Special counsel Robert Mueller’s latest indictment offers new details of just how deeply Russian operatives have infiltrated state and local election agencies across the U.S. — adding to years of warnings about the technologies that underpin American democracy. Deputy Attorney General Rod Rosenstein said Friday that hackers within Russia’s GRU military intelligence service targeted state and local election boards, infiltrated a Florida-based company that supplies software for voting machines across the country, and broke into a state election website to steal sensitive information on about 500,000 American voters. While the FBI had issued warnings in 2016 about hackers breaching state election websites in Illinois and Arizona, the latest indictments in Mueller’s ongoing Russia probe surfaced the most granular account yet on foreign operatives’ efforts to tamper with U.S. election systems. Sen. James Lankford (R-Okla.) said the charges outline a Russian “attack on our democracy.”
Special counsel Robert Mueller’s latest move briefly hijacked a closed-door meeting of state election officials and federal cybersecurity personnel here last Friday, as phones buzzed with news alerts about his indictment against Russians allegedly behind a spree of hacks before the 2016 election. The interruption, described by several people in attendance, caught the room off guard. Some of the details in the indictment, describing the persistent efforts to compromise both Democratic Party and state election networks, were new to the officials present. That added urgency to the gathering’s mission—protecting the nation’s election machinery in November. It also reflected how tightly the secrets unearthed by Mueller’s investigators are held, even from the officials responsible for preventing a repeat in 2018.
Eighteen states made a list of the “most vulnerable” election systems in the country in a report published Thursday by the U.S. House Administration Committee. The states included in the report were faulted for lacking several of the things voting-security advocates frequently call for, including paper records of ballots and post-election audits. The report also states that the $380 million in funds currently being distributed to states by the federal Election Assistance Commission isn’t nearly enough, and that it could cost another $1.4 billion over the next decade for every state to properly secure its election systems. All 50 states plus the District of Columbia have now requested their share of the EAC’s grant money, but the report claims that much more will be needed to upgrade election officials’ information technology, implement cybersecurity training and swap out paper-free Direct Recording Electronic ballot machines, known as DREs.
The top state election officials from throughout the U.S. are gathering this weekend in Philadelphia amid fresh revelations of Russia’s interference in the 2016 presidential election and just before President Donald Trump holds one-on-one talks with Russian President Vladimir Putin. The annual gathering has typically been a low-key affair highlighting such things as voter registration and balloting devices. This year’s meetings of the National Association of Secretaries of State and the National Association of State Election Directors are generating far greater interest. The conference is sandwiched between Friday’s indictments of 12 Russian military intelligence officers alleged to have hacked into Democratic party and campaign accounts, and Trump’s long-awaited meeting with Putin.
Democratic secretaries of state consider election security a priority and will raise it repeatedly at a gathering of secretaries that begins today — in contrast, they say, to what they call President Donald Trump’s dithering on the subject. “While Trump continues to deny Russia’s interference in the 2016 elections, and his administration neglects the urgent need to better safeguard our elections, it has never been more important for Secretaries of State to lead,” the Democratic Association of Secretaries of State said in a statement. “It is critical that state election officials do everything we can to defend our elections from foreign interference and cyber threats.” The National Association of Secretaries of State’s summer conference, which runs from today through Monday in Philadelphia, includes several sessions focused on cyber threats to elections, including a meeting of the recently created group that coordinates state and federal security efforts.
National: Would Asking People To Hack America’s Election Systems Make Them More Safe? | FiveThirtyEight
There are four months until the midterm elections, and the security of state election systems remains a concern. The clock is ticking to ferret out problems and fix them before Nov. 6. Websites associated with voting continue to have poor cybersecurity hygiene, even after the revelation that hackers probed the systems of 21 states in the lead-up to the 2016 election. And while Congress has increased the funds available to states to improve their election systems, many are still jumping through bureaucratic hoops to actually access the money. One way to supplement much-needed security checks of election systems would be to replicate the security practices of tech-savvy companies. Many private tech companies treat cybersecurity differently than the government does, adapting security practices to deal with inevitable mistakes quickly and through the wisdom of the crowd. They rely partly on outside feedback to suss out vulnerabilities, something that many in the elections community seem allergic to. This could mean that fixable security flaws are left on the table for bad actors to exploit.
Momentum may finally be building in Congress to take new action to secure the elections from cyberthreats as the midterms approach. Lawmakers have struggled to advance election security legislation in the months since they approved a $380 million funding package for states to upgrade their election systems. But a flurry of election-related hearings on Capitol Hill in recent weeks — including a pair of hearings Wednesday that featured testimony from some of the government’s top cybersecurity and election officials — shows they’re sharpening their focus on the issue. And the latest attention could help move bipartisan legislation to combat election cyberthreats closer to the goal line as November nears and intelligence officials warn of ongoing attempts by the Russian government to disrupt the U.S. political system. “The tone has changed so it’s much more forward-looking in terms of, ‘Let’s figure out what we can get done,’ ” said Sen. Amy Klobuchar (D-Minn.), co-sponsor of Secure Elections Act, which would streamline the way state and federal officials exchange threat information and has garnered broad support in the Senate. “Congress, I think, has realized our role has to focus on what’s in front of us, and that’s protecting the 2018 and 2020 elections from foreign interference.”
U.S. elections are safer from hacking than they were two years ago, but the threat of foreign meddling hasn’t been stamped out, lawmakers said. “People are much more aware of the problem and taking steps to protect themselves” from hacking before the November elections, Sen. Amy Klobuchar(D-Minn.) said in a phone interview. “We’ve reached a new era” with lawmakers of both parties concerned about Russia’s interference in 2016 and are “trying to solve the problem going forward,” she said. Klobuchar spoke after the Senate Rules and Administration Committee took testimony from experts on how to safeguard U.S. elections. Congress provided $380 million for grants in response to Department of Homeland Security revelations that Russia targeted election systems in at least 21 states for possible interference in 2016. The DHS found no evidence of actual ballot tampering, but said steps are needed to secure future elections.
The top Democrat on the Senate Rules Committee wants more answers from voting machine vendors after two of the three largest companies skipped Wednesday’s election security hearing. Hart InterCivic sent a representative, but Election Systems & Software and Dominion did not. “I think we should try again, and I personally plan on sending them a number of written questions, since they wouldn’t come to the hearing,” Minnesota Sen. Amy Klobuchar told Eric. “They have a responsibility, when there’s only three of them, to answer our questions.” Klobuchar is the lead Democratic sponsor of the bipartisan Secure Elections Act (S. 2593), Congress’ most significant attempt yet to protect U.S. election infrastructure from hackers. Klobuchar may get her wish to bring in Dominion and ES&S — a spokeswoman for Rules Chairman Roy Blunt told MC that the panel was planning additional hearings.
National: Nation’s top voting equipment vendors grilled by Senate on election security | Washington Times
The Senate’s leading election security advocates blasted the country’s top voting equipment vendors on Wednesday for potentially failing to shore up ballot boxes despite November’s midterm elections already being underway with primaries. Mark Warner, also the top Democrat in the Senate’s probe into Russian interference in the 2016 election, scolded Texas-based Hart InterCivic for failing to cooperate with a security review in his home state of Virginia after that contest. “I am very concerned that there is a lot of chest thumping about how well we did in 2016,” Mr. Warner said during a Senate Rules and Administration Committee’s hearing on election safety — the second on the subject in less than a month. Peter Lichtenheld, vice president of operations for Hart InterCivic, had earlier told lawmakers of the firm’s “strong working relationships” with federal, state and local election officials.
National: Elections officials have a lot of security work to do before November, state and federal officials tell Congress | StateScoop
Russian hackers might not be as active in interfering with U.S. voting systems this year as they were in 2016, but that doesn’t mean states don’t have plenty of work to do to secure future elections, state and federal officials told members of the House of Representatives Wednesday. “Many elections across our country are being run on equipment that is either obsolete or near the end of its useful life,” Rhode Island Secretary of State Nellie Gorbea told the House Homeland Security Committee. But Gorbea, who said her state started buying new paper-ballot optical scanning machines to count votes in 2015, said replacing hardware is only one part of making the elections she oversees less vulnerable. In her experience, she said, the state-, county- and city-level officials who actually manage elections are “ill-prepared” to deal with cyberthreats.
To help protect the nation’s voting infrastructure, the Elections Assistance Commission is distributing $380 million in funding to states, while the Department of Homeland Security is conducting vulnerability scans on election equipment in at least 17 states. But some senators believe there’s much more that could be done to help secure elections. “We want to put some processes in place to make sure that we’ve not forgotten the lessons from 2016,” Sen. James Lankford (R-Okla.) said in his testimony at a July 11 Senate rules committee hearing. “There are some basic things that could be done while still allowing the states to control their election structures and have flexibility on the type of election machines that they want to have.”
Around one year ago, Liz Howard, the deputy commissioner of elections in Virginia had felt good about being prepared for the fall’s approaching voting. Localities looked ready and the state legislature had just passed mandatory post-election audits. “And then,” she recalled. “DEFCON happened.” At an annual worldwide hacking convention in Las Vegas – scheduled this year during the second week in August – intruders in a simulation made their way into the commonwealth’s electronic touch-screen voting machines used in roughly two dozen jurisdictions. … Some swing states, like Pennsylvania, are racing to upgrade all of their equipment in time for 2020. But that leaves the commonwealth – host of a U.S. Senate and gubernatorial contest – vulnerable in 2018. In Georgia, a commission is still studying a replacement for its touch-screen voting machines and hasn’t yet decided how to precisely spend its $10 million federal grant, according to McClatchy.
National: Here’s an early look at how states are spending federal election security cash | The Washington Post
Nearly four months have passed since Congress set aside $380 million for states to upgrade their election systems, and we’re just now seeing concrete details about how states plan to spend that money. California will immediately make more than $3 million available to county officials to help them protect voter rolls from cyberthreats and improve accessibility at polling places, according to figures provided to The Cybersecurity 202. And Hawaii will spend more than $400,000 ahead of the November midterms to upgrade computers, hire staff and conduct cybersecurity training, the secretary of state’s office says. California and Hawaii are among 13 states that, as of Monday, have submitted their detailed plans to the Election Assistance Commission about how they intend to spend their share of the federal cash ahead of the July 16 deadline. Their plans offer an early indication that states are taking recommendations from federal officials and election security experts seriously as the midterms approach and intelligence officials warn of a new wave of election interference from the Russian government.
Russian President Vladimir Putin is poised once again to meddle in an American election, and there’s little the U.S can do to stop him, an expert says. “The midterm is vulnerable to attack. There’s nothing we can do about it. It’s too late — if Putin wants to attack our midterm, he will.” Barbara Simons, a former IBM researcher and the co-author of “Broken Ballots: Will Your Vote Count?” told Grant Burningham, host of the Yahoo News podcast “Bots & Ballots.” Having spent the last decade trying to warn politicians of the vulnerabilities of computerized voting systems, Simons, who received a PhD in computer science from the University of California, Berkeley, says that states like Georgia, New Jersey, Delaware, Louisiana and South Carolina that have switched to paperless elections are especially ripe targets.
Black Hat and DEF CON are just around the corner, and one of the biggest headlines from last year’s conferences was the Voting Village where hackers broke into voting machines en masse. This year’s Voting Village at DEF CON will be three times the size of last year’s event to accommodate the massive demand from 2017, event organizer Harri Hursti told Tim. But it wasn’t easy to get to that point: Hursti said voting machine vendors unhappy with the publicity about hacked equipment threw up hurdles that forced them to get creative, like visiting government auctions to buy equipment to probe.
National: Why Was a Citizenship Question Put on the Census? ‘Bad Faith,’ a Judge Suggests | The New York Times
From the moment it was announced in March, the decision to add a question about citizenship to the 2020 census was described by critics as a ploy to discourage immigrants from filling out the form and improve Republican political fortunes. The Commerce Department, which made the decision, insisted that sound policy, not politics, was its sole motivation. Now a federal lawsuit seeking to block the question has cast doubt on the department’s explanation and the veracity of the man who offered it, Commerce Secretary Wilbur L. Ross Jr. And it has given the plaintiffs in the suit — attorneys general for 17 states, the District of Columbia and a host of cities and counties — broad leeway to search for evidence that the critics are correct. In a hearing last week in the United States District Court in Manhattan, Judge Jesse M. Furman gave the plaintiffs permission to search government files and take sworn testimony from up to 10 administration officials in an effort to discover how and why the citizenship decision was made.
For Americans who want to fight the mapmaker’s tyranny over politics, the U.S. Supreme Court has delivered the classic losers’ consolation: Wait ’til next year. Or the next. Or forever. The court passed up two chances at the end of its term to declare extreme partisan gerrymandering unconstitutional, sending cases from Wisconsin and Maryland back to lower courts. Then, the justices ducked again, remanding a North Carolina gerrymandering case—and making it less likely they’ll confront partisan district-drawing in their next term. Then Justice Anthony Kennedy retired, depriving gerrymandering’s opponents of a potential fifth vote, without resolving Kennedy’s long search for a legal standard on the practice. It’s a clear message to Americans who are sick of how gerrymandering lets politicians pick their voters, creates grotesquely-shaped one-party districts and encourages the partisan divide. With three years to go before the entire nation redistricts after the next census, if gerrymandering’s opponents want better, fairer maps, they’ll have to demand them, state by state. Ohio just showed how it can be done.
National: Battle Lines Drawn Over the Census Citizenship Question: Challenges in Federal Courts Before the Count Begins | Rockefeller Institute of Government
The 2020 Census is fast becoming one of the most litigated, even before the actual enumeration has started. Six lawsuits over the addition of a citizenship question to the 2020 questionnaire are currently pending before federal courts in California, Maryland and New York. Also pending before a Maryland federal court is a case alleging that the federal Commerce Department’s Census Bureau is inadequately prepared to conduct the 2020 Census due to delayed program tests, insufficient funding and staff shortages, likely resulting in severe undercount of minorities. In an Alabama federal court, that state’s attorney general and a member of Congress are challenging the Census Bureau’s decision to include all U.S. residents in the numbers used for congressional apportionment. Two of the citizenship question cases are before New York Southern District Federal Judge Jesse Furman. Both are on fast tracks, with trials expected by late October or early November (unless Judge Furman grants the U.S. government’s motion to dismiss the case, which he said could come sometime in July).
National: Senate report affirms intelligence community’s conclusion that Russia favored Trump over Clinton | The Washington Post
A Senate panel investigating Russia’s interference in the 2016 presidential election released Tuesday a written summary of its determination that the U.S. intelligence community correctly concluded Moscow sought to help Donald Trump win. The Senate Intelligence Committee’s report affirms conclusions that its members first announced in May. It stands in sharp contrast with a parallel investigation by the House Intelligence Committee, whose Republican members questioned the intelligence community’s tradecraft in concluding the Kremlin aimed to help Trump. The Senate panel called the overall assessment a “sound intelligence product,” saying evidence presented by the FBI, CIA and National Security Agency supported their collective conclusion that the Russian government had “developed a clear preference for Trump” over his opponent in the race, Hillary Clinton. Where the agencies disagreed, the Senate panel found those differences were “reasonable.”
The White House is using its official Twitter handle to target Democratic lawmakers who have criticized President Donald Trump’s immigration policies, drawing complaints that government resources are being used to undercut potential 2020 presidential rivals. The White House Twitter handle, which has more than 17.3 million followers, falsely accused California Sen. Kamala Harris on Monday of “supporting the animals of MS-13,” a violent gang that the president has sought to eradicate. In a separate tweet, the White House account erroneously asserted Massachusetts Sen. Elizabeth Warren was “supporting criminals moving weapons, drugs, and victims” across the border.
With the 2018 midterm elections fast approaching, security experts are warning that the nation’s election infrastructure will once again come under assault by hackers seeking to undermine American democracy. But here’s an underappreciated fact: We’re already under attack. “We average 100,000 scans on our [computer] systems a day,” Missouri’s secretary of state, Jay Ashcroft, told a recent Senate panel examining election security. He was referring to unauthorized probing of the networks. Mr. Ashcroft and other state election officials were asked how often they detect attempts specifically to break into voter-registration and other election-related systems. “Every day,” responded Vermont’s secretary of state, Jim Condos. “We probably receive several thousand scans per day.”
A Republican-controlled Senate panel has said that further evidence has been found to support a US intelligence assessment that Russia interfered in the 2016 presidential election to help elect Donald Trump. The Senate intelligence committee said “information obtained subsequent to publication” of a January 2017 report by US intelligence agencies “provides further support” to the conclusion that Vladimir Putin and his government aimed to discredit Hillary Clinton and boost Trump. No further detail was given. The discovery was noted on Tuesday in a summary of initial findings from the committee’s review of the January 2017 intelligence community assessment (ICA), which it said was a “sound intelligence product” backed up by evidence.
The Department of Justice’s internal “Cyber-Digital Task Force,” created by Attorney General Jeff Sessions in February, will release its first-ever public report later this month at the Aspen Institute’s annual Security Forum, a department spokesperson told CyberScoop. The report is expected to detail a series of security recommendations that the government should consider to protect future U.S. elections from a myriad of different threats, including foreign hacking attempts. A statement by the DOJ previously explained that the Task Force will “prioritize its study of efforts to interfere with our elections; efforts to interfere with our critical infrastructure; the use of the Internet to spread violent ideologies and to recruit followers; the mass theft of corporate, governmental, and private information; the use of technology to avoid or frustrate law enforcement; and the mass exploitation of computers and other digital devices to attack American citizens and businesses.”
A federal judge ruled Tuesday that a legal challenge to the 2020 census can go forward, saying there was an appearance of “bad faith” behind the Trump Administration’s disputed decision to add a question about citizenship. U.S. District Judge Jesse Furman made the ruling at a hearing in federal court in Manhattan after citing contradictory statements by Commerce Secretary Wilbur Ross about the rationale for a plan to send a census form to every household that asks people to specify whether they are U.S. citizens. The move has fueled worries among Democrats that it will discourage immigrants from participating in the survey, thereby diluting representation for states that tend to vote Democratic and robbing many communities of federal dollars. A coalition of about two dozen states and cities have sued the U.S. government in New York to block the plan, calling it unconstitutional.
For months, the National Rifle Association has had a stock answer to queries about an investigation into whether Russian money was funneled to the gun rights group to aid Donald Trump’s presidential campaign. The NRA, which spent $30 million-plus backing Trump’s bid, has heard nothing from the FBI or any other law enforcement agency, spokesman Andrew Arulanandam reiterated in an email the other day. Legal experts, though, say there’s an easy explanation for that. They say it would be routine for Justice Department Special Counsel Robert Mueller’s investigators, who are looking at the NRA’s funding as part of a broader inquiry into Russian meddling in the 2016 U.S. elections, to secretly gain access to the NRA’s tax returns from the Internal Revenue Service.
Voting has become one of the most partisan issues in contemporary politics. Republicans have sought to make it more secure by requiring photo identification. The U.S. Supreme Court’s decision last month to allow Ohio to purge inactive voters from the rolls is likely to open the door to similar efforts in other red states. Democrats, conversely, are doing everything they can to make voting easier. Washington Gov. Jay Inslee signed a bill in March implementing automatic voter registration. The following month, Gov. Phil Murphy signed a similar bill in New Jersey, bringing to 12 the number of states that sign people up, unless they opt out, when they interact with the department of motor vehicles or other state agencies. Democrats control the political branches of government in most of these states.
National: You Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator, Policy Experts Say | Defense One
How concerned should Americans be about a White House shuffle that removed the cybersecurity coordinator position? Significantly concerned, according to a collection of top cybersecurity policy experts gathered by the Atlantic Council think tank. White House National Security Adviser John Bolton eliminated the cybersecurity coordinator position soon after taking office in May. The elimination was greeted with consternation by many cyber analysts who believed the job, which encompasses government cyber protections, international cyber negotiations and broad U.S. cyber policy, was too complex to be subsumed into broader White House operations.
Nearly six months after President Trump, citing growing litigation, dissolved his sketchy voter fraud commission, a federal judge in Washington said Wednesday that certain commission documents should be turned over to one of its commissioners, who sued last year over the panel’s lack of transparency. U.S. District Judge Colleen Kollar-Kotelly had previously ordered in late December that the commissioner, Maine Secretary of State Matt Dunlap (D), receive the documents, including internal communications, that he was requesting. About two weeks after her order, the commission folded, but the legal fight over his case has continued. The judge said Wednesday that the commission must turn over the documents that were covered in her Dec. 22 order by July 18. The judge said that she had not “considered line-by-line the documents requested by Plaintiff.” But she pointed to the documents referenced in an index of commission-related communications, which was provided in a separate lawsuit, as an example of what she was expecting to be turned over.
National: Inside Facebook and Twitter’s secret meetings with Trump aides and conservative leaders who say tech is biased | The Washington Post
Twitter and Facebook are scrambling to assuage conservative leaders who have sounded alarms — and sought to rile voters — with accusations that the country’s tech giants are censoring right-leaning posts, tweets and news. From secret dinners with conservative media elite to private meetings with the Republican National Committee, the new outreach reflects tech giants’ delicate task: satisfying a party in power while defending online platforms against attacks that threaten to undermine the public’s trust in the Web. The complaints have come from the upper echelons of the GOP, including top aides to President Trump, arguably the world’s most prominent Twitter user. The chief executives of Facebook and Twitter, meanwhile, have both admitted in recent months that Silicon Valley’s ranks are dominated by liberals, which has only fed accusations of bias from the right.