National: Congress urged to increase voting system security | CNN

More than 100 cybersecurity and voting experts are urging the government to make the U.S. voting system more secure. The experts — which come from various industries, from business and academia to technology non-profits — signed a letter addressed to Congress on Wednesday suggesting how three major objectives need to take place to protect the integrity of the system and restore voter confidence. The letter comes as Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at DHS, told the Senate Intelligence Committee hackers targeted election-related systems in 21 states last year. The letter alleges many jurisdictions are unprepared to handle an increase in cybersecurity risks. To start, the experts believe all jurisdictions should create voter-verified paper ballots and phase out electronic voting machines.

National: Security experts warn lawmakers of election hacking risks | ZDNet

More than a hundred security researchers and computer science experts have warned in a letter to lawmakers that not enough is being done to ensure the integrity of state and federal elections. The letter, published Wednesday, argues many US states are “inadequately prepared” to respond to cybersecurity risks with upcoming elections. The hundred-plus co-signatories, including cryptographer Matthew Blaze, security expert Bruce Schneier, and PGP creator Phil Zimmermann, say the US “needs prompt action to ensure prudent elections security standards.” The experts also outlined several recommendations that would “form the basis of robust, enforceable, sensible federal standards that can restore needed confidence in American elections,” including ensuring that any electronic election machines produce a voter-verified paper ballot to establish the “official record of voter intent.”

National: Congress hears sinister tale of Russia meddling in US election | Associated Press

A sinister portrait of Russia’s cyberattacks on the U.S. emerged Wednesday as current and former U.S. officials told Congress Moscow stockpiled stolen information and selectively disseminated it during the 2016 presidential campaign to undermine the American political process. The Russians ‘‘used fake news and propaganda and they also used online amplifiers to spread the information to as many people as possible,’’ Bill Priestap, the FBI’s top counterintelligence official, told the Senate Intelligence committee.

National: How 2 academics got the Supreme Court to reexamine gerrymandering | Vox

The Supreme Court has officially agreed to hear a case with the potential to put firm limits on partisan gerrymandering — and dramatically change the way states draw legislative boundaries. The case, Gill v. Whitford, challenges the 2011 Wisconsin state assembly map. Those districts were drawn by the Republican state legislature in Wisconsin, and packed Democrats into a smaller number of districts to maximize Republican odds. The lawsuit argues that the map is an unconstitutional effort to help Republicans retain power.

National: Federal officials say they’re stepping up efforts to protect election systems | USA Today

State election chiefs said Wednesday that federal homeland security officials haven’t shared enough intelligence information about Russian attempts to access last year’s election — possibly hampering efforts to better protect their systems. “We need this information to defend state elections,” Indiana Secretary of State Connie Lawson, president-elect of the National Association of Secretaries of State, told members of the Senate Intelligence Committee. The committee held a hearing on Russia’s interference in last year’s elections as part of its ongoing investigation. “We were woefully unprepared to defend and respond (to Russian meddling) and I am hopeful that we will not be caught flat-footed again,” said Sen. Richard Burr, R-N.C., the committee’s chairman. “I am deeply concerned that, if we do not work in lock step with the states to secure our elections, we could be here in two or four years talking about a much worse crisis.”

National: The Microsoft security hole at the heart of Russian election hacking | Computerworld

Russian hacking of the 2016 election went deeper than breaking into the Democratic National Committee and the Clinton campaign — the Russians also hacked their way into getting information about election-related hardware and software shortly before voting began. The Intercept published a top-secret National Security Agency document that shows exactly how the Russians did their dirty work in targeting election hardware and software. At the heart of the hack is a giant Microsoft security hole that has been around since before 2000 and still hasn’t been closed. And likely never will. Before we get to the security hole, here’s a little background about how the Russian scheme worked, spelled out in detail by the secret NSA document. Allegedly, Russia’s military intelligence agency, the GRU, launched a spearphishing campaign against a U.S. company that develops U.S. election systems. (The Intercept notes that the company was likely “VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.”) Fake Google Alert emails were sent from noreplyautomaticservice@gmail.com to seven of the company’s employees. The employees were told they needed to immediately log into a Google website. The site was fake; when at least one employee logged in, his credentials were stolen.

National: DHS Never Ran Audit to See if Votes Were Hacked | Daily Beast

Despite assurances from the U.S. intelligence community that Russian hacking only influenced the 2016 U.S. election—and didn’t change vote tallies—there was never actually a formal federal audit of those systems, the Department of Homeland Security said. And while DHS offered free security scans to any state that wanted them, many states—even ones that took up the DHS offer, like Michigan and Maine—either use audit procedures that are considered inadequate or don’t audit their election results at all. “I think there’s a presumption amongst both the general public and lawmakers that DHS did some sort of investigation,” said Susan Greenhalgh, who serves as Elections Specialist at Verified Voting, a nonprofit devoted to U.S. election integrity. “It didn’t happen. That doesn’t mean that something happened, but it also means it wasn’t investigated.”

National: Despite NSA Claim, Elections Vendor Denies System Was Compromised In Hack Attempt | NPR

The Florida elections vendor that was targeted in Russian cyberattacks last year has denied a recent report based on a leaked National Security Agency document that the company’s computer system was compromised. The hackers tried to break into employee email accounts last August but were unsuccessful, said Ben Martin, the chief operating officer of VR Systems, in an interview with NPR. Martin said the hackers appeared to be trying to steal employee credentials in order to launch a spear-phishing campaign aimed at the company’s customers. VR Systems, based in Tallahassee, Fla., provides voter registration software and hardware to elections offices in eight states. “Some emails came into our email account that we did not open. Even though NSA says it’s likely that we opened them, we did not,” Martin says. “We know for a fact they were never opened. They did not get into our domain.”

National: ‘The mother lode of all leaks’: A massive data breach exposed ‘information that can be used to steal an election | Business Insider

A data analytics firm hired by the Republican National Committee last year to gather political information about US voters accidentally leaked the sensitive personal details of roughly 198 million US citizens earlier this month, as its database was left exposed on the open web for nearly two weeks. Deep Root Analytics, a conservative data firm contracted by the RNC as part of a push to ramp up its voter analytics operation in the wake of Mitt Romney’s defeat in the 2012 presidential election, stored details about approximately 61% of the US population on an Amazon cloud server without password protection for those two weeks.

National: Why the G.O.P. Voter Data Leak Is Scarier than It Seems | Vanity Fair

Facebook and Google aren’t the only companies hoovering up every kilobyte of our digital lives—our late-night shopping habits, social-media posts, travel plans, and celebrity obsessions—and turning that personal data into dollar signs. As the recent leak of nearly 200 million voter profiles shows, political analytics companies are major players in the Big Data space, too—and their methods, if not their security protocols, are getting ever more sophisticated. The terabyte of data that Gizmodo reports Deep Root Analytics left on a cloud server, without password protection, included “home addresses, birth dates, and phone numbers,” along with “advanced-sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem-cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity.” Even more worrying, some of the firm’s voter-registration data was cross-referenced against Reddit users’ profiles, suggesting a wide-ranging, multi-platform effort to build psychological profiles of American citizens. None of this is illegal, nor is it clear whether such information is particularly useful. Gizmodo reports show that the Republican National Committee paid Deep Root $983,000 last year, and that other conservative groups paid millions more. But as The New York Times revealed last year, preference-prediction software peddled by companies like Cambridge Analytica is still an imperfect science.

National: US Election Officials, Cybersecurity Experts to Testify on Russian Hacking | VoA News

Just how extensively Russia penetrated state election systems across America last year and how to prevent a repeat will be the focus of an extensive public hearing by the Senate Intelligence Committee on Wednesday. “We’re trying to focus on all aspects — the aggressive nature of Russia’s attempt to hack all the way down to the state level,” the committee’s chairman, Republican Richard Burr of North Carolina, told VOA. The panel will hear from cybersecurity and counterintelligence officials at the FBI and the Department of Homeland Security, as well as state election officials and a representative of America’s secretaries of state for all 50 states — officials who are tasked with certifying elections.

National: Some States Beat Supreme Court to Punch on Eliminating Gerrymanders | The New York Times

When Wisconsin Republicans last redrew the State Legislature’s district boundaries, in 2011, they set off a multimillion-dollar legal battle over accusations of gerrymandering that this week was granted a potentially historic hearing by the Supreme Court. Then there is California, which redrew its state legislative and congressional districts the same year with far less rancor. California is the largest of a handful of states that are trying to minimize the partisanship in the almost invariably political act of drawing district lines. California has handed that task to the independent and politically balanced California Citizens Redistricting Commission, and Arizona has a somewhat similar commission. Florida has amended its Constitution to forbid partisanship in drawing new districts. Iowa has offloaded the job to the nonpartisan state agency that drafts bills and performs other services for legislators.

National: A Republican contractor’s database of nearly every voter was left exposed on the Internet for 12 days, researcher says | The Washington Post

A Republican analytics firm’s database of nearly every registered American voter was left vulnerable to theft on a public server for 12 days this month, according to a cybersecurity researcher who found and downloaded the trove of data. The lapse in security was striking for putting at risk the identities, voting histories and views of voters across the political spectrum, with data drawn from a wide range of sources including social media, public government records and proprietary polling by political groups. Chris Vickery, a risk analyst at cybersecurity firm UpGuard, said he found a spreadsheet of nearly 200 million Americans on a server run by Amazon’s cloud hosting business that was left without a password or any other protection. Anyone with Internet access who found the server could also have downloaded the entire file.

National: Supreme court to decide whether state gerrymandering violates constitution | The Guardian

The US supreme court on Monday agreed to decide whether electoral maps drawn deliberately to favor a particular political party are acceptable under the constitution, in a case that could have huge consequences for future US elections. The justices will take up Wisconsin’s appeal of a lower court ruling that said state Republican lawmakers had violated the constitution when they created legislative districts with the aim of hobbling Democrats. The case will be one of the biggest heard in the supreme court term that begins in October. Last November, federal judges in Madison ruled 2-1 that the Republican-led Wisconsin legislature’s redrawing of legislative districts in 2011 amounted to “an unconstitutional partisan gerrymander”, a manipulation of electoral boundaries for unfair political advantage. The judges said the redrawing violated constitutional guarantees of equal protection under the law and free speech by undercutting the ability of Democratic voters to turn their votes into seats in the Wisconsin state legislature.

National: There’s No Way to Know How Compromised U.S. Elections Are | The Atlantic

It’s not really all that hard to hack American democracy. That fact should be driven home by a recent article from The Intercept detailing the contents of a highly classified NSA report that found evidence of a massive Russian cyberattack on voting software and against over 100 election officials. While the NSA concluded the attack was carried out by the most sophisticated of hackers—the Russian military—their entry methods were relatively vanilla. They gained access to the credentials and documents of a voting system vendor via a spear-phishing attack, and then used those credentials and documents to launch a second spear-phishing attack on local elections officials, which if successful could have compromised election officials’ systems and whatever voter data they possessed.

National: Justices could take up high-stakes fight over electoral maps | Associated Press

In an era of deep partisan division, the Supreme Court could soon decide whether the drawing of electoral districts can be too political. A dispute over Wisconsin’s Republican-drawn boundaries for the state legislature offers Democrats some hope of cutting into GOP electoral majorities across the United States. Election law experts say the case is the best chance yet for the high court to put limits on what lawmakers may do to gain a partisan advantage in creating political district maps. The justices could say as early as Monday whether they will intervene. The Constitution requires states to redo their political maps to reflect population changes identified in the once-a-decade census. The issue of gerrymandering — creating districts that often are oddly shaped and with the aim of benefiting one party — is centuries old. The term comes from a Massachusetts state Senate district that resembled a salamander and was approved in 1812 by Massachusetts Gov. Elbridge Gerry.

National: If Voting Machines Were Hacked, Would Anyone Know? | NPR

As new reports emerge about Russian-backed attempts to hack state and local election systems, U.S. officials are increasingly worried about how vulnerable American elections really are. While the officials say they see no evidence that any votes were tampered with, no one knows for sure. Voters were assured repeatedly last year that foreign hackers couldn’t manipulate votes because, with few exceptions, voting machines are not connected to the Internet. “So how do you hack something in cyberspace, when it’s not in cyberspace?” Louisiana Secretary of State Tom Schedler said shortly before the 2016 election. But even if most voting machines aren’t connected to the Internet, says cybersecurity expert Jeremy Epstein, “they are connected to something that’s connected to something that’s connected to the Internet.” … While it’s unclear if any of the recipients took the bait in the email attack, University of Michigan computer scientist Alex Halderman says it’s just the kind of phishing campaign someone would launch if they wanted to manipulate votes.

National: Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known | Bloomberg

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

National: What Congress is doing to stop Russian hackers next time | CSMonitor

In the past week, a series of dramatic congressional hearings have sought to plumb possible collusion between the Trump campaign and Russia – or possible presidential obstruction of justice over the matter, which special counsel Robert Mueller is now reportedly investigating. But this spotlight, while an important line of questioning into last year’s interference, overshadows other steps that Congress is taking to prevent Russian meddling in future elections. Absent an administration that is staffed up or a president inclined to go hard on Moscow, Congress is looking to define its own strategy. “We don’t really have a Russia strategy” to prevent a repeat of election meddling, says James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. “Congress is trying to figure out what that should be.” Specifically, it’s looking at several areas: sanctions, what exactly Russia did in the last election and appropriate countermeasures, and US digital defenses.

National: Special counsel Robert Mueller is investigating Donald Trump for possible obstruction of justice, officials say | The Washington Post

The special counsel overseeing the investigation into Russia’s role in the 2016 election is interviewing senior intelligence officials as part of a widening probe that now includes an examination of whether President Trump attempted to obstruct justice, officials said. The move by special counsel Robert S. Mueller III to investigate Trump’s conduct marks a major turning point in the nearly year-old FBI investigation, which until recently focused on Russian meddling during the presidential campaign and on whether there was any coordination between the Trump campaign and the Kremlin. Investigators have also been looking for any evidence of possible financial crimes among Trump associates, officials said.

National: Senate overwhelmingly passes Russia sanctions deal with new limits on Trump | Politico

The Senate on Wednesday overwhelmingly approved a bipartisan package of new Russia sanctions that also lets Congress block President Donald Trump from easing or ending penalties against Moscow, the year’s most significant GOP-imposed restriction on the White House. The 97-2 vote on the Russia sanctions plan capped a week of talks that demonstrated cross-aisle collaboration that’s become increasingly rare as Trump and the GOP push to repeal Obamacare without any Democratic votes. Senators merged the sanctions package with a bipartisan Iran sanctions bill that’s on track for passage as soon as this week, complicating the politics of any future veto threat from the Trump administration. “It’s particularly significant that a bipartisan coalition is seeking to reestablish Congress, not the president, as the final arbiter of sanctions relief, considering that this administration has been too eager — far too eager, in my mind — to put sanctions relief on the table,” Minority Leader Chuck Schumer (D-N.Y.), who pressed hard for the strongest possible anti-Russia bill, said in a floor speech. “These additional sanctions will also send a powerful, bipartisan statement that Russia and any other nation who might try to interfere with our elections will be punished.”

National: Sessions’s testimony highlights Trump’s deep lack of interest in what Russia did in 2016 | The Washington Post

Sen. James E. Risch (R-Idaho) made a comment during the Senate Intelligence Committee’s questioning of Attorney General Jeff Sessions that has an obvious exception. “I don’t think there’s any American,” Risch said, “who would disagree with the fact that we need to drill down to this” — that is, Russian meddling in the 2016 election — “know what happened, get it out in front of the American people and do what we can to stop it again.” There is one American, at least, who seems generally uninterested in that need: Sessions’s boss, President Trump.

National: Russia Could Hack 2020 Election, Too, Report Says—39 States Hit in 2016 | Newsweek

The 2016 elections may have just been the beginning. Russian hackers attacked voter databases and software systems in 39 states during last year’s elections, and authorities fear that while the tampering may not have affected vote totals, it’s possible Russia learned enough from the attacks to put 2020’s presidential election in its crosshairs, sources with knowledge of the U.S. investigation told Bloomberg. The report, published Tuesday morning, said Illinois investigators discovered that hackers attempted to delete or alter voter data in the state’s voter database. (California and Florida were the only other states directly mentioned.) The Illinois database held some 15 million names—half were active voters—and 90,000 records were potentially compromised.

National: Russia’s already done some of the damage to American elections that it sought | The Washington Post

There are two documents created during the 2016 election cycle that help detail precisely how American electoral systems are secured. The first was a letter written by the Florida State Association of Supervisors of Elections explaining how the state secured its voters’ choices. Florida uses paper ballots, which are scanned on devices that are not connected to the Internet or to each other and each of which is tested before Election Day. The tally from those machines is transmitted to the state with several layers of encryption, and is backed up with and verified against thumb drives that are digitally secured. Those tallies are then verified against the machines themselves.

National: New Bipartisan Sanctions Would Punish Russia for Election Meddling | The New York Times

Senate leaders said they had reached an agreement late on Monday to approve new sanctions against Russia for interfering in the 2016 presidential election and for the country’s conduct in Ukraine and Syria, delivering a striking message to a foreign power that continues to shadow President Trump. The bipartisan measure would place the White House in an uncomfortable position, arriving amid sweeping investigations into ties between Mr. Trump’s associates and Russia. The sanctions package would also cut against the administration’s stated aim to reshape the United States’ relationship with Russia after Mr. Trump took office.

National: Russian Breach of 39 States Threatens Future U.S. Elections | Bloomberg

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

National: Friend Says Trump Is Considering Firing Mueller as Special Counsel | The New York Times

A longtime friend of President Trump said on Monday that Mr. Trump was considering whether to fire Robert S. Mueller III, the special counsel investigating possible ties between the president’s campaign and Russian officials. The startling assertion comes as some of Mr. Trump’s conservative allies, who initially praised Mr. Mueller’s selection as special counsel, have begun trying to attack his credibility. The friend, Christopher Ruddy, the chief executive of Newsmax Media, who was at the White House on Monday, said on PBS’s “NewsHour” that Mr. Trump was “considering, perhaps, terminating the special counsel.” “I think he’s weighing that option,” Mr. Ruddy said.

National: Sessions will testify in open hearing Tuesday before Senate Intelligence Committee | The Washington Post

Attorney General Jeff Sessions’s appearance Tuesday before the Senate Intelligence Committee will be a high-stakes test for a Trump official who has kept a low profile even as he has become a central figure in the scandal engulfing the White House over Russia and the firing of James B. Comey as FBI director. Sessions, a former Republican senator from Alabama, will face tough questions from his former colleagues on a number of fronts that he has never had to publicly address in detail. Democrats plan to ask about his contacts during the 2016 campaign with the Russian ambassador to the United States, Sergey Kislyak, which the attorney general failed to disclose fully during his confirmation hearing.

National: New Bipartisan Sanctions Would Punish Russia for Election Meddling | The New York Times

Senate leaders said they had reached an agreement late on Monday to approve new sanctions against Russia for interfering in the 2016 presidential election and for the country’s conduct in Ukraine and Syria, delivering a striking message to a foreign power that continues to shadow President Trump. The bipartisan measure would place the White House in an uncomfortable position, arriving amid sweeping investigations into ties between Mr. Trump’s associates and Russia. The sanctions package would also cut against the administration’s stated aim to reshape the United States’ relationship with Russia after Mr. Trump took office.

National: Trump-Comey Feud Eclipses a Warning on Russia: ‘They Will Be Back’ | The New York Times

Lost in the showdown between President Trump and James B. Comey that played out this past week was a chilling threat to the United States. Mr. Comey, the former director of the F.B.I., testified that the Russians had not only intervened in last year’s election, but would try to do it again. “It’s not a Republican thing or Democratic thing — it really is an American thing,” Mr. Comey told the Senate Intelligence Committee. “They’re going to come for whatever party they choose to try and work on behalf of. And they’re not devoted to either, in my experience. They’re just about their own advantage. And they will be back.” What started out as a counterintelligence investigation to guard the United States against a hostile foreign power has morphed into a political scandal about what Mr. Trump did, what he said and what he meant by it. Lawmakers have focused mainly on the gripping conflict between the president and the F.B.I. director he fired with cascading requests for documents, recordings and hearings.