National: High-profile elections officials leave posts after a tumultuous 2020 | Fredreka Schouten and Kelly Mena/CNN

A cluster of election officials around the country have lost or left their jobs in recent weeks, as the fallout from the tumultuous 2020 election season continues. The exits come as experts say a wave of departures could be on the horizon, as elections officials reach retirement age or leave jobs that have become increasingly targeted in partisan political battles. Secretaries of state have broad portfolios, ranging from election oversight to registering corporations. The day-to-day responsibilities of administering elections generally fall to officials at the county and city level. Indiana’s Secretary of State Connie Lawson, the state’s longest-serving elections chief, announced Monday her plans to resign, saying “2020 took a toll on me.” On Tuesday, the Fulton County, Georgia, elections board voted 3-2 to remove elections director Richard Barron from his post in the state’s largest county, citing the need to modernize elections. (His future is in flux after a county commission failed to ratify the election panel’s decision.) And Pennsylvania’s top election official Kathy Boockvar, who became a familiar face across the country as she oversaw an intensely scrutinized presidential contest last November, resigned this month after her agency mistakenly failed to advertise a proposed constitutional amendment — an error unrelated to the 2020 election. Potentially a quarter of local election officials in some of the country’s largest jurisdictions are planning to retire before 2024, according to a survey of 857 officials in all 50 states by the Early Voting Information Center at Reed College.

Full Article: High-profile elections officials leave posts after a tumultuous 2020 – CNNPolitics

National: Meet SG3: The Élite Legal Squad That Vowed to Safeguard the Election | Jane Mayer/The New Yorker

Last March, after President Trump declaimed that the only way he could lose the election was if there was fraud, Seth Waxman couldn’t sleep. A member of the tiny, élite club of litigators who have served as Solicitors General of the United States, Waxman is not a mellow guy. An obsessive runner with the wound-up energy of a twisted rubber band, he often wakes up at three in the morning agitated by something or other. Typically, he makes a cup of tea, works for an hour, and goes back to bed. But the insomnia last March, he said, “was, like, five nights in a row!” The proximate cause was what he calls “the Doomsday scenarios,” which he feared could unfold if Trump tried to subvert the 2020 election. Could the President order the election postponed because of the pandemic? he wondered. Could he call a reunion of the ice agents he sent into Portland to intimidate minority voters in urban centers? Night after night, Waxman tabulated every possible thing that could go wrong. Having advised several Democratic Presidential campaigns, he was familiar with the pitfalls. But none of the nightmares conjured by Trump “corresponded with anything I’d worried about in earlier campaigns,” he said. He ended up with a three-and-a-half-page single-spaced list of potential catastrophes. Eleven months before the Senate impeachment trial exposed an unprecedented level of political savagery, Waxman quietly prepared for the worst. He reached out to two other former Solicitors General, Walter Dellinger and Donald Verrilli, who served as the Clinton and the Obama Administrations’ advocates, respectively, before the Supreme Court. By April, they had formed a small swat team to coördinate with the Biden campaign. They called themselves the Three Amigos, but the campaign referred to them as SG3. Their goal: safeguarding the election.

Full Article: Meet SG3: The Élite Legal Squad That Vowed to Safeguard the Election | The New Yorker

National: State GOP lawmakers propose flurry of voting restrictions to placate Trump supporters, spurring fears of a backlash | Amy Gardner/The Washington Post

GOP state lawmakers across the country have proposed a flurry of voting restrictions that they say are needed to restore confidence in U.S. elections, an effort intended to placate supporters of former president Donald Trump who believe his false claims that the 2020 outcome was rigged. But the effort is dividing Republicans, some of whom are warning that it will tar the GOP as the party of voter suppression and give Democrats ammunition to mobilize their supporters ahead of the 2022 midterms. The proposals include measures that would curtail eligibility to vote by mail and prohibit the use of ballot drop boxes. One bill in Georgia would block early voting on Sundays, which critics quickly labeled a flagrant attempt to thwart Souls to the Polls, the Democratic turnout effort that targets Black churchgoers on the final Sunday before an election. States where such legislation is under consideration also include Arizona, Florida, Texas, Pennsylvania, Michigan and Wisconsin. Proponents say the actions are necessary because large numbers of voters believe Trump’s false assertions that President Biden won the 2020 election through widespread fraud. “The goal of our process here should be an attempt to restore the confidence of our public in our elections system,” said Barry Fleming, a state lawmaker from Evans, Ga., and the chairman of the newly formed House Special Committee on Election Integrity.

Full Article: GOP lawmakers propose flurry of voting restrictions to placate Trump supporters – The Washington Post

National: Dominion files defamation lawsuit against MyPillow’s Mike Lindell over false claims voting machines were rigged against Trump | Emma Brown/The Washington Post

Dominion Voting Systems on Monday filed a defamation lawsuit against Mike Lindell, chief executive of MyPillow, arguing that Lindell has refused to stop repeating false claims that the company’s voting machines were manipulated to rig the 2020 election against President Donald Trump. Dominion is seeking more than $1.3 billion from Lindell, a staunch Trump supporter. The company says Lindell contributed to a “viral disinformation campaign” about Dominion on social media, in broadcast interviews, at public pro-Trump rallies and in a two-hour documentary about election fraud — entitled “Absolute Proof” — that he created and paid to air on One America News. The 115-page complaint, filed in federal court in the District, alleges that Lindell, a “talented salesman,” used falsehoods about Dominion to promote MyPillow to fellow Trump supporters. It names both Lindell and his company as defendants and outlines several instances in which Lindell used appearances on conservative media to hawk his products. Dominion sent multiple letters to Lindell, warning that he was putting himself in legal jeopardy by spreading lies about the company. “Despite having been specifically directed to the evidence and sources disproving the Big Lie, Lindell knowingly lied about Dominion to sell more pillows to people who continued tuning in to hear what they wanted to hear about the election,” the complaint says.

Full Article: Dominion files defamation lawsuit against MyPillow’s Mike Lindell over false claims voting machines were rigged against Trump – The Washington Post

National: Despite 2020 successes, election officials’ disinformation fight continues | Benjamin Freed/StateScoop

While the execution of the 2020 general election went off with relatively few bumps, election officials and industry experts said Thursday that the rampant disinformation that spread on cable news and social media during and after the campaign still leaves them with challenges in winning voters’ trust. “2020 was best administered election I’ve seen of my career,” Ben Hovland, the chairman of the U.S. Election Assistance Commission, said during a panel on election security hosted by the Mitre Corporation. “Election officials around the country put in countless hours and did the work.” That work, Hovland and others said, included expanding their absentee and early voting options in response to the COVID-19 pandemic, recruiting and training younger poll workers to replace seniors who withdrew over coronavirus concerns, implementing new post-election audits and conducting tabletop exercises at the national, state and local levels. Yet the election community still found itself fighting back one of the strongest tides of disinformation about mail-in voting and voting machines that grew so extreme that it prompted death threats against election officials and, eventually, the pro-Donald Trump mob that staged a deadly riot in the U.S. Capitol on Jan. 6. One of those officials who had to put up with those threats was Georgia Secretary of State Brad Raffensperger, who told the Mitre event that Joe Biden’s narrow win over Trump in his state — the first by a Democrat since 1992 — prompted “questions about the accuracy of the election.”

Full Article: Despite 2020 successes, election officials’ disinformation fight continues

National: Massive breach fuels calls for US action on cybersecurity | Ben Fox and Alan Suderman/Associated Press

Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats. The breach, which hijacked widely used software from Texas-based SolarWinds Inc., has exposed the profound vulnerability of civilian government networks and the limitations of efforts to detect threats. It’s also likely to unleash a wave of spending on technology modernization and cybersecurity. “It’s really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future,” Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing. The reaction reflects the severity of a hack that was disclosed only in December. The hackers, as yet unidentified but described by officials as “likely Russian,” had unfettered access to the data and email of at least nine U.S. government agencies and about 100 private companies, with the full extent of the compromise still unknown. And while this incident appeared to be aimed at stealing information, it heightened fears that future hackers could damage critical infrastructure, like electrical grids or water systems. President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack. The administration has also proposed expanding by 30% the budget of the U.S. Cybersecurity and Infrastructure Agency, or CISA, a little-known entity now under intense scrutiny because of the SolarWinds breach.

Full Article: Massive breach fuels calls for US action on cybersecurity

National: EAC Chairman urged Congress to guarantee election security funding | Tonya Riley/The Washington Post

A top official urged Congress yesterday to ensure dependable funding for the Election Assistance Commission, an independent government body that allocate grants for states to improve their election security. The funding is essential to making sure that states can make critical election security improvements ahead of the 2022 election, said the group’s head. “The nature of cybersecurity threats, the ongoing nature of those threats and the fact that it is a national security issue means there’s real value to having a piece of federal funding that is dependable that can be planned around,” EAC Chairman Benjamin Hovland told members of the House Appropriations Subcommittee on Financial Services and General Government. The hearing comes as a Democrat-led Congress tees up a new round of efforts to improve election security in the aftermath of a fiercely disputed 2020 election.  Democrats have made passing a sweeping elections package a priority now that they control the Senate. The package includes permanently authorizing the EAC’s budget as well as new requirements for states to update their voter registration systems and additional funding to make upgrades possible. “The fact these dedicated election officials were able to achieve this feat amid a global pandemic is even more remarkable. However, now is not the time to proclaim “mission accomplished,” said subcommittee Chair Mike Quigley (D-Ill.). “The threats to our democracy are constant and ever evolving. Our enemies will not be taking a break, so neither can we.”

Full Article: The Cybersecurity 202: A top official urged Congress to guarantee election security funding – The Washington Post

National: Mail Voting Boosted Turn Out for Voters With Disabilities. Will Republican Lawmakers Let It Continue? | Abigail Abrams/Time

Republican state lawmakers are advancing a wave of new voting restrictions aimed at reversing the slew of pandemic-inspired election flexibilities, including expansions of mail voting, that most states adopted last year. But new evidence shows that those voting options likely led to significantly higher turnout among Americans with disabilities, a group that is equally as likely to vote Republican as Democrat. Just 11% of voters with disabilities said they experienced difficulties in voting in 2020, down from 26% in 2012, according to a study on voting accessibility published Wednesday by the U.S. Election Assistance Commission (EAC). Among disabled voters who used mail ballots, just 5% reported experiencing difficulties, while 18% of disabled voters who opted for in-person voting encountered difficulties. Those numbers mark a major change from previous election cycles, according to experts on political participation. “Anything that makes it easier, that provides more options to people with disabilities, is good for the turnout of people with disabilities,” says Douglas Kruse, a professor at Rutgers School of Management and Labor Relations who co-authored the EAC study. But in the wake of former President Donald Trump’s election loss and the subsequent Jan. 6 riots incited by his claims of a stolen election, Republican state lawmakers are doubling down on bills that require Americans to jump through more hoops to cast a vote. A recent analysis by the Brennan Center for Justice found that this year, lawmakers have already filed 165 bills to restrict voter access in 33 states. Many of the bills would limit mail voting, add new voter ID requirements, make it tougher to register to vote and easier for states to kick people off voter rolls if they don’t vote in every election. States that were closely contested in 2020 have seen the most legislative action, with Arizona, Pennsylvania and Georgia leading the pack on new voting restriction proposals. Republicans in Wisconsin and Michigan have indicated they may also pursue similar bills.

Full Article: Mail Voting Boosted Turn Out for Voters With Disabilities | Time

National: New guide on election system supply chains aids risk evaluations | Benjamin Freed/StateScoop

new report by the Center for Internet Security aims to simplify the process for election technology vendors securing the supply chains they use in developing the products they sell to state and local officials. Although the guide, published last week, had been in the works for months, its authors said it takes on added relevance in the wake of the so-called SolarWinds hack, a suspected Russian espionage operation that breached the software supply chains of numerous federal agencies, corporations and state governments. So far, there has been no evidence the SolarWinds hack affected any U.S. election systems, the acting head of the Cybersecurity and Infrastructure Security Agency said Feb. 3, but the sheer amount of hardware and software used in the voting process leaves it vulnerable to similar compromises, said Aaron Wilson, a senior director for election security at CIS and one of the report’s authors. “The election space is a lot like the rest of our technology space where the supply chain has inherent risks,” he told StateScoop. Modern elections are conducted on an elaborate assembly of technologies, including voter registration systems, electronic pollbooks used when voters check in, ballot-marking devices, optical scanners that collect and tabulate ballots and election night results websites where unofficial counts are posted. And each of those are made up of their own, sometimes complex chain of components, the CIS report explains. That means election officials need to be confident that their vendors have assessed and mitigated any risks with their third-party suppliers, Wilson said. While the larger vendors in the election technology market have large and sophisticated technical staffs, he said, there are also smaller companies that may need direction on how to avoid incidents that could undermine public confidence in an election.

Full Article: New guide on election system supply chains aids risk evaluations

National: What comes next for top election administrators | Zach Montellaro/Politico

2020 was a tumultuous year for the election administrators of America.And while running a presidential election is never an easy job, it is often a low-profile one — which was distinctly not the case last year. “It was one of those scenarios that we we practice in tabletop exercises, that seems totally unrealistic, but that’s what we were facing,” New Mexico Secretary of State Maggie Toulouse Oliver, a Democrat and the president of the bipartisan National Association of Secretaries of State, said in an interview with Score. Election officials dealt with the dual threat of the pandemicand misinformation. And while one will (hopefully) be a distant memory by the next national election, fighting misinformation will be a role that secretaries will have to embrace going forward — and one that secretaries will increasingly have to lean on each other to combat. Toulouse Oliver stressed that voter-education will be important: “The longer term challenge, that I think we as election officials acknowledge that we’re going to have to figure out a way to deal with this better, is to better educate the public,” she said, citing states pushing for more transparency in the system and making sure information is more “digestible” to the average person not steeped in the process. Ohio Secretary of State Frank LaRose, a Republican and the co-chair of NASS’ elections committee, stressed the importance of trying to get as many people involved in the process as possible in an interview, saying elections were a “breeding ground” for “mythology.” But he also noted the speed in which results, even unofficial, are known is critical. “We’re never going to sacrifice accuracy for speed. But we’ve all gotten accustomed to being able to deliver our numbers pretty quickly on election night,” he said. He nodded to the fact that the Buckeye State allows election officials to process mail ballots much earlier than other battleground states like Michigan, Pennsylvania and Wisconsin, which created the time needed in those states for conspiracy theories to ferment. (I’ll note that the Republican-controlled legislatures in those states balked at giving an extended window, despite early warnings about what could happen.)

Full Article: What comes next for top election administrators – POLITICO

National: Despite Security Concerns Online Voting Advances | Matt Vasilogambros and Lindsey Van Ness/Stateline

This past year showed that unexpected events can upend traditional, in-person voting. The rush to mail-in voting during the pandemic also exposed the challenges that voting by mail poses for certain residents, including those with disabilities who may not be able to independently fill out and mail a paper ballot. But election security experts say electronic voting poses significant risks. Personal devices such as smartphones and laptops are often littered with malware. A ballot could be tampered with on the voter’s device, on its way to a server or on the server of the election authority. Hostile foreign countries or other organized groups could surreptitiously change votes before they’re counted. The threat from malicious foreign actors was recently highlighted in the Russian hack of U.S. government and corporate systems in the widespread SolarWinds attack. Most election security experts prefer paper ballots or ballot-marking devices that have a paper trail, which allow state and local election officials to back up their results. Some online voting methods allow both the voter and the election official to print out a receipt that shows the vote was transferred. But that’s not good enough for security experts, who point out that the vote could have been corrupted in transfer. “There’s not much that we can do to be able to detect that a problem has occurred,” said J. Alex Halderman, director of the Center for Computer Security and Society at the University of Michigan. He co-authored an analysis last year that found there is a “severe risk” to using Seattle-based voting technology company Democracy Live’s online voting platform.

Full Article: Despite Security Concerns Online Voting Advances | The Pew Charitable Trusts

National: Truth and consequences – Lawsuits arrive for networks and lawyers who backed Donald Trump | Steve Mazie/The Economist

During his first campaign for the American presidency in 2016, Donald Trump said he wanted to “open up our libel laws” to make suing news outlets easier. Those plans did not materialise. But in the aftermath of Mr Trump’s extraordinary challenges to his re-election loss and amid his second impeachment trial, defamation law is back in the headlines. Dominion Voting Systems and Smartmatic, both voting-technology companies, have sued or are gearing up to sue three right-wing cable news networks, some of their hosts and two of Mr Trump’s lawyers for claiming their devices were used to steal the election for Joe Biden. Such claims are a central element of the false voter-fraud theory that fuelled the storming of the Capitol on January 6th, resulting in the deaths of five people. Dominion has launched a pair of $1.3bn lawsuits against Rudy Giuliani and Sidney Powell, Mr Trump’s legal advisers—with more to come. On February 4th Smartmatic filed its own 276-page suit against Fox and three of its commentators (Maria Bartiromo, Lou Dobbs and Jeanine Pirro), as well as Mr Giuliani and Ms Powell, for $2.7bn. Whether potentially defamatory statements are written (“libel”) or spoken (“slander”), the aggrieved party has to clear a high bar in America, where the constitution’s First Amendment protects free speech and freedom of the press. In Britain defendants must usually show their utterances were true or amounted to fair comment. In America it is plaintiffs who have the burden of proof; they lose unless they can prove the defendant’s statements were false but presented as claims of fact. Establishing defamation also means showing the speaker was negligent and damaged the plaintiff’s reputation.

Full Article: Truth and consequences – Lawsuits arrive for networks and lawyers who backed Donald Trump | United States | The Economist

National: Falsehoods and death threats haunt local election workers weeks after Capitol siege | Fredreka Schouten and Kelly Mena/CNN

His staff endured racist taunts. His voicemail overflowed with threats and wild conspiracy theories. And then one day, a caller warned that the Christmas Day bombing in Nashville “was a practice run for what was coming to our polling places.” The abuse and threats hurled at Fulton County, Georgia, Elections Director Richard Barron and his staff in Atlanta between last year’s general election and the state’s high-stakes Senate runoffs on January 5 marked a new low in his 21-year career working on elections. “I used to have a sense of pride about this work,” Barron told CNN. “But I don’t think that I do anymore.” Around the country, election supervisors and the rank-and-file workers who helped carry out the nuts and bolts of American democracy still are reeling from the barrage of threats and the flood of falsehoods they had to navigate as they helped a record number of people cast ballots in a pandemic.

Full Article: Falsehoods and death threats haunt local election workers weeks after Capitol siege – CNNPolitics

National: Republican Efforts to Restrict Voting Risk Backfiring on Party | Ryan Teague Beckwith/Bloomberg

Republican lawmakers in battleground states are rushing to enact stricter voting laws that Democrats worry could dampen Black and Hispanic turnout, but the moves could end up backfiring because of the changing face of the GOP coalition. The flurry of legislation includes attempts to impose voter ID requirements and roll back pandemic-related expansion to mail-in access, steps that may inadvertently limit the participation of many of the older, rural and blue-collar voters that Republicans now depend on. State legislatures across the country are considering more than a hundred bills that would increase voter ID requirements, tighten no-excuse vote-by-mail, and ban ballot drop boxes, among other changes. That’s more than three times the number of bills to restrict voting that had been filed by this time last year, according to a report from the Brennan Center for Justice. This flood of legislation comes despite research showing that voter ID laws passed over the last decade not only don’t hamper minority turnout, but may even boost it by motivating angry Democrats and spurring stronger get-out-the-vote efforts.

Full Article: Republican Efforts to Restrict Voting Risk Backfiring on Party – Bloomberg

National: Election Tech Vendors File $5.3B in Defamation Lawsuits | Andrew Westrope/Government Technology

After years of preparation against election fraud and tampering, the Cybersecurity and Infrastructure Security Agency (CISA) in November called the 2020 election “the most secure in American history.” The U.S. Department of Justice found no evidence of widespread fraud that could have changed the outcome. Nationwide election officialselection security experts and computer scientists, some of whom had expressed concerns about vulnerabilities before, came to the same conclusion. The consensus was clear. Still, in the weeks and months following the election, former President Donald Trump and several high-profile figures who supported him repeated specific claims. Trump’s attorney Rudy Giuliani, Trump’s former attorney Sidney Powell, and several TV programs on Fox News, Newsmax and One America News Network (OANN) echoed Trump’s allegations that the election had been stolen. Specifically, they blamed a multi-state conspiracy involving Democrats, Republicans and “rigged” voting machines from two companies, Dominion Voting Systems and Smartmatic. Within weeks, half of Republican voters said they believed the election had been stolen, and some of them on social media called for Dominion and Smartmatic employees to be jailed or sent them death threats. Now those companies are suing for a collective $5.3 billion in damages, and some election security advocates don’t blame them.

Full Article: Election Tech Vendors File $5.3B in Defamation Lawsuits

National: A GOP donor gave $2.5 million for a voter fraud investigation. Now he wants his money back. | Shawn Boburg and Jon Swaine/The Washington Post

Like many Trump supporters, conservative donor Fred Eshelman awoke the day after the presidential election with the suspicion that something wasn’t right. His candidate’s apparent lead in key battleground states had evaporated overnight. The next day, the North Carolina financier and his advisers reached out to a small conservative nonprofit group in Texas that was seeking to expose voter fraud. After a 20-minute talk with the group’s president, their first-ever conversation, Eshelman was sold. “I’m in for 2,” he told the president of True the Vote, according to court documents and interviews with Eshelman and others. “$200,000?” one of his advisers on the call asked. “$2 million,” Eshelman responded. Over the next 12 days, Eshelman came to regret his donation and to doubt conspiracy theories of rampant illegal voting, according to court records and interviews. Now, he wants his money back.

Full Article: True The Vote lawsuit: How GOP donor Fred Eshelman came to want his money back – The Washington Post

National: ‘Reckless and stupid’: Security world feuds over how to ban wireless gear in voting machines | Eric Geller/Politico

A federal elections panel is set to adopt new voting equipment standards that fall short of a crucial demand of many security advocates — a ban on devices that contain hardware for connecting to wireless networks. Instead, manufacturers would have to demonstrate that any wireless gear in their voting machines and ballot scanners has been rendered unusable. The compromise language is dividing security professionals, with some warning it would create a dangerous loophole for voting machinery that already faces both real-world cyber risks and wildly false rumors that undermine trust in elections. Supporters call it a concession to marketplace realities, saying it’s increasingly hard for vendors to find equipment without networking hardware. But the proposal “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems,” 22 security experts, activists and former election officials told the Election Assistance Commission in a Feb. 3 letter obtained by POLITICO. The experts included academics from Princeton, Johns Hopkins University and the University of California at Berkeley. “This decision is unconscionable, reckless and stupid,” said Susan Greenhalgh, the senior adviser on election security at the activist group Free Speech for People, who helped organize the letter. The commission is expected to approve the compromise measure this week as part of a massive and long-awaited update to federal voting equipment guidelines, the latest step in years of election security efforts by federal and state authorities. Its decision to reject a tougher wireless ban drew new attention in recent weeks after it quietly updated the draft standards with new language spelling out its compromise on the issue.

Full Article: ‘Reckless and stupid’: Security world feuds over how to ban wireless gear in voting machines – POLITICO

National: New cyber panel chair zeros in on election security, SolarWinds hack | Maggie Miller/TheHill

Rep. Yvette Clarke (D-N.Y.), the new chair of the House Homeland Security Committee’s cyber panel, said she plans to tackle a wide range of cybersecurity challenges, but with an early focus on bolstering election security and responding to a massive hack that has compromised much of the federal government. As one of the top cyber experts on Capitol Hill, Clarke’s committee will also have its plate full with figuring out how best to allocate resources to hospitals and schools increasingly targeted by hackers, and helping support the nation’s key cyber agency as it enters its third month without Senate-confirmed leadership. Clarke told The Hill in one of her first interviews as chair of the Subcommittee on Cybersecurity, Infrastructure Protection and Innovation that the goal is to chart a course that keeps previous mistakes in the past. “We have to learn from our adverse experiences, and from learning should come innovation, should come a deep desire to make sure that we don’t revisit these types of hardships ever again,” said Clarke, who succeeds Rep. Lauren Underwood (D-Ill.) atop the subcommittee. Clarke has served as both chair and ranking member of the panel in previous years. But this time around, she is taking the helm in the midst of an ongoing cybersecurity crisis stemming from the recently discovered Russian hack of IT group SolarWinds. The company counts much of the federal government as customers, with agencies including the Commerce, Defense, Energy, Homeland Security and Treasury departments compromised. 

Full Article: New cyber panel chair zeros in on election security, SolarWinds hack | TheHill

National: New voting machine security standards are already drawing controversy | Tonya Riley/The Washington Post

The Election Assistance Commission, an independent government body that issues voluntary voting guidelines to states and voting machine vendors, unanimously passed a new set of recommendations for voting machines.  Voluntary Voting System Guidelines 2.0 is the first major change to the commission’s recommendations since they were first established in 2005 and comes after a hotly contested 2020 presidential election in which former president Donald Trump and his allies lodged baseless allegations of fraud at state officials and voting machine companies. “Adopting VVSG 2.0 is the most important action the EAC has taken in 15 years”  EAC Commissioner Ben Hovland said at the vote yesterday. But the new standards are already drawing scrutiny from lawmakers and voting security advocates. They worry they leave loopholes allowing voting machine companies to skirt best practices and leave machines vulnerable to interference. They were approved as some of the nation’s most prominent voting machine companies are suing Fox News and top lawyers for Trump because of their unfounded fraud claims related to their machines. In a letter led by Rep. Bill Foster (D-Ill.), more than 20 members of Congress are asking the EAC to reconsider its recommendations. The letter expresses concerns about how the guidelines frame the use of machines with parts that can connect to the Internet. “This is extremely troubling, as computer security and networking experts have warned that merely disabling networking capability is not enough,” they wrote. “Benign misconfigurations that could enable connectivity are commonplace and malicious software can be directed to enable connectivity silently and undetectable, allowing hackers access to the voting system software.”

Full Article: The Cybersecurity 202: New voting machine security standards are already drawing controversy – The Washington Post

National: Election Assistance Commission adopts updated voting security standards. Not everyone is happy. | Tim Starks and Sean Lyngaas/CyberScoop

The Election Assistance Commission on Wednesday voted to adopt the first comprehensive update to its voting system security guidelines in more than 15 years, concluding a lengthy process that ended with a mixed reception from some election security experts. The security community largely greeted the update as a security upgrade to standards that most states rely upon at least partially for their own equipment testing and certification. A significant number of academics, activists and even some in Congress, though, voiced displeasure in particular for how the so-called Voluntary Voting System Guidelines 2.0 would handle wireless connections on voting systems. The update stands to shape the next generation of voting systems that election vendors produce for use around the country during a period of sinking trust in the electoral process. Regardless, the more than five-year drafting process and resulting EAC vote won’t immediately transform election security because states, equipment manufacturers and others will take time to get in line with the new standards. On the plus side, experts said the guidelines — VVSG 2.0 for short — would promote “software independence,” which translates into machines needing to produce independently verifiable records. The result will be the existence of verifiable paper ballots that election officials can audit after votes are cast.

Full Article: Federal election agency adopts updated voting security standards. Not everyone is happy.

National: Election Assistance Commission adopts nationwide paper ballot guidelines | Kevin Collier/NBC

The U.S. Election Assistance Commission voted Wednesday to adopt sweeping new guidelines for the first time in 16 years, effectively solidifying the nationwide move to paper ballots. “That was a long time coming,” Ben Hovland, the EAC’s chair, said on a phone call. “It’s a major step forward.” The field of voting equipment standards in the U.S. is labyrinthine. The EAC, run by a rotating board of four commissioners — two from each major political party — moves slowly and at times has been hampered by partisan infighting. It can only suggest recommendations to states, which ultimately decide what type of equipment to use. But states in turn can only select from a limited market of equipment vendors, most of which closely hew to federal guidelines. In an emailed statement, eight of the country’s largest election equipment companies praised the new guidelines as a “significant achievement.”

Full Article: U.S. election commission adopts nationwide paper ballot guidelines

National: Last-Minute Tweaks to Voting Machine Standards Raise Cyber Fears | Kartikay Mehrotra/Bloomberg

Last-minute changes to proposed federal standards for new voting machines could expose the equipment to cyber-attacks, according to some members of Congress and security professionals. The Election Assistance Commission, slated to authorize new voting system guidelines on Feb. 10, amended key sections of a 328-page document less than two weeks before the decision. The amended language of the Voluntary Voting System Guidelines 2.0 would allow next generation voting machines to include components capable of wireless communications, as long as they’re disabled. The changes were made even though the EAC’s technical advisory committee recommended an outright wireless ban. Cybersecurity experts, some of the EAC’s own advisers and members of Congress are calling for the agency’s four commissioners to vote on a version of the document finalized in July 2020 which included the prohibition on wireless capability. In a letter reviewed by Bloomberg, a bipartisan coalition of more than 20 members of Congress led by Representative Bill Foster told the EAC’s Chairman Ben Hovland that the current version would “diminish confidence in both the federal voting system certification program and the security of our election systems.” “We cannot sanction the use of online networking capabilities when they carry the very real and increased risk of cyber-attacks, at scale, on our voting machines,” reads the letter. A four-member panel of commissioners will vote on whether to approve the new standards, which aim to create new guidelines for ease of use, accessibility and security of voting systems. The proposal includes amended standards to ensure all ballots types can be audited and counted both digitally and manually — a system that was essential to verifying President Joe Biden’s victory in Georgia in November.

Full Article: Last-Minute Tweaks to Voting Machine Standards Raise Cyber Fears – Bloomberg

National: Google expands election security aid for federal, state campaigns | Maggie Miller/The Hill

Google announced Tuesday it is expanding its efforts around election security by providing free training to state and federal campaigns in all 50 states. The company detailed the effort in a blog post, saying it will involve supporting nonpartisan virtual cybersecurity trainings for state and federal campaigns across the country and deploying a digital “help desk” to answer security-related questions for campaigns. The new effort marks an expansion of Google’s work with the nonprofit group Defending Digital Campaigns (DDC), which provides free or low-cost security services to campaigns to help defend against malicious hackers. “Keeping everyone safe online remains our top priority and we look forward to continuing our work in 2021 to make sure campaigns and elected officials around the world stay safe online,” Mark Risher, Google’s director of product management, identity and user security, wrote in the blog post. During the 2020 election cycle, Google worked with DDC to provide free two-factor authentication keys to more than 140 federal campaigns, along with promoting best cyber practices for campaign employees.

Full Article: Google expands election security aid for federal, state campaigns | TheHill

National: Center for Internet Security report highlights cyber risks to US election systems | Christina A. Cassidy/Associated Press

Election systems in the U.S. are vulnerable to cyber intrusions similar to the one that hit federal agencies and numerous businesses last year and remain a potential target for foreign hacking, according to a report released Wednesday. The report by the Center for Internet Security, a nonprofit that partners with the federal government on election security initiatives, focuses on how hardware and software components can provide potential entryways for hackers. “We have to continue to get better,” said Aaron Wilson, a co-author of the report. “We have to improve our defenses, as those that are on the other side are likely honing their attack strategy, as well.” The 2020 election was deemed the “most secure” in history by a coalition of government cybersecurity experts and state and local election officials. There also is no indication that any election system was compromised as part of the hacking campaign that exploited an update of network management software from a company called SolarWinds. It was the largest cybersecurity breach of federal systems in U.S. history. Despite that, election systems are vulnerable to the same risks exposed by the SolarWinds hack, the report said. It describes the risk of such an attack, in which hackers might infiltrate the hardware or software used in election equipment. Even if voting results aren’t affected, such an attack could lead to confusion and undermine confidence in U.S. elections.

Full Article: Report highlights cyber risks to US election systems

National: Activists complain of weakened EAC voting security standard | Frank Bajak/Associated Press

Leaders of the federal agency overseeing election administration have quietly weakened a key element of proposed security standards for voting systems, raising concern among voting-integrity experts that many such systems will remain vulnerable to hacking. The Election Assistance Commission is poised to approve its first new security standards in 15 years after an arduous process involving multiple technical and elections community bodies and open hearings. But ahead of a scheduled Feb. 10 ratification vote by commissioners, the EAC leadership tweaked the draft standards to remove language that stakeholders interpreted as banning wireless modems and chips from voting machines as a condition for federal certification. The mere presence of such wireless hardware poses unnecessary risks for tampering that could alter data or programs on election systems, say computer security specialists and activists, some of whom have long complained than the EAC bends too easily to industry pressure. Agency leaders argue that overall, the revised guidelines represent a major security improvement. They stress that the rules require manufacturers to disable wireless functions present in any machines, although the wireless hardware can remain. In a Feb. 3 letter to the agency, computer scientists and voting integrity activists say the change “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems.” They demand the wireless hardware ban be restored. “They’re trying to do an end run to avoid scrutiny by the public and Congress,” said Susan Greenhalgh, senior advisor on election security for Free Speech for People, a nonpartisan nonprofit, accusing agency leaders of bowing to industry pressure. Seven members of the commission’s 35-member advisory board including its chair, Michael Yaki, wrote EAC leadership on Thursday to express dismay that the standards were “substantially altered” from what they approved in June. At the very least, the wrote, they deserve an explanation why the draft standards “backtracked so drastically on a critical security issue.”

Full Article: Activists complain of weakened voting security standard

National: Is Secure Online Voting Too Good To Be True? (For Voatz, It Might Be) | Chitra Ragavan/Swaay

When Amelia Powers Gardner won political office as county clerk and auditor in Utah County, Utah, in January 2019, she was determined to fix what she viewed as the county’s archaic and dysfunctional voting mechanisms. Around that same time, nearly 800 miles northwest, Christine Walker, the long-time county clerk in Jackson County, Oregon, had been deploying various hardware and software products to revamp her county’s voting technology and processes with little success. She was ready for something new.  Walker and Gardner don’t know each other. But when they each learned about a small Boston-based tech startup, called Voatz, that had built the first mobile voting app and platform secured by blockchain technology, they were immediately intrigued. And upon discovering that West Virginia and Colorado were already testing the app for absentee military voters overseas, the two election leaders were even more eager to put their counties on the map as trailblazers in online voting.  “I like to be the person that’s kind of setting the pace, not just following along,” says Walker, who prides herself on her tech-savvy leadership. Gardner, a former Caterpillar executive, automotive technologist, and business efficiency expert, is similarly technologically inclined. Noble intentions aside, Walker and Gardner’s vote of confidence in Voatz may be misplaced, say members of the cybersecurity community who have repeatedly warned the U.S. government that the app is vulnerable to hacking. These experts, along with several members of Congress, have criticized Voatz for its failures in transparency, lack of accountability, and refusal to release its source code so that it can be better tested for security flaws.

Full Article: Is Secure Online Voting Too Good To Be True? (For This Company, It Might Be)

National: Voting machines didn’t steal the election. But they’re a terrible technology. | Cory Doctorow/The Washington Post

onspiracy theories succeed by leveraging a grain of truth: There is usually some small connection to reality beneath even the most outlandish assertions. So while some people on the right-wing fringe spin crazed tales about a left-leaning cabal that indulges in pedophilia, there’s still the very real case of Jeffrey Epstein — showing that some rich predators do abuse teenage girls with impunity, while powerful friends look the other way. The unfounded conspiracy theories surrounding voting machines reveal the same dynamic at work. A popular right-wing talking point holds that the 2020 presidential election was stolen by nefarious actors who hacked machines from Dominion Voting Systems, which supplies many U.S. precincts. The conspiracy theory is rubbish: There’s no evidence that Dominion’s machines were hacked, and certainly no evidence that Dominion itself attempted to subvert the vote count. Each telling of the Dominion conspiracy is more unhinged than the last; small wonder that the company is suing Trump lawyers Rudolph W. Giuliani and Sidney Powell for spreading their versions of the lie, asking for $1.3 billion in damages in each case. But although the conspiracy theories are nonsense, that doesn’t mean there’s anything unreasonable about mistrusting voting machines, about which experts have been sounding the alarm for years. Even before Bush v. Gore — with its disputes over missed votes and hanging chads — voting machines were a cesspool of low reliability and low security, not to mention profiteering. And they still are. State officials have striven to improve their voting systems in the past two decades, but substantial flaws remain. Something of a tech backwater, the voting machine industry has been sustained through inertia and sweetheart deals with local governments. One hurdle to reform is that the industry is dominated by three players — Election Systems & Software, which supplies half of the nation’s machines; Dominion Voting (30 percent); and Hart InterCivic (15 percent).

Full Article: Voting machines didn’t steal the election. But they’re a terrible technology. – The Washington Post

National: Trump’s election fraud falsehoods have cost taxpayers $519 million — and counting | By Toluse Olorunnipa and Michelle Ye Hee Lee/Washington Post

President Donald Trump’s onslaught of falsehoods about the November election misled millions of Americans, undermined faith in the electoral system, sparked a deadly riot — and has now left taxpayers with a large, and growing, bill. The total so far: $519 million. The costs have mounted daily as government agencies at all levels have been forced to devote public funds to respond to actions taken by Trump and his supporters, according to a Washington Post review of local, state and federal spending records, as well as interviews with government officials. The expenditures include legal fees prompted by dozens of fruitless lawsuits, enhanced security in response to death threats against poll workers, and costly repairs needed after the Jan. 6 insurrection at the Capitol. That attack triggered the expensive massing of thousands of National Guard troops on the streets of Washington amid fears of additional extremist violence. Although more than $480 million of the total is attributable to the military’s estimated expenses for the troop deployment through mid-March, the financial impact of the president’s refusal to concede the election is probably much higher than what has been documented thus far, and the true costs may never be known.

Full Article: Trump’s election fraud falsehoods have cost taxpayers $519 million — and counting – Washington Post

Fox Says Coverage of Alleged Voting Machine Fraud Is Free Speech | Joel Rosenblatt/Bloomberg

Smartmatic Corp.’s defamation lawsuit accusing former President Donald Trump’s supporters of promoting claims of rampant election fraud violates free speech rights, Fox News Network said. Fox responded Monday to what Smartmatic describes as a disinformation campaign spread by the news organization, lawyer Sidney Powell and former New York Mayor Rudy Giuliani who claimed its voting machines were manipulated in the 2020 election. The Trump campaign’s lawsuits pointing to the manipulation qualified as news, Fox said. “While many doubted those claims, no one doubted their newsworthiness,” Fox said in its court filing, referring to the campaign’s lawsuits. As the story unfolded, Fox said, Smartmatic was given ample opportunity to tell its side. Smartmatic’s suit should be thrown out because it can’t prove Fox knowingly or recklessly falsified its coverage about the machines, the broadcaster said. “The First Amendment provides its highest protection to coverage of and commentary on matters of public concern,” Fox said.

Full Article: Fox Says Coverage of Alleged Voting Machine Fraud Is Free Speech – Bloomberg

National: Cyber chief Chris Krebs: ‘You find out who your friends are’ | Kiran Stacey/Financial Times

If there is one upside to having been publicly fired by Donald Trump, Chris Krebs reflects towards the end of our lunch, it is that some of his neighbours have started talking to him again.  Picking over tapas outside an upmarket Spanish restaurant on a wintry Washington day, we have spent two hours dissecting Krebs’s past four years, which were tumultuous even by the heady standards of the Trump administration.  Joining the federal government in 2017, he was later appointed as its first cyber security tsar, in charge of defending the US against cyber attacks and disinformation, both foreign and domestic. Krebs is credited with helping companies keep working through the pandemic and overseeing two successful and secure national elections — the 2018 midterms and the 2020 presidential election. But when he started to rebut the former president’s claims that last year’s vote had been rigged, he promptly found himself out of a job and facing death threats from Trump’s most ardent supporters. While the chaos is unlikely to subside in the immediate future — he is now suing the Trump campaign and others for defamation — at least the social stigma has begun to wear off. “It’s remarkable,” Krebs notes wryly. “You find out who your friends are . . . I had neighbours that hadn’t talked to me for a while because they found out I was in the Trump administration, and now they are. “Considering the current situation, I’m OK with that,” he adds. “Just as long as you’re not torching my house.”

Full Article: Cyber chief Chris Krebs: ‘You find out who your friends are’ | Financial Times