Skip to main content

Analysis | The Cybersecurity 202: Nevada officials intend to use Google forms in upcoming caucuses

By Joseph Marks

The fountains of Bellagio erupt along the Las Vegas Strip. (John Locher/AP)
Election experts are warning about more tech and security red flags as Nevada Democrats race to develop a new game plan for their second-in-the-nation caucuses on Feb. 22.
Those warning signs include vital caucus functions conducted with iPads that probably will be connected to the Internet, a dwindling timeframe to test new tech procedures and a lack of transparency. They threaten a repeat of the Iowa’s caucuses debacle where results were delayed for days and online misinformation swirled.
“It’s terrifying that this is happening 11 days before the caucus,” Gregory Miller, chief operating officer of the OSET Institute, a nonprofit election technology organization, told me. “This all should have been baked in several months ago.”
Another blunder could be a disaster for the Democratic Party, which is reeling from the debacle in Iowa and is desperate to prove its tech and cybersecurity bona fides after Hillary Clinton’s 2016 campaign was upended by a Russian hacking and disinformation operation aimed at helping her opponent, Donald Trump.
Tech problems in Nevada will be slightly tempered by a smooth count in the New Hampshire Democratic primary last night, which used a far simpler process to tally votes and was run by election officials rather than the state party. News outlets declared Sen. Bernie Sanders (I-Vt.) the narrow winner of that contest shortly after 11 p.m. Eastern time.
Nevada Democrats have been frantically revamping their caucus operations since last week when they scrapped plans to use apps developed by Shadow Inc., the tech firm launched by veterans of Clinton’s 2016 campaign that also built the app that imploded in Iowa. The Iowa app wasn’t just shoddily built but also contained security vulnerabilities, according to experts who reviewed it after the fact.
The new Nevada procedures present tech and security problems of their own, however.
On Monday evening the state party outlined plans for volunteers to check in early voters using iPads with county-specific PDFs of voter rolls preloaded on the Books app and to record who has voted early using a Google form, according to a document sent to campaigns and detailed by my colleagues Holly Bailey and Isaac Stanley-Becker.
That creates a danger hackers could try to manipulate those forms or simply overwhelm wireless networks so it’s tougher to access them, Miller told me.
Nevada Democrats didn’t respond to questions I sent asking how long those tools would be connected to the Internet and what security testing is planned. The party also hasn’t answered detailed questions about a separate digital tool it intends to use to do the complex math integrating the candidate preferences of early voters with the preferences of people who show up on caucus night.
That lack of transparency could be dangerous because it prevents outside experts from pointing out pitfalls and gives fodder to rumors and misinformation.
“To set up a process for voting and early voting in a caucus on a tight time frame [is] a really big challenge. It would be a tall order for anybody,” David Levine, the elections integrity fellow at the Alliance for Securing Democracy, told me. “So, it’s incumbent on the Nevada Democratic Party to be as transparent and forthcoming as possible.”
If something does go wrong on caucus night, it’s also vital that Nevada officials explain what’s happening as quickly and clearly as possible to avoid the rumors that swirled in Iowa and damaged the contest’s credibility, Levine said.
“If there’s a vacuum, it’s going to be filled,” he said. “To avoid a situation where misinformation or disinformation can drown out accurate information, it’s really important the Nevada Democratic Party steps up and is clear about what they’re doing and how they’re doing it.” 
For some election experts, the Iowa failures and concerns about Nevada are enough to call into question the caucus system itself, in which citizens gather to hash out which candidates to support rather than voting individually and the process is run by state parties rather than election professionals.
“Caucuses are passing from being antiquated to being outright obsolete,” Miller told me. “Sure, there’s some romance to the caucus process of everyone getting together, but romance can be very messy.”
Some security experts, meanwhile, praised the decision to use Google Forms rather than any custom-built tools, saying its safer to rely on large commercial technology that's been rigorously tested — especially given the incredibly tight time frame before this month's Nevada contests.
“Google dedicates enormous resources to keep their core infrastructure secure,” Chad Loder, founder of the cybersecurity training company Habitu8, told me. “They have experience in protecting their systems and applications from nation states. Sometimes, simpler is better. "
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?


PINGED: The Chinese telecommunications company Huawei has covertly maintained access to mobile phone networks through backdoors meant exclusively for law enforcement, U.S. officials say, according to Bojan Pancevski at the Wall Street Journal. That’s the most serious and specific charge U.S. officials have yet leveled against the Chinese company, which they’re trying to restrict from the next generation of super-fast wireless networks known as 5G.
Officials declined to say whether the United States has observed Huawei using this access, but said classified intelligence shows it has had the capability to do so since at least 2009. The company also failed to disclose that access to customers or to intelligence services in nations where it operates, officials told Bojan.
“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” national security adviser Robert O’Brien said.
Huawei denied the story, saying that it “has never and will never do anything that would compromise or endanger the security of networks and data of its clients.” U.S. officials have long warned that Chinese leaders could compel Huawei to assist government spying, but have stopped short of making more specific charges.
Washington privately shopped the classified intelligence to allies for months as it ramped up efforts to convince other nations to ban Huawei from their 5G networks, Bojan reported.
The warnings didn't stop the United Kingdom from allowing Huawei a limited role in its 5G network build out last month, however. They could carry more weight in Germany, where lawmakers will vote in the coming weeks on whether to allow Huawei access to its 5G market. Diplomats there described a memo detailing the U.S. findings as “smoking gun” evidence that Huawei poses a spying risk, according to a confidential memo seen by the Journal, Bojan reports.
Some privacy advocates, meanwhile, pointed to the story as evidence that law enforcement backdoors into technology can be exploited far too easily by criminals or other nations a dig at the Justice Department, which is pushing for similar special access to encrypted communications.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation:
Gee, maybe back doors for law enforcement aren’t a good idea.
— Eva (@evacide) February 11, 2020

Senate Minority Leader Chuck Schumer (D-N.Y.) speaks as Sen. Mark Warner (D-Va.) and Sen. Richard Blumenthal (D-Conn.) look on. (Alex Wong/Getty Images)
PATCHED: Senators again tussled again over election security legislation yesterday, with Democrats slamming Republicans for blocking three bills requiring campaigns to report offers of foreign assistance and mandate additional cybersecurity measures to protect hacking. By refusing to pass the measures — even with primaries and caucuses in full swing — Republicans are putting American elections at serious risk of foreign interference, Democrats said.
“Despite all of the ways foreign hackers have already made it into our election infrastructure, Congress has refused to arm state and county elections officials with the knowledge and funding they need to secure their systems,” Sen. Ron Wyden (D-Ore.) said. “I fear the 2020 election will make 2016 look like small potatoes.”
Sen. Marsha Blackburn (R-Tenn.), meanwhile, not only blocked Democrats' efforts but also accused them of trying to “seize control over elections from the states.”
Blackburn countered with a bill seeking an investigation into what went wrong with the results of the Iowa Democratic caucuses called the “Determining Election Blunders And Correcting Logical Errors,” or DEBACLE, Act.
Senate Minority Leader Chuck Schumer (D-N.Y.) accused Republicans of being afraid of the wrath of President Trump and Senate Majority Leader Mitch McConnell (R-Ky.).
The current president of the United States, far from having the same fears about foreign interference as our founders, has been very public about his openness to foreign assistance and manipulation in support of his election, Schumer said.
— Chuck Schumer (@SenSchumer) February 11, 2020
PWNED: Tech entrepreneur Andrew Yang dropped out of the presidential race after a disappointing showing in New Hampshire last night, my colleagues David Weigel and Amy B Wang reported. Yang, a tech entrepreneur, was the only candidate to endorse mobile voting, an idea largely panned by election security experts.
He also advocated reviving the defunct Office of Technology Assessment that would be tasked with making Congress smarter about tech and cybersecurity issues.
Yang spoke out against election interference on the debate stage and praised congressional efforts to guard against it during a Post Live event in October — though he took a softer line than most of his Democratic challengers on directly criticizing Russia for interfering in the 2016 contest.
Sen. Michael F. Bennet (D-Colo.) also ended his campaign last night. Bennet was a co-sponsor of Democrats' major election security bills and had urged House and Senate appropriations committees to increase funding for election security grants and the Election Assistance Commission.


--Social media companies have ramped up efforts to take down phony and misleading posts by actors tied to Iran that attempt to sway public opinion in the United States and abroad. Now it's the U.S. government's turn to step up, says a new report out today from the Atlantic Council.
The report urges the Department of Homeland Security to create an intergovernmental agency that would attribute and publicize foreign influence operations, which they say could help demystify Iran's ongoing information warfare campaign against the United States.
“The U.S. government has struggled profoundly to come up with a coordinated response to these threats,” Emerson T. Brooking, resident fellow at the Atlantic Council's Digital Forensic Research Lab and co-author of the report with Suzanne Kianpour, told our researcher Tonya Riley. “The stakes are too high for these kinds of attributions to be left to the private sector alone."
— More cybersecurity news from the public sector:
Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities t
The Hill
James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message.
Kartikay Mehrotra | Bloomberg
House lawmakers on Tuesday touted progress toward bipartisan legislation on self-driving cars, with plans to release draft language that includes cybersecurity measures soon.
The Hill
The resignations could plunge the department into political crisis over its independence.
Matt Zapotosky, Devlin Barrett, Ann Marimow and Spencer Hsu


--Malicious websites containing the word “valentine” increased by 200 percent in February over previous months in both 2018 and 2019, researchers at Checkpoint found. Fraudulent websites using the word “chocolate" also spiked those months but to a lesser degree, the researchers found. They urged internet users to be wary of special online offers containing the keywords. But who would click on a Valentine's Day offer in October?
— More cybersecurity news from the private sector:
Losses from cryptocurrency crime surged to $4.52 billion last year, as insider t...
Motherboard obtained a video of a so-called relay attack from EvanConnect, who sells keyless repeaters that can be used to break into and steal luxury cars.


— Cybersecurity news from abroad:
Switzerland said on Tuesday it was probing reports that the U.S. Central Intelli...


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in