By Joseph Marks
The fountains of Bellagio erupt along the Las Vegas Strip. (John Locher/AP)
Election experts are warning about more tech and security red flags as Nevada Democrats race to develop a new game plan for their second-in-the-nation caucuses on Feb. 22.
Those warning signs include vital caucus functions conducted with iPads that probably will be connected to the Internet, a dwindling timeframe to test new tech procedures and a lack of transparency. They threaten a repeat of the Iowa’s caucuses debacle where results were delayed for days and online misinformation swirled.
“It’s terrifying that this is happening 11 days before the caucus,” Gregory Miller, chief operating officer of the OSET Institute, a nonprofit election technology organization, told me. “This all should have been baked in several months ago.”
Another blunder could be a disaster for the Democratic Party, which is reeling from the debacle in Iowa and is desperate to prove its tech and cybersecurity bona fides after Hillary Clinton’s 2016 campaign was upended by a Russian hacking and disinformation operation aimed at helping her opponent, Donald Trump.
Tech problems in Nevada will be slightly tempered by a smooth count in the New Hampshire Democratic primary last night, which used a far simpler process to tally votes and was run by election officials rather than the state party. News outlets declared Sen. Bernie Sanders (I-Vt.) the narrow winner of that contest shortly after 11 p.m. Eastern time.
Nevada Democrats have been frantically revamping their caucus operations since last week when they scrapped plans to use apps developed by Shadow Inc., the tech firm launched by veterans of Clinton’s 2016 campaign that also built the app that imploded in Iowa. The Iowa app wasn’t just shoddily built but also contained security vulnerabilities, according to experts who reviewed it after the fact.
The new Nevada procedures present tech and security problems of their own, however.
On Monday evening the state party outlined plans for volunteers to check in early voters using iPads with county-specific PDFs of voter rolls preloaded on the Books app and to record who has voted early using a Google form, according to a document sent to campaigns and detailed by my colleagues Holly Bailey and Isaac Stanley-Becker.
That creates a danger hackers could try to manipulate those forms or simply overwhelm wireless networks so it’s tougher to access them, Miller told me.
Nevada Democrats didn’t respond to questions I sent asking how long those tools would be connected to the Internet and what security testing is planned. The party also hasn’t answered detailed questions about a separate digital tool it intends to use to do the complex math integrating the candidate preferences of early voters with the preferences of people who show up on caucus night.
That lack of transparency could be dangerous because it prevents outside experts from pointing out pitfalls and gives fodder to rumors and misinformation.
“To set up a process for voting and early voting in a caucus on a tight time frame [is] a really big challenge. It would be a tall order for anybody,” David Levine, the elections integrity fellow at the Alliance for Securing Democracy, told me. “So, it’s incumbent on the Nevada Democratic Party to be as transparent and forthcoming as possible.”
If something does go wrong on caucus night, it’s also vital that Nevada officials explain what’s happening as quickly and clearly as possible to avoid the rumors that swirled in Iowa and damaged the contest’s credibility, Levine said.
“If there’s a vacuum, it’s going to be filled,” he said. “To avoid a situation where misinformation or disinformation can drown out accurate information, it’s really important the Nevada Democratic Party steps up and is clear about what they’re doing and how they’re doing it.”
For some election experts, the Iowa failures and concerns about Nevada are enough to call into question the caucus system itself, in which citizens gather to hash out which candidates to support rather than voting individually and the process is run by state parties rather than election professionals.
“Caucuses are passing from being antiquated to being outright obsolete,” Miller told me. “Sure, there’s some romance to the caucus process of everyone getting together, but romance can be very messy.”
Some security experts, meanwhile, praised the decision to use Google Forms rather than any custom-built tools, saying its safer to rely on large commercial technology that's been rigorously tested — especially given the incredibly tight time frame before this month's Nevada contests.
“Google dedicates enormous resources to keep their core infrastructure secure,” Chad Loder, founder of the cybersecurity training company Habitu8, told me. “They have experience in protecting their systems and applications from nation states. Sometimes, simpler is better. "
PINGED, PATCHED, PWNEDPINGED: The Chinese telecommunications company Huawei has covertly maintained access to mobile phone networks through “backdoors” meant exclusively for law enforcement, U.S. officials say, according to Bojan Pancevski at the Wall Street Journal. That’s the most serious and specific charge U.S. officials have yet leveled against the Chinese company, which they’re trying to restrict from the next generation of super-fast wireless networks known as 5G.
Officials declined to say whether the United States has observed Huawei using this access, but said classified intelligence shows it has had the capability to do so since at least 2009. The company also failed to disclose that access to customers or to intelligence services in nations where it operates, officials told Bojan.
“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” national security adviser Robert O’Brien said.
Huawei denied the story, saying that it “has never and will never do anything that would compromise or endanger the security of networks and data of its clients.” U.S. officials have long warned that Chinese leaders could compel Huawei to assist government spying, but have stopped short of making more specific charges.
Washington privately shopped the classified intelligence to allies for months as it ramped up efforts to convince other nations to ban Huawei from their 5G networks, Bojan reported.
The warnings didn't stop the United Kingdom from allowing Huawei a limited role in its 5G network build out last month, however. They could carry more weight in Germany, where lawmakers will vote in the coming weeks on whether to allow Huawei access to its 5G market. Diplomats there described a memo detailing the U.S. findings as “smoking gun” evidence that Huawei poses a spying risk, according to a confidential memo seen by the Journal, Bojan reports.
Some privacy advocates, meanwhile, pointed to the story as evidence that law enforcement backdoors into technology can be exploited far too easily by criminals or other nations — a dig at the Justice Department, which is pushing for similar special access to encrypted communications.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation:
Gee, maybe back doors for law enforcement aren’t a good idea. https://t.co/jpEiMKCjLy— Eva (@evacide) February 11, 2020
Senate Minority Leader Chuck Schumer (D-N.Y.) speaks as Sen. Mark Warner (D-Va.) and Sen. Richard Blumenthal (D-Conn.) look on. (Alex Wong/Getty Images)
“Despite all of the ways foreign hackers have already made it into our election infrastructure, Congress has refused to arm state and county elections officials with the knowledge and funding they need to secure their systems,” Sen. Ron Wyden (D-Ore.) said. “I fear the 2020 election will make 2016 look like small potatoes.”
Sen. Marsha Blackburn (R-Tenn.), meanwhile, not only blocked Democrats' efforts but also accused them of trying to “seize control over elections from the states.”
Blackburn countered with a bill seeking an investigation into what went wrong with the results of the Iowa Democratic caucuses called the “Determining Election Blunders And Correcting Logical Errors,” or DEBACLE, Act.
Senate Minority Leader Chuck Schumer (D-N.Y.) accused Republicans of being “afraid of the wrath” of President Trump and Senate Majority Leader Mitch McConnell (R-Ky.).
“The current president of the United States, far from having the same fears about foreign interference as our founders, has been very public about his openness to foreign assistance and manipulation in support of his election,” Schumer said.
— Chuck Schumer (@SenSchumer) February 11, 2020
He also advocated reviving the defunct Office of Technology Assessment that would be tasked with making Congress smarter about tech and cybersecurity issues.
Yang spoke out against election interference on the debate stage and praised congressional efforts to guard against it during a Post Live event in October — though he took a softer line than most of his Democratic challengers on directly criticizing Russia for interfering in the 2016 contest.
Sen. Michael F. Bennet (D-Colo.) also ended his campaign last night. Bennet was a co-sponsor of Democrats' major election security bills and had urged House and Senate appropriations committees to increase funding for election security grants and the Election Assistance Commission.
PUBLIC KEY--Social media companies have ramped up efforts to take down phony and misleading posts by actors tied to Iran that attempt to sway public opinion in the United States and abroad. Now it's the U.S. government's turn to step up, says a new report out today from the Atlantic Council.
The report urges the Department of Homeland Security to create an intergovernmental agency that would attribute and publicize foreign influence operations, which they say could help demystify Iran's ongoing information warfare campaign against the United States.
“The U.S. government has struggled profoundly to come up with a coordinated response to these threats,” Emerson T. Brooking, resident fellow at the Atlantic Council's Digital Forensic Research Lab and co-author of the report with Suzanne Kianpour, told our researcher Tonya Riley. “The stakes are too high for these kinds of attributions to be left to the private sector alone."
— More cybersecurity news from the public sector:
PRIVATE KEY--Malicious websites containing the word “valentine” increased by 200 percent in February over previous months in both 2018 and 2019, researchers at Checkpoint found. Fraudulent websites using the word “chocolate" also spiked those months but to a lesser degree, the researchers found. They urged internet users to be wary of special online offers containing the keywords. But who would click on a Valentine's Day offer in October?
— More cybersecurity news from the private sector: