For months, the National Rifle Association has had a stock answer to queries about an investigation into whether Russian money was funneled to the gun rights group to aid Donald Trump’s presidential campaign. The NRA, which spent $30 million-plus backing Trump’s bid, has heard nothing from the FBI or any other law enforcement agency, spokesman Andrew Arulanandam reiterated in an email the other day. Legal experts, though, say there’s an easy explanation for that. They say it would be routine for Justice Department Special Counsel Robert Mueller’s investigators, who are looking at the NRA’s funding as part of a broader inquiry into Russian meddling in the 2016 U.S. elections, to secretly gain access to the NRA’s tax returns from the Internal Revenue Service.
Voting has become one of the most partisan issues in contemporary politics. Republicans have sought to make it more secure by requiring photo identification. The U.S. Supreme Court’s decision last month to allow Ohio to purge inactive voters from the rolls is likely to open the door to similar efforts in other red states. Democrats, conversely, are doing everything they can to make voting easier. Washington Gov. Jay Inslee signed a bill in March implementing automatic voter registration. The following month, Gov. Phil Murphy signed a similar bill in New Jersey, bringing to 12 the number of states that sign people up, unless they opt out, when they interact with the department of motor vehicles or other state agencies. Democrats control the political branches of government in most of these states.
National: You Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator, Policy Experts Say | Defense One
How concerned should Americans be about a White House shuffle that removed the cybersecurity coordinator position? Significantly concerned, according to a collection of top cybersecurity policy experts gathered by the Atlantic Council think tank. White House National Security Adviser John Bolton eliminated the cybersecurity coordinator position soon after taking office in May. The elimination was greeted with consternation by many cyber analysts who believed the job, which encompasses government cyber protections, international cyber negotiations and broad U.S. cyber policy, was too complex to be subsumed into broader White House operations.
Nearly six months after President Trump, citing growing litigation, dissolved his sketchy voter fraud commission, a federal judge in Washington said Wednesday that certain commission documents should be turned over to one of its commissioners, who sued last year over the panel’s lack of transparency. U.S. District Judge Colleen Kollar-Kotelly had previously ordered in late December that the commissioner, Maine Secretary of State Matt Dunlap (D), receive the documents, including internal communications, that he was requesting. About two weeks after her order, the commission folded, but the legal fight over his case has continued. The judge said Wednesday that the commission must turn over the documents that were covered in her Dec. 22 order by July 18. The judge said that she had not “considered line-by-line the documents requested by Plaintiff.” But she pointed to the documents referenced in an index of commission-related communications, which was provided in a separate lawsuit, as an example of what she was expecting to be turned over.
National: Inside Facebook and Twitter’s secret meetings with Trump aides and conservative leaders who say tech is biased | The Washington Post
Twitter and Facebook are scrambling to assuage conservative leaders who have sounded alarms — and sought to rile voters — with accusations that the country’s tech giants are censoring right-leaning posts, tweets and news. From secret dinners with conservative media elite to private meetings with the Republican National Committee, the new outreach reflects tech giants’ delicate task: satisfying a party in power while defending online platforms against attacks that threaten to undermine the public’s trust in the Web. The complaints have come from the upper echelons of the GOP, including top aides to President Trump, arguably the world’s most prominent Twitter user. The chief executives of Facebook and Twitter, meanwhile, have both admitted in recent months that Silicon Valley’s ranks are dominated by liberals, which has only fed accusations of bias from the right.
The Democratic National Committee’s two-year debate over its presidential primary rules came closer to resolution Wednesday, as its key rulemaking body voted to curtail the power of unpledged delegates — so-called “superdelegates” — at the next convention. At the end of a three-hour conference call, which was opened to the public, the Rules and Bylaws Committee adopted a compromise that grew out of lengthy negotiations between supporters of Hillary Clinton’s 2016 campaign and supporters of Sen. Bernie Sanders (I-Vt.). In the past, superdelegates were able to vote on the first ballot at the convention, for any nominee. The new rule would prohibit superdelegates from voting until a second ballot, or in the event a candidate arrived at the convention with enough pledged delegates — earned in primaries and caucuses — to secure the nomination.
National: States using election security grants for new voting machines that won’t be ready for 2018 | McClatchy
In three Southern states with some of the nation’s most vulnerable election systems, federal grants designed to help thwart cyberattacks may not provide much protection in time for the mid-term elections as Congress intended. The $380 million in grant funding was supposed to help all states bolster their elections security infrastructure ahead of the 2018 elections after the intelligence community had warned that state voting systems could again be targeted by foreign hackers as they were in 2016. States have until 2023 to spend the grant money, said Thomas Hicks, chairman of the Election Assistance Commission, which distributes the grants. But the long procurement process for voting machines makes it hard for states to buy new machines with their grants and get them into service by the 2018 mid-terms, even though “Congress looked at getting this money out quickly to have an effect on the 2018 election,” Hicks said. … With just over four months remaining until the mid-term elections, at least 40 states and the District of Columbia have requested more than $266 million of the $380 million pot, according to the EAC.
National: We Shouldn’t Be Surprised About Election Hacking in 2018. But Are We Prepared? | InsideSources
On the agenda this summer at one of the largest annual conventions for hackers: a session for kids in attendance on how to break into America’s voting machines. If a preteen computer whiz can crack a voting machine from a hotel in Las Vegas, what might someone more experienced — and less scrupulous — be able to do if they set their sights on the November general election? As we all know, American elections have been targeted before. In 2016, Russia attacked election-related systems in at least 21 states. And reports indicate Moscow has tried to breach other election systems around the world. But while past attacks are certainly reasons for concern, cybersecurity risks exist in every field — they’re part of the world we live in. And the United States has knowledge and resources to mount a defense.
National: Top Tech Companies Met With Intelligence Officials to Discuss Midterms | The New York Times
Eight of the tech industry’s most influential companies, in anticipation of a repeat of the Russian meddling that occurred during the 2016 presidential campaign, met with United States intelligence officials last month to discuss preparations for this year’s midterm elections. The meeting, which took place May 23 at Facebook’s headquarters in Menlo Park, Calif., was also attended by representatives from Amazon, Apple, Google, Microsoft, Oath, Snap and Twitter, according to three attendees of the meeting who spoke on condition of anonymity because of its sensitive nature. The company officials met with Christopher Krebs, an under secretary for the Department of Homeland Security, as well as a representative of the Federal Bureau of Investigation’s newly formed “foreign influence” task force.
For the first time in a dozen years, states are looking at replacing their aging voting machines and related computer systems. But a survey of the early legislative debates surrounding this prospect suggests that some states are not heeding advice from federal officials, academics and other experts saying that ink-marked paper-ballot systems are the wisest foundation for the most secure and verifiable elections. This apparent dichotomy comes as states and the federal government have made an unprecedented effort to ramp up cyber-security precautions and training before 2018’s fall midterms, and as the voting machine industry is offering products that offer striking new options to make vote-counting more transparent and trustable. The open question is whether legislators and election officials are looking to embrace newer technology and verification protocols, or whether they are drawn to more opaque systems that they have grown familiar with—and which are commercially available. As always is the case with 3,069 counties running America’s elections, there is a range of inclinations on voting modernization.
Robert Mueller and the nation’s top intelligence official say Russia is trying to interfere in the midterm elections — but Republican and Democratic lawmakers say the Trump administration is keeping them in the dark about whether the U.S. is ready. A half-dozen senior House and Senate lawmakers who spoke to POLITICO say they’re hearing only an alarming silence from the administration about what Moscow’s trolls and hackers are up to, less than five months before an election that could undo the Republican lock on Congress and derail President Donald Trump’s agenda.
National: Voting machine vendor ES&S treated election officials to trips to Vegas, elsewhere | McClatchy Washington Bureau
The nation’s largest voting equipment vendor has for at least nine years coaxed state and local elections officials to serve on an “advisory board” that gathers twice annually for company-sponsored conferences, including one last year at a ritzy Las Vegas resort hotel. The arrangement could compromise the integrity of the officials’ decisions — or at the very least, the optics of those decisions — at a time when they are faced with efforts by Russia and perhaps other nations to disrupt the upcoming mid-term elections, ethics and elections experts said. As many as a dozen election officials attended the March 2, 2017 Las Vegas meeting, with a number of them accepting airfare, lodging, meals and, according to one participant, a ticket to a show on the Strip from their voting systems vendor, Nebraska-based Election Systems and Software (ES&S). Two other panel members said their state election boards paid for their trips. The unusual practice, which has not previously been reported, offers a glimpse of one way in which a voting equipment manufacturer has sought to cement relationships with government officials, some of whom play roles in the award of millions of dollars in contracts.
National: States need more money to secure the vote. Congress is unlikely to send it by November. | The Washington Post
Election officials from states spanning New England and the Midwest visited Capitol Hill yesterday with a clear message: Send us more money to help secure the vote. Yet lawmakers are acknowledging that states probably won’t get more federal funding for election security upgrades anytime soon — which does not bode well for states seeking to upgrade to their systems before an anticipated surge of cyberattacks surrounding the midterm elections. It also could hinder states trying to carefully plan longer-term improvements they hope to make for the next political cycle. The Secure Elections Act is the main bill senators are pushing to help states respond to the mounting threats. But at this point, senators “will not use this bill to send additional funding to states,” said a Republican Senate aide who spoke on the condition of anonymity so as not to disrupt deliberations about the bill.
Things are looking up again for the Secure Elections Act (S. 2261), the legislation on its namesake subject that has the broadest support in the Senate. Lawmakers left it on the cutting room floor as a potential amendment to a defense policy bill earlier this week. But Senate Rules Chairman Roy Blunt said Wednesday at a hearing on election security that it’s “a bill we will take up at some point.” Sen. Amy Klobuchar, one of the chief sponsors of the bill and the top Democrat on the Rules panel, told MC that Blunt informed her it would come up sometime after another election security hearing tentatively scheduled for this month or next.
Having verifiable paper trails for votes has proven to be a useful tactic, officials from three states told senators Wednesday, but they said states still have a long way to go in securing elections. Secretaries of State Steve Simon of Minnesota, Jay Ashcroft of Missouri and Jim Condos of Vermont testified before the Senate Rules and Administration Committee about their security precautions going into this November’s midterm elections, and to lobby for more federal support for upgrading voting equipment and cybersecurity practices. States across the country have been scrambling to batten down how they conduct elections in the wake of intelligence officials’ reports that hackers linked to the Russian government attempted to penetrate the voting systems in 21 states during the 2016 presidential election. But states that are moving toward more paper trails of ballots and stronger security around voter files are going in the right direction, the secretaries of state said. “It’s very hard to hack paper,” Simon said.
National: Officials at Odds Over Real, Perceived Threats to State Voting Systems | Government Technology
Sen. Roy Blunt, R-Mo., said Wednesday that the United States is in “a much better place” than it was in 2016 in defending against cyberattacks on election systems, but a hearing he convened on that threat devolved into fiery exchanges over voter fraud between Democratic senators and Missouri Secretary of State Jay Ashcroft. The Republican Ashcroft set off Sens. Dick Durbin, D-Ill., Tom Udall, D-N.M., and Catherine Cortez Masto, D-Nev., when he declared that election fraud was “exponentially” a bigger threat than attempts to hack U.S. election infrastructures by Russians or any other bad actors.
State election officials said they haven’t received as much federal funding as they need to secure their election systems even after U.S. intelligence officials concluded that Russia meddled in the 2016 election and the federal government called on states to step up efforts to prevent hacking. Officials from Minnesota and Vermont asked lawmakers for more money at a hearing Wednesday by the Senate Rules and Administration Committee in Washington. “Our upgrades to equipment and cybersecurity will be an ongoing challenge for many states; the federal funding received will, regrettably, be insufficient to do all we want, or need,” said Vermont Secretary of State Jim Condos, who is president-elect of the National Association of Secretaries of State.
The initially turbulent relationship between federal agencies and state and local election officials in the wake of the 2016 election season has cleared to some extent as the groups work together ahead of upcoming elections, federal and state government officials told a Senate panel on election security. States are using up a pool of federal money to bolster their election systems, and the Department of Homeland Security is honing its threat sharing data to better fit the needs of states, the officials said at a June 20 Senate Rules and Administration Committee hearing on election cybersecurity. “As of this week, 38 states have requested $250 million” of the $380 million appropriation in the 2018 omnibus spending bill, panel Chairman Sen. Roy Blunt (R-Mo.) said. He added that $150 million has already been distributed.
National: Obama cybersecurity czar: Russian hackers likely scanned election systems in all 50 states | USA Today
Russian hackers likely scanned the election systems of all 50 states for vulnerabilities in 2016 — not just the 21 states confirmed as targets by homeland security officials last year, the cybersecurity czar for former President Barack Obama told a Senate panel Wednesday. “I think it is highly likely,” Michael Daniel replied in answer to a question from Sen. Susan Collins, R-Maine, about whether Russian cyber actors at least scanned the election systems of every state. “It is more likely that we hadn’t detected it than that it didn’t occur.” States have been scrambling to improve their cyber security after Homeland Security officials revealed last year that Russian hackers tried to breach election systems in at least 21 states in 2016. Although no actual votes were changed, hackers broke into Illinois’ voter registration database.
National: State Election Officials Didn’t Know About Russian Hacking Threat Until They Read It in the News, Emails Show | HuffPost
Voters across the country were shocked to learn last year, through the disclosure of a top-secret NSA document, details of an intricate plot by Russian military hackers to infiltrate American electoral systems. New emails obtained by The Intercept through public records requests illustrate the disturbing extent to which potential targets of the attack were caught unaware, having apparently remained in the dark alongside the voting public. On June 5, 2017, The Intercept published a top-secret National Security Agency assessment that detailed and diagramed a Russian governmental plot to breach VR Systems, an e-voting vendor that makes poll book software used by several pivotal electoral battleground states, such as North Carolina and Virginia. The report attributed the scheme to the Russian General Staff Main Intelligence Directorate, or GRU. GRU’s plan, the NSA claimed, was to roll any success with VR Systems into a subsequent email attack against state voting officials across the country.
Sen. Sherrod Brown has reacted to the U.S. Supreme Court’s 5-4 decision supporting the Ohio secretary of state’s policy of purging inactive voters from the rolls with a bill aimed at stopping the practice. Brown, D-Ohio, and Sen. Amy Klobuchar, D-Minn., announced Wednesday they are introducing a bill to amend the National Voter Registration Act to clarify that a state may not use someone’s failure to vote or respond to a state notice as a reason to remove them from active voter rolls. The bill is a direct reaction the Supreme Court’s ruling on the Husted v. A. Philip Randolph Institute case, in which the high court ruled that states may remove registered voters from rolls if they do not vote in multiple federal elections or if they don’t return a mailed address confirmation form. Brown is a former Ohio secretary of state, while Klobuchar is the top Democrat on the Senate Rules Committee, which has oversight jurisdiction over federal elections.
The sponsors of a bill designed to help state election officials be briefed on threat information failed to insert any of their provisions in a defense spending package approved Monday by the U.S. Senate. Sens. James Lankford, a Republican from Oklahoma, and Amy Klobuchar, a Democrat from Minnesota, had pushed to get parts of their bill, the Secure Elections Act, included in the National Defense Authorization Act. Brought on by concerns from the intelligence community that the Russian government will repeat its 2016 efforts to influence U.S. voters ahead of this November’s midterm elections, the Secure Elections Act was designed to make it easier for state elections officials to get the security clearances necessary to be briefed on threats. It would also direct the Department of Homeland Security to share threat information with state elections officials.
National: New Government Reports Shows Federal Agencies Facing Significant Cyber Security Risks | CPO Magazine
With all the talk about cyber security risks in the news, you would think that the U.S. federal government would be doing a better job of protecting its data from cyber attacks, including the very real threat of state-sponsored hackers. Yet, as a new Office of the Management and Budget (OMB) report points out, nearly 75 percent of federal agencies are still woefully unprepared to handle cyber security risks of any kind. This all comes on the heels of the United States government eliminating the position of federal cybersecurity czar earlier this year. While the report, which was prepared in collaboration of the Department of Homeland Security (DHS), did not specifically call out which agencies were failing to respond to global cyber threats, it did suggest that the failures, gaps and inadequacies were relatively evenly distributed across the entire federal government. In fact, 71 of the 96 federal agencies reviewed were deemed to be “at risk” or “at high risk” of a cyber attack. The report defined “at risk” to mean that there were significant gaps in security preparedness, while “at high risk” means that fundamental processes were not even in place to deal with cyber security risks.
The Senate wants to turn up the pressure on President Trump and his military chiefs to strike back against Russian hacking. The massive defense policy bill the Senate approved Monday night calls on Trump to curb Russian aggression in cyberspace. It gives Trump the green light to direct U.S. Cyber Command to “disrupt, defeat and deter” cyberattacks by the Russian government, conduct surveillance on Kremlin-backed hackers and partner with social media organizations to crack down on disinformation campaigns such as the ones that disrupted the 2016 election. It would also require the administration to send quarterly reports to Congress about the progress of its efforts.
When Congress approved giving $380 million to states to bolster the security of their elections, state officials were caught off guard but extremely grateful. Elections are notoriously underfunded and haven’t seen a windfall like this from the federal government in more than a decade. But getting that money out to all the states, and then into the hands of localities that run the elections, with enough time to have a meaningful effect on the 2018 midterm elections is a difficult proposition. Three months after receiving congressional approval, and now less than five months from November’s midterm elections, 33 states have filed the necessary paperwork to begin receiving money. That number may seem “disconcertingly low” to some, especially when it was just 11 in mid-May, but there is mixed consensus on what it actually says about the country’s seriousness when it comes to handling threats leading up to the 2018 election.
The Supreme Court declined on Monday to address the central questions in two closely watched challenges to partisan gerrymandering, putting off for another time a ruling on the constitutionality of voting districts designed by legislatures to amplify one party’s political power. In a challenge to a redistricting plan devised by the Republican Legislature in Wisconsin, the court unanimously said that the plaintiffs had not proved that they had suffered the sort of direct injury that would give them standing to sue. The justices sent the case back to a trial court to allow the plaintiffs to try again to prove that their voting power had been directly affected by the way state lawmakers drew voting districts for the State Assembly. In the second case, the court unanimously ruled against the Republican challengers to a Democratic plan to redraw a Maryland congressional district. In a brief unsigned opinion, the court said the challengers had waited too long to seek an injunction blocking the district, which was drawn in 2011.
Critics have derided the White House’s decision this past May to scrap its Cyber Coordinator post—created by the Obama administration to consolidate policy courses of action on cybersecurity issues—as short-sighted and tone-deaf, particularly at the height of concern over Russia’s nefarious activity toward U.S. political processes. However, the move creates an opportunity to examine whether the overall U.S. approach to cybersecurity has been overly narrow relative to the Russian threat—which itself has demonstrated the need for Washington to forge partnerships with industry and to expand beyond the network-centric aspects of information warfare.
As the midterm congressional primaries heat up amid fears of Russian hacking, roughly 1 in 5 Americans will cast ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say lack of a hard copy makes it difficult to double-check results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say, ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society.
As key midterm elections approach, contests that could set off an enormous shift in Washington, D.C., U.S. authorities are taking measures to make sure they are secure and free of foreign influence. For years, a number of polling places have gone more high tech with electronic voting machines. Fears about vulnerabilities in the systems in an increasingly interconnected world, however, is now turning eyes to a strikingly original idea — paper ballots. The United States largely moved away from paper ballots after the 2004 Help America Vote Act replaced lever and punch-card voting machines with Direct Recording Electronic, or DRE, systems. The reform was a direct result of the notoriously contested 2000 presidential election, which triggered weeks of recounts and multiple complaints about the paper ballots in Florida.
National: Politicians wary that hackers could swipe emails, upend their campaigns | The Sacramento Bee
A new reality has set in to political campaigns: Candidates must expect that their private email accounts will be hacked, and the contents splashed onto the internet, possibly squandering their chances of victory or exposing personal secrets. Email hacking is now an entrenched tactic for practitioners of political sabotage. “I think it’s here to stay. I don’t see it changing,” said Richard Ford, chief scientist at Forcepoint, an Austin, Texas, cybersecurity company. Whether politicians are swapping tales of town halls, dishing on their opponents or sharing intimacies with spouses — or others — they now know that a private conversation can explode on to the internet.