National: Departed HHS CISO lands at voting technology vendor ES&S as security lead | FedScoop

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt.

National: Lawsuit Filed Against Ex-Voter Fraud Commissioner For ‘Reckless’ Claims | TPM

J. Christian Adams, who sat on President Trump’s now-defunct voter fraud commission, is being sued over reports his group issued accusing hundreds of Virginians of having illegally registered to vote. The lawsuit was filed Thursday against Adams and his group, the Public Interest Legal Foundation, in federal court in Virginia. It targets the voter fraud allegations the group made in reports called “Alien Invasion in Virginia” and “Alien Invasion II,” which claimed that hundreds of non-citizens had likely committed felonies by registering to vote. The lawsuit is being brought by four people who say they were falsely mislabeled as non-citizens who illegally registered to vote in the reports, despited the fact that they are all citizens.  The League of United Latin American Citizens is also a plaintiff in the lawsuit, which is being spearheaded by the Southern Coalition for Social Justice and Protect Democracy, two pro-democracy groups.”

National: DHS security unit makes another big hire from elsewhere in government | CyberScoop

The federal agency charged with protecting U.S. infrastructure — including its computer networks — has hired Daniel Kroese, the chief of staff for Republican Rep. John Ratcliffe, as a senior adviser. The National Protection and Programs Directorate (NPPD), part of the Department of Homeland Security, brings on Kroese as the Trump administration and Congress are seeking to harden U.S. cybersecurity, including its elections systems. Kroese, who announced the hire in an email to colleagues, will arrive at NPPD with close contacts throughout Congress. The move follows NPPD’s addition of Matthew Masterson, the former chairman of the Election Assistance Commission (EAC), as another senior adviser. Masterson’s role is focused on election security. It’s not clear yet what Kroese will specialize in at NPPD.

National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop

Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.

National: The Questions Zuckerberg Should Have Answered About Russia | WIRED

Over the last two days, Facebook CEO Mark Zuckerberg was questioned for more than 10 hours by two different Congressional committees. There was granular focus on privacy definitions and data collection, and quick footwork by Zuckerberg—backed by a phalanx of lawyers, consultants, and coaches—to craft a narrative that users “control” their data. (They don’t.) But the gaping hole at the center of both hearings was the virtual absence of questions on the tactics and purpose of Russian information operations conducted against Americans on Facebook during the 2016 elections. Here are the five of the biggest questions about Russia that Zuckerberg wasn’t asked or didn’t answer—and why it’s important for Facebook to provide clear information on these issues.

National: NRA got more money from Russia-linked sources than earlier reported | Politico

The National Rifle Association reported this week that it received more money from people with Russian ties than it has previously acknowledged, but announced that it was officially done cooperating with a congressional inquiry exploring whether illicit Kremlin-linked funding passed through the NRA and into Donald Trump’s 2016 presidential campaign, Sen. Ron Wyden (D-Ore.) said on Wednesday. Wyden released a letter from the NRA, dated Tuesday, in which the gun rights group reported receiving $2,512.85 in contributions and membership dues “from people associated with Russian addresses” or known Russian nationals living in the United States from 2015 to the present. In the past, a congressional aide to Wyden said, the group had confirmed receiving only one financial contribution, in the form of a lifetime membership purchased by Alexander Torshin, a Russian banker.

National: Air gapping voting machines isn’t enough, says election security expert Alex Halderman | Cyberscoop

The safeguards that election officials say protect voting machines from being hacked are not as effective as advertised, a leading election security expert says. U.S. elections, including national ones, are run by state and local offices. While that decentralization could serve an argument that elections are difficult to hack, University of Michigan Professor J. Alex Halderman says that it’s more like a double-edged sword. Speaking to an audience of students and faculty at the University of Maryland’s engineering school on Monday, Halderman said that the U.S. is unique in how elections are localized. States and counties choose the technology used to run federal elections. “Each state state running its own independent election system in many cases does provide a kind of defense. And that defense is that there is no single point nationally that you can try to attack or hack into in order to change the national results,” Halderman said. But since national elections often hinge on swing states like, Virginia, Ohio or Pennsylvania, attackers can look for vulnerabilities where they would count. “An adversary could probe the election systems in all the close states, look for the ones that have the biggest weaknesses and strike there, and thereby flip a few of those swing states,” Halderman said.

National: Democrats make direct appeal to Speaker Ryan on election hacking | CNN

The top Democrats on six of the House’s key committees are appealing directly to Speaker Paul Ryan to help them obtain documents from the Trump administration related to election hacking during the 2016 contest. In a letter sent to the speaker Tuesday morning, the highest-ranking Democrats on the House Oversight, Judiciary, Homeland Security, Foreign Affairs, Intelligence and House Administration committees implored Ryan to intervene in their ongoing efforts to get the Department of Homeland Security to turn over documents related to the targeting of state election-related systems by Russian hackers. The Democrats asked the department in October to provide copies of the notifications it sent to the 21 states it identified as the target of Russian government-linked attempts to hack voting-related systems and other related documents.

National: What We Know And Don’t Know About Election Hacking | FiveThirtyEight

When talk of Russian interference in U.S. elections comes up, much of the focus has been on state-sponsored trolls on Facebook and Twitter — special counsel Robert Mueller recently indicted a number of these actors, and Congress has taken Silicon Valley to task for allowing such accounts to flourish. But there’s another side of Russian meddling in American democracy: attacks on our election systems themselves. We know that Russian hackers in 2016 worked to compromise state voting systems and the companies that provide voting software and machines to states. That could blossom into more concrete attacks this year. As I wrote earlier this week, the worst-case scenario is that on Election Day 2018, votes are altered or fabricated and Americans are disenfranchised.

National: Election security means much more than just new voting machines | The Conversation

In late March, Congress passed a significant spending bill that included US$380 million in state grants to improve election infrastructure. As the U.S. ramps up for the 2018 midterm elections, that may seem like a huge amount of money, but it’s really only a start at securing the country’s voting systems. A 2015 report by the Brennan Center law and policy institute at New York University estimates overhauling the nation’s voting system could cost more than $1 billion – though the price could be partially offset by more efficient contracting. Most voting equipment hasn’t been updated since the early 2000s. At times, election officials must buy voting machine hardware on eBay, because the companies that made them are no longer in business. Even when working properly, those machines are not secure: At the 2017 DEF CON hacker conference, attackers took control of several voting machines in a matter of minutes. Securing electoral systems across the U.S. is a big problem with high stakes. This federal money being provided to states now may not be the last of its kind, but it’s what’s available right away, and it must be used as efficiently as possible.

National: Paper trails and random audits could secure all elections – don’t save them just for recounts in close races | The Conversation

As states begin to receive millions of federal dollars to secure the 2018 primary and general elections, officials around the country will have to decide how to spend it to best protect the integrity of the democratic process. If voters don’t trust the results, it doesn’t matter whether an election was actually fair or not. Right now, the most visible election integrity effort in the U.S. involves conducting recounts in especially close races. A similar approach could be applied much more broadly. Based on my research into game theory as a way to secure elections, I suggest that the proper first line of defense is auditing results. While an audit can only happen after Election Day, it’s crucial to prepare in advance.

National: Zuckerberg’s testimony will reveal Trump’s dissembling on Russia | The Washington Post

Facebook CEO Mark Zuckerberg is preparing to face a bipartisan inquisition into the social media platform’s handling of user data, and its role in facilitating (unwittingly, it seems) Russia’s interference with our election. He plans to take the humble, apologetic route in a hearing before the House Committee on Energy and Commerce. In his prepared remarks, Zuckerberg says that “it’s clear now that we didn’t do enough to prevent these tools from being used for harm as well. That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy. We didn’t take a broad enough view of our responsibility, and that was a big mistake.” He states flat out: ” It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.”

National: The Moscow Midterms | FiveThirtyEight

The first Americans to line up to vote on Nov. 6, 2018, will be the East Coast’s earliest risers. As early as 5 a.m. EST, rubbing the sleep from their eyes and clutching travel thermoses of coffee, they will start the procession of perhaps 90 million Americans to vote that day. The last to cast ballots will be Hawaiians, who will do so until 11 p.m. East Coast time. When all is said and done, the federal election will unfold something like an 18-hour-long ballet of democracy: 50 states, dozens of different kinds of voting machines and an expectation that everything should be counted up in time for TV networks to broadcast the results before Americans head to bed. Election Day 2018 is expected to unfold no differently than it has in years past. Except it might.

National: How Every Campaign Will Have a Troll Farm of Its Own | The Daily Beast

Mark Zuckerberg heads to the nation’s capital this week for some lashings from America’s legislators. On Tuesday, he’ll appear in front of joint sessions of the Senate Judiciary and Commerce committees. Then on Wednesday, the Facebook CEO will visit the House Energy and Commerce Committee for another round of bruising. Since the presidential election of 2016, congressmen have pummeled social media giants for Russia’s infiltration and exploitation of their systems. But America’s politicians may want to tread lightly as they seek answers from Zuckerberg. Political actors, more than anyone, seek the power and reach of social media to win the hearts and minds of voters. In the future, Russia and other authoritarians will continue their manipulation, but it will be ordinary candidates and their campaigns, lobbyists, and corporate backers that seek to exploit the manipulative advantages available on social media. A combative tech CEO just might flip the script and call out the politicians for their role in this mess.

National: Federal funds to bolster election security may not be enough | Associated Press

Last summer, with an important Illinois election season months away, Shelby County officials in central Illinois feared that their outdated voting equipment wouldn’t be approved for use by the State Board of Elections. Most of it dates to 2004, and it’s becoming harder to find replacement parts. Often, it’s difficult to read the machinery’s paper record, which is needed to verify votes. It passed inspection, but County Clerk Jessica Fox said the county, which is running a budget deficit, faces an upgrade of as much as $300,000. “Sooner or later we must have new equipment, regardless of the costs,” Fox said. Shelby County isn’t alone. Machine malfunction during the March 20 primary election was among the top reported issues to a hotline set up by the Lawyers’ Committee for Civil Rights, a national nonpartisan voter-protection group.

National: “Don’t Mess With Our Elections”: Vigilante Hackers Strike Russia, Iran | Motherboard

On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it. “We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday.

National: When Russian hackers targeted the U.S. election infrastructure | 60 Minutes/CBS News

The U.S. intelligence community has concluded there is no doubt the Russians meddled in the 2016 U.S. presidential election, leaking stolen e-mails and inflaming tensions on social media. While Congress and special counsel Robert Mueller investigate Russian interference, including whether the campaign of Donald Trump colluded with Russia, we have been looking into another vector of the attack on American democracy: a sweeping cyber assault on state voting systems that U.S. intelligence tied to the Russian government. Tonight, you’ll find out what happened from the frontline soldiers of a cyberwar that was fought largely out of public view, on digital battlegrounds in states throughout the country. The threat Russia posed to our democratic process was deemed so great, the Obama Administration took the unprecedented step of using the cyber hotline – the cybersecurity equivalent of the nuclear hotline – to warn the Kremlin to stop its assault on state election systems. Russian operatives had launched a widespread cyberattack against state voting systems around the country.

National: The Challenge of Machines in the 21st Century | Fair Observer

Information technology and the internet are changing the way democracy works. Recent revelations of the use of personal data to manipulate elections tell us that we live in a very different place we thought we did just weeks ago. Marketing companies, like the now infamous Cambridge Analytica, may deploy data profiling to influence human targets on social media. This involves the enveloping of the subjects within an artificial world; Christopher Wylie, the whistleblower at the center of this scandal, referred to these worlds as “cultures.” In each of these artificial cultures, political candidates would appear to each target from a different aspect, but always as a perfect candidate tailored to the psychographic profile of that particular voter. This approach, Cambridge Analytica claims, would increment the candidate’s electoral margins. There is currently no information if the use of personal data had a deciding effect on the US presidential elections. However, the process is revealing of the power online companies hold today to, in principle, manipulate its customers.

National: Facebook to Require Verified Identities for Future Political Ads | The New York Times

For months, Facebook’s critics — ranging from Silicon Valley executives to Washington politicians — have been urging the company to do a better job of identifying who is buying political ads and creating pages about hot-button topics on its social media sites. On Friday, just days before its chief executive, Mark Zuckerberg, is expected to testify before Congress, Facebook said it had started forcing people who want to buy political or “issue” ads to reveal their identities and verify where they are. Mr. Zuckerberg announced the move in a post on Facebook. He said this verification was meant to prevent foreign interference in elections, like the ads and posts from so-called Russian trolls before and after the 2016 presidential election.

National: Politicians follow in Facebook’s footsteps on mass data collection | Politico

The last three weeks have revealed how reliant political campaigns have become on people’s data. Almost 90 million Facebook users from Los Angeles to London may have had their online information illegally collected by Cambridge Analytica as part of its work for Donald Trump’s 2016 presidential campaign. Mark Zuckerberg, the social networking giant’s chief executive, will testify to U.S. lawmakers this week over claims that the tech giant played fast and loose in its protection of people’s online privacy. Both companies deny any wrongdoing. It’s legitimate to point the finger at the world’s largest social network and a data analytics firm with somewhat shady political connections. But there’s one sizeable piece of the puzzle that’s missing from the world’s newfound fixation on digital privacy: voters themselves.

National: 14 states’ voting machines are highly vulnerable. How’d that happen? | McClatchy

Texas counties have doled out millions of dollars in recent months to replace thousands of old touch-screen voting machines that lack a paper record – a weakness security experts warn could allow Russians or other hackers to rig U.S. elections without detection. The problem is, many of the new machines have the same vulnerability. So do similar machines in more than a dozen states across the country. Vicki Shelly, the election administrator in San Jacinto County, Tex., north of Houston, said she received no alert from Washington or state officials before the county spent $383,000 on its new paperless touch-screen voting system made by Hart InterCivic. “Whoever’s doing all the research, it seems like we should have been in on it a little sooner,” said Shelly, one of hundreds of election officials that make up the first line of defense against attempts to tamper with U.S. election results. “Honestly, it’s very disturbing.”

National: States, cities sue U.S. to block 2020 census citizenship question | Reuters

A group of U.S. states and cities sued the Trump administration to stop it from asking people filling out 2020 census forms whether they are citizens. The lawsuit by 17 states, Washington D.C. and six cities challenged what they called last week’s “unconstitutional and arbitrary” decision by the U.S. Department of Commerce, which oversees the Census Bureau, to add the citizenship question. It was also a fresh challenge to what New York Attorney General Eric Schneiderman, at a press conference announcing the lawsuit, called the administration’s “anti-immigrant animus.” All of the states bringing the case have Democratic attorneys general. They were joined by New York City, Chicago, Philadelphia, San Francisco, Seattle and Providence, Rhode Island, which all have Democratic mayors, and the U.S. Conference of Mayors. Another state, California, filed a similar lawsuit last week.

National: How Partisan Gerrymandering Became Supreme Court Issue | Bloomberg

Gerrymandering, the process of drawing district lines to fortify one political party at the expense of another, is as old as the U.S. republic. In the late 1780s, Virginia Governor Patrick Henry, who opposed ratifying the new Constitution, got allies in his state’s legislature to draw a congressional district map unfavorable to James Madison, the father of the founding document. (Madison won anyway.) Good-government groups grouse that gerrymandering lets politicians choose their constituents, rather than the other way around. But as the courts get more involved, others fret about judges interfering in politics.

National: Felony Voting Laws Are Confusing; Activists Would Ditch Them Altogether | Stateline

Her sentencing made headlines across the country this week: A woman, recently released from prison in Texas and still on felony probation, is set to head back to prison for another five years after she unknowingly broke the law by voting in the 2016 election. Texas law prohibits people such as Crystal Mason from voting until they are no longer under supervision by corrections officers. Mason told the court she had no idea she was prohibited from voting. At her polling station, officials let her cast a provisional ballot. The confusion over felons’ voting rights is not limited to Mason’s situation or to Texas. Across the country, state felon voting laws vary widely. Some states bar people from voting only while they are in prison, while others deny voting rights to people who are still under the supervision of a probation or parole officer. And some prohibit convicted felons from voting for the rest of their lives, unless they receive a pardon from the governor. 

National: Groups partner to improve local elections | The Hill

The education arm of The Leadership Conference on Civil and Human Rights is teaming up with a voting rights group to increase voter turnout and fix polling problems that keep people from voting. The Leadership Conference Education Fund announced Wednesday that it’s partnering with Access Democracy for three years to provide institutional support in the group’s efforts to fix local election issues such as long lines and broken voting machines. 

National: Voting machine vendor firewall config, passwords posted on public support forum | CSO

A sysadmin at a leading voting machine vendor posted a firewall configuration file, including passwords, into a public Cisco support forum in 2011, opening the company up to possible attack. The config files expose a wealth of information useful to an attacker, including domain name, hostname, and ASA version number. While there is no evidence that the voting machine vendor was compromised, this accidental leakage of information is “juicy intelligence,” Dan Tentler, founder and CEO of Phobos Group, an attack simulation security company, tells CSO. “If you have a crack team of cat burglar types and they’re all going to break into a building, this firewall configuration file is the equivalent of finding the floor plan of the building they are planning to break into,” Tentler says.

National: Lawyer Alex van der Zwaan jailed for 30 days in Mueller’s first conviction | The Guardian

A Dutch attorney was sentenced on Tuesday to 30 days in prison for lying to federal agents, in the first formal conviction obtained by Robert Mueller in his investigation of Russian election interference and alleged collusion between aides to Donald Trump and Moscow. A federal judge in Washington sentenced Alex van der Zwaan, a 33-year-old lawyer who previously worked with Paul Manafort, Trump’s former campaign manager. He was also ordered to pay a $20,000 fine. Van der Zwaan had pleaded guilty to lying to the FBI about his contacts with another former Trump adviser, Rick Gates, and a person the FBI has assessed as being tied to Russian military intelligence.

National: Meet the high-tech solution to Russian election hacking: paper ballots | Vox

Russian hackers tried to tamper with voting systems in 21 states during the 2016 US presidential election, and the American intelligence community expects Moscow will try again in November. But states from Virginia to Rhode Island aren’t focused on new cybersecurity software. Instead, they’re looking to one of the oldest technologies in existence: paper. It’s a striking change from 2016, when five states used electronic voting systems that didn’t leave any paper record of votes, and nine used some paperless machines. Now, states are rushing to take advantage of $380 million that Congress approved last month to help protect voting systems. Most states are prioritizing some kind of paper record. “In this year of our lord 2018, we’re talking about paper ballots, but that actually might be one of the smartest systems,” Sen. Kamala Harris (D-CA) told reporters in March.

National: Want to hack a voting machine? Hack the voting machine vendor first | CSO

Thousands of voting machine vendor employees’ work emails and plaintext passwords appear in freely available third-party data breach dumps reviewed by CSO, raising questions about the security of voting machines and the integrity of past election results. While breached sites, like LinkedIn after the 2012 breach, force users to change their passwords, a significant number of people reuse passwords on other platforms, making third-party data breaches a gold mine for criminals and spies. For many years voting machine vendors have claimed that voting machines were air gapped — not connected to the internet — and were thus unhackable. Kim Zetter debunked that idea in The New York Times in February. An attacker who managed to break into a voting machine vendor employee’s work email, because the employee used the same password as on a breached site, could leverage that to gain access to the voting machines themselves. And if voting machine vendors install remote access software on voting machines, factory backdoors that vendor employees use to remotely access the machines for maintenance, troubleshooting or election setup purposes, this turns voting machine vendor employees into targets. Hack the vendor, hack the voting machine.

National: Here’s how much money states will receive for election security upgrades | Cyberscoop

The Trump administration has told states exactly how much of a $380 million fund they will get to make their voting systems more cyber-secure ahead of the 2018 midterm elections. The funding, made available through a $1.3 trillion omnibus package passed last week, is one of Congress’s first major steps to prevent a repeat of Russian hackers’ meddling in U.S. elections. The money can be used to upgrade state computer systems and offer cybersecurity training to election officials, among other things. California, Florida, New York and Texas together will get a quarter of the cash, with California leading the pack with about $35 million. A full breakdown of the funding can be found here. The money is a “breakthrough for election security and the health of our country’s democracy,” said Lawrence Norden of the Brennan Center for Justice at NYU Law.