By Joseph Marks
A man stands outside a closed polling station at Schiller Recreation Center in Columbus, Ohio.
Lawmakers’ failure to impose any new security rules on state election officials in the $2.2 trillion
The bill includes $400 million to protect elections during the pandemic. But it doesn't contain any requirements sought by Democrats that the money be used to expand voting by mail or early voting options. With the
“This was the last chance for coordinated federal action to help secure the 2020 election and unfortunately Congress has once again blown its chance,” Alex Halderman, an election security expert and computer science professor at the University of Michigan, told me. “It’s not surprising, but it ought to be scandalous that we’ve gone four years without Congress passing election security legislation.”
The Senate voted late yesterday to approve the massive stimulus bill, which also sends hundreds of billions of dollars to
The outcome marks a dramatic victory for Senate Majority Leader Mitch McConnell (R-Ky.), who has steadfastly opposed any security mandates being imposed on states in the three-and-a-half years since Russia’s unprecedented operation to undermine Hillary Clinton’s candidacy and aid Donald Trump’s. To date, lawmakers have delivered more than $1 billion for state and local election officials to use as they see fit.
It’s also a major loss for election security hawks who warn that not only Russia but other U.S. adversaries are likely to try to undermine the 2020 election and sow doubts about its legitimacy.
“I certainly would have been hopeful in 2017 that we could impose some [minimal requirements] on election security,” Lawrence Norden, director of the Election Reform Program at New York University's Brennan Center for Justice, told me. “It’s hard for anybody who’s been watching this Congress to say you’re surprised they don’t take basic actions, but it is disappointing.”
The $400 million for coronavirus-related election security changes that made it into the stimulus bill is also far lower than the $4 billion sought by House Democrats and the $2 billion sought by Democratic Senate sponsors of a bill that would have mandated no-excuse mail-in voting across the nation and broadened early voting. And it won’t be nearly enough if states have to substantially increase voting by mail or make other changes if the virus is still making large gatherings unsafe in November, experts warn.
“It’s unmistakable that $400 million is a very paltry amount,” Edward Perez, a former voting machine company executive who's now global director of technology development at the OSET Institute, a nonprofit election technology organization, told me. “You had legislators from both sides of the aisle who were quite comfortable spending significant amounts of money on everything except elections.”
States have made significant progress on election security since 2016, including a widespread shift to voting systems that include paper records so people can verify hackers haven’t changed their votes. About 90 percent of voters will cast ballots using those systems in November, according to a Brennan Center tally.
States have also added a raft of new digital protections around voter registration systems and voter rolls. And the Department of Homeland Security is now monitoring for cyberattacks across the nation and sharing digital threat information with state and local officials.
Democratic lawmakers have also pledged they’ll continue to fight for more money and election protection measures. In a statement after the stimulus bill was released, Sens. Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.) pledged to push for “election reforms across the country” and declared that the “American people cannot be forced to choose between their health and exercising their right to vote.”
Klobuchar and Wyden have sponsored numerous such measures including a bill with Sen. Chris Coons (D-Del.) that would dramatically broaden mail-in voting during the pandemic.
But election security concerns are likely to worsen during the outbreak, which has prevented live-fire tests of new voting systems in some states such as Georgia that have delayed their primaries. It may also force officials to implement rapid changes to voting plans that could lead to technical debacles and create opportunities for hackers.
Even before the pandemic hit, 2020 elections were demonstrating how difficult it can be to make big changes to voting systems. During Iowa’s party-run Democratic caucuses, for example, an app meant to calculate delegates dramatically imploded, delaying results for days. A custom-built voting machine in Los Angeles county that officials spent years developing was also slowed by network problems, producing hours-long lines.
“Ramping up for elections during coronavirus is going to be one hundred times as difficult as those changes,” Norden said.
Anxiety created by the epidemic is also likely to make voters far more vulnerable to disinformation operations related to the election, whether from Russia or elsewhere.
“Given how fragile people are, how anxious and hungry for information in these uncertain times, that increases our vulnerability,” Perez said.
And if hackers catch even one state or locality unprepared in November, that could have ripple effects that damage confidence in the entire election.
“Security is a weakest link problem,” Halderman said. “In 2020 or future elections if even one state suffers a major election security breach, that’s likely to cause voters across the country to lose confidence.”
PINGED, PATCHED, PWNED
A router and Internet switch. (Charles Krupa/AP)
Warner wants companies to issue quick fixes to any digital vulnerabilities and notify consumers about cybersecurity best practices. He’s also concerned that a rise in telework has given hackers more opportunities to attack company and government networks. Cybercrimes using coronavirus fears to swipe users' personal information have dramatically increased, researchers say.
Warner is also sponsoring a bill that would tighten cybersecurity requirements for Internet-connected devices used by the government.
A Chinese flag is displayed on a billboard in gratitude to China during a curfew imposed to prevent the spread of the coronavirus in Belgrade, Serbia, on Tuesday. (Marko Djurica/Reuters)
The spike in activity could be related to tensions between China and the United States over trade and the recent coronavirus pandemic, FireEye security architect Christopher Glyer told Christopher and Raphael. Chinese hackers tend to be more targeted in their attacks, making the wide array of targets a departure from the norm, FireEye’s head of analysis John Hultquist told Reuters.
FireEye declined to name which clients hackers targeted but said the hacking group had tried to break into some companies using a flaw in enterprise software from Cisco and Citrix. Both companies say they worked with FireEye to identify the victims and fix the vulnerabilities.
The Chinese Foreign Ministry did not respond to FireEye’s allegations in a comment to Reuters.
A covid-19 test kit. (Katherine Frey/The Washington Post)
The company says it’s working with authorities to prevent more scammers from using its services to exploit coronavirus fears. Companies can still request domains with the banned words, but Namecheap will review their requests manually.
PUBLIC KEY— Cybersecurity news from the public sector:
PRIVATE KEY— Cybersecurity news from the private sector:
THE NEW WILD WEST— Cybersecurity news from abroad:
- The U.S. Election Assistance Commission will host a virtual public hearing on VVSG 2.0 Requirements at 10am on Friday.