National: First-of-its-kind forum on election security gathers state and local officials with Election Assistance Commission | CyberScoop

A top U.S. election official says that the allegations of Russian meddling in the 2016 presidential election came with a silver lining: At least we’re now focusing on election security. Christy McCormick, a member of the Election Assistance Commission, told a crowd of state and local election officials from across the country on Wednesday that the events of 2016 jump-started a focus on election security that was not as prominent before. “I know that election officials have always focused on these problems to some degree. Not so laserly focused on election security but I think this has brought this to the forefront for us in the last couple of years. So if there’s a good consequence to what happened, that is one of them,” McCormick said Wednesday at a public forum the EAC hosted in Miami to allow the state and local officials to discuss their election security plans ahead of upcoming elections.

National: Reducing Voters’ Paperwork Might Expand The Voter Rolls | NPR

Political brawls over voting laws have consumed states across the country for the past decade. But below the surface, a movement to automatically register eligible voters to vote is rapidly gaining traction. By next year, more than a quarter of all Americans will live in states where they no longer have to fill out registration forms in order to cast a ballot. The latest state to implement automatic voter registration is California, which had been scheduled to start on Monday although it’s been delayed while officials conduct more testing. Everyone who meets the legal requirements to vote in California will be automatically registered when they update their driver’s license or state ID at the Department of Motor Vehicles, a move that election officials expect will help move some of the more than 6 million eligible, but unregistered, residents onto the state’s voter rolls.

National: Prosecutors suspected Manafort was a ‘back channel’ between Trump campaign and Russia | Los Angeles Times

Paul Manafort, President Trump’s former campaign chairman, came under scrutiny by the special counsel because prosecutors suspected he might be a back channel between the Trump campaign and Russian efforts to interfere in the U.S. election, a Justice Department lawyer said Thursday. The disclosure came as lawyers for Manafort tried to convince a federal judge to throw out one of two federal cases against him, arguing that special counsel Robert S. Mueller III had no authority to hit him with criminal charges unrelated to the Russian meddling. An attorney for Mueller’s office, Michael Dreeben, told the court that the prosecution of Manafort’s alleged financial crimes arose because Manafort had “long-standing ties” to Russians, and investigators wanted to know if those connections provided a “back channel to Russia.”

National: Election security bill still needs work in some areas, state officials tell Senate sponsors | CyberScoop

Several secretaries of state are telling the main backers of a Senate election security bill that the legislation might need tweaks to how it addresses information sharing, state-federal communication channels, funding mechanisms and post-election audits, among other things. The secretaries, who are the top election officials in their states, met with bill sponsors James Lankford, R-Okla., and Amy Klobuchar, D-Minn., in person and via phone Monday to discuss the Secure Elections Act. The legislation is intended to bolster election security by smoothing out coordination between the state and federal levels and providing states financial support for operations and equipment upgrades. State secretaries from Indiana, Louisiana, Minnesota, Missouri, Colorado and New Mexico participated in the meeting.

National: Timing remains unclear for election-security legislative effort in Senate | InsideCyberSecurity.com

The Senate Rules Committee has yet to set timing for a hearing on election security legislation based on recommendations emanating from the Senate Intelligence Committee’s Russia probe, but plans to do so, according to new Rules Chairman Roy Blunt (R-MO). Blunt, who was elected as chairman last week, told Inside Cybersecurity Tuesday that “there will be a hearing at some point” on election security, although Blunt said “it is not scheduled yet.” Rule Committee ranking member Amy Klobuchar (D-MN), who is a co-sponsor on the Secure Elections Act, told Inside Cybersecurity that she “hopes” the election security hearing will take place “soon.” Klobuchar also said that she’s “really glad” that $380 million for the Election Assistance Commission to help states improve election systems was included in the recently passed $1.3 trillion fiscal 2018 omnibus spending bill. “It does take that immediate pressure off, but now we want to kind of use this momentum to get this done,” Klobuchar said.

National: Here’s how hackers could cause chaos in this year’s US midterm election | MIT Technology Review

On November 6, Americans will head to the polls to vote in the congressional midterm election. In the months before the contest, hordes of foreign hackers will head to their keyboards in a bid to influence its outcome. Their efforts will include trying to get inside the digital infrastructure that supports the electoral process. There’s a worrying precedent here. Last year, the Department of Homeland Security notified 21 states that Russian actors had targeted their election systems in the months leading up to the 2016 US presidential election. DHS officials said the Russians were mainly scanning computers and networks for security holes rather than taking advantage of any flaws that were discovered. Still, that’s no cause for complacency. Intelligence officials are already warning that Russia is intent on meddling in this year’s election too, and hackers from other countries hostile to the US could join in. This week, both DHS and the Federal Bureau of Investigation said Russia is laying the groundwork for broad cyberattacks against critical US infrastructure. Last year, the DHS designated voting technology as part of that vital framework.

National: DHS chief issues stern warning to Russia, others on election meddling, cyberattacks | The Hill

Homeland Security Secretary Kirstjen Nielsen issued a stern warning to Russia and other countries looking to meddle in future U.S. elections, saying that the U.S. government will consider all options “seen and unseen” for responding to malicious attacks in cyberspace. “The United States, as you know, possesses a spectrum of response options both seen and unseen, and we will use them to call out malign behavior, punish it and deter future cyber hostility,” Nielsen said in keynote remarks at the RSA cybersecurity conference in San Francisco on Tuesday. “Our cyber defenses help guard our very democracy and all we hold dear. To those who would try to attack our democracy to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don’t,” Nielsen said.

National: DHS Secretary Kirstjen Nielsen Talks Russia Hacks, Upcoming Elections | Fortune

Homeland Security Secretary Kirstjen Nielsen promised that the federal government would do all it could to prevent Russians from hacking future elections, but stopped short of guaranteeing that those measures would be effective. “I feel secure that we are and will continue to do everything we can to help state and locals secure their election infrastructure,” Nielsen said on Tuesday, avoiding answering a question about whether the U.S. voting system is hacker proof. The DHS secretary’s comments at the annual RSA cybersecurity conference in San Francisco come after members of the U.S. Senate Intelligence Committee urged Nielsen and the DHS to speed up efforts to secure the nation’s elections, according to the New York Times. In September, the DHS notified 21 U.S. states that Russia had attempted to hack their voting systems prior to the last presidential election.

National: Flurry of lawsuits filed over citizenship question on census | The Hill

Lawsuits are piling up against the Trump administration’s decision to add a citizenship question to the 2020 census. The nonpartisan Lawyers’ Committee for Civil Rights Under Law, along with the law firm Manatt, Phelps & Phillips, on Tuesday filed a lawsuit against the citizenship question on behalf of the City of San Jose and the Black Alliance for Just Immigration. The suit was filed against the Commerce Department in the Northern District of California. The lawsuit is the fourth legal challenge that’s been brought since Commerce Secretary Wilbur Ross agreed in March to grant a request from the Department of Justice to reinstate the citizenship question on the 2020 census.

National: US and UK Warn of Cybersecurity Threat From Russia | The New York Times

The United States and Britain on Monday issued a first-of-its-kind joint warning about Russian cyberattacks against government and private organizations as well as individual homes and offices in both countries, a milestone in the escalating use of cyberweaponry between major powers. Although Washington and London have known for decades that the Kremlin was trying to penetrate their computer networks, the joint warning appeared to represent an effort to deter future attacks by calling attention to existing vulnerabilities, prodding individuals to mitigate them and threatening retaliation against Moscow if damage was done. “When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,” Rob Joyce, a special assistant to the president and the cybersecurity coordinator for the National Security Council, said in joint conference call with journalists by senior officials in Washington and London. That would include “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.”

National: Senators, state officials to meet on election cybersecurity bill | The Hill

Two senators sponsoring legislation to secure digital election systems from cyberattacks are meeting Monday with state officials on the details of their proposal. Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.) are scheduled to meet with secretaries of state to discuss the Secure Elections Act, a spokesman for Lankford confirmed. The bipartisan bill, originally introduced last December, is designed to help and incentivize state officials to make cybersecurity upgrades to their election infrastructure following Russian interference in the 2016 presidential election. The senators rolled out a revised version of the proposal in March, after some state officials, who are responsible for administering federal elections, expressed concerns with the effort. 

National: How Russian Facebook Ads Divided and Targeted US Voters Before the 2016 Election | WIRED

When Young Mie Kim began studying political ads on Facebook in August of 2016—while Hillary Clinton was still leading the polls— few people had ever heard of the Russian propaganda group, Internet Research Agency. Not even Facebook itself understood how the group was manipulating the platform’s users to influence the election. For Kim, a professor of journalism at the University of Wisconsin-Madison, the goal was to document the way the usual dark money groups target divisive election ads online, the kind that would be more strictly regulated if they appeared on TV. She never knew then she was walking into a crime scene. Over the last year and a half, mounting revelations about Russian trolls’ influence campaign on Facebook have dramatically altered the scope and focus of Kim’s work. In the course of her six-week study in 2016, Kim collected mounds of evidence about how the IRA and other suspicious groups sought to divide and target the US electorate in the days leading up to the election. Now, Kim is detailing those findings in a peer-reviewed paper published in the journal Political Communication.

National: Congress, states don’t seem inclined to incorporate biometrics in new voting technologies | BiometricUpdate

While other nations are rapidly incorporating biometrics into their voting technologies, the US Congress and states – and local jurisdictions – don’t seem to be all that concerned about utilizing biometrics to verify the identities of individuals voting in America, despite the concerns over election machine cyber-tampering that’s continued to mount since the 2016 elections. In its report, Observations on Voting Equipment Use and Replacement (PDF), which was requested by lawmakers, the Government Accountability Office (GAO) — Congress’ investigative arm — “did not consider the issue of biometrics as part of our work,” Biometric Update was told by Rebecca Gambler, Director, Homeland Security & Justice issues at GAO. In fact, Gambler said, “GAO’s prior work on elections issues also has not addressed biometrics, and thus, we don’t have background or insights to share in this area.”

National: Mueller has evidence that Trump confidant went to Prague, despite denials | McClatchy

The Justice Department special counsel has evidence that Donald Trump’s personal lawyer and confidant, Michael Cohen, secretly made a late-summer trip to Prague during the 2016 presidential campaign, according to two sources familiar with the matter. Confirmation of the trip would lend credence to a retired British spy’s report that Cohen strategized there with a powerful Kremlin figure about Russian meddling in the U.S. election. It would also be one of the most significant developments thus far in Special Counsel Robert Mueller’s investigation of whether the Trump campaign and the Kremlin worked together to help Trump win the White House. Undercutting Trump’s repeated pronouncements that “there is no evidence of collusion,” it also could ratchet up the stakes if the president tries, as he has intimated he might for months, to order Mueller’s firing.

National: Facebook says its ‘voter button’ is good for turnout. But should the tech giant be nudging us at all? | The Guardian

On the morning of 28 October last year, the day of Iceland’s parliamentary elections, Heiðdís Lilja Magnúsdóttir, a lawyer living in a small town in the north of the country, opened Facebook on her laptop. At the top of her newsfeed, where friends’ recent posts would usually appear, was a box highlighted in light blue. On the left of the box was a button, similar in style to the familiar thumb of the “like” button, but here it was a hand putting a ballot in a slot. “Today is Election Day!” was the accompanying exclamation, in English. And underneath: “Find out where to vote, and share that you voted.” Under that was smaller print saying that 61 people had already voted. Heiðdís took a screenshot and posted it on her own Facebook profile feed, asking: “I’m a little curious! Did everyone get this message in their newsfeed this morning?” In Reykjavik, 120 miles south, Elfa Ýr Gylfadóttir glanced at her phone and saw Heiðdís’s post. Elfa is director of the Icelandic Media Commission, and Heiðdís’s boss. The Media Commission regulates, for example, age ratings for movies and video games, and is a part of Iceland’s Ministry of Education. Elfa wondered why she hadn’t received the same voting message. She asked her husband to check his feed, and there was the button. Elfa was alarmed. Why wasn’t it being shown to everyone? Might it have something to do with different users’ political attitudes? Was everything right and proper with this election?

National: States to Game Out Election Threats in Homeland Security Drills | Bloomberg

The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.

National: Mark Zuckerberg vows to fight election meddling in marathon Senate grilling | The Guardian

Mark Zuckerberg, the Facebook chief executive, warned on Tuesday of an online propaganda “arms race” with Russia and vowed that fighting interference in elections around the world is now his top priority. The 33-year-old billionaire, during testimony that lasted nearly five hours, was speaking to Congress in what was widely seen as a moment of reckoning for America’s tech industry. It came in the wake of the Cambridge Analytica scandal in which, Facebook has admitted, the personal information of up to 87 million users were harvested without their permission. Zuckerberg’s comments gave an insight into the unnerving reach and influence of Facebook in numerous democratic societies. “The most important thing I care about right now is making sure no one interferes in the various 2018 elections around the world,” he said under questioning by Senator Tom Udall of New Mexico.

National: Departed HHS CISO lands at voting technology vendor ES&S as security lead | FedScoop

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt.

National: Lawsuit Filed Against Ex-Voter Fraud Commissioner For ‘Reckless’ Claims | TPM

J. Christian Adams, who sat on President Trump’s now-defunct voter fraud commission, is being sued over reports his group issued accusing hundreds of Virginians of having illegally registered to vote. The lawsuit was filed Thursday against Adams and his group, the Public Interest Legal Foundation, in federal court in Virginia. It targets the voter fraud allegations the group made in reports called “Alien Invasion in Virginia” and “Alien Invasion II,” which claimed that hundreds of non-citizens had likely committed felonies by registering to vote. The lawsuit is being brought by four people who say they were falsely mislabeled as non-citizens who illegally registered to vote in the reports, despited the fact that they are all citizens.  The League of United Latin American Citizens is also a plaintiff in the lawsuit, which is being spearheaded by the Southern Coalition for Social Justice and Protect Democracy, two pro-democracy groups.”

National: DHS security unit makes another big hire from elsewhere in government | CyberScoop

The federal agency charged with protecting U.S. infrastructure — including its computer networks — has hired Daniel Kroese, the chief of staff for Republican Rep. John Ratcliffe, as a senior adviser. The National Protection and Programs Directorate (NPPD), part of the Department of Homeland Security, brings on Kroese as the Trump administration and Congress are seeking to harden U.S. cybersecurity, including its elections systems. Kroese, who announced the hire in an email to colleagues, will arrive at NPPD with close contacts throughout Congress. The move follows NPPD’s addition of Matthew Masterson, the former chairman of the Election Assistance Commission (EAC), as another senior adviser. Masterson’s role is focused on election security. It’s not clear yet what Kroese will specialize in at NPPD.

National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop

Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.

National: The Questions Zuckerberg Should Have Answered About Russia | WIRED

Over the last two days, Facebook CEO Mark Zuckerberg was questioned for more than 10 hours by two different Congressional committees. There was granular focus on privacy definitions and data collection, and quick footwork by Zuckerberg—backed by a phalanx of lawyers, consultants, and coaches—to craft a narrative that users “control” their data. (They don’t.) But the gaping hole at the center of both hearings was the virtual absence of questions on the tactics and purpose of Russian information operations conducted against Americans on Facebook during the 2016 elections. Here are the five of the biggest questions about Russia that Zuckerberg wasn’t asked or didn’t answer—and why it’s important for Facebook to provide clear information on these issues.

National: NRA got more money from Russia-linked sources than earlier reported | Politico

The National Rifle Association reported this week that it received more money from people with Russian ties than it has previously acknowledged, but announced that it was officially done cooperating with a congressional inquiry exploring whether illicit Kremlin-linked funding passed through the NRA and into Donald Trump’s 2016 presidential campaign, Sen. Ron Wyden (D-Ore.) said on Wednesday. Wyden released a letter from the NRA, dated Tuesday, in which the gun rights group reported receiving $2,512.85 in contributions and membership dues “from people associated with Russian addresses” or known Russian nationals living in the United States from 2015 to the present. In the past, a congressional aide to Wyden said, the group had confirmed receiving only one financial contribution, in the form of a lifetime membership purchased by Alexander Torshin, a Russian banker.

National: Air gapping voting machines isn’t enough, says election security expert Alex Halderman | Cyberscoop

The safeguards that election officials say protect voting machines from being hacked are not as effective as advertised, a leading election security expert says. U.S. elections, including national ones, are run by state and local offices. While that decentralization could serve an argument that elections are difficult to hack, University of Michigan Professor J. Alex Halderman says that it’s more like a double-edged sword. Speaking to an audience of students and faculty at the University of Maryland’s engineering school on Monday, Halderman said that the U.S. is unique in how elections are localized. States and counties choose the technology used to run federal elections. “Each state state running its own independent election system in many cases does provide a kind of defense. And that defense is that there is no single point nationally that you can try to attack or hack into in order to change the national results,” Halderman said. But since national elections often hinge on swing states like, Virginia, Ohio or Pennsylvania, attackers can look for vulnerabilities where they would count. “An adversary could probe the election systems in all the close states, look for the ones that have the biggest weaknesses and strike there, and thereby flip a few of those swing states,” Halderman said.

National: Democrats make direct appeal to Speaker Ryan on election hacking | CNN

The top Democrats on six of the House’s key committees are appealing directly to Speaker Paul Ryan to help them obtain documents from the Trump administration related to election hacking during the 2016 contest. In a letter sent to the speaker Tuesday morning, the highest-ranking Democrats on the House Oversight, Judiciary, Homeland Security, Foreign Affairs, Intelligence and House Administration committees implored Ryan to intervene in their ongoing efforts to get the Department of Homeland Security to turn over documents related to the targeting of state election-related systems by Russian hackers. The Democrats asked the department in October to provide copies of the notifications it sent to the 21 states it identified as the target of Russian government-linked attempts to hack voting-related systems and other related documents.

National: What We Know And Don’t Know About Election Hacking | FiveThirtyEight

When talk of Russian interference in U.S. elections comes up, much of the focus has been on state-sponsored trolls on Facebook and Twitter — special counsel Robert Mueller recently indicted a number of these actors, and Congress has taken Silicon Valley to task for allowing such accounts to flourish. But there’s another side of Russian meddling in American democracy: attacks on our election systems themselves. We know that Russian hackers in 2016 worked to compromise state voting systems and the companies that provide voting software and machines to states. That could blossom into more concrete attacks this year. As I wrote earlier this week, the worst-case scenario is that on Election Day 2018, votes are altered or fabricated and Americans are disenfranchised.

National: Election security means much more than just new voting machines | The Conversation

In late March, Congress passed a significant spending bill that included US$380 million in state grants to improve election infrastructure. As the U.S. ramps up for the 2018 midterm elections, that may seem like a huge amount of money, but it’s really only a start at securing the country’s voting systems. A 2015 report by the Brennan Center law and policy institute at New York University estimates overhauling the nation’s voting system could cost more than $1 billion – though the price could be partially offset by more efficient contracting. Most voting equipment hasn’t been updated since the early 2000s. At times, election officials must buy voting machine hardware on eBay, because the companies that made them are no longer in business. Even when working properly, those machines are not secure: At the 2017 DEF CON hacker conference, attackers took control of several voting machines in a matter of minutes. Securing electoral systems across the U.S. is a big problem with high stakes. This federal money being provided to states now may not be the last of its kind, but it’s what’s available right away, and it must be used as efficiently as possible.

National: Paper trails and random audits could secure all elections – don’t save them just for recounts in close races | The Conversation

As states begin to receive millions of federal dollars to secure the 2018 primary and general elections, officials around the country will have to decide how to spend it to best protect the integrity of the democratic process. If voters don’t trust the results, it doesn’t matter whether an election was actually fair or not. Right now, the most visible election integrity effort in the U.S. involves conducting recounts in especially close races. A similar approach could be applied much more broadly. Based on my research into game theory as a way to secure elections, I suggest that the proper first line of defense is auditing results. While an audit can only happen after Election Day, it’s crucial to prepare in advance.

National: Zuckerberg’s testimony will reveal Trump’s dissembling on Russia | The Washington Post

Facebook CEO Mark Zuckerberg is preparing to face a bipartisan inquisition into the social media platform’s handling of user data, and its role in facilitating (unwittingly, it seems) Russia’s interference with our election. He plans to take the humble, apologetic route in a hearing before the House Committee on Energy and Commerce. In his prepared remarks, Zuckerberg says that “it’s clear now that we didn’t do enough to prevent these tools from being used for harm as well. That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy. We didn’t take a broad enough view of our responsibility, and that was a big mistake.” He states flat out: ” It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.”

National: The Moscow Midterms | FiveThirtyEight

The first Americans to line up to vote on Nov. 6, 2018, will be the East Coast’s earliest risers. As early as 5 a.m. EST, rubbing the sleep from their eyes and clutching travel thermoses of coffee, they will start the procession of perhaps 90 million Americans to vote that day. The last to cast ballots will be Hawaiians, who will do so until 11 p.m. East Coast time. When all is said and done, the federal election will unfold something like an 18-hour-long ballet of democracy: 50 states, dozens of different kinds of voting machines and an expectation that everything should be counted up in time for TV networks to broadcast the results before Americans head to bed. Election Day 2018 is expected to unfold no differently than it has in years past. Except it might.