Analysis | The Cybersecurity 202: State election officials warn that federal strings on stimulus cash stand in way of using it
By Joseph Marks
State officials are pushing Congress to reverse restrictions they say are too burdensome on $400 million aimed at protecting elections during the coronavirus pandemic.
Congress approved that payout last month as part of a $2 trillion coronavirus stimulus bill but also required states match 20 percent of it out of their own budgets. Coming up with that money would be tough for some states in normal times and may be simply impossible with every spare dollar going to pandemic response and economic recovery, the officials say.
“State revenues are plummeting across the country and this means some states will not be able to utilize that money,” Vermont Secretary of State Jim Condos (D) said during a call with reporters.
The dispute highlights the cash crunch state and county election offices are facing as they prepare for a general election unlike any they’ve ever run — challenged by possible hacking and disinformation from Russia and a public health crisis that could make in-person voting perilous.
Some election officials also need approval for those matches from state legislatures that aren’t meeting or are busy responding to the pandemic. And each day the states can’t get their hands on the money is a day lost in preparing for elections.
The officials are also bristling because the relief bill included far larger cash packages for industries including airlines and agriculture with far fewer strings attached.
“I don't see a 20 percent match for the business community, so I'm not sure why all the sudden we have to have a 20 percent match,” said Condos, who was formerly president of the National Association of Secretaries of State and serves on its executive board.
Voters masked against coronavirus line up at Riverside High School for Wisconsin's primary election. (Morry Gash/AP)
Getting any of the provisions rolled back will be a long shot in the Senate.Majority Leader Mitch McConnell (R-Ky.) has consistently pushed back on pleas for election funding and agreed to the $400 million payout only after Democrats consented to the 20 percent match, said an aide for Sen. Amy Klobuchar (D-Minn.), who championed the funding. McConnell’s office didn’t respond to a request for comment.
That deal came after Democrats in the House had initially pushed for up to $4 billion for elections in the stimulus bill.
Senate Democrats also tried to reverse the provisions in a bill last week aimed at shoring up small businesses during the pandemic. But they were rebuffed again, said the Klobuchar aide, who requested anonymity because he wasn’t authorized to speak for attribution.
There is some Republican support for such a move, however. Sen. Susan Collins (R-Maine) joined Sen. Michael Bennet (D-Colo.) in a letter to Senate and House leadership that urged rolling back the requirements for states facing economic distress.
A poll worker receives an absentee ballot from a voter. (Joshua A. Bickel/Columbus Dispatch/AP)
State officials are also keeping up steady pressure.The 11-member NASS executive board sent a letter to Senate leaders earlier this month urging them to reverse the match in future legislation. “Legislatures across the country are … dealing with depleted surpluses, lower tax revenues, increased healthcare costs and other financial challenges in response to the pandemic,” the officials write.
Secretaries of state are also sending similar pleas to members of Congress from their home states, Condos told me.
But the fight is also likely to be subsumed by a cavalcade of other election challenges.
A mail carrier of the U.S. Postal Service (USPS) wearing a protective face mask. (Michael Reynolds/EPA-EFE/Shutterstock)
There’s growing concern that a shortfall in U.S. Postal Service funding during the pandemic could handicap the service’s ability to deliver a crush of ballots and ballot requests, especially if voters request ballots close to Election Day.
“The impact of the loss of the U.S. Postal Service in this election would be devastating for our democracy,” Washington state Secretary of State Kim Wyman (R) said during the call.
Wyman and Condos are calling on Congress to ensure the Postal Service gets a $10 billion line of credit aimed at supporting it through the pandemic.
That loan was included in the stimulus bill, but President Trump has threatened to block it unless officials there agree to raise postage rates.
If the Post Office has to reduce services, Wyman and Condos say, that raises the chances that ballots will arrive too late for some voters, forcing them to risk their health by voting in person and diminishing faith in the electoral process.
Trump has also been highly critical of voting by mail, claiming without evidence that it creates widespread voter fraud — even though he voted by mail himself in Florida this year.
American Postal Workers Union President Mark Dimondstein took a swipe at that fact during the call, saying, “We were happy to move the president's absentee mail ballots through the mail. He trusted us to do that. Tens of millions of people trust us to do that … and we look forward to doing that on a nonpartisan basis for generations to come.”
An American extremist seeking to spread conspiracy theories probably was responsible for sharing 25,000 credentials from the WHO and other institutions leading pandemic response efforts.
The logo of the World Health Organization. (Fabrice Coffrini/AFP/Getty Images)
The individual probably wanted others to help him hack the World Health Organization, the Gates Foundation and other institutions using those emails for evidence of his theories, the researchers from SITE Intelligence Group concluded. Most of the credentials, which came from an older breach, didn't work.
“The user framed the email credentials as a sort of gold mine of information and urged users to log on and save as much as they could,” said Rita Katz, executive director of SITE.
A separate review this week found the World Bank and WHO may have cybersecurity weaknesses that could lead to another password leak. The cybersecurity firm Prevallion found malware inside both organizations' networks that’s about a decade old but still sending signals to an outside computer. There’s no evidence at this point the malware was used to steal emails or other credentials.
WHO said in a statement that an internal investigation found “no traces nor evidence” of the malware. The World Bank declined to comment, saying it does not discuss cybersecurity issues.
Some apps to track the coronavirus’s spread are launching with serious security vulnerabilities.
A photo illustration shows a new COVIDSafe app by the Australian government. (Saeed Khan/AFP/Getty Images)
The early red flags underscore how a rush to find digital solutions to the pandemic has outpaced privacy and security concerns.
Members of Congress have pressed Apple and Google about the privacy features of their new contact-tracing technology, but state tracking efforts have endured less scrutiny and some have been put together in a rush. A North Dakota app, for example, was retrofitted from an existing app used by football fans to stay in touch on the way to out-of-state games and stores data in the developer’s private server.
A Senate panel plans to mull proposals for remote congressional voting in a videoconference today.
House Speaker Nancy Pelosi (D-Calif.) and House Majority Whip James E. Clyburn (D-S.C.). (Amanda Andrade-Rhoades/Bloomberg News)
The online gathering of the Senate Homeland Security Committee’s investigations panel comes amid numerous proposals for how senators could vote and debate bills remotely during the pandemic, but they’ve all met staunch opposition from McConnell who favors senators voting in person. The panel's chair, Sen. Rob Portman (R-Ohio), co-sponsored a proposal with Sen. Richard Durbin (D-Ill.), which would basically task the chamber’s tech adviser with approving a remote voting system. It has won support from 15 senators.
The Senate is scheduled to resume business in Washington next week — despite concerns that returning before the pandemic subsides could endanger lawmakers, their staffs and other Capitol employees. The House, meanwhile, is delaying its return.
Chat roomOne big problem with remote voting plans: Low levels of tech savvy among some members. NBC News's Stephanie Ruhle spoke with Rep. Katie Porter (D-Calif.):
Asked by @SRuhle about resistance to remote voting technology in Congress, @RepKatiePorter refers to the "flip phone caucus" as primary obstacle— Mike Memoli (@mikememoli) April 29, 2020
Cyber insecurity"Zoombombing” isn't the only cybersecurity threat plaguing educators.
A student of landscape architecture. (Darek Delmanowicz/EPA-EFE/Shutterstock)
- Virtual learning systems at the University of Michigan and other higher-ed institutions contained vulnerabilities that could allow hackers to steal personal information from students and teachers, researchers at Check Point found. The vulnerabilities could have also allowed hackers to swipe funds from educators and change grades. The bugs were in components offered by three companies — LearnPress, LearnDash and LiferLMS — that are used by 100,000 other virtual learning platforms. All three companies have patched the bugs.
- Scammers are also finding new ways to exploit economic anxieties prompted by the virus. They're using fake Zoom invitations that pose as meetings with human resources managers to try to swipe employees’ personal information, SophosLabs found.
Microsoft's cloud computing business is raking in cash during the coronavirus pandemic.
Microsoft CEO Satya Nadella. (Manjunath Kiran/AFP/Getty Images)
The pandemic could actually help Microsoft consolidate power during a rocky economy, analysts say. “The big get bigger. Scale wins,” Stifel Nicolaus & Co. analyst Brad Reback said. “These guys have all the right products in place."