits, among other things. The secretaries, who are the top election officials in their states, met with bill sponsors James Lankford, R-Okla., and Amy Klobuchar, D-Minn., in person and via phone Monday to discuss the Secure Elections Act. The legislation is intended to bolster election security by smoothing out coordination between the state and federal levels and providing states financial support for operations and equipment upgrades. State secretaries from Indiana, Louisiana, Minnesota, Missouri, Colorado and New Mexico participated in the meeting.

National: Timing remains unclear for election-security legislative effort in Senate | InsideCyberSecurity.com

The Senate Rules Committee has yet to set timing for a hearing on election security legislation based on recommendations emanating from the Senate Intelligence Committee’s Russia probe, but plans to do so, according to new Rules Chairman Roy Blunt (R-MO). Blunt, who was elected as chairman last week, told Inside Cybersecurity Tuesday that “there will be a hearing at some point” on election security, although Blunt said “it is not scheduled yet.” Rule Committee ranking member Amy Klobuchar (D-MN), who is a co-sponsor on the Secure Elections Act, told Inside Cybersecurity that she “hopes” the election security hearing will take place “soon.” Klobuchar also said that she’s “really glad” that $380 million for the Election Assistance Commission to help states improve election systems was included in the recently passed $1.3 trillion fiscal 2018 omnibus spending bill. “It does take that immediate pressure off, but now we want to kind of use this momentum to get this done,” Klobuchar said.

National: Here’s how hackers could cause chaos in this year’s US midterm election | MIT Technology Review

On November 6, Americans will head to the polls to vote in the congressional midterm election. In the months before the contest, hordes of foreign hackers will head to their keyboards in a bid to influence its outcome. Their efforts will include trying to get inside the digital infrastructure that supports the electoral process. There’s a worrying precedent here. Last year, the Department of Homeland Security notified 21 states that Russian actors had targeted their election systems in the months leading up to the 2016 US presidential election. DHS officials said the Russians were mainly scanning computers and networks for security holes rather than taking advantage of any flaws that were discovered. Still, that’s no cause for complacency. Intelligence officials are already warning that Russia is intent on meddling in this year’s election too, and hackers from other countries hostile to the US could join in. This week, both DHS and the Federal Bureau of Investigation said Russia is laying the groundwork for broad cyberattacks against critical US infrastructure. Last year, the DHS designated voting technology as part of that vital framework.

National: DHS chief issues stern warning to Russia, others on election meddling, cyberattacks | The Hill

Homeland Security Secretary Kirstjen Nielsen issued a stern warning to Russia and other countries looking to meddle in future U.S. elections, saying that the U.S. government will consider all options “seen and unseen” for responding to malicious attacks in cyberspace. “The United States, as you know, possesses a spectrum of response options both seen and unseen, and we will use them to call out malign behavior, punish it and deter future cyber hostility,” Nielsen said in keynote remarks at the RSA cybersecurity conference in San Francisco on Tuesday. “Our cyber defenses help guard our very democracy and all we hold dear. To those who would try to attack our democracy to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don’t,” Nielsen said.

National: DHS Secretary Kirstjen Nielsen Talks Russia Hacks, Upcoming Elections | Fortune

Homeland Security Secretary Kirstjen Nielsen promised that the federal government would do all it could to prevent Russians from hacking future elections, but stopped short of guaranteeing that those measures would be effective. “I feel secure that we are and will continue to do everything we can to help state and locals secure their election infrastructure,” Nielsen said on Tuesday, avoiding answering a question about whether the U.S. voting system is hacker proof. The DHS secretary’s comments at the annual RSA cybersecurity conference in San Francisco come after members of the U.S. Senate Intelligence Committee urged Nielsen and the DHS to speed up efforts to secure the nation’s elections, according to the New York Times. In September, the DHS notified 21 U.S. states that Russia had attempted to hack their voting systems prior to the last presidential election.

National: Flurry of lawsuits filed over citizenship question on census | The Hill

Lawsuits are piling up against the Trump administration’s decision to add a citizenship question to the 2020 census. The nonpartisan Lawyers’ Committee for Civil Rights Under Law, along with the law firm Manatt, Phelps & Phillips, on Tuesday filed a lawsuit against the citizenship question on behalf of the City of San Jose and the Black Alliance for Just Immigration. The suit was filed against the Commerce Department in the Northern District of California. The lawsuit is the fourth legal challenge that’s been brought since Commerce Secretary Wilbur Ross agreed in March to grant a request from the Department of Justice to reinstate the citizenship question on the 2020 census.

National: US and UK Warn of Cybersecurity Threat From Russia | The New York Times

The United States and Britain on Monday issued a first-of-its-kind joint warning about Russian cyberattacks against government and private organizations as well as individual homes and offices in both countries, a milestone in the escalating use of cyberweaponry between major powers. Although Washington and London have known for decades that the Kremlin was trying to penetrate their computer networks, the joint warning appeared to represent an effort to deter future attacks by calling attention to existing vulnerabilities, prodding individuals to mitigate them and threatening retaliation against Moscow if damage was done. “When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,” Rob Joyce, a special assistant to the president and the cybersecurity coordinator for the National Security Council, said in joint conference call with journalists by senior officials in Washington and London. That would include “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.”

National: Senators, state officials to meet on election cybersecurity bill | The Hill

Two senators sponsoring legislation to secure digital election systems from cyberattacks are meeting Monday with state officials on the details of their proposal. Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.) are scheduled to meet with secretaries of state to discuss the Secure Elections Act, a spokesman for Lankford confirmed. The bipartisan bill, originally introduced last December, is designed to help and incentivize state officials to make cybersecurity upgrades to their election infrastructure following Russian interference in the 2016 presidential election. The senators rolled out a revised version of the proposal in March, after some state officials, who are responsible for administering federal elections, expressed concerns with the effort. 

National: How Russian Facebook Ads Divided and Targeted US Voters Before the 2016 Election | WIRED

When Young Mie Kim began studying political ads on Facebook in August of 2016—while Hillary Clinton was still leading the polls— few people had ever heard of the Russian propaganda group, Internet Research Agency. Not even Facebook itself understood how the group was manipulating the platform’s users to influence the election. For Kim, a professor of journalism at the University of Wisconsin-Madison, the goal was to document the way the usual dark money groups target divisive election ads online, the kind that would be more strictly regulated if they appeared on TV. She never knew then she was walking into a crime scene. Over the last year and a half, mounting revelations about Russian trolls’ influence campaign on Facebook have dramatically altered the scope and focus of Kim’s work. In the course of her six-week study in 2016, Kim collected mounds of evidence about how the IRA and other suspicious groups sought to divide and target the US electorate in the days leading up to the election. Now, Kim is detailing those findings in a peer-reviewed paper published in the journal Political Communication.

National: Congress, states don’t seem inclined to incorporate biometrics in new voting technologies | BiometricUpdate

While other nations are rapidly incorporating biometrics into their voting technologies, the US Congress and states – and local jurisdictions – don’t seem to be all that concerned about utilizing biometrics to verify the identities of individuals voting in America, despite the concerns over election machine cyber-tampering that’s continued to mount since the 2016 elections. In its report, Observations on Voting Equipment Use and Replacement (PDF), which was requested by lawmakers, the Government Accountability Office (GAO) — Congress’ investigative arm — “did not consider the issue of biometrics as part of our work,” Biometric Update was told by Rebecca Gambler, Director, Homeland Security & Justice issues at GAO. In fact, Gambler said, “GAO’s prior work on elections issues also has not addressed biometrics, and thus, we don’t have background or insights to share in this area.”

National: Mueller has evidence that Trump confidant went to Prague, despite denials | McClatchy

The Justice Department special counsel has evidence that Donald Trump’s personal lawyer and confidant, Michael Cohen, secretly made a late-summer trip to Prague during the 2016 presidential campaign, according to two sources familiar with the matter. Confirmation of the trip would lend credence to a retired British spy’s report that Cohen strategized there with a powerful Kremlin figure about Russian meddling in the U.S. election. It would also be one of the most significant developments thus far in Special Counsel Robert Mueller’s investigation of whether the Trump campaign and the Kremlin worked together to help Trump win the White House. Undercutting Trump’s repeated pronouncements that “there is no evidence of collusion,” it also could ratchet up the stakes if the president tries, as he has intimated he might for months, to order Mueller’s firing.

National: Facebook says its ‘voter button’ is good for turnout. But should the tech giant be nudging us at all? | The Guardian

On the morning of 28 October last year, the day of Iceland’s parliamentary elections, Heiðdís Lilja Magnúsdóttir, a lawyer living in a small town in the north of the country, opened Facebook on her laptop. At the top of her newsfeed, where friends’ recent posts would usually appear, was a box highlighted in light blue. On the left of the box was a button, similar in style to the familiar thumb of the “like” button, but here it was a hand putting a ballot in a slot. “Today is Election Day!” was the accompanying exclamation, in English. And underneath: “Find out where to vote, and share that you voted.” Under that was smaller print saying that 61 people had already voted. Heiðdís took a screenshot and posted it on her own Facebook profile feed, asking: “I’m a little curious! Did everyone get this message in their newsfeed this morning?” In Reykjavik, 120 miles south, Elfa Ýr Gylfadóttir glanced at her phone and saw Heiðdís’s post. Elfa is director of the Icelandic Media Commission, and Heiðdís’s boss. The Media Commission regulates, for example, age ratings for movies and video games, and is a part of Iceland’s Ministry of Education. Elfa wondered why she hadn’t received the same voting message. She asked her husband to check his feed, and there was the button. Elfa was alarmed. Why wasn’t it being shown to everyone? Might it have something to do with different users’ political attitudes? Was everything right and proper with this election?

National: States to Game Out Election Threats in Homeland Security Drills | Bloomberg

The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.

National: Mark Zuckerberg vows to fight election meddling in marathon Senate grilling | The Guardian

Mark Zuckerberg, the Facebook chief executive, warned on Tuesday of an online propaganda “arms race” with Russia and vowed that fighting interference in elections around the world is now his top priority. The 33-year-old billionaire, during testimony that lasted nearly five hours, was speaking to Congress in what was widely seen as a moment of reckoning for America’s tech industry. It came in the wake of the Cambridge Analytica scandal in which, Facebook has admitted, the personal information of up to 87 million users were harvested without their permission. Zuckerberg’s comments gave an insight into the unnerving reach and influence of Facebook in numerous democratic societies. “The most important thing I care about right now is making sure no one interferes in the various 2018 elections around the world,” he said under questioning by Senator Tom Udall of New Mexico.

National: Departed HHS CISO lands at voting technology vendor ES&S as security lead | FedScoop

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt.

National: Lawsuit Filed Against Ex-Voter Fraud Commissioner For ‘Reckless’ Claims | TPM

J. Christian Adams, who sat on President Trump’s now-defunct voter fraud commission, is being sued over reports his group issued accusing hundreds of Virginians of having illegally registered to vote. The lawsuit was filed Thursday against Adams and his group, the Public Interest Legal Foundation, in federal court in Virginia. It targets the voter fraud allegations the group made in reports called “Alien Invasion in Virginia” and “Alien Invasion II,” which claimed that hundreds of non-citizens had likely committed felonies by registering to vote. The lawsuit is being brought by four people who say they were falsely mislabeled as non-citizens who illegally registered to vote in the reports, despited the fact that they are all citizens.  The League of United Latin American Citizens is also a plaintiff in the lawsuit, which is being spearheaded by the Southern Coalition for Social Justice and Protect Democracy, two pro-democracy groups.”

National: DHS security unit makes another big hire from elsewhere in government | CyberScoop

The federal agency charged with protecting U.S. infrastructure — including its computer networks — has hired Daniel Kroese, the chief of staff for Republican Rep. John Ratcliffe, as a senior adviser. The National Protection and Programs Directorate (NPPD), part of the Department of Homeland Security, brings on Kroese as the Trump administration and Congress are seeking to harden U.S. cybersecurity, including its elections systems. Kroese, who announced the hire in an email to colleagues, will arrive at NPPD with close contacts throughout Congress. The move follows NPPD’s addition of Matthew Masterson, the former chairman of the Election Assistance Commission (EAC), as another senior adviser. Masterson’s role is focused on election security. It’s not clear yet what Kroese will specialize in at NPPD.

National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop

Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.

National: The Questions Zuckerberg Should Have Answered About Russia | WIRED

Over the last two days, Facebook CEO Mark Zuckerberg was questioned for more than 10 hours by two different Congressional committees. There was granular focus on privacy definitions and data collection, and quick footwork by Zuckerberg—backed by a phalanx of lawyers, consultants, and coaches—to craft a narrative that users “control” their data. (They don’t.) But the gaping hole at the center of both hearings was the virtual absence of questions on the tactics and purpose of Russian information operations conducted against Americans on Facebook during the 2016 elections. Here are the five of the biggest questions about Russia that Zuckerberg wasn’t asked or didn’t answer—and why it’s important for Facebook to provide clear information on these issues.