Search This Blog


Search Tool

Jun 16, 2020

Analysis | The Cybersecurity 202: First DHS chief Tom Ridge knocks Trump’s attacks on voting by mail

By Joseph Marks

with Tonya Riley

The first secretary of Homeland Security has a message for President Trump: Stop bashing voting by mail.
Former Pennsylvania governor Tom Ridge (R) told me Trump’s efforts to limit voting by mail are “counterintuitive,” and that he sees no reason more Democrats than Republicans will vote that way during the coronavirus pandemic, as the president has claimed.
He also called the president’s claims that mail voting leads to widespread fraud far off base and criticized Republican lawsuits aimed at reining in mail voting in some states in November.
“You're not going to resolve the potential for fraud in a courtroom. You're going to do it by training and oversight,” Ridge said in an interview. “The remedy against potential fraud isn't running to the courthouse and claiming fraud. The remedy is you set up a process that's apolitical or bipartisan to ensure that there's no fraud that's conducted by absentee ballots.” 
Restricting mail-in voting is only likely to reduce voting participation without reducing actual fraud to the limited extent it exists, he said. A Washington Post analysis recently found possible voter fraud cases in states that vote primarily by mail accounted for just 0.0025 percent of ballots in 2016 and 2018  – or about one out of every 39,000.
Ridge’s comments underscore how Trump’s assault on mail voting is out of the historical mainstream for a party that had few concerns about the process until the coronavirus pandemic made it the safest and most secure option for voters.
It also reflects a pragmatism about voting that remains common for many state election officials from both parties but is increasingly rare in Washington.

Former Pennsylvania governor and Department of Homeland Security chief Tom Ridge. (Matt Rourke/AP)
Ridge launched a group in March with former Michigan governor Jennifer Granholm (D) that aims to build bipartisan support for mail voting. 
The group called VoteSafe has just two principles it is asking politicians, election officials and advocacy groups to endorse: “All states and U.S. territories should ensure voters have accessible, secure mail-in ballots and safe, in-person voting sites” and “Congress should ensure that states have the resources necessary to protect their voters and elections.”
It has been endorsed by Republican secretaries of state in Georgia and Washington and Democratic secretaries of state in Michigan, Colorado, Connecticut and New Mexico.
Those states already allow all their residents to vote by mail without an excuse except for Connecticut, which offered that option in this year’s primaries and may do so again in the general election. Washington and Colorado are among five states where nearly everyone votes by mail.
That’s also made the Democratic-led states a target for Trump. He has attacked Michigan in particular, which is a likely swing state, for sending absentee ballot request forms to all registered voters. He even threatened to cut off federal funding to the state, though it’s highly unlikely he could do so.
That move puzzled Ridge, who said the president would be better served by trying to make it easier for his supporters to vote during the pandemic rather than harder.
“It’s counterintuitive to me why he wouldn't be saying to everybody, ‘Let's maximize participation. Let's get everybody who can't go to the polls to vote for me by absentee,’ ” Ridge said.

People line up outside the Clark County, Nevada Election Department, which served as both a primary election ballot drop-off point and an in-person voting center. (Ethan Miller/Getty Images)
Ridge is also urging Congress to compromise on providing additional federal funding for mail voting.
He stopped far short, however, of endorsing Democrats’ main proposal, which would deliver $3.6 billion in election money to states in exchange for a slew of new mandates. Those include that they allow all citizens to vote by mail in future elections and provide 15 days of early voting.
Federal funding should be based on detailed requests from secretaries of state and should include matching money from the states so they have skin in the game, he said.
Ridge also said he’s opposed to attaching any strings to the federal money. “As a former Republican governor, I never like mandates from the feds,” he said.
Republicans and Democrats have compromised on three rounds of federal election funding totaling about $1.2 billion since the 2016 contest was upended by a Russian hacking and disinformation campaign. Those deals always involved Democrats giving up efforts to attach mandates to the money, which are fiercely opposed by Senate Majority Leader Mitch McConnell (R-Ky.).
Another such deal could be possible if there’s a future round of coronavirus stimulus funding. But election experts warn that time is quickly running out for election officials to purchase all the material they need to run a safe election in November. So, if the money arrives after July it could be less useful.
Ridge also stressed the importance of ramping up preparations as quickly as possible for the general election — especially given major primary day problems in Wisconsin, Georgia, the District of Columbia and elsewhere.
“If we don't learn the lessons of the long lines in Milwaukee and Atlanta and we don't take remedial action now and be better prepared for November 3rd, then it would be a rather shameful abdication of responsibilities by political figures on both sides of the aisle,” he said.

Voters contend with a downpour while waiting in an hours-long line to vote at Fulton County's Park Tavern precinct in the coronavirus-delayed Georgia presidential preference primary. (Erik S. Lesser/EPA-EFE/Shutterstock)
Ridge praised DHS’s work to help states secure election systems against hacking. 
The department’s cybersecurity division has grown immensely since he left DHS in 2005 and gained far broader authorities related to helping critical industries protect themselves in cyberspace. That expanded to include helping to protect election systems in 2017, but the department has far less authority to combat online disinformation from Russia or elsewhere.
“They've done a great job since 2016. Frankly, I think the security impact on the election won't be voting machines, it will be the use of electronic media and social media to influence voters’ preferences,” he said. “The Russians maintained undue influence in 2016 and we shouldn't be so naive as to think that the Russians, maybe the Iranians, maybe the Chinese, won’t try to do it again.”
Ridge criticized Trump for repeatedly wavering on whether Russia was responsible for that interference but said he doesn’t think many people agree with the president.
The president and some of his strongest supporters may ignore the conclusion…but I think it’s a minority,” he said. 

The keys
The Trump administration will allow U.S. companies to work with Huawei on 5G standards. 

An assembly of 5G telecommunication network antennae. (Wolfram Schroll/Bloomberg News)

Commerce Secretary Wilbur Ross signed off on the change, which is essentially a carve-out from a ban on U.S. companies working with the Chinese firm, Reuters’s Karen Freifeld and David Shepardson report. U.S. officials have accused Huawei of being a possible spying tool for Beijing.
The administration banned U.S. companies from partnering with Huawei last year over spying concerns. But the ban caused confusion over whether they could participate in international discussions that included Huawei setting technical standards for next-generation 5G wireless networks, artificial intelligence and other key topics. That gave Huawei a strong voice in discussions and put the United States at a disadvantage, companies and lawmakers argued. 
“The United States will not cede leadership in global innovation,” Ross said.
Six former eBay employees were charged with cyberstalking after allegedly sending a bloody pig mask to online critics.

U.S. District Attorney for Massachusetts Andrew E. Lelling announces charges of cyberstalking and witness tampering against six former eBay executives. (CJ Gunther/EPA-EFE/Shutterstock)

The alleged harassment campaign also included sending the Massachusetts couple a fetal pig. It started in 2019 after the couple published an article about a lawsuit involving eBay on their e-commerce blog, Rachel Lerman reports.
The eBay employees included James Baugh, former senior director of safety, and David Harville, former director of global resiliency. They harassed the couple by sending them a book about surviving the loss of a spouse and posted a fake Craigslist ad with their address soliciting sex. One of the employees also sent vulgar and harassing messages to one victim and used the fake account to criticize their site. 
EBay said in a statement it was investigating the incident and had fired all the employees charged as well as the company's chief communications officer. The company said there was no evidence that former CEO Devin Wenig, who left the company in September, knew in advance or authorized the actions.
A Twitter account that spread conspiracy theories about the Iowa caucuses and coronavirus may have belonged to a Russian troll.

A 3D printed Twitter logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016. REUTERS/Dado Ruvic/Illustration/File Photo

The New York Times traced the promotion of viral tweets about the conspiracy theories to an account named @DanWals83975326, which had only 1,200 followers, Nicole Perlroth reports.
The phony conspiracies included that former Hillary Clinton staffer Robby Mook was responsible for building an app that imploded on Iowa caucus night and that the United States created the coronavirus.
It’s a prime example of how Russia-backed agents are now taking divisive content from real Americans and spreading it through networks of low-profile accounts rather than creating their own divisive social media campaigns as they did in 2016. The more subtle approach has made influence campaigns harder to spot, researchers warn.
“Russia’s trolls learned it is far more effective to find the sore spots and amplify content by native English speakers than it is to spin out their own wackadoodle conspiracy theories,” said Cindy Otis, a former CIA analyst who specializes in disinformation.
Twitter suspended the account after the New York Times published its story.

Global cyberspace

Norway suspended its coronavirus contact-tracing app following privacy concerns from the country's data protection watchdog.

A man holds a smartphone showing a tracking and tracing app launched by the National Institute of Public Health to try to halt a return of the coronavirus. (Heiko Junge /NTB Scanpix/ AFP/Getty Images)
The app "presented a disproportionate risk to privacy given low download rates," according to regulators, Politico Europe reports. Watchdogs pointed out that the app collected location data when other European apps did not. Norway's public health body deleted all the data the app collected but argued the order weakened the country's fight against the spread of coronavirus.
More global news:

Lawyers for Huawei finance chief Meng Wanzhou told a Canadian court that the U.S. has wrongly accused her of lying to banks about the Chinese company’s business ties to Iran.
Wall Street Journal

Researchers enlisted quantum physics to send a “secret key” for encrypting and decrypting messages between two stations 700 miles apart.
The New York Times

The hacking group, Vendetta, has only surfaced in the last two months, according to research from Spain's Telefonica Group.

Cyber insecurity

T-Mobile's network went out Monday morning for users across the United States.  

A T-Mobile store in New York. (Justin Lane/EPA-EFE/Shutterstock)

There is no evidence the outage was caused by a cyberattack, TechCrunch reports. A Twitter account associated with the online collective Anonymous claimed to have launched a widespread denial of service attack that shut down numerous phone networks, but TechCrunch and other outlets found no evidence for the claim. AT&T and Verizon reported their networks were working normally.
The FCC announced an investigation:
The T-Mobile network outage is unacceptable. The @FCC is launching an investigation. We're demanding answers—and so are American consumers.
— Ajit Pai (@AjitPaiFCC) June 16, 2020
More news about hacks and breaches:

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.

CenturyLink Inc. exposed more than 2.8 million consumer records because of weak security in violation of consumer protection rules, a lawsuit in federal court in Washington state alleges.
Bloomberg Law

Chat room

More details from @MalwareTechBlog on how a service outage can snowball into unverified claims of a major denial of service attack trending on Twitter:
So far no provide other than T-Mobile has declared they're having issues (and T-Mobile hasn't said anything about DDoS), but in 1 hour we've already gone from an Anonymous account tweeting a meme pewpew map to senators chiming in? Can we maybe pump the brakes and wait for info?
— MalwareTech (@MalwareTechBlog) June 15, 2020
This site show a random sample of global DDoS traffic badly plotted on a world map. It does not indicate an attack against the US, it lacks context to make any inferences at all (other than DDoS attacks are happening all day every day).
— MalwareTech (@MalwareTechBlog) June 15, 2020
T-Mobile outage means everyone using them can't access any websites, leading to reports that facebook, twitter, instagram are all down (they're not). Customers also can't call/be called by other providers, leading to reports other providers are down too (they're not).
— MalwareTech (@MalwareTechBlog) June 15, 2020
Cloudflare's Matthew Prince also disputed rumors of a widespread DDoS attack:
Except T-Mobile, which is having a bad day almost certainly entirely of their own team’s making. So, please, #hugops. And don’t worry, this is one thing that does not need to get added to the list of craziness that has been 2020. 8/8
— Matthew Prince 🌥 (@eastdakota) June 16, 2020
In other news, welcome to Twitter U.S. Cyber Command chief Gen. Paul M. Nakasone.
I'm excited to announce starting today, I'm joining social media.
I'll be using this platform to speak directly to you about partnerships and engagements in my role as Commander @US_CYBERCOM and Director @NSAgov.
— General Paul M. Nakasone (@CYBERCOM_DIRNSA) June 15, 2020


  • The House Financial Services committee will host a hearing on how cybercriminals are exploiting the covid-19 pandemic today at noon.
  • The House Homeland Security Committee will host a hearing on DHS operations today at noon.

Secure log off

John Oliver explains the debate over facial recognition technology.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.