The House will advance a package of voting rights, campaign finance and ethics overhauls this month, Speaker Nancy Pelosi said in a “Dear Colleague” letter Monday night. House Democrats have introduced the government overhaul package as HR 1 to reflect its priority status. They believe fundamentally changing the way government operates will increase public buy-in as Democrats pursue an economic policy agenda focused on issues such as heath care, infrastructure and climate change. “During this Black History Month, I am pleased we will be advancing H.R. 1, which contains Congressman John Lewis’s Voter Empowerment Act ensuring equal access to the ballot for every eligible voter, and lays the groundwork of the subsequent passage of Congresswoman Terri Sewell’s Voting Rights Advancement Act,” Pelosi wrote, citing two black lawmakers who have sponsored legislation that is part of the Democrats’ effort to overhaul voting rights laws.
House Democrats introduced their first piece of legislation in the new Congress this week, an anti-corruption bill that proposes making Election Day a federal holiday and encourages private employers to give their workers the day off, too. Senate Majority Leader Mitch McConnell dismissed the legislation on the Senate floor, calling it a “power grab” by Democrats. He was subsequently dragged by progressive lawmakers on Twitter, including Senator Kirsten Gillibrand, who tweeted that “voting isn’t a ‘power grab.’ It’s democracy, and it’s literally the entire point of our representative government.” But according to the Pew Research Center, Americans on both sides of the aisle support making Election Day a national holiday: 71% of Democrats and 59% of Republicans favor the idea.
The federal government has determined that foreign interference campaigns had no material impact on the outcomes of the 2018 midterm elections. The Departments of Justice and Homeland Security announced Feb. 5 that they have submitted a classified report to President Donald Trump in accordance with an executive order issued last year to root out and investigate foreign interference targeting American elections or campaigns. “Although the specific conclusions within the joint report must remain classified, the Departments have concluded there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political [and] campaign infrastructure used in the 2018 midterm elections for the United States Congress,” said DOJ in a statement.
National: State officials want election security cash. But some don’t like the strings attached. | The Washington Post
State election officials want the latest round of election security money included in a major bill proposed by House Democrats – but they’re divided on whether they want to accept a slew of voting mandates that come along with it. The divide is largely along partisan lines. On one side, there’s Iowa Secretary of State Paul Pate (R), the incoming president of the National Association of Secretaries of State, who balked at provisions in H.R. 1 that make it more difficult for states to impose voter ID requirements. Pate said in an email the For the People Act amounts to the federal government seizing authority over elections from states. On the other side are Democrats who largely support those efforts to expand voter access and consider them a fair trade for more election security money. “There’s a tension over H.R. 1 and whether or not it’s a federalization of elections,” one Democratic secretary of state told me at the NASS conference in Washington this weekend. “It is not. And anyone who claims that it is, that’s an overreach.”
National: House Intelligence poised to send Mueller lingering Russia investigation transcripts | Washington Examiner
The House Intelligence Committee has scheduled a vote this week on sending more transcripts to the Justice Department. The panel’s website says members will vote on Wednesday regarding the “transmission of Certain Committee Transcripts to the Department of Justice.” Chairman Adam Schiff, D-Calif., said last week the first thing his panel would do in the new term would be to release all remaining transcripts from their Russia investigation to special counsel Robert Mueller. “Neither we nor the Special Counsel will tolerate efforts by any person to impede any investigation into Russia’s interference in the 2016 election, nor to pressure a witness to withhold testimony from or mislead Congress,” Schiff said in a statement released after longtime associate Roger Stone was indicted as part of Mueller’s investigation.
The first Voting Rights and Elections listening session of the U.S. Committee on House Administration took place Monday in Brownsville at the invitation of U.S. Rep. Filemon Vela as part of a day of events he hosted in recognition of Black History Month. Several members of the Congressional Black and Hispanic caucuses took part in the session, which was led by U.S. Rep. Marcia Fudge, D-Ohio, CHA Elections Subcommittee chair-designee, and which and took place at the Cameron County Courthouse Oscar C. Dancy Building. … The members of Congress heard testimony from a panel made up of veteran voting and civil rights attorneys Chad Dunn, George Korbel and Rolando Rios; Mimi Marziani, attorney and president of the Texas Civil Rights Project, and Matthew McCarthy, representing the American Civil Liberties Union.
The Democratically controlled U.S. House Judiciary Committee launched an inquiry on Friday into the Trump administration’s decision to reverse course on several key voting rights lawsuits and its efforts to add a citizenship question to the upcoming 2020 U.S. census. In a letter to acting U.S. Attorney General Matthew Whitaker seen by Reuters, the chairman of the committee, Representative Jerrold Nadler, demanded that the Justice Department turn over any internal records on a number of voting rights issues and said he was concerned by a lack of enforcement of voter rights laws in general. The letter seeks records related to the Justice Department’s decision to drop its opposition to a contentious Ohio policy allowing the state to purge infrequent voters from registration rolls and a Texas voter identification law.
National: Russians reportedly “altered” Mueller documents and leaked them online to discredit probe | Salon
Special counsel Robert Mueller’s team has accused Russian operatives of stealing materials obtained from his prosecutors, altering the documents, and posting them online in a disinformation effort to discredit the Russia investigation, according to court documents filed on Wednesday. Mueller’s team made the filing in its case against Concord Management and Consulting LLC, a sanctioned Russian company indicted in the probe for allegedly funding a Russian troll farm that waged a disinformation campaign during the 2016 U.S. presidential election. According to prosecutors, a Twitter account with the handle @HackingRedstone was created last October. The user bragged that he had hacked evidence in the Mueller probe. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller,” the account tweeted, according to the court filing. “Enjoy the reading!”
A new court filing submitted on Wednesday by Special Counsel Robert Mueller revealed that a Russian troll farm currently locked in a legal battle over its alleged interference in the 2016 election appeared to wage yet another disinformation campaign late last year—this time targeting Mueller himself. According to the filing, the special counsel’s office turned over 1 million pages of evidence to lawyers for Concord Management and Consulting as part of the discovery process. The firm is accused of funding the troll farm, known as the Internet Research Agency. But someone connected to Concord allegedly manipulated the documents and leaked them to reporters, hoping the documents would make people think that Mueller’s evidence against the troll farm and its owners was flimsy. The tactic didn’t seem to convince anyone, but it appeared to mark yet another example of Russia exploiting the U.S. justice system to undercut its rivals abroad.
National: Republicans Rewrote Voting Laws for 8 Years. Now Democrats Say It’s Their Turn. | The New York Times
In the years after Republicans swept state and congressional elections in 2010, legislatures in 25 states — all but a handful of them dominated by the party — enacted laws that made it harder to register and vote, from imposing ID requirements and curbing voter registration drives to rolling back early voting periods. In November, Democrats reclaimed some of the ground they lost eight years ago. And now the rules for casting a ballot are moving fast in the opposite direction. The signal example is in New York, where Democrats this month enacted a series of measures expanding access to the ballot box, just two months after taking full control of both the State House and Senate. But that state is far from the only one: Legislatures in New Jersey and Virginia are set to consider even more expansive packages. Delaware, New Hampshire, Minnesota and New Mexico are also set to take up voting rights measures. All those proposals, in legislatures under Democratic control or on the cusp of it, have plausible prospects of becoming law. But Democrats are pushing legislation to expand access to the ballot even in some states like South Carolina and Texas where Republicans control makes approval unlikely.
Russia’s military intelligence directorate, the GRU, has been caught in a new round of computer intrusion attempts, this time aimed at the Center for Strategic and International Studies, a prominent Washington, D.C. think tank heavy with ex-government officials. The new efforts by the Kremlin hackers who notoriously breached the DNC and Hillary Clinton campaign to support Donald Trump suggests that indictments, international sanctions, a botched assassination and an unprecedented global spotlight have done little to deter Vladimir Putin from continuing to target the West with his hacker army, even as American intelligence agencies warn that Russia is gearing up to interfere in the 2020 election. “We’ve about exhausted our ability to achieve some kind of deterrent model that works,” said Robert Johnston, the security expert who investigated the 2016 DNC breach, and now heads the financial cybersecurity firm Adlumin. “You have indictments. You have Cyber Command releasing Russian malware. We ran psyops inside of Russia saying, ‘We know what you’re up to, stop it.’ Sanctions and diplomatic measures. The combination of all those isn’t enough to make it come to a complete halt.”
U.S. Special Counsel Robert Mueller’s office said on Wednesday that self-proclaimed hackers in Russia stole evidence in an attempt to tarnish its investigation of a firm charged with funding a Russian propaganda campaign to interfere in the 2016 U.S. election. Prosecutors said in a court filing in Washington that a Twitter handle called @HackingRedstone came online last Oct. 22 to brag it had hacked some of the evidence in the case. “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case,” the court document quoted the Twitter post as saying. In February 2018, Mueller indicted 13 Russians and three Russian companies with allegations of tampering in 2016 to support then-Republican candidate Donald Trump. In all, 34 people have pleaded guilty, been indicted or otherwise swept up in the broader inquiry.
For 35 days, former high-ranking feds and Congress publicly warned about the potential negative ramifications of the partial shutdown on federal cybersecurity initiatives. Now with a short-term spending deal in place, many on Capitol Hill are shifting focus towards sifting through the wreckage to determine just how much damage was actually done. House Homeland Security Committee chairman Bennie Thompson (D-Miss.) said earlier this month that DHS and Congress “will be dealing with the consequences of [the shutdown] for months — or even years — to come.” At the Jan. 29 State of the Net conference in Washington D.C., Moira Bergin, subcommittee director for the House Homeland subcommittee on Cybersecurity and Infrastructure Protection listed a number of cybersecurity initiatives at DHS — from pipeline security to botnets to election security and activities at the new National Risk Management Center — that simply stopped during the shutdown.
National: McConnell says bill that would make Election Day a federal holiday is a ‘power grab’ by Democrats | The Washington Post
Senate Majority Leader Mitch McConnell said Wednesday that a Democratic bill that would make Election Day a federal holiday is a “power grab,” sparking a fierce backlash online. McConnell was speaking about H.R. 1, legislation that Democrats have made a centerpiece of their agenda since retaking the House earlier this month. In remarks on the Senate floor, McConnell (R-Ky.) said Democrats “want taxpayers on the hook for generous new benefits for federal bureaucrats and government employees,” including making Election Day a “new paid holiday for government workers.” “So this is the Democrats’ plan to ‘restore democracy,’” McConnell said, describing the legislation as “a political power grab that’s smelling more and more like what it is.”
National: Judiciary Hearing on Democrats’ Election Bill Turns Into Partisan Brawl | The New York Times
House Democrats faced sustained partisan fire on Tuesday over their ambitious elections overhaul bill, a top priority for the new Democratic leaders who must answer charges that their efforts to counter partisan gerrymandering and ease access to the polls strain the constitutional reach of Congress. The House Judiciary Committee’s inaugural hearing of the 116th Congress was dedicated to the voting and ethics rules overhaul, known as the For the People Act, which Democratic representatives have trumpeted as their signature legislative priority. But its reception underscored the challenges the bill will face in a divided Capitol. The bill would turn the drawing of congressional boundaries over to nonpartisan commissions, promote more transparency in campaign contributions and expand the public financing system for House and presidential candidates. “The broader issue is what kind of country America is and should be,” said Representative Jerrold Nadler of New York, the chairman of the committee.
National: The government’s cyber workers are back in action. First task: Checking for hacks | The Washington Post
Thousands of federal cyber workers are returning to their posts after more than a month on furlough today. And they have a big to-do list. The first priority: Looking for evidence of any major hacks that wormed through government defenses the past 35 days while agencies were working with a skeleton crew of security pros. It will take them days or weeks to pore through security logs to assess how much damage the shutdown did to the security of government computer networks and the sensitive data they hold. The attacks did not abate because the government was closed: One cyber manager who worked without pay during the shutdown described an uptick in attacks on his agency — including phishing emails containing malware, attempts to reset employee passwords and attempts to trick users into downloading malicious software cloaked as a legitimate update. Also on the docket: Figuring out how to adjust the multimillion-dollar contracts to upgrade and secure federal IT systems that have spent more than a month on ice.
Foreign adversaries are likely already planning to interfere in the 2020 U.S. election, the nation’s top intelligence official warned on Tuesday. In a worldwide threat assessment to the Senate Intelligence Committee, Director of National Intelligence Dan Coats wrote that competitors such as Russia, China and Iran “probably already are looking to the 2020 U.S. elections as an opportunity to advance their interests.” In his statement, he predicted that these countries “will use online influence operations to try to weaken democratic institutions, undermine U.S. alliances and partnerships and shape policy outcomes in the United States and elsewhere.” Furthermore, he said, they’ll “refine their capabilities and add new tactics as they learn from each other’s experiences, suggesting the threat landscape could look very different in 2020 and future elections.”
National: Election Security Advocates Battle the National Association of Secretaries of State over Opposition to Strengthening Voting Systems | Politico
Indiana’s top election official is refusing to release her communications with the National Association of Secretaries of State, limiting the public’s understanding of both her role and the role of NASS in squashing federal legislation to upgrade voting systems, Eric reports. Indiana Secretary of State Connie Lawson is fighting a public records request that could shed light on both the NASS stance in election security debates and the influence that the small community of voting technology vendors has over the organization.
National: Roger Stone was in close contact with Trump campaign about WikiLeaks, indictment shows | The Washington Post
Roger Stone, a GOP political operative and longtime friend and adviser to President Trump, was in frequent contact with members of Trump’s campaign about WikiLeaks’ efforts to release materials damaging to Democrats before the 2016 election, according to an indictment filed against him Friday. Stone was arrested Friday morning on seven counts of obstruction, lying to Congress and witness tampering related to special counsel Robert S. Mueller III’s investigation into Russian interference in the election. A major focus of the probe has been whether Stone coordinated with WikiLeaks or its founder, Julian Assange, as the group published thousands of Democratic emails that prosecutors say were hacked by Russian operatives.
In the nearly three months since elections dogged by accusations of voter suppression, state lawmakers across the country have either filed or pre-filed at least 230 bills that would expand access to the ballot for millions of Americans. Bipartisan efforts aim to bring automatic voter registration, vote-by-mail, or the restoration of voting rights for ex-felons to more than 30 states. Bills to increase voter access have outpaced election integrity bills, such as those that would require voter ID or proof of citizenship and would limit early voting, across the country this year, according to a count by New York University School of Law’s Brennan Center for Justice. State lawmakers had introduced just 24 such bills.
The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come. One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown “is crushing our ability to take the fight to cyber criminals.” “The talent drain after this is finally resolved will cost us five years,” said the source, who asked to remain anonymous because he was not authorized to speak to the news media. “Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”
National: Unintended consequence: Federal cybersecurity workforce a potential casualty of the shutdown | The Hill
The partial shutdown of the US government may well end up damaging cybersecurity but perhaps not in the way most commonly thought. The most common and understandable concern is that the country’s current ability to respond to an emergency in the cyber domain is hampered. This line of thinking rests on the belief that the United States is not operating at full strength and, therefore, its present capacity to cope with an urgency is diminished. Admittedly, the challenge with multiple players down is not to be underestimated: It is far from ideal to take and defend the field with an incomplete roster. Moreover, bad actors may be plotting how to seize advantage during this self-inflicted window of vulnerability. Frankly, it is hard enough to ensure cybersecurity on a good day, when all hands are on deck. Having said that, there is some cause for confidence, despite prevailing circumstances. For example, from the standpoint of the Department of Homeland Security, over 80 percent of its flagship component responsible for cyber incidents — namely, the National Cybersecurity and Communications Integration Center, known as NCCIC — remains staffed. This should stand us in reasonably good (if imperfect) stead, should a crisis arise. For instance, US authorities engaged fully during the spate of DNS (domain name system) hijackings reported recently.
In October, Bloomberg Businessweek published an alarming story: Operatives working for China’s People’s Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. This allegedly gave Chinese spies clandestine access to servers belonging to over 30 American companies, including Apple, Amazon, and various government suppliers, in an operation known as a “supply chain attack,” in which malicious hardware or software is inserted into products before they are shipped to surveillance targets. Bloomberg’s report, based on 17 anonymous sources, including “six current and former senior national security officials,” began to crumble soon after publication as key parties issued swift and unequivocal denials. Apple said that “there is no truth” to the claim that it discovered malicious chips in its servers. Amazon said the Bloomberg report had “so many inaccuracies … as it relates to Amazon that they’re hard to count.” Supermicro stated it never heard from customers about any malicious chips or found any, including in an audit it hired another company to conduct. Spokespeople for the Department of Homeland Security and the U.K.’s National Cyber Security Centre said they saw no reason to doubt the companies’ denials. Two named sources in the story have publicly stated that they’re skeptical of its conclusions.
“Does new voting technology enable voting fraud, or does it prevent voting fraud?” rhetorically asked Blaze. “Yes.” He explained that the American election process has computers and software at every stage of the process, including voter registration and verification, the designing and distribution of ballots, the actual voting itself, and the tallying of votes and the communication of results. Machines at almost every step have been shown to be vulnerable to hacking, yet we can’t just go back to dropping envelopes in ballot boxes. “U.S. elections are the most complex in the world,” Blaze said. “You’re gonna need computers somewhere.” Fortunately, he said, policymakers and the general public are now aware of how vulnerable electronic voting systems are to tampering, and many states have taken at least initial steps to make them more secure. “Voting security is by far the hardest problem I have ever encountered,” said Blaze, who was recently a professor of computer and information services at the University of Pennsylvania but now holds the McDevitt Chair of Computer Science and Law at Georgetown University.
Russia’s efforts to expand its influence and China’s modernizing military are among the “ever more diverse” threats facing the U.S., according to a major intelligence report released Tuesday. The National Intelligence Strategy report, issued every four years, also singles out such potential threats as North Korea’s pursuit of nuclear weapons, the growing cyber capabilities of U.S. adversaries and global political instability. The report, which sets out the priorities for the various agencies that make up the U.S. intelligence community, notes that the United States “faces an increasingly complex and uncertain world in which threats are becoming ever more diverse and interconnected.” Director of National Intelligence Dan Coats said in a letter accompanying the report that the U.S. agencies must adapt to respond to what he calls a “turbulent and complex” environment.
In the past decade, Election Systems & Software (E.S. & S.), the largest manufacturer of voting machines in the country, has routinely wined and dined a select group of state-election brass, which the company called an “advisory board,” offering them airfare on trips to places like Las Vegas and New York, upscale-hotel accommodations, and tickets to live events. Among the recipients of this largesse, according to an investigation by McClatchy published last year, was David Dove, the chief of staff to Georgia’s then secretary of state, Brian Kemp. Kemp, the new governor of Georgia, made news in the midterm elections for his efforts to keep people of color from voting and for overseeing his own election. In March of 2017, when Dove attended an E.S. & S. junket in Las Vegas, Kemp’s office was in the market to replace the state’s entire inventory of voting machines. “It’s highly inappropriate for any election official to be accepting anything of value from a primary contractor,” Virginia Canter, the chief ethics officer at Citizens for Responsibility and Ethics in Washington, told McClatchy. “It shocks the conscience.” (Kathy Rogers, E.S. & S.’s senior vice-president for governmental affairs, told McClatchy that there was nothing untoward about the advisory board, which she said has been “immensely valuable in providing customer feedback.”)
The Democratic National Committee (DNC) has filed a civil complaint accusing Russia of trying to hack its computers as recently as November 2018. In its court filing, the DNC argues that not only did the campaign and several Trump operatives collude with Russia to steal electronic information, but that Russia was still attempting to hack DNC systems in the run up to last year’s midterm elections. The filing describes an alleged Russian cyberattack campaign that began in July 2015 and which stole information after a hack in April 2016, when the Russians allegedly placed proprietary malware known as X-Agent on the DNC network. It claims that they monitored the malware in real time and collected data including key logs and screenshots. Using malware called X-Tunnel, the hackers exfiltrated several gigabytes of DNC data over the following days to a computer located in Illinois leased by agents of Russia’s GRU military unit, it says. Russian operatives then placed a version of X-Agent on a DNC server in June that year and hacked DNC virtual machines hosted on Amazon Web Services (AWS) in September to steal voter data, the filing also alleges.
Director of National Intelligence Dan Coats had cautioned that “the warning lights are blinking red again,” and experts warned that voting systems, in particular, could be at risk. Russia had likely targeted them in all 50 states in 2016 and had gained access to voter-registration files in Illinois and Arizona. But despite myriad concerns about vulnerabilities—from voting machines to tabulation systems to phishing attacks on campaigns—election hacking, by and large, did not factor in the 2018 elections. A recent report from Coats’ office to the White House confirmed as much: U.S. intelligence officials had no evidence that voting systems had been compromised, although social-media disinformation aimed at American voters had continued apace. “The Russians didn’t need to do much in 2018. They enjoy all the turmoil in the U.S. and probably take credit for 2016 outcomes,” said James Lewis, senior vice president and director of the Technology Policy Program at the Center for Strategic and International Studies. “Midterms are confusing and the Russians probably couldn’t figure out the pressure points to swing voters. If they have new tricks, they are saving them for 2020.”
National: Moscow Skyscraper Talks Continued Through ‘the Day I Won,’ Trump Is Said to Acknowledge | The New York Times
President Trump was involved in discussions to build a skyscraper in Moscow throughout the entire 2016 presidential campaign, his personal lawyer said on Sunday, a longer and more significant role for Mr. Trump than he had previously acknowledged. The comments by his lawyer Rudolph W. Giuliani indicated that Mr. Trump’s efforts to complete a business deal in Russia waned only after Americans cast ballots in the presidential election. The new timetable means that Mr. Trump was seeking a deal at the time he was calling for an end to economic sanctions against Russia imposed by the Obama administration. He was seeking a deal when he gave interviews questioning the legitimacy of NATO, a favorite talking point of President Vladimir V. Putin of Russia. And he was seeking a deal when, in July 2016, he called on Russia to release hacked Democratic emails that Mr. Putin’s government was rumored at the time to have stolen. The Trump Tower Moscow discussions were “going on from the day I announced to the day I won,” Mr. Giuliani quoted Mr. Trump as saying during an interview with The New York Times. It was one of a flurry of interviews Mr. Giuliani did on Sunday amid fallout from a disputed report by BuzzFeed News that President Trump had personally directed his former lawyer and fixer, Michael D. Cohen, to lie to Congress about the negotiations over the skyscraper.
The 116th Congress may have difficulty finding common ground on most issues. But there is at least one area that presents the opportunity for bipartisan action: cybersecurity. Cyber threats do not discriminate based on party affiliation. There are four key issues within cybersecurity where this Congress has the potential to make progress with impactful legislation that would make all Americans — and our democracy — more secure. The Department of Homeland Security has made considerable progress on election security over the past 18 months. But, with 10,000 local jurisdictions responsible not just for administering elections but now for protecting our democracy against nation-state threat actors, more must be done. The answer does not lie in funding alone. Paper ballots paired with risk-limiting audits are critical; and Congress should take a hard look at the vendors who play an outsized role in our democracy. We also must share expertise and training across jurisdictions and ensure that jurisdictions are prepared to recover in the face of a cyberattack. The election security provisions in the House Democrats’ first bill are an excellent start and should not fall way to partisan rancor.