Analysis | The Cybersecurity 202: Los Angeles county voting machine breakdown sparks concerns about November

By Joseph Marks

13-16 minutes: Source: The Washington Post

---

Voters wait on line at a polling station at the University of Southern California on Tuesday, March 3, 2020. (AP Photo/Stefanie Dazio)

THE KEY
Politicians and voters are fuming about technical problems that bedeviled Los Angeles County on Super Tuesday, producing hours-long voting lines and undermining confidence in the county’s new custom-built voting machines that were supposed to be a model for the nation.
It was an ugly debut for the $280 million machines, which marked the most ambitious effort in decades to create a super-secure and accessible voting system outside the grasp of a cadre of companies that control more than 90 percent of the voting machine market. The idea was to provide an alternative to mass-produced machines that experts fear are too vulnerable to Russian hacking.
After the primetime debacle — in which about one-fifth of voting machines failed to work and network problems interfered with electronic poll books used by election workers to verify voters' eligibility — it’s hardly clear if other jurisdictions will want to follow L.A.'s lead and try to break free of the industry. 
Some former boosters of these machines are even worrying about another implosion in November, as my colleagues Neena Satija, Isaac Stanley-Becker and I report.
“It was $300 million and a period of years that we have been developing this, so it was very troubling that on the day of the actual vote there were some big problems,” Janice Hahn, a member of the county’s nonpartisan Board of Supervisors, told me.
Hahn introduced a measure yesterday demanding a full review of the problems from county election officials within 30 days. The Board of Supervisors is scheduled to vote on that measure next week. “The reason we changed to this system was to create more access for people and more flexibility, so I want to make sure that the problems people experienced yesterday didn’t cause just the opposite of what we were attempting to do,” she said.
There were plenty of warnings there could be problems, as Neena and I reported before the Super Tuesday contest — including a December report from the California secretary of state’s office that found myriad security and accessibility issues. 
Among the problems: The machines that tally results could be started by inserting a flash drive, creating risks that hackers could infect them with malware, and the system lacked “full disk encryption,” a cybersecurity gold standard. Secretary of State Alex Padilla certified the system for use in the March primaries anyway, but imposed numerous conditions on them.
The county’s top election official, Dean Logan, told us in an interview those issues had all been remedied or mitigated before primary day. His office didn’t respond to multiple requests for comment Wednesday. He told the L.A. Times, however, that the glitches that did happen probably occurred during the voter check-in process but didn’t expand further.
“This was a challenging day for a lot of voters in L.A. County, and I certainly apologize for that. That’s something that has to be better,” he said, adding, “I had hoped for a smoother transition.”
Voter advocates, election observers and candidates, meanwhile, slammed the county, saying the technical problems probably disenfranchised voters who couldn’t wait for hours in line. And they expressed frustration that the county used a new system for the first time during such a crucial election.
“Voters should never have to wait four hours in line to exercise their constitutional right to cast their ballot,” Anna Bahr, a campaign spokeswoman for Sen. Bernie Sanders (I-Vt.), said. “Long wait times and malfunctioning machines like the ones we saw yesterday disproportionately affect working-class voters who can’t afford to take extra hours off work or pay for child care to stand in line.”
The Sanders campaign filed an unsuccessful lawsuit trying to force the county to extend voting hours Tuesday night.
Mark Gonzalez, chair of the county’s Democratic Party, said he saw elderly voters and those with disabilities waiting in line for hours.
“We believed in the technology and we believed it would work because that’s what we were told, and that’s not what happened,” he said. “Machines completely went out. Voting centers completely shut down.”
Reporters on the ground, meanwhile, documented voters who waited in line late into the night — and sometimes nearly to the next day. Under California law, anyone can vote provided they’re in line before polls’ 8 p.m. closing time.
Here’s Alexander Tin with CBS News:

With less than an hour until Super Tuesday turns to Wednesday, the 879th and final ballot has been cast at this voting center in Santa Monica
But the work continues for #lavote poll workers at this site who have to close up shop pic.twitter.com/ubgXwYckey

— Alexander Tin (@ThisAlexTin) March 4, 2020

Brianna Sacks with BuzzFeed:

Another LA resident still in line to vote at 9:30 at the Hammer Museum near Beverly Hills. He says he’s been waiting for 3 hours
Buried lede: there is a cat on a leash also still in line at this polling locationhttps://t.co/DqFRvlIXbl https://t.co/8cQcrWcyuP

— Brianna Sacks (@bri_sacks) March 4, 2020

Sam Alipour with ESPN had to wait two hours to vote himself:

Never had to wait to vote - until yesterday. 2 hr wait at my nearest polling location in west LA. Thought we Californians agreeed to make voting easier. We’re the “woke state”, right? So how bad does the rest of america have it? So disappointing. Hope I’m an anomaly @latimes https://t.co/852RWN8vgG

— Sam Alipour (@samalipour) March 4, 2020

PINGED, PATCHED, PWNED

Senate Commerce, Science, and Transportation Committee Chairman Roger Wicker (R-Miss.). (Susan Walsh/AP)

PINGED: Executives from the European telecommunications firms Nokia and Ericsson threw their support behind legislation aimed at hindering their Chinese competitor Huawei in its bid to provide global next-generation 5G services. 
Among the bills the executives endorsed at a Senate Commerce Committee hearing: the recently passed Secure and Trusted Communications Network Act, which would create a $1 billion program to help small U.S. telecom providers remove and replace Huawei equipment and the Utilizing Strategic Allied (USA) Telecommunications Act, which would invest more than $1 billion in Western alternatives to Chinese equipment providers.
Lawmakers introduced the bills in reaction to growing concerns that Huawei could be compelled to provide China with a back door for spying into any networks that use its equipment.
Telecommunications companies AT&T, Verizon and Juniper also wrote to Senate Commerce Committee members ahead of the hearing supporting the bill.
Huawei wasn’t invited to testify at the hearing, but two officials, Chief Security Officer Andy Purdy and Congressional affairs lead Donald Morrissey, showed up anyway and sat in the front row. 

Sitting in front row of the hearing. Hope they will invite us to respond!! Not enough focus on what is necessary to lake America safer and equipment suppliers more secure! #huaweuusa #connectnotdivide#huawei

— Andy Purdy (@andy_purdy) March 4, 2020

Purdy has been pushing a transparency initiative for companies that build 5G networks, which he says will demonstrate Huawei’s doing a good job of securing its systems against hacking and hasn’t inserted any backdoors to aid Chinese spying.
He and Morrissey panned the hearing for focusing more on senators’ criticism of Huawei than on ways to guarantee that all components of 5G networks are secure as possible. 
“The U.S. government has embarked on a brand demolition campaign against Huawei globally, so we need to be here to respond,” Morrissey said.

Tik Tok logo. (Dado Ruvic/Reuters)

PATCHED: Sen. Josh Hawley (R-Mo.) announced he will introduce legislation to ban the popular video app TikTok from all government devices, over Chinese spying concerns. The Departments of State and Homeland Security, as well as several military branches, have already banned the use of the social network on government devices. 
Hawley said the ban is needed because the Chinese-owned app “tracks your search history, your keystrokes, your location,” and sends that information to the Chinese government:

.@tiktok_us tracks your search history, your keystrokes, your location - and shares it w/ #china. That’s why Pentagon, State Dept, Homeland Security & TSA banned it for employees. I will introduce legislation to ban @tiktok_us for ALL federal employees on all govt devices

— Josh Hawley (@HawleyMO) March 4, 2020

Top cybersecurity officials echoed his concerns at the Senate Judiciary Committee hearing.
“There's certainly no place for applications like TikTok on government devices and government  networks,” Bryan Ware, assistant director at DHS's Cybersecurity and Infrastructure Security Agency, testified. “China has amazing programs now in collection of data ... and when that data is our voices, our faces, our locations and things that are tied very closely to our identity like our phones are, that should give us great concern.”
Both TikTok and Apple declined to send executives to the hearing, the second called by Hawley on the relationship between Big Tech and China. So far, there's no public evidence that TikTok shares any data from Americans with the Chinese government, and TikTok has repeatedly denied the allegations.
“While we think the concerns are unfounded, we understand them and are continuing to further strengthen our safeguards while increasing our dialogue with lawmakers to help explain our policies,” TikTok said in a statement.

A health note on best practices to avoid the coronavirus is posted on the door of the library at Sapienza University of Rome on Wednesday. (Giulio Napolitano/Bloomberg News)

PWNED: Cybercriminals are increasing their efforts to exploit coronavirus fears to hack unsuspecting Internet users looking for information about the disease, researchers at the cybersecurity company Check Point found.
In one case, hackers posing as officials from the World Health Organization targeted thousands of organizations in Italy, where more than 100 people have died of the disease, with phishing emails aiming to steal their usernames  and passwords.
Researchers at another cybersecurity firm, ProofPoint, also spotted an uptick in malicious emails mentioning coronavirus, James Rundle, Catherine Stupp and Kim S. Nash at the Wall Street Journal report.

CHAT ROOM

Mike Bloomberg wasn’t the only long-shot former tech tycoon to drop out of the 2020 presidential race yesterday. Perennial candidate John McAfee, the gonzo founder of the anti-virus firm that bears his name, also announced his departure on Twitter. McAfee said he plans to seek the vice-presidential slot as a Libertarian.

I regret
That I am ending my campaign for President.
I am instead
Attempting to run
For the Vice Presidential slot.
I have asked my Campaign Manager@Loggiaonfire
To contact the Campaign of Libertarian @VerminSupreme
And offer to be his VP pick.
Full explanation in video. pic.twitter.com/750ggzJdBY

— John McAfee (@officialmcafee) March 4, 2020

PUBLIC KEY

— Cybersecurity news from the public sector:

FBI Director Christopher Wray says law enforcement agents are working to take out the tools that allow increasingly dangerous cyber criminals to carry out their devastating attacks
Alanna Durkin Richer | AP

U.S. Cyber Command leader Gen. Paul Nakasone told a House panel Wednesday that election security is his “top priority,” emphasizing strides made in combating threats in the years since Russia interfered in the 2016 presidential election.
The Hill

Members of Congress pressed Treasury Secretary Steven Mnuchin about how effective the department's cyber-related financial sanctions were in deterring future behavior and how it was defining success.
FCW

Yevgeniy Nikulin was in regular contact with Oleksandr Ieremenko, a Ukrainian national who allegedly hacked the U.S. Securities and Exchange Commission.
CyberScoop

PRIVATE KEY

— Cybersecurity news from the private sector:

The clothing giant took almost a year to disclose the security incident.
TechCrunch

A collection of online stores offer murder for pay. Researchers say they are scams, but people who want someone dead aren’t listening.
The New York Times

Banjo is applying artificial intelligence to government-owned surveillance and traffic cameras across the entire state of Utah to tell police about "anomalies."
Motherboard

THE NEW WILD WEST

— Cybersecurity news from abroad:

Russia has been targeted from abroad by foes spreading fake news about the coronavirus to sow panic, President Vladimir Putin said on Wednesday.
Reuters

The Telecommunications Interception Access Act amendment seeks to 'enhance the process of exchanging information held by communications providers for the purpose of criminal investigations and prosecutions'.
ZDNet