National: DHS chief issues stern warning to Russia, others on election meddling, cyberattacks | The Hill

Homeland Security Secretary Kirstjen Nielsen issued a stern warning to Russia and other countries looking to meddle in future U.S. elections, saying that the U.S. government will consider all options “seen and unseen” for responding to malicious attacks in cyberspace. “The United States, as you know, possesses a spectrum of response options both seen and unseen, and we will use them to call out malign behavior, punish it and deter future cyber hostility,” Nielsen said in keynote remarks at the RSA cybersecurity conference in San Francisco on Tuesday. “Our cyber defenses help guard our very democracy and all we hold dear. To those who would try to attack our democracy to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don’t,” Nielsen said.

National: DHS Secretary Kirstjen Nielsen Talks Russia Hacks, Upcoming Elections | Fortune

Homeland Security Secretary Kirstjen Nielsen promised that the federal government would do all it could to prevent Russians from hacking future elections, but stopped short of guaranteeing that those measures would be effective. “I feel secure that we are and will continue to do everything we can to help state and locals secure their election infrastructure,” Nielsen said on Tuesday, avoiding answering a question about whether the U.S. voting system is hacker proof. The DHS secretary’s comments at the annual RSA cybersecurity conference in San Francisco come after members of the U.S. Senate Intelligence Committee urged Nielsen and the DHS to speed up efforts to secure the nation’s elections, according to the New York Times. In September, the DHS notified 21 U.S. states that Russia had attempted to hack their voting systems prior to the last presidential election.

National: Flurry of lawsuits filed over citizenship question on census | The Hill

Lawsuits are piling up against the Trump administration’s decision to add a citizenship question to the 2020 census. The nonpartisan Lawyers’ Committee for Civil Rights Under Law, along with the law firm Manatt, Phelps & Phillips, on Tuesday filed a lawsuit against the citizenship question on behalf of the City of San Jose and the Black Alliance for Just Immigration. The suit was filed against the Commerce Department in the Northern District of California. The lawsuit is the fourth legal challenge that’s been brought since Commerce Secretary Wilbur Ross agreed in March to grant a request from the Department of Justice to reinstate the citizenship question on the 2020 census.

National: US and UK Warn of Cybersecurity Threat From Russia | The New York Times

The United States and Britain on Monday issued a first-of-its-kind joint warning about Russian cyberattacks against government and private organizations as well as individual homes and offices in both countries, a milestone in the escalating use of cyberweaponry between major powers. Although Washington and London have known for decades that the Kremlin was trying to penetrate their computer networks, the joint warning appeared to represent an effort to deter future attacks by calling attention to existing vulnerabilities, prodding individuals to mitigate them and threatening retaliation against Moscow if damage was done. “When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,” Rob Joyce, a special assistant to the president and the cybersecurity coordinator for the National Security Council, said in joint conference call with journalists by senior officials in Washington and London. That would include “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.”

National: Senators, state officials to meet on election cybersecurity bill | The Hill

Two senators sponsoring legislation to secure digital election systems from cyberattacks are meeting Monday with state officials on the details of their proposal. Sens. James Lankford (R-Okla.) and Amy Klobuchar (D-Minn.) are scheduled to meet with secretaries of state to discuss the Secure Elections Act, a spokesman for Lankford confirmed. The bipartisan bill, originally introduced last December, is designed to help and incentivize state officials to make cybersecurity upgrades to their election infrastructure following Russian interference in the 2016 presidential election. The senators rolled out a revised version of the proposal in March, after some state officials, who are responsible for administering federal elections, expressed concerns with the effort. 

National: How Russian Facebook Ads Divided and Targeted US Voters Before the 2016 Election | WIRED

When Young Mie Kim began studying political ads on Facebook in August of 2016—while Hillary Clinton was still leading the polls— few people had ever heard of the Russian propaganda group, Internet Research Agency. Not even Facebook itself understood how the group was manipulating the platform’s users to influence the election. For Kim, a professor of journalism at the University of Wisconsin-Madison, the goal was to document the way the usual dark money groups target divisive election ads online, the kind that would be more strictly regulated if they appeared on TV. She never knew then she was walking into a crime scene. Over the last year and a half, mounting revelations about Russian trolls’ influence campaign on Facebook have dramatically altered the scope and focus of Kim’s work. In the course of her six-week study in 2016, Kim collected mounds of evidence about how the IRA and other suspicious groups sought to divide and target the US electorate in the days leading up to the election. Now, Kim is detailing those findings in a peer-reviewed paper published in the journal Political Communication.

National: Congress, states don’t seem inclined to incorporate biometrics in new voting technologies | BiometricUpdate

While other nations are rapidly incorporating biometrics into their voting technologies, the US Congress and states – and local jurisdictions – don’t seem to be all that concerned about utilizing biometrics to verify the identities of individuals voting in America, despite the concerns over election machine cyber-tampering that’s continued to mount since the 2016 elections. In its report, Observations on Voting Equipment Use and Replacement (PDF), which was requested by lawmakers, the Government Accountability Office (GAO) — Congress’ investigative arm — “did not consider the issue of biometrics as part of our work,” Biometric Update was told by Rebecca Gambler, Director, Homeland Security & Justice issues at GAO. In fact, Gambler said, “GAO’s prior work on elections issues also has not addressed biometrics, and thus, we don’t have background or insights to share in this area.”

National: Mueller has evidence that Trump confidant went to Prague, despite denials | McClatchy

The Justice Department special counsel has evidence that Donald Trump’s personal lawyer and confidant, Michael Cohen, secretly made a late-summer trip to Prague during the 2016 presidential campaign, according to two sources familiar with the matter. Confirmation of the trip would lend credence to a retired British spy’s report that Cohen strategized there with a powerful Kremlin figure about Russian meddling in the U.S. election. It would also be one of the most significant developments thus far in Special Counsel Robert Mueller’s investigation of whether the Trump campaign and the Kremlin worked together to help Trump win the White House. Undercutting Trump’s repeated pronouncements that “there is no evidence of collusion,” it also could ratchet up the stakes if the president tries, as he has intimated he might for months, to order Mueller’s firing.

National: Facebook says its ‘voter button’ is good for turnout. But should the tech giant be nudging us at all? | The Guardian

On the morning of 28 October last year, the day of Iceland’s parliamentary elections, Heiðdís Lilja Magnúsdóttir, a lawyer living in a small town in the north of the country, opened Facebook on her laptop. At the top of her newsfeed, where friends’ recent posts would usually appear, was a box highlighted in light blue. On the left of the box was a button, similar in style to the familiar thumb of the “like” button, but here it was a hand putting a ballot in a slot. “Today is Election Day!” was the accompanying exclamation, in English. And underneath: “Find out where to vote, and share that you voted.” Under that was smaller print saying that 61 people had already voted. Heiðdís took a screenshot and posted it on her own Facebook profile feed, asking: “I’m a little curious! Did everyone get this message in their newsfeed this morning?” In Reykjavik, 120 miles south, Elfa Ýr Gylfadóttir glanced at her phone and saw Heiðdís’s post. Elfa is director of the Icelandic Media Commission, and Heiðdís’s boss. The Media Commission regulates, for example, age ratings for movies and video games, and is a part of Iceland’s Ministry of Education. Elfa wondered why she hadn’t received the same voting message. She asked her husband to check his feed, and there was the button. Elfa was alarmed. Why wasn’t it being shown to everyone? Might it have something to do with different users’ political attitudes? Was everything right and proper with this election?

National: States to Game Out Election Threats in Homeland Security Drills | Bloomberg

The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.

National: Mark Zuckerberg vows to fight election meddling in marathon Senate grilling | The Guardian

Mark Zuckerberg, the Facebook chief executive, warned on Tuesday of an online propaganda “arms race” with Russia and vowed that fighting interference in elections around the world is now his top priority. The 33-year-old billionaire, during testimony that lasted nearly five hours, was speaking to Congress in what was widely seen as a moment of reckoning for America’s tech industry. It came in the wake of the Cambridge Analytica scandal in which, Facebook has admitted, the personal information of up to 87 million users were harvested without their permission. Zuckerberg’s comments gave an insight into the unnerving reach and influence of Facebook in numerous democratic societies. “The most important thing I care about right now is making sure no one interferes in the various 2018 elections around the world,” he said under questioning by Senator Tom Udall of New Mexico.

National: Departed HHS CISO lands at voting technology vendor ES&S as security lead | FedScoop

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt.

National: Lawsuit Filed Against Ex-Voter Fraud Commissioner For ‘Reckless’ Claims | TPM

J. Christian Adams, who sat on President Trump’s now-defunct voter fraud commission, is being sued over reports his group issued accusing hundreds of Virginians of having illegally registered to vote. The lawsuit was filed Thursday against Adams and his group, the Public Interest Legal Foundation, in federal court in Virginia. It targets the voter fraud allegations the group made in reports called “Alien Invasion in Virginia” and “Alien Invasion II,” which claimed that hundreds of non-citizens had likely committed felonies by registering to vote. The lawsuit is being brought by four people who say they were falsely mislabeled as non-citizens who illegally registered to vote in the reports, despited the fact that they are all citizens.  The League of United Latin American Citizens is also a plaintiff in the lawsuit, which is being spearheaded by the Southern Coalition for Social Justice and Protect Democracy, two pro-democracy groups.”

National: DHS security unit makes another big hire from elsewhere in government | CyberScoop

The federal agency charged with protecting U.S. infrastructure — including its computer networks — has hired Daniel Kroese, the chief of staff for Republican Rep. John Ratcliffe, as a senior adviser. The National Protection and Programs Directorate (NPPD), part of the Department of Homeland Security, brings on Kroese as the Trump administration and Congress are seeking to harden U.S. cybersecurity, including its elections systems. Kroese, who announced the hire in an email to colleagues, will arrive at NPPD with close contacts throughout Congress. The move follows NPPD’s addition of Matthew Masterson, the former chairman of the Election Assistance Commission (EAC), as another senior adviser. Masterson’s role is focused on election security. It’s not clear yet what Kroese will specialize in at NPPD.

National: Security researchers and industry reps clash over voting machine security testing | Cyberscoop

Cybersecurity experts and voting machine makers are fighting over laws that would allow researchers to test for vulnerabilities and report them without fear of legal retribution. Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA) made it illegal to bypass security measures that prevent access to copyrighted material, such as software. Over the years, however, the U.S. Copyright Office has created exemptions to Section 1201 to grant “good-faith” hackers the ability to research consumer device security, such as cell phones, tablets, smart appliances, connected cars and medical devices. Now, as the Copyright Office mulls expanding those exemptions to allow access to a broader array of technology — and voting machines in particular — security researchers and vendors are voicing their disagreements about the value of such an expansion. The office held a hearing fielding comments from stakeholders on Tuesday.

National: The Questions Zuckerberg Should Have Answered About Russia | WIRED

Over the last two days, Facebook CEO Mark Zuckerberg was questioned for more than 10 hours by two different Congressional committees. There was granular focus on privacy definitions and data collection, and quick footwork by Zuckerberg—backed by a phalanx of lawyers, consultants, and coaches—to craft a narrative that users “control” their data. (They don’t.) But the gaping hole at the center of both hearings was the virtual absence of questions on the tactics and purpose of Russian information operations conducted against Americans on Facebook during the 2016 elections. Here are the five of the biggest questions about Russia that Zuckerberg wasn’t asked or didn’t answer—and why it’s important for Facebook to provide clear information on these issues.

National: NRA got more money from Russia-linked sources than earlier reported | Politico

The National Rifle Association reported this week that it received more money from people with Russian ties than it has previously acknowledged, but announced that it was officially done cooperating with a congressional inquiry exploring whether illicit Kremlin-linked funding passed through the NRA and into Donald Trump’s 2016 presidential campaign, Sen. Ron Wyden (D-Ore.) said on Wednesday. Wyden released a letter from the NRA, dated Tuesday, in which the gun rights group reported receiving $2,512.85 in contributions and membership dues “from people associated with Russian addresses” or known Russian nationals living in the United States from 2015 to the present. In the past, a congressional aide to Wyden said, the group had confirmed receiving only one financial contribution, in the form of a lifetime membership purchased by Alexander Torshin, a Russian banker.

National: Air gapping voting machines isn’t enough, says election security expert Alex Halderman | Cyberscoop

The safeguards that election officials say protect voting machines from being hacked are not as effective as advertised, a leading election security expert says. U.S. elections, including national ones, are run by state and local offices. While that decentralization could serve an argument that elections are difficult to hack, University of Michigan Professor J. Alex Halderman says that it’s more like a double-edged sword. Speaking to an audience of students and faculty at the University of Maryland’s engineering school on Monday, Halderman said that the U.S. is unique in how elections are localized. States and counties choose the technology used to run federal elections. “Each state state running its own independent election system in many cases does provide a kind of defense. And that defense is that there is no single point nationally that you can try to attack or hack into in order to change the national results,” Halderman said. But since national elections often hinge on swing states like, Virginia, Ohio or Pennsylvania, attackers can look for vulnerabilities where they would count. “An adversary could probe the election systems in all the close states, look for the ones that have the biggest weaknesses and strike there, and thereby flip a few of those swing states,” Halderman said.

National: Democrats make direct appeal to Speaker Ryan on election hacking | CNN

The top Democrats on six of the House’s key committees are appealing directly to Speaker Paul Ryan to help them obtain documents from the Trump administration related to election hacking during the 2016 contest. In a letter sent to the speaker Tuesday morning, the highest-ranking Democrats on the House Oversight, Judiciary, Homeland Security, Foreign Affairs, Intelligence and House Administration committees implored Ryan to intervene in their ongoing efforts to get the Department of Homeland Security to turn over documents related to the targeting of state election-related systems by Russian hackers. The Democrats asked the department in October to provide copies of the notifications it sent to the 21 states it identified as the target of Russian government-linked attempts to hack voting-related systems and other related documents.

National: What We Know And Don’t Know About Election Hacking | FiveThirtyEight

When talk of Russian interference in U.S. elections comes up, much of the focus has been on state-sponsored trolls on Facebook and Twitter — special counsel Robert Mueller recently indicted a number of these actors, and Congress has taken Silicon Valley to task for allowing such accounts to flourish. But there’s another side of Russian meddling in American democracy: attacks on our election systems themselves. We know that Russian hackers in 2016 worked to compromise state voting systems and the companies that provide voting software and machines to states. That could blossom into more concrete attacks this year. As I wrote earlier this week, the worst-case scenario is that on Election Day 2018, votes are altered or fabricated and Americans are disenfranchised.

National: Election security means much more than just new voting machines | The Conversation

In late March, Congress passed a significant spending bill that included US$380 million in state grants to improve election infrastructure. As the U.S. ramps up for the 2018 midterm elections, that may seem like a huge amount of money, but it’s really only a start at securing the country’s voting systems. A 2015 report by the Brennan Center law and policy institute at New York University estimates overhauling the nation’s voting system could cost more than $1 billion – though the price could be partially offset by more efficient contracting. Most voting equipment hasn’t been updated since the early 2000s. At times, election officials must buy voting machine hardware on eBay, because the companies that made them are no longer in business. Even when working properly, those machines are not secure: At the 2017 DEF CON hacker conference, attackers took control of several voting machines in a matter of minutes. Securing electoral systems across the U.S. is a big problem with high stakes. This federal money being provided to states now may not be the last of its kind, but it’s what’s available right away, and it must be used as efficiently as possible.

National: Paper trails and random audits could secure all elections – don’t save them just for recounts in close races | The Conversation

As states begin to receive millions of federal dollars to secure the 2018 primary and general elections, officials around the country will have to decide how to spend it to best protect the integrity of the democratic process. If voters don’t trust the results, it doesn’t matter whether an election was actually fair or not. Right now, the most visible election integrity effort in the U.S. involves conducting recounts in especially close races. A similar approach could be applied much more broadly. Based on my research into game theory as a way to secure elections, I suggest that the proper first line of defense is auditing results. While an audit can only happen after Election Day, it’s crucial to prepare in advance.

National: Zuckerberg’s testimony will reveal Trump’s dissembling on Russia | The Washington Post

Facebook CEO Mark Zuckerberg is preparing to face a bipartisan inquisition into the social media platform’s handling of user data, and its role in facilitating (unwittingly, it seems) Russia’s interference with our election. He plans to take the humble, apologetic route in a hearing before the House Committee on Energy and Commerce. In his prepared remarks, Zuckerberg says that “it’s clear now that we didn’t do enough to prevent these tools from being used for harm as well. That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy. We didn’t take a broad enough view of our responsibility, and that was a big mistake.” He states flat out: ” It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.”

National: The Moscow Midterms | FiveThirtyEight

The first Americans to line up to vote on Nov. 6, 2018, will be the East Coast’s earliest risers. As early as 5 a.m. EST, rubbing the sleep from their eyes and clutching travel thermoses of coffee, they will start the procession of perhaps 90 million Americans to vote that day. The last to cast ballots will be Hawaiians, who will do so until 11 p.m. East Coast time. When all is said and done, the federal election will unfold something like an 18-hour-long ballet of democracy: 50 states, dozens of different kinds of voting machines and an expectation that everything should be counted up in time for TV networks to broadcast the results before Americans head to bed. Election Day 2018 is expected to unfold no differently than it has in years past. Except it might.

National: How Every Campaign Will Have a Troll Farm of Its Own | The Daily Beast

Mark Zuckerberg heads to the nation’s capital this week for some lashings from America’s legislators. On Tuesday, he’ll appear in front of joint sessions of the Senate Judiciary and Commerce committees. Then on Wednesday, the Facebook CEO will visit the House Energy and Commerce Committee for another round of bruising. Since the presidential election of 2016, congressmen have pummeled social media giants for Russia’s infiltration and exploitation of their systems. But America’s politicians may want to tread lightly as they seek answers from Zuckerberg. Political actors, more than anyone, seek the power and reach of social media to win the hearts and minds of voters. In the future, Russia and other authoritarians will continue their manipulation, but it will be ordinary candidates and their campaigns, lobbyists, and corporate backers that seek to exploit the manipulative advantages available on social media. A combative tech CEO just might flip the script and call out the politicians for their role in this mess.

National: Federal funds to bolster election security may not be enough | Associated Press

Last summer, with an important Illinois election season months away, Shelby County officials in central Illinois feared that their outdated voting equipment wouldn’t be approved for use by the State Board of Elections. Most of it dates to 2004, and it’s becoming harder to find replacement parts. Often, it’s difficult to read the machinery’s paper record, which is needed to verify votes. It passed inspection, but County Clerk Jessica Fox said the county, which is running a budget deficit, faces an upgrade of as much as $300,000. “Sooner or later we must have new equipment, regardless of the costs,” Fox said. Shelby County isn’t alone. Machine malfunction during the March 20 primary election was among the top reported issues to a hotline set up by the Lawyers’ Committee for Civil Rights, a national nonpartisan voter-protection group.

National: “Don’t Mess With Our Elections”: Vigilante Hackers Strike Russia, Iran | Motherboard

On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it. “We were tired of attacks from government-backed hackers on the United States and other countries,” someone in control of an email address left in the note told Motherboard Saturday.

National: When Russian hackers targeted the U.S. election infrastructure | 60 Minutes/CBS News

The U.S. intelligence community has concluded there is no doubt the Russians meddled in the 2016 U.S. presidential election, leaking stolen e-mails and inflaming tensions on social media. While Congress and special counsel Robert Mueller investigate Russian interference, including whether the campaign of Donald Trump colluded with Russia, we have been looking into another vector of the attack on American democracy: a sweeping cyber assault on state voting systems that U.S. intelligence tied to the Russian government. Tonight, you’ll find out what happened from the frontline soldiers of a cyberwar that was fought largely out of public view, on digital battlegrounds in states throughout the country. The threat Russia posed to our democratic process was deemed so great, the Obama Administration took the unprecedented step of using the cyber hotline – the cybersecurity equivalent of the nuclear hotline – to warn the Kremlin to stop its assault on state election systems. Russian operatives had launched a widespread cyberattack against state voting systems around the country.

National: The Challenge of Machines in the 21st Century | Fair Observer

Information technology and the internet are changing the way democracy works. Recent revelations of the use of personal data to manipulate elections tell us that we live in a very different place we thought we did just weeks ago. Marketing companies, like the now infamous Cambridge Analytica, may deploy data profiling to influence human targets on social media. This involves the enveloping of the subjects within an artificial world; Christopher Wylie, the whistleblower at the center of this scandal, referred to these worlds as “cultures.” In each of these artificial cultures, political candidates would appear to each target from a different aspect, but always as a perfect candidate tailored to the psychographic profile of that particular voter. This approach, Cambridge Analytica claims, would increment the candidate’s electoral margins. There is currently no information if the use of personal data had a deciding effect on the US presidential elections. However, the process is revealing of the power online companies hold today to, in principle, manipulate its customers.

National: Facebook to Require Verified Identities for Future Political Ads | The New York Times

For months, Facebook’s critics — ranging from Silicon Valley executives to Washington politicians — have been urging the company to do a better job of identifying who is buying political ads and creating pages about hot-button topics on its social media sites. On Friday, just days before its chief executive, Mark Zuckerberg, is expected to testify before Congress, Facebook said it had started forcing people who want to buy political or “issue” ads to reveal their identities and verify where they are. Mr. Zuckerberg announced the move in a post on Facebook. He said this verification was meant to prevent foreign interference in elections, like the ads and posts from so-called Russian trolls before and after the 2016 presidential election.