Search This Blog

Translate

Search Tool




May 13, 2020

Analysis | The Cybersecurity 202: Democratic coronavirus bill shows how partisan election security has become

By Joseph Marks


with Tonya Riley

Democrats yesterday released their most ambitious and detailed plan yet to fundamentally reshape U.S. voting systems in the midst of the coronavirus pandemic.
Their new virus stimulus bill includes $3.6 billion to run elections safely and securely during the pandemic. But it couples that money with a slate of new mandates for state and local election officials that will last long after the pandemic ends.
Many of those mandates are sure to irk Republican election officials at the state and county level — even those who broadly agree with Democrats’ goals of ramping up voting by mail and polling-place safety during the pandemic. And they're probably nonstarters with Senate Majority Leader Mitch McConnell (R-Ky.), who has fiercely blocked such conditions in the past.
The election provisions are part of a $3 trillion plan, dubbed the Heroes Act, assembled by House Speaker Nancy Pelosi (D-Calif.) and her top lieutenants, which is unlikely to make any headway in the Republican-controlled Senate.
There’s a lot in this bill that will absolutely look to Republicans like a Democratic wish list,” Edward Perez, global director of technology development at the OSET Institute, a nonprofit election technology organization, told me. “It’s a lost opportunity to achieve pragmatic bipartisanship."

House Speaker Nancy Pelosi (D-Calif.). (Graeme Jennings/Pool/EPA-EFE/Shutterstock)
The bill, which House lawmakers are expected to vote on Friday, comes as close to a federal takeover of elections as has yet been proposed.  
It mandates that states offer voting-by-mail options for all voters without excuses for all future elections starting in November. It also mandates 15 days of early voting across the country. And it requires that states draw up detailed plans to hold elections during future emergencies that the federal government can challenge in court if they don’t sufficiently protect voters and poll workers.
It even digs into the nitty-gritty of how states must run elections during the pandemic and other emergencies, including mandating they mail ballots directly to every registered voter.
That’s sure to anger Republican state officials who are now encouraging residents to vote by mail but sending them ballot request forms rather than actual ballots, which they say reduces the chances of fraud.

People wait to vote. (Mark Ralston/AFP/Getty Images)
The Democratic proposals underscore how partisan the topic of election security has become at the federal level. 
Even before the bill came out, Republicans on the House Administration Committee were tearing into the provisions, which they said override state constitutions, disenfranchise voters and will lead to increased fraud.
The bill also comes as the brief moment of crisis-driven bipartisanship that helped rush through four earlier coronavirus relief bills is starting to wane.
“While the first four bills were the result of urgent bipartisan compromise in the early days of the pandemic, now the two sides aren’t even talking and are moving in radically different directions. It’s unclear when they will come together to produce another bipartisan response, but some Republicans suggested it might not be anytime soon,” Erica Werner reports.
Among those bills was the $2 trillion stimulus effort in which Democrats sought $4 billion for elections along with a series of state mandates. However, they ultimately settled for $400 million with no strings attached.
There’s no evidence Democrats will get a better compromise on the mandates this time around.
There’s a decent chance, however, that they’ll be able to win more money, which state election officials and experts say will be vital given the hugely increased costs of running an election during the pandemic.
That includes funds for envelopes and equipment to support more voting by mail, as well as protective equipment, cleaning products and hand sanitizer to run safe polling sites for people who vote in person.
States will also likely have to recruit new poll workers to replace traditional ones who tend to be elderly and more vulnerable to the virus. Andthey will likely have to pay those workers a premium because they’re risking their health.
The Brennan Center at New York University estimated a $2 billion federal price tag for those upgrades — or $1.6 billion after the previous round of coronavirus election money.

Pam Fleming and fellow workers stuff ballots and instructions into mail-in envelopes at the Lancaster County Election Committee offices in Lincoln, Neb. (AP Photo/Nati Harnik)
State officials, meanwhile, have moved on a much more bipartisan basis to protect elections during the pandemic. 
States with Republican governors and top election officials have moved quickly to loosen restrictions on voting by mail during the pandemic, including in Ohio, Iowa and West Virginia.
They’ve made those moves even as President Trump and some of his GOP allies in Washington have derided the system without evidence as prone to massive fraud.
“There’s real reason to believe people of good will on both sides are ready to roll up their sleeves during a real public health crisis,” Perez said. “It’s too bad when this is treated as a fundamentally political exercise.”

The keys
Chinese and Iranian hacking may be hampering U.S. efforts to find a coronavirus vaccine, officials say. 

Dr. Rhonda Flores looks at protein samples at Novavax labs in Rockville, Maryland. (Photo by ANDREW CABALLERO-REYNOLDS / AFP) (Photo by ANDREW CABALLERO-REYNOLDS/AFP via Getty Images)

Attacks by those nations’ hackers have “raised the prospect among some officials that the aggression could be viewed by the Trump administration as a direct attack on U.S. public health and tantamount to an act of war,” the Wall Street Journal’s Gordon Lubold and Dustin Volz report.
Several outlets had already reported about concerns China is trying to steal U.S. coronavirus vaccine research, but the worries about Iran are new. Iranian hackers are targeting many of the same facilities Chinese hackers are, typically with less sophisticated techniques, the Journal reports.
“The effects of the attacks on efforts to find a vaccine were hard for U.S. officials to quantify, and they declined to provide evidence or to detail the intelligence on which their assessments are based,” the Journal reports.
An Israeli surveillance firm tried to sell encryption-cracking technology to U.S. law enforcement under a different name.  

A man reads at a stand of the NSO Group Technologies, an Israeli technology firm, at the annual European Police Congress in Berlin in February. (Hannibal Hanschke/Reuters)

The revelation would seem to undermine NSO Group’s claims that it has never sold technology targeting U.S. phones, but the company told Joseph Cox at Motherboard that it stands by those claims. The question is central to a high-profile lawsuit in which Facebook is suing NSO for allegedly helping government clients hack into its WhatsApp messaging service to spy on journalists and dissidents.
The technology, which NSO sold under the name Phantom, hacks into a target's phone to obtain emails, text messages and contacts as well as to track the user’s location and access the device's microphone and camera, according to a brochure and email obtained by Motherboard.
It's unclear whether any U.S. law enforcement agencies actually bought the software.
A former NSO employee confirmed the Phantom software is the same as the company's Pegasus software, which has been used by authoritarian regimes including Saudi Arabia to spy on dissidents, human rights activists, and journalists including The Washington Post contributing columnist Jamal Khashoggi.
“Local police wielding secret hacking technology is the nightmare scenario that we all worry about,” John Scott-Railton, a senior researcher from the University of Toronto’s Citizen Lab, told Motherboard. “The local laws and oversight mechanisms are not there. Abuse wouldn’t be a risk, it would be certainty."
The FBI and DHS are publicly shaming alleged North Korean hacking groups.

North Korean and Chinese national flags in Pyongyang, North Korea. (Jon Chol Jin/AP)
A new report from the agencies falls on the three-year anniversary of the WannaCry ransomware attack, which infected tens of thousands of hospital computers around the world and which U.S. officials attributed to North Korea.

The report, which CyberScoop's Shannon Vavra first described before it was released publicly, outlines three types of malicious software used by a North Korean hacking group dubbed Hidden Cobra. The group used the new malware to steal funds and evade financial sanctions against North Korea, DHS says.
5 New malware samples attributed to DPRK by @FBI:https://t.co/zScGUiJAVb . These malware are used for phishing and remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. @US_CYBERCOM @CISAgov
— USCYBERCOM Malware Alert (@CNMF_VirusAlert) May 12, 2020
DHS issued a separate warning about escalating attacks from North Korea-backed hackers last month.

Hill happenings

The Senate is scheduled to vote today to renew vast government spying powers that have been expired and inactive for just shy of two months during the pandemic.

Sen. Rand Paul (R-Ky.). (Toni L Sandys/Pool/EPA-EFE/Shutterstock)

A House version of the bill that renews key provisions of the USA Freedom Act passed in March. But the Senate failed to approve the legislation before the pandemic forced an extended recess.
A main focus of Senate debate will be what to do with a secret court that grants spying warrants. A government watchdog found widespread problems with that process. Sens. Patrick J. Leahy (D-Vt.) and Mike Lee (R-Utah.) are proposing an amendment that would introduce greater oversight of the court.
Here's more on today's hearing from Politico's Andrew Desiderio and Martin Matishak.
More government cybersecurity news:

Coronavirus roundup

Facebook put fact-checking warning labels on 50 million coronavirus posts last month.

The Facebook app. (Andrew Harrer/Bloomberg News)

The company also removed more than 2.5 million posts to enforce a temporary ban on the sale of masks, disinfectants, and Covid-19 kits, Facebook announced in a blog post yesterday.
Meanwhile, hackers are using celebrity giveaways to con users into sharing their bank details, researchers at the cybersecurity research firm Tenable found. 
More on coronavirus scams:

Fraudsters see opportunities to target us in these uncertain times. Here are their most popular schemes and how we can protect ourselves.
New York Times

Industry report

Companies are slashing cybersecurity budgets as the pandemic creates long-term economic pressure.  

Fiber-optic cables feed into a switch inside a communications room. (Jason Alden/Bloomberg News)
"It’s not a 2020 conversation when we talk about the impact of Covid. It’s a 2021 and a 2022 discussion,” Frank Dickson, program vice president at research firm IDC, told Catherine Strupp at the Wall Street Journal.
More on the cybersecurity industry:

Chinese smartphone giant Huawei, barred by the U.S. from buying American technology, has found a lot of workarounds—but is having a hard time replacing Google, on which it has relied for a decade.
Wall Street Journal

Chat room

Marcus Hutchins, a British cybersecurity researcher who stemmed the damage from the WannaCry attacks and was then arrested for a different hack shared his full story with Wired's Andy Greenberg on the third anniversary of the attacks. 
You can read some of Hutchins's reactions to the 14,000 word piece here:
This is something I've wanted to do for a long time. I felt it better to share the full unadulterated story, and let people make up their own minds. It meant discussing a lot of uncomfortable facts about my past, but I want the story not to be some airbrushed half-truth.
— MalwareTech (@MalwareTechBlog) May 12, 2020
It was also pretty clear that my lack of cooperation was not due to my resentment for the law, but because I don't believe that any nonviolent offender should go through the absolute hell that is the current US legal system.
— MalwareTech (@MalwareTechBlog) May 12, 2020

Daybook

  • The Senate Homeland Security and Government Affairs Committee will host a virtual roundtable to discuss U.S. cybersecurity and the Cyberspace Solarium Commission Report today at 9:30 a.m.
  • The Senate Commerce Committee will host a hearing on the state of broadband amid the covid-19 pandemic today at 10 a.m.
  • The Carnegie Endowment for International Peace will hold an online event on “next steps for encryption policy” at 11 a.m. today.
  • The Information Technology and Innovation Foundation will host a webinar “Mind the Gap: A Design for a New Energy Technology Commercialization Foundation” today at noon.
  • The Open Technology Institute will host an event on the role of technology in pandemic response efforts on May 14 at 11:30 a.m.

Secure log off

No one really knows.
Today’s second @washingtonpost quarantine TikTok features @realDonaldTrump, Dr. Fauci and all the state governors in a car https://t.co/Lq6t9ZlJhu pic.twitter.com/ft8KElfAxA
— Dave Jorgenson (@davejorgenson) May 12, 2020

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.