Pages

Search This Blog

Translate

Search Tool




Sep 17, 2020

Analysis | The Cybersecurity 202: Voting misinformation in Kentucky adds to logistical nightmare for election officials

Michelle Ye Hee Lee


Kentucky’s struggles show how the general-election voting season is off to a bumpy start. 

By this weekend, at least six states will have started some form of in-person early voting. Nearly 20 states will have started mailing out ballots requested by voters. And at least eight states will be able to start processing mail ballots once they’re returned. (My colleague Elise Viebeck is keeping track of this data, and she and our graphics team have compiled a handy “How to Vote guide” to help you figure out requirements and timelines in your state.)

Across the country, states have expanded voters’ access to mail voting and early in-person voting in response to the pandemic — as well as unease among voters about sending their ballots through the mail. Officials are trying to provide as many voting options as possible so voters can choose the one that makes them feel most comfortable.

The focus on starting voting earlier this year has contributed to a torrent of misinformation.

For example, one of the concerns Kentucky officials raised this week had to do with letters from a group called Center for Voter Information, a voter registration group with a history of sending mailers that are filled with errors. This group’s mailers have sown confusion in several states, including in Virginia

The group’s latest mailer to Kentuckians encourages people to register to vote — yet the mailer is being sent to voters who have already registered, thus confusing voters and disrupting the work of Kentucky election officials. 

“I condemn this shady out-of-state group and their efforts to tamper with our elections,” Kentucky Secretary of State Michael Adams said in a statement. “They mislead voters, who then drive unnecessary call volume to our overworked election officials around the state.”

Officials also flagged a different text message scam from a local area code that directed voters to a fake voter registration website that no longer appeared active as of Wednesday. 

State officials called attention to both efforts this week because county clerks were reporting a large number of calls about them, the secretary of state’s office said. 

Making matters even more complicated, election employees in Fayette County, home to Lexington, will be self-isolating for at least two weeks because of a positive coronavirus case in the office. Officials are hoping to reopen the department on Sept. 28, according to an announcement by the county clerk’s office.

The quarantines add to the nightmare scenario for election officials working to minimize confusion. 

The looming threat of the virus halting their work anytime between now and Election Day — and possibly even beyond Nov. 3, as they work to count, verify and certify ballots — only adds to the uncertainty. 

The temporary closure in Fayette County is expected to lead to delays in mailing out ballots to voters who have already requested them. Some may receive their ballots in early October, and others may receive them by the end of this month, the clerk said.

“This is a devastating setback for us,” Fayette County Clerk Don Blevins Jr. said in a statement. “We are in the process of establishing backup processes, but this will definitely have a significant impact.”

This week’s election-related news in Kentucky serves as a microcosm for election trends nationwide. 

For example, statewide, Democrats have far outpaced Republicans in requesting absentee ballots for November. As of Monday, about 242,000 voters had applied to receive a mail ballot, and nearly 80 percent of those requests were from Democrats, state officials said. 

The party breakdown in Kentucky mirrors national trends. A recent Washington Post-University of Maryland poll found that Democrats were far more likely than Republicans to prefer voting by mail in the fall, as President Trump and GOP leaders wage baseless attacks on the reliability of the mail-voting system. 


The keys

Dan Coats calls on Congress to establish a bipartisan, nonpartisan commission to oversee the election. 

President Trump's former director of national intelligence wrote in a New York Times opinion piece this morning that “this commission would not circumvent existing electoral reporting systems or those that tabulate, evaluate or certify the results. But it would monitor those mechanisms and confirm for the public that the laws and regulations governing them have been scrupulously and expeditiously followed — or that violations have been exposed and dealt with — without political prejudice and without regard to political interests of either party.” 

Security should also be in their purview, Coats argues: “Also, this commission would be responsible for monitoring those forces that seek to harm our electoral system through interference, fraud, disinformation or other distortions. These would be exposed to the American people in a timely manner and referred to appropriate law enforcement agencies and national security entities.” 

The stakes this year, according to Coats: “Voters … face the question of whether the American democratic experiment, one of the boldest political innovations in human history, will survive…. If we fail to take every conceivable effort to ensure the integrity of our election, the winners will not be Donald Trump or Joe Biden, Republicans or Democrats. The only winners will be Vladimir Putin, Xi Jinping and Ali Khamenei. No one who supports a healthy democracy could want that.” 

The underlying reason for the pitch: “The most urgent task American leaders face is to ensure that the election’s results are accepted as legitimate. Electoral legitimacy is the essential linchpin of our entire political culture. We should see the challenge clearly in advance and take immediate action to respond.” 

The Justice Department brought major charges against Chinese, Iranian and Russian hackers yesterday.

Prosecutors charged five Chinese citizens with hacking more than 100 companies and institutions, Ellen Nakashima and Devlin Barrett report. The targets ranged from social media companies to universities

The hackers, who appeared to be motivated by financial gain, are members of a group linked to a Chinese civilian spy agency responsible for counterintelligence. One of the hackers boasted that the government would protect him, according to the indictment.

Deputy Attorney General Jeffrey Rosen slammed China for turning a blind eye to the alleged crimes. “No country can be respected as a global leader while paying only lip service to the rule of law and without taking steps to disrupt brazen criminal acts like these,” Rosen said.

Hours later, U.S. prosecutors indicted two Iranian nationals for allegedly hacking American computer networks to steal information for both personal financial gain and at the request of the Iranian government. The indictment accuses the pair of hackers of selling stolen data, including sensitive information on national security and nuclear information, to the Iranian government and other buyers, Matthew Choi at Politico reports

The hackers targeted a range of victims, including universities, media agencies and defense contractors dating back to 2013. The group also allegedly hacked internal communications from a government agency in Afghanistan to the nation’s president. 

The arrests are a warning shot by the Trump administration to Beijing and Tehran that it will not tolerate cybercrime. 

In July, the United States accused hackers affiliated with the Chinese government of trying to target companies and researchers working on a coronavirus vaccine. The Justice Department also indicted two Iranian hackers in a separate case earlier this week and is expected to announce more Iran-related hacking charges today.

“We will not bring the rule of law to cyberspace until governments refuse to provide safe harbor for criminal hacking within their borders,” John Demers, assistant attorney general for national security, said in a statement.

The Justice Department also unsealed charges against two Russian hackers, accusing them of stealing nearly $17 million in virtual currency, Jeff Stone at CyberScoop reports.

Chat room

Dmitri Alperovitch, chairman of Silverado Policy Accelerator and Co-Founder and Crowdstrike, breaks down some other significant points about the indictment against the Chinese hackers:

Trump isn't ready to sign off on TikTok’s deal with Oracle, he says.

The president said at a news conference yesterday that he hasn’t seen the deal but wouldn’t sign off on anything that isn’t “100 percent as far as national security is concerned.”

“I mean just conceptually, I can tell you I don’t like that,” he said of the possibility that TikTok's Chinese owner ByteDance could retain majority ownership in the deal.

He is expected to review the deal today. 

White House officials including Secretary of State Mike Pompeo have also expressed concerns, Bloomberg News reported.

Republicans in Congress are urging Trump to reject the deal.

A group of senators led by Sen. Marco Rubio (R-Fla.) said the deal “leaves significant unresolved national security issues” and urged Trump not to accept it.

“Any deal between an American company and ByteDance must ensure that TikTok’s U.S. operations, data, and algorithms are entirely outside the control of ByteDance or any Chinese-state directed actors, including any entity that can be compelled by Chinese law to turn over or access U.S. consumer data,” the senators wrote

The details of Oracle’s proposal to work with TikTok as a “trusted tech partner” aren’t public and it's unclear how Oracle would address White House worries that the app's algorithm could be used by Beijing for influence campaigns.

Sens. Thom Tillis (R-N.C.), Roger Wicker (R-Miss.), Rick Scott (R-Fla.), Dan Sullivan (R-Ark.) and John Cornyn (R-Tex.) also joined the letter.

Democrat Sen. Mark Warner (Va.) also took a swing at the TikTok deal, saying in a speech yesterday that the White House’s haphazard actions on TikTok will only invite retaliation against American companies”

“American credibility on what constitutes a national security threat is beginning to wear thin,” Warner said in a wide-ranging speech about U.S. strategy for innovation and China relations at the National Democratic Institute "That undermines the clarity and cogency of our arguments against technologies and firms that do represent very grave national security threats… such as Huawei or Kaspersky.”

The Department of the Interior left wireless networks vulnerable to hackers.

Investigators from the agency’s watchdog were able to intercept and decrypt wireless traffic in multiple bureaus of the agency, a new report from the department's Office of Inspector General reveals. All it took to breach the systems was cheap, easily concealed equipment operated via smartphone in a public area.

The investigators were also able to “identify assets containing sensitive data or supporting mission-critical operations” because of the security, which wasn't up to federal standards. 

“The Department is vulnerable to the breach of a high-value IT asset, which could cripple Department operations and result in the loss of highly sensitive data,” if the networks aren't fixed, the report warned.

The department’s top security officer agreed to the 14 security changes suggested by the report to prevent breaches.

Government scan

Justice Department won’t charge WeChat users with crimes even if the app is banned next week.

The Justice Department clarified its position in response to a lawsuit filed against the Trump administration by WeChat users, David Shepardson of Reuters reports. The group is seeking a preliminary injunction to stop the Trump administration from banning the popular Chinese messaging app.

The group claims in its lawsuit that the Trump administration did not provide sufficient evidence that the app is a national security threat when it decided to ban it alongside TikTok.

The Justice Department said Commerce Secretary Wilbur Ross will release regulations for the app on Sunday. Although users will not face civil or criminal penalties for use of the app, “use of the app for such communications could be directly or indirectly impaired through measures targeted at other transactions,” the department said.

Hill happenings

The Trump administration’s top intelligence official will resume some congressional intelligence briefings on election threats.

It is a reversal of Director of National Intelligence John Ratcliffe’s decision last month to stop the briefings, the Wall Street Journal reports. The move sparked immediate criticism from Democrats, who accused the administration of trying to conceal important election-related intelligence. Ratcliffe had cited leaks to the public of classified information as the rationale for the pullback. 

More Hill news:

Daybook

  • ITIF will hold a webinar, “An Allied Approach to Semiconductor Sector Competitiveness,” today at 11:30 am.
  • The Senate Judiciary Committee will hold a hearing to examine threats to U.S. intellectual property, focusing on cyberattacks and counterfeits during the coronavirus pandemic on Sept. 23 at 2:30 p.m.

Secure log off

Stephen Colbert has a counter-offer for Trump.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.