National: Hill Democrats target McConnell in election security push | Derek B. Johnson/FCW

Congressional Democrats are banding together to sound the alarm on the looming security threats facing the 2020 elections — and bash the senator they believe is most responsible for legislative inaction. In a July 23 press conference scheduled one day before Special Counsel Robert Mueller heads to Capitol Hill to testify on his report that found “sweeping and systemic” efforts on the part of the Russian government to interfere in the 2016 elections, a group of Democrats pledged to barnstorm around the country serving as “Paul Reveres” to warn about the continuing need for comprehensive election security legislation. They spent most of their time taking aim at Senate Majority Leader Mitch McConnell (R-Ky.), who has become in many respects the primary target of ire for election security advocates after congressional Republicans acknowledged in a Rules Committee hearing earlier this year that he was blocking legislation from reaching the floor of the Senate. “The remarkable thing is on an issue where there is broad bipartisan support…McConnell has not brought a single piece of election security legislation to the floor even though the president’s own security team has said that we’re in jeopardy,” Sen. Mark Warner (D-Va.) said.

National: Intelligence Chief Names New Election Security Oversight Official | Julian E. Barnes/The New York Times

An experienced official will oversee election security intelligence across the government in a newly created senior position, the director of national intelligence announced on Friday as part of an effort to improve coordination and speed response to attacks by foreign governments. Intelligence officials said the new post reflects the reality that influence operations by Russia, China and other countries are likely to continue indefinitely. Shelby Pierson, who worked on intelligence issues surrounding the 2018 midterm elections, was named to the post, which will cover both potential attacks on voting infrastructure and influence campaigns. Administration critics praised the appointment but said it did not obviate the need for a director at the National Security Council to coordinate not just intelligence but also the response to foreign interference campaigns. And critics in Congress warned that President Trump’s skepticism over foreign influence campaigns continues to undermine the government response. Ms. Pierson’s appointment will help intelligence agencies direct resources to election security and “bring the strongest level of support to this critical issue,” said Dan Coats, the director of national intelligence, who called it an “enduring challenge.” Mr. Coats also said he was ordering all of the intelligence agencies with a role in election security to appoint a senior official to oversee issues of foreign influence and infrastructure attacks. These officials will form an Election Executive and Leadership Board to ensure intelligence agencies are properly focused on voting security issues.

National: “We’re not ready” for foreign election interference in 2020, says Rep. Adam Schiff | Eric Johnson/Vox

In May, Facebook refused to remove a deceptively edited viral video that made Speaker of the House Nancy Pelosi look drunk — a decision that does not bode well for how Silicon Valley will handle disinformation and election interference in 2020, Rep. Adam Schiff says. And for that matter, he said on the latest episode of Recode Decode with Kara Swisher, Congress and the voting public aren’t prepared to deal with those things either. “The tech companies aren’t ready,” Schiff said. “They don’t have, I think, their policies fully thought out yet. The government isn’t ready. We don’t have the technologies yet to be able to detect more sophisticated fakes.” “And the public, by and large, when you bring up ‘deepfake,’ they don’t know what you’re referring to,” he added. “And so we don’t have much time. It’s eight months until the primaries begin to try to prepare the public, prepare ourselves, determine what other steps need to be taken to protect ourselves from this kind of disinformation.”

National: Election security to take back seat at Mueller hearing | Maggie Miller/TheHill

This week’s much-anticipated hearing with former special counsel Robert Mueller promises to be full of high political drama. But election security — a key focus of the Mueller report — isn’t likely to garner much attention from lawmakers. Mueller is scheduled to testify before the House Judiciary and Intelligence committees in back-to-back hearings Wednesday to discuss the findings of his 448-page report on Russian interference in the 2016 presidential election. The first volume of the report was devoted to Russian efforts to interfere in the elections through social media and hacking operations, with Mueller later emphasizing in rare public remarks that election security is an issue that “deserves the attention of every American.” “I will close by reiterating the central allegation of our indictments, that there were multiple, systematic efforts to interfere in our elections,” Mueller said in a public statement to the press in May. His lengthy report detailed how Russian actors hacked into the computer system of the Democratic National Committee, engineered a social media disinformation campaign that favored President Trump and conducted “computer intrusion operations” against those working on former Secretary of State Hillary Clinton’s presidential campaign. In the wake of the report’s release, election security debates ramped up on Capitol Hill, with Republicans and Democrats strongly disagreeing on what steps, if any, Congress should take ahead of the 2020 elections. The Democratic-led House has passed several election security bills, while the GOP-controlled Senate has mostly avoided voting on them and others, with Senate Majority Leader Mitch McConnell (R-Ky.) citing concerns about federalizing elections and claiming agencies already doing enough to address the problem.

National: Microsoft reveals election-related investigation findings | CISO Magazine

Microsoft says it has detected more than 740 intrusion attempts by state-sponsored attackers last year targeting the U.S.-based political parties, campaigns, and other democracy-focused organizations, who are subscribed to Microsoft’s AccountGuard service. The Microsoft AccountGuard provides free cyber threat detection services to election-related candidates, campaigns, and other groups. The Tech giant revealed the probe findings at the Aspen Security Forum, where it demonstrated a voting system ElectionGuard software. Microsoft said the new voting system offers secure and verifiable voting experience. “Since the launch of Microsoft AccountGuard last August, we have uncovered attacks specifically targeting organizations that are fundamental to democracy. We have steadily expanded AccountGuard, our threat notification service for political campaigns, parties, and democracy-focused nongovernmental organizations (NGOs), to include 26 countries across four continents,” Microsoft said in a blog post.

National: Democrats to Press Republicans on Election Security Ahead of Mueller Testimony | VoA News

Democrats in the U.S. House and Senate are expected to issue a call Tuesday for Republicans to join in passing legislation to improve election security. The move comes a day ahead of special counsel Robert Mueller’s testimony to two House committees Wednesday about Russia’s interference in the 2016 election. Democrats plan to highlight several House-passed bills and Senate proposals in increased security ahead of the next national elections in 2020. Congressional Democrats and Republicans remain at odds over how to address election security issues three years after Russia’s interference. Last month, the Democratic-controlled House passed a bill requiring paper ballots at all polling stations. However, almost all House Republicans opposed the measure, arguing that paper ballots are more susceptible to tampering.

National: Why getting election security right for 2020 matters | J.M. Porup/CSO Online

How much election security is enough? The answer: Enough to convince a losing candidate that they lost. Will that happen for the 2020 elections? Probably not. “Is it enough? How much is enough?” Herb Lin, Senior Research Scholar at the Center for International Security and Cooperation at Stanford University, and co-author of the Stanford Cyber Policy Center’s “Securing American Elections” report, asks. “Unfortunately it’s not a technical answer. Enough means you’ve done enough so that you can persuade the loser of an election that in fact the voting machines weren’t hacked.” “You have to take into account the possibility that the loser will rally his troops and complain about the result,” he adds. “The election machinery, both organizational and technical, all of that has to be of sufficiently high quality, and resistant to attack, that you can persuade the loser of an election that they fairly lost.” That makes election security as much of a political problem as it is a technical problem. Voters must have confidence that the voting was fair, regardless of how much money is spent or what security controls are put in place. That makes securing election infrastructure categorically different than almost any other information security challenge today. At present many jurisdictions are struggling to escape the bottomless pit of despair paperless voting, and that’s a no-brainer. But once we raise the bar from wow-crazy-bad to meh-just-not-great, how do we reach a plateau of sustainably trustworthy voting security?

National: Russian oligarchs in Britain scrutinised by US investigation into election meddling | Con Coughlin/Telegraph

US Senators investigating Russian interference in the 2016 presidential election are renewing their focus on the activities of Russian oligarchs based in Britain. US congressional investigators say they are particularly interested in interviewing alleged associates of Russian Oligarch Oleg Deripaska, who is known to have close ties with Russian President Vladimir Putin. As part of its ongoing investigation into Russian meddling in the 2016 election campaign, the US Senate Intelligence Committee has now written a formal letter to a London-based security consultant requesting his presence in Washington to give evidence. In the letter, a copy of which has been seen by The Telegraph, the bipartisan committee of US Senators wants British-based security consultant Walter Soriano to attend a special closed session in Washington to answer questions about his alleged association with Mr Deripaska, who has consistently denied any wrongdoing, as well as other key figures named in its Russian investigation. The committee also expressed an interest in Mr Soriano’s possible links with two former MI6 officers, Christopher Steele and Christopher Burrows, who were responsible for producing a highly damaging “dossier” on US President Donald Trump’s alleged ties with Russia.

National: Election Assistance Commission, Hungry for Funds, Now Pays for Officials to Get to Office | Jessica Huseman/ProPublica

For years, it was how things worked at the Election Assistance Commission, the federal agency charged with helping America’s thousands of local officials run elections: If you served as one of the agency’s four commissioners, making more than $150,000 a year, you lived in and around Silver Spring, Maryland, where the agency’s office is located. The reasons were straightforward: The agency’s small staff needed daily guidance from its leadership, and its modest budget was not meant to pay for commissioners to travel from out of state. But this year, the EAC’s executive director, Brian Newby, allowed two of the four commissioners — including the agency’s chairwoman — to work outside the Washington, D.C., area and agreed to pick up the costs of their travel to and from the office. Christie McCormick and Donald Palmer, the two Republican commissioners, work most days from out of state — McCormick, the agency chairwoman, in Charlottesville, Virginia, and Palmer in a suburb of Jacksonville, Florida. Newby appears to have approved the changes on his own. Current and former employees of the agency say no formal announcement was made, and the agency’s full slate of commissioners, which includes two Democrats, does not appear to have taken a vote on the change in practice. The disclosures, contained in answers to questions the EAC provided to a congressional oversight committee, come as the agency has repeatedly claimed it is underfinanced and critics say it is not doing enough to assist election administrators around the country at a time of genuine threats to the integrity of the nation’s elections. Rep. Zoe Lofgren, the Democratic chairwoman of the House Administration Committee, which oversees the EAC, said in a letter to the commission that news of the working arrangements for McCormick and Palmer “raises concerns about how much taxpayer money is being used to accommodate travel between duty stations and agency headquarters when the agency is avowedly struggling with its current funding levels.”

National: Intel chief Coats establishes election security adviser position | Maggie Miller/The Hill

The intelligence community has crafted a position to oversee threats to election security, officials announced Friday, the latest effort to shore up security heading into the 2020 presidential elections. Director of National Intelligence (DNI) Daniel Coats has appointed Shelby Pierson to serve as the first “election threats executive” (ETE), tasking her to be the intelligence community’s “principal advisor” on election security threats. Pierson served as the crisis manager for election security for the Office of the Director of National Intelligence during the 2018 midterm elections, and has worked in the intelligence community for more than 20 years. Coats praised Pierson and said her “knowledge and experience make her the right person to lead this critical mission.” The DNI noted in a statement that “Election security is an enduring challenge and a top priority for the IC [intelligence community]. In order to build on our successful approach to the 2018 elections, the IC must properly align its resources to bring the strongest level of support to this critical issue.” Along with establishing the new position, Coats also directed all intelligence agencies that have a role in securing elections to designate a lead executive to work with the ETE to help coordinate election security efforts for the administration.

National: What six states reveal about the price of 2020 election security | Bill Theobald/The Fulcrum

States are taking steps to protect their voting systems from the sort of cyberattacks that marked the 2016 presidential election, but they lack the funds to do all that’s needed. That is the conclusion of a report released Thursday by four groups that monitor voting security or advocate for additional federal intervention to bolster cybersecurity for the political system: the Brennan Center for Justice, R Street Institute, Alliance for Securing Democracy and the University of Pittsburgh. They sampled what is happening in six states, chosen in part because hacking was attempted in several of them in the past few years. In Illinois, for example, special counsel Robert Mueller’s report found that Russian operatives hacked into the state database of registered voters and extracted some data before they were blocked. One common theme among the states is their hunger for more federal aid to replace aging voting machines. As the report points out, the states all tapped into the $380 million approved by Congress last year for election security grants to the states — but could have used far more. The House has voted to allocate another $600 million for security grants before November 2020, but the Senate has not yet begun to write the spending bill that might contain similar funding. The delay is knotted up in a much larger debate about the overall size of the federal budget for the coming year.

National: U.S. Senator Schumer asks FBI, FTC to probe Russia’s FaceApp over security concerns | Elizabeth Culliford and Kanishka Singh/Reuters

U.S. Senate minority leader Chuck Schumer called on the FBI and the Federal Trade Commission to conduct a national security and privacy investigation into FaceApp, a face-editing photo app developed in Russia, in a letter sent on Wednesday. The viral smartphone application, which has seen a new surge of popularity due to a filter that ages photos of users’ faces, requires “full and irrevocable access to their personal photos and data,” which could pose “national security and privacy risks for millions of U.S. citizens,” Schumer said in his letter to FBI Director Christopher Wray and FTC Chairman Joe Simons. The Democratic National Committee also sent out an alert to the party’s 2020 presidential candidates on Wednesday warning them against using the app, pointing to its Russian provenance. In the email, seen by Reuters and first reported by CNN, DNC security chief Bob Lord also urged Democratic presidential campaigns to delete the app immediately if they or their staff had already used it. There is no evidence that FaceApp provides user data to the Russian government.

National: Voting by Phone Is Easy. But Is It Secure? | Matt Vasilogambros/Stateline

For the first time in a presidential election, voters in two upcoming Democratic caucuses will be able to vote using their phones. The Democratic Party announced this month that Iowans and Nevadans in February will be able to opt out of the traditional caucus experience and vote using the keypads on their cellphones or landlines. Party leaders say the change will make the caucus process more inclusive, especially for members of the military and others who can’t easily caucus in person, such as people with disabilities and voters who live in remote areas. … Voting by phone is voting through the internet, either through mobile apps or the tabulating and downloading process, said Marian Schneider, president of Verified Voting, an election integrity nonprofit that advocates for a paper trail in voting. That opens the door to malicious actors, like the foreign intelligence agents who attempted to hack U.S. state and local voting systems during the last presidential race. In light of those attempts, many states are going back to paper ballots or requiring a paper trail to back up electronic systems. “Did people not get any lessons learned from 2016?” Schneider said. “It’s really an odd time to be doing this.”

National: GAO again warns of risks in 2020 census | Anoushka Deshmukh/FCW

When the Government Accountability Office labeled the 2020 census as a high-risk government program in February 2017, the Census Bureau planned to address many of its challenges by re-engineering the census infrastructure and relying on new time and money-saving applications. Now, a July 16 GAO report details three primary concerns the watchdog agency has with the Bureau’s tech-based approach: untested innovations, implementation of IT systems and cybersecurity risks. The Bureau plans to use online census forms, which it expects will not only reduce costs but also increase accessibility and efficiency. Other innovations include re-engineering field operations, using administrative records and verifying addresses in-office. While these innovations show promise, they lack proper testing, GAO said, which raises the possibility of unexpected risks. The 2020 census will rely heavily on IT systems, which also need development and in-depth testing to confirm they function properly. To ensure adequate time for these tasks, the Census Bureau revised its systems development and testing schedule in October 2018, but according to GAO, “the Bureau is at risk of not meeting near-term IT system development and testing schedule milestones for five upcoming 2020 Census operational deliveries.”

National: No. 2 U.S. intelligence official talks about how U.S. is preparing for 2020 election threats | Olivia Gazis/CBS News

The U.S. intelligence community is preparing to confront a novel set of challenges related to the upcoming 2020 presidential elections amid proliferating disinformation threats – in part by boosting the amount of information it shares publicly, according to the number two intelligence official. “We have no expectation that, in 2020, [adversaries] will stay with the approach that they had in 2018,” said Principal National Intelligence Deputy Director Sue Gordon, who serves as deputy to Director of National Intelligence Dan Coats. “So, I think we already have raised our vision.” In an interview with Intelligence Matters host and CBS News senior national security contributor Michael Morell, Gordon, a career intelligence official who spent 27 years at the CIA before being nominated to her current post by President Trump in 2017, said foreign adversaries’ efforts to interfere with the country’s election security potentially pose a near-existential threat. “I can think of no greater threat to America than actions that would make us not believe in ourselves,” she said. “That is, national interests of our adversaries using information in order to sow seeds of division … or make people believe their votes don’t count, or position tools in our infrastructure” to otherwise affect the integrity of voting processes.

National: Intrusion monitors for election security are going virtual | Benjamin Freed/StateScoop

As interest in cybersecurity swells among election officials, a small group of states has begun experimenting with a virtualized network-intrusion system that until recently had only been available in the form of a physical device. Typically, the Albert system, which is designed and distributed by the nonprofit Center for Internet Security, consists of single-unit physical servers outfitted with the organization’s open-source software that detects anomalous and malicious network activity. But five states and territories, led by Nebraska, have started using Albert sensors that run on a virtual server to detect attempted intrusions of their voter registration databases. The software-based version of the Albert system is a product of collaboration between the participating states, which have asked to remain anonymous; Election Systems & Software, which produces the voter registration system used by Nebraska and the others; and CIS, which operates the Elections Infrastructure Information Sharing and Analysis Center, the federally funded entity through which state officials, local officials and the U.S. Department of Homeland security exchange alerts about election security.

National: States need more federal funds to secure elections: report | Maggie Miller/The Hill

States are in need of further funding from the federal government to fully secure elections, a report published Thursday found, citing six states as examples. The report was compiled by the Brennan Center for Justice, the R Street Institute, the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security, and the Alliance for Securing Democracy. It spotlights Alabama, Arizona, Illinois, Louisiana, Oklahoma, and Pennsylvania. “Elections are the pillar of American democracy, and, as we saw in 2016 and 2018, foreign governments will continue to target them,” the authors wrote in the report. “States cannot counter these adversaries alone, nor should they have to. But at a time when free and fair elections are increasingly under attack, they can, with additional federal funding, safeguard them.” Four of the states reported that future federal funds are needed to replace “legacy” or older voting equipment that have cyber vulnerabilities, while several other states cited the need for funding to train election officials in cybersecurity.

National: Senate passes bill making hacking voting systems a federal crime | Jordain Carney/The Hill

The Senate passed legislation on Wednesday night that would make it a federal crime to hack into any voting systems used in a federal election. The bill, known as the Defending the Integrity of Voting Systems Act, passed the chamber on Wednesday night by unanimous consent, which requires the sign off of every senator. It would allow the Justice Department to pursue federal charges against anyone who hacks voting systems used in federal elections under the Computer Fraud and Abuse Act. Sen. Sheldon Whitehouse (D-R.I.), Richard Blumenthal (D-Conn.) and Lindsey Graham (R-S.C.) introduced the legislation earlier this year and it cleared the Judiciary Committee in May. “Our legislation to protect voting machines will better equip the Department of Justice to fight back against hackers that intend to interfere with our election,” Blumenthal said when the bill was introduced.

National: Top Democrat demands answers on election equipment vulnerabilities | Maggie Miller/TheHill

Sen. Ron Wyden (D-Ore.) is demanding answers from the Election Assistance Commission (EAC) as to how the federal agency plans to secure election equipment amid reports that most machines depend on software that will soon be out-of-date and vulnerable to cyber attacks. In a letter dated July 12 that was released on Monday, Wyden asked EAC Chairwoman Christy McCormick how the agency plans to address this “looming cybersecurity crisis.” “Intelligence officials have made it clear that Russian hackers targeted our elections in 2016, and that they expect similar threats in 2020,” Wyden wrote. “The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers. This is unacceptable.” The Associated Press recently reported that the majority of U.S. counties use election management systems that run on Windows 7, an outdated operating system that Microsoft will stop updating in January. The systems are responsible for programming voting machines and tallying votes. Wyden focused his questions on whether products created by Election Systems and Software (ES&S), one of the major U.S. voting equipment manufacturers, would be decertified by the EAC prior to the 2020 elections. According to EAC documentation, the equipment uses Windows 7. Wyden gave McCormick a July 26 deadline to respond to his questions.

National: Microsoft will give away software to guard U.S. voting machines | Ken Dilanian/NBC

Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines, even as the tech giant said it had tracked 781 cyberattacks by foreign adversaries targeting political organizations so far this election cycle. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.” The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post. Its announcement was timed to coincide with the Aspen Security Forum, an annual conference of current and former intelligence, defense and homeland security officials that kicks off Wednesday in Aspen, Colorado — co-sponsored by Microsoft and others. NBC News is a media partner of the forum. Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft’s move signals that voting systems, long a technology backwater, are finally receiving attention from the county’s leading technical minds.

National: How Julian Assange turned an embassy into a command post for election meddling | Marshall Cohen, Kay Guerrero and Arturo Torres/CNN

New documents obtained exclusively by CNN reveal that WikiLeaks founder Julian Assange received in-person deliveries, potentially of hacked materials related to the 2016 US election, during a series of suspicious meetings at the Ecuadorian Embassy in London. The documents build on the possibility, raised by special counsel Robert Mueller in his report on Russian meddling, that couriers brought hacked files to Assange at the embassy. The surveillance reports also describe how Assange turned the embassy into a command center and orchestrated a series of damaging disclosures that rocked the 2016 presidential campaign in the United States. Despite being confined to the embassy while seeking safe passage to Ecuador, Assange met with Russians and world-class hackers at critical moments, frequently for hours at a time. He also acquired powerful new computing and network hardware to facilitate data transfers just weeks before WikiLeaks received hacked materials from Russian operatives. These stunning details come from hundreds of surveillance reports compiled for the Ecuadorian government by UC Global, a private Spanish security company, and obtained by CNN. They chronicle Assange’s movements and provide an unprecedented window into his life at the embassy. They also add a new dimension to the Mueller report, which cataloged how WikiLeaks helped the Russians undermine the US election. An Ecuadorian intelligence official told CNN that the surveillance reports are authentic.

National: Multiple Bills Seek To Secure Elections: Will They Do It? | Taylor Armerding/Forbes

If the security of voting systems in the next election will be a function of the amount of legislation on the topic now pending in Congress, we’ve got nothing to worry about in November 2020. There is a growing pile of bills in both the House and Senate, most featuring several to dozens of cosponsors—sometimes even from both parties—accompanied by press releases with made-to-order endorsements from congressional leaders, advocacy groups and cybersecurity experts. They all call for securing U.S. elections and “protecting our democracy.” But, of course, the number of bills doesn’t matter. It’s about quality, not quantity. The things that do matter are what gets enacted into law and whether its mandates get done or get watered down. And that, as the predictable cliché goes, remains to be seen.

National: Alarm sounds over census cybersecurity concerns | Maggie Miller/The Hill

Lawmakers are raising concerns that the upcoming 2020 census, which people are expected to fill out primarily online for the first time, is opening the door to potential cyber vulnerabilities. These vulnerabilities were in the spotlight on Capitol Hill on Tuesday as the Senate Homeland Security and Governmental Affairs Committee held a hearing to examine the security of the census, which residents will be able to complete online, over the phone or on paper. The hearing featured testimony from top officials from the Government Accountability Office (GAO), which has added the Census Bureau to its list of “high risk programs” due to cybersecurity and information technology shortfalls.  “Although the Bureau has taken initial steps to address risk, additional actions are needed as these risks could adversely impact the cost, quality, schedule, and security of the enumeration,” Nick Marinos, the director of Information Technology and Cybersecurity at GAO, and Robert Goldenkoff, the director of Strategic Issues at GAO, said in their written testimony. Concerns center around the security of personal data involved in the census, and around securing systems against threats from foreign nations. The anxiety echoes some of the worry surrounding security against cyberattacks from foreign actors during the upcoming presidential election.

National: Secretaries of state plead for more money for election security | Mark Albert/KOCO

The nation’s chief elections officials are pleading for more money from the federal government to shore up the security of crucial voting systems before the presidential contest in 2020, even as such aid appears dead on arrival in the U.S. Senate. Interviews with 10 secretaries of state, conducted by the Hearst Television National Investigative Unit at the annual summer conference of the National Association of Secretaries of State held this year in Santa Fe, New Mexico, found unanimity across party lines. When asked whether their states needed more money for election security, one secretary after another answered in the affirmative. “Absolutely,” responded Pennsylvania Acting Secretary of State Kathy Boockvar, a Democrat. “Absolutely,” seconded Laurel Lee, Florida’s Secretary of State, a member of the Republican party. “Look, we absolutely need more money,” Democrat Alex Padilla, California’s secretary of state, said. “We can always use more money for election security,” said Mac Warner, a Republican who serves as secretary of state in Virginia. But despite the landslide of bipartisan requests, $600 million in additional funding is stuck in the Senate after passing the House last month on a nearly party-line vote.

National: Here’s an overlooked election cybersecurity danger: outdated software | Joseph Marks/The Washington Post

There’s a big hacking danger facing the 2020 election that’s so far been overlooked: software so old that companies aren’t updating it anymore. The “vast majority” of the nation’s 10,000 election jurisdictions rely on Microsoft’s Windows 7 operating system, which was introduced in 2009 and will reach the end of its technological life span in January, according to a report this weekend from the Associated Press’s Tami Abdollah. And some of those jurisdictions are relying on software that’s even older. That means those systems — which are running in numerous swing states’ election systems — won’t get automatically updated to protect against newfound computer bugs, leaving the systems far more vulnerable to hackers who exploit those bugs, Abdollah reports. The report highlights yet another way in which elections remain vulnerable to hacking despite calls for vastly improved election cybersecurity after the 2016 contest was upended by Russian hacking and disinformation operations — and amid warnings from Intelligence officials that Russia and other U.S. adversaries want to similarly compromise the 2020 contest. The vulnerable software is deployed on systems to create ballots, program voting machines, tally votes and report counts, per the AP. It also demonstrates how many election cybersecurity challenges evade easy fixes.

National: Who’s behind voting-machine makers? Money of unclear origins | Emery P. Dalesio/Associated Press

The voting-machine makers that aim to sell their systems in North Carolina are largely owned by private equity firms that don’t disclose their investors. The companies didn’t want the public to know even that much. North Carolina’s statewide elections board demanded the machine-makers’ ownership information last month after special counsel Robert Mueller’s April report into Russian efforts to sway the 2016 presidential election. Their concerns about potential foreign interference have grown since Maryland officials learned last year that a company maintaining that state’s election infrastructure did not disclose its financing by a venture fund whose largest investor is a Russian oligarch. The private-equity backers of the three voting systems vendors seeking approval to sell to county elections boards in North Carolina told The Associated Press they’re controlled by U.S. citizens. They claimed they have no ties to foreign oligarchs or other nefarious persons facing financial sanctions by Washington. But they didn’t provide information about the sources of the money they invest. And they asked the board not to share what they did disclose with the public. The elections board released the companies’ responses — as required by law — under a public records request from The AP. Election security watchdogs remain frustrated.

National: Thousands of election systems running software that will soon be outdated: report | Tal Axelrod/The Hill

The vast majority of the nation’s 10,000 election jurisdictions are using an operating system that will soon be outdated, according to an Associated Press analysis. Those jurisdictions using Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts will reach its “end of life” on Jan. 14 — meaning Microsoft will no longer provide technical support or produce “patches” to deal with vulnerabilities that hackers could possibly exploit. Microsoft told the AP in a statement Friday that it would offer continued Windows 7 security updates for a fee through 2023. The company did not immediately respond to a request for comment from The Hill. Critics told the AP that the obsolescence was an example of what happens when private companies determine the security level of election systems without federal guidelines. Vendors defended themselves, saying they’ve been making consistent improvements on security, but state officials said they were wary of federal involvement in state and local races.

National: Who Will Clean Up America’s Voter Rolls? | Mark Hemingway/RealClearPolitics

Los Angeles County has too many voters. An estimated 1.6 million, according to the latest calculations – which is roughly the population of Philadelphia. That’s the difference between the number of people on the county’s voter rolls and the actual number of voting age residents. This means that L.A. is in violation of federal law, which seeks to limit fraud by requiring basic voter list maintenance to make sure that people who have died, moved, or are otherwise ineligible to vote aren’t still on the rolls. Los Angeles County has made only minimal efforts to clean up its voter rolls for decades. It began sending notices to those 1.6 million people last month to settle a lawsuit brought by the conservative watchdog group Judicial Watch. Los Angeles County may be California’s worst offender, but 10 of the state’s 58 counties also have registration rates exceeding 100% of the voting age population. In fact, the voter registration rate for the entire state of California is 101%. And the Golden State isn’t alone. Eight states, as well as the District of Columbia, have total voter registration tallies exceeding 100%, and in total, 38 states have counties where voter registration rates exceed 100%. Another state that stands out is Kentucky, where the voter registration rate in 48 of its 120 counties exceeded 100% last year. About 15% of America’s counties where there is reliable voter data – that is, over 400 counties out of 2,800 – have voter registration rates over 100%.

National: Election security briefings failed to satisfy congressional critics | Tim Starks/Politico

House members and senators emerged from two election security briefings by top Trump administration officials Wednesday with plenty of questions. “There is real interest on the part of members of Congress to know who is in charge or what are the operating procedures for the process to move forward,” said Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee. “And the answers were not as clear as they need to be.” Some reportedly didn’t get answers about whether President Donald Trump himself has received a comprehensive briefing. Sen. Angus King (I-Maine) told MC that while he was impressed with the 2020 preparation thus far, more needs to be done. “One of the open questions is, what is the responsibility of the intelligence community to notify a campaign if they’re being victimized by a foreign adversary?” he said. As for the administration: “Today we shared with Congress how we continue to bring the full strength, capabilities, and expertise of our departments and agencies to identity and defend against threats to the United States,” agency officials involved in the briefing said in a joint statement. “Just like our successful, whole-of-government approach to securing the 2018 elections, we will work together with our Federal, state, local and private sector partners as well as our foreign allies to protect the 2020 elections and maintain transparency with the American public about our efforts.”