The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: House Democrats list states with weakest election security in new report

Placeholder while article actions load

with Bastien Inzaurralde


House Democrats are trying to ramp up pressure to send more election security funding to states by spotlighting the ones they say are most vulnerable going into November.

A report released Thursday by House Administration Committee Democrats identified 18 states that congressional researchers say lack key voting safeguards, including paper trails for vote tallies and post-election audits. Drawing on months of input from election officials and cybersecurity experts, it called on Congress to approve $1.4 billion in new election security funding for all 50 states over the next decade.

But the report may have limited effect because, notably, no Republicans signed onto its conclusions — and building bipartisan support for new federal assistance could be difficult with less than four months to go before the midterms.

Rep. Zoe Lofgren (D-Calif.), one of the report’s authors, said the goal was to make the case for more funding while avoiding partisan politics. She noted that a previous $380 million funding package Congress approved for all 50 states earlier this year drew support from both sides of the aisle and said she hoped to replicate that effort.

“I think our report helped make clear the need in a way that was not highly political,” Lofgren told me. “What we’re really trying to do is make this fact-centered and not be negative about any group of people or state.” 

Committee Republicans didn't immediately respond to messages seeking comment on the report Thursday. And some experts said the report could still come across as a partisan effort, which could blunt its impact. “As well-intentioned as reports like these are, when it’s on behalf of only one party it can be perceived as an attempt to score political points,” said David Becker, executive director of the Center for Election Innovation and Research.

“It’s imperative that we respond to this very real threat in a way that transcends party lines," he continued. "When it looks like either side is making this a partisan issue, they could ultimately reduce the chance that we’ll find an effective solution.”

The report’s authors grouped states into three “tiers” based on the types of vulnerabilities they identified. Here’s how committee Democrats broke it down:

  • Tier 1: Delaware, Georgia, Louisiana, South Carolina and New Jersey were identified as the most vulnerable because they relied exclusively on voting machines that don’t produce an auditable paper record. 
  • Tier 2: Arizona, Florida, Illinois, Indiana, Kansas, New Hampshire, Tennessee, Texas and Wisconsin “may not be planning on using federal assistance to address their biggest vulnerabilities,” which included a lack of post-election auditing and the use of paperless voting machines in some jurisdictions. 
  • Tier 3: Arkansas, Iowa, Pennsylvania and Washington had some of the same vulnerabilities as “Tier 2” but were putting money toward fixing them.

The report listed recommendations for what each state should do to fix its vulnerabilities, and said that all the states needed additional financial assistance to make upgrades.

The findings reflect many conclusions from independent think tanks and cybersecurity professionals about how to protect the voting process, from stepping up cybersecurity training to implementing paper ballot systems. And the request for $1.4 billion in new funding draws from estimates by the nonpartisan Brennan Center on how much it would cost to replace outdated digital voting machines in the 13 states that still use them.

Yet getting new election security funding has been a struggle in the approximately four months since Congress approved the $380 million infusion for states — an amount that a broad array of election officials and experts say is not enough to fully defend against election cyber threats from Russia and other sophisticated actors. Late last month, Senate Democrats on the Appropriations Committee tried to tack $250 million in additional funds onto an appropriations bill, but the measure failed in a party-line vote. Similar attempts in the House have been unsuccessful.

But even if funding doesn't end up on the table by the midterms, there are some bright spots emerging on bipartisan efforts on election security in Congress. The Secure Elections Act, which aims to help states and the federal government share information about election cyber threats, is garnering broad bipartisan support in the Senate and is sponsored by Sens. Amy Klobuchar (D-Minn.) and James Lankford (R-Okla.). And members of the Senate Intelligence Committee investigating Russian election interference haven’t experienced the same partisan squabbles as their counterparts in the House, Becker noted.

“There are models of bipartisan cooperation on election cybersecurity issues,” Becker told me. “Many are working overtime with their colleagues on the other side of the aisle to build bipartisan consensus towards solutions.”


PINGED: A hot microphone caught Rep. Kathleen Rice (D-N.Y.) in a moment of unfiltered outrage at the end of a congressional hearing Thursday after two Department of Homeland Security officials declined to endorse the intelligence community’s assessment that Russia interfered in the 2016 election and sought to help elect Donald Trump. Soraya Correa, chief procurement officer at DHS, and John Zangardi, DHS’s chief information officer, avoided taking a position on the issue when pressed by Rice.

“It’s just f---ing outrageous. They have no right being in the positions that they’re in, if they don’t take a position like that. No right,” Rice, the ranking Democrat on the House Homeland Security subcommittee on counterterrorism and intelligence, could be heard saying once the hearing concluded. Rep. J. Luis Correa (D-Calif.) replied: “They are not going to put their jobs at risk.” “Well guess what, then are you American, or are you, do you, you know, get a job somewhere else,” Rice said. “Give me a f---ing break.” The exchange was first reported by Politico’s Eric Geller.

During the hearing, Rice blasted the officials — in more G-rated terms. The lawmaker said it is “frightening” that Correa said she has no opinion on the findings. She also chided Zangardi for not giving a yes-or-no answer about his position, either. “If we can’t get people here … to acknowledge that there was interference in the 2016 election, none of you should be in the positions that you’re in to protect us in 2018, or 2020,” Rice said.

The House hearing with FBI agent Peter Strzok devolved into personal attacks, partisan exchanges and a perjury accusation. Here's a look at the biggest moments. (Video: Jenny Starrs/The Washington Post)

PATCHED: The numerous hours that lawmakers took Thursday to question FBI agent Peter Strzok, who had a central role in investigations into Hillary Clinton and the Trump presidential campaign, yielded more invective than new information, The Post's Devlin Barrett and Karoun Demirjian reported. “Republicans accused Strzok and the FBI of pursuing politically motivated probes aimed at harming President Trump,” my colleagues wrote. “Democrats called the entire hearing part of a GOP attempt to protect the president by tainting the work of special counsel Robert S. Mueller III. Lawmakers talked over each other and the witness, in sometimes starkly personal and intemperate terms.”

Strzok defended his integrity as he addressed members of the House Judiciary and House Oversight committees and said he does not allow his opinions to get in the way of his investigative work. “There is simply no evidence of bias in my professional actions,” he said, as quoted by my colleagues. Mueller took Strzok off the Russia probe in July last year, The Post reported. “At that time, investigators for the Justice Department inspector general discovered text messages between him and then-FBI lawyer Lisa Page in which they repeatedly disparaged Trump and expressed a strong desire that he not win the election,” Barrett and Demirjian wrote. My colleague Aaron Blake also has a roundup of seven striking moments from the day. “It didn't take long for the hearing to explode,” Blake wrote.

PWNED: Jeffrey A. Rambo, the Border Patrol agent who questioned reporter Ali Watkins, is under investigation over whether he improperly accessed travel data about the journalist from government computer systemsNYT's Scott Shane and Ron Nixon reported Thursday. “Mr. Rambo’s actions raised several questions: What was a California Border Patrol agent doing in the Washington area?” Shane and Nixon wrote. “Was he really helping the F.B.I. with leak investigations, as he claimed? Was his anonymous approach to Ms. Watkins, which violated law enforcement standards, part of an authorized operation or the work of a rogue agent?”

The Department of Homeland Security's inspector general and Customs and Border Protection are leading the probe, according to the Times. The travel data at issue is housed at the National Targeting Center in Virginia where Rambo was working on a temporary basis. “Such information is supposed to be used only under strict rules by immigration and law enforcement officials,” Shane and Nixon wrote. Watkins's name appeared in news reports last month when James Wolfe, a former Senate Intelligence Committee staffer with whom she had been in a romantic relationship, was arrested as part of a leaks investigation.

— More cybersecurity news:

Jared Kushner lacks security clearance level to review some of the nation’s most sensitive intelligence in White House role (Carol D. Leonnig, Josh Dawsey and Ashley Parker)

‘We failed’: Officials explain error that could have affected 72,000 Maryland voters (Rachel Chason)

Russian Influence Campaign Sought To Exploit Americans' Trust In Local News (NPR)

Researchers Tricked AI Into Doing Free Computations It Wasn't Trained to Do (Motherboard)

On July 12, President Trump said he would ask Russian President Vladimir Putin "again" whether Russia had meddled in the 2016 presidential elections. (Video: The Washington Post)

— Trump on Thursday said he plans to ask Russian President Vladimir Putin about Russia's interference in the past U.S. presidential election when the two leaders meet in Helsinki on July 16 but added that Putin “may” respond with a denial, The Post's Seung Min Kim and Josh Dawsey reported. “Look, he may. What am I going to do? He may deny it.” Trump said in Brussels, as quoted by my colleagues. “All I can do is say, ‘Did you?’ And, ‘Don’t do it again.’ But he may deny it.” “Trump continued to strike a friendly tone toward the Russian leader, calling him a 'competitor' rather than a U.S. enemy — while declining to label him as a security threat to the United States or European nations,” my colleagues wrote.

— “A bill to authorize funding for intelligence agencies and support critical national security programs especially targeting Russia, China and North Korea, passed the House on Thursday,” the Associated Press reported. “The bill, which passed 363-54, would increase the pay for intelligence employees with cyber skills and defend against foreign threats to federal U.S. elections. It would require intelligence agencies to brief key congressional leaders if the U.S. faces meddling or a cyber intrusion targeting a federal election.” Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee, praised the passage of the bill in a statement. “The Intelligence Authorization Act is Congress’ best tool for ensuring the Intelligence Community has the funding and resources it needs to protect Americans from foreign threats,” Nunes said. “This bill will also enable robust Congressional oversight of the Intelligence Community’s activities, and I look forward to the bill’s passage in the Senate.”

— Fraudulent wire-transfer schemes are on the rise and scammers have been “heavily” targeting the real estate sector over the past few years, the FBI’s Internet Crime Complaint Center warned in a notice issued Thursday. More than 40,000 people in the United States reported being caught in those kinds of scams between October 2013 and May 2018, according to the statement. Such cybercrimes, which the FBI refers to as business email compromise or email account compromise, have been reported in all 50 states and in 150 countries. “The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds,” the statement said.

— More cybersecurity news from the public sector:

Two Senators Call for Investigation of Smart TV Industry (New York Times)

DHS Would Get More Power to Bar Risky Contractors Under Dueling Proposals (Nextgov)

SEC Probes Why Facebook Didn’t Warn Sooner on Privacy Lapse (The Wall Street Journal)

The FCC is changing up the country’s emergency alert system to prevent another Hawaii incident (The Verge)


— Walmart is raising privacy concerns with a proposal to start recording checkout line sounds and conversations between customers and cashiers, my colleague Jena McGregor reports. A patent application filed by the company says a "need exists for ways to capture the sounds resulting from people in the shopping facility and determine performance of employees based on those sounds,” McGregor writes. She continues: The patent "would use a system of sound sensors to listen in on workers' activities and interactions, gathering audio data such as the beeps and rustling of bags to determine the number of items in a transaction, the patent says, or conversations between cashiers and customers to hear whether, say, workers were greeting customers."

— Some of Twitter's top accounts lost millions of followers to the social media' company's ongoing purge of fake and suspicious accounts, the New York Times reports. "Oprah Winfrey, who sent her inaugural tweet in 2009, had her following cut by about 1.4 million between Wednesday and Thursday evening. Ellen DeGeneres lost two million, leaving her at 76.1 million followers," according to the Times. Trump lost about 340,000 of his 53.4 million followers, and former president Barack Obama lost about 3 million of his 104 million followers, per the Times. 

— More cybersecurity news from the private sector:

All Ears: Always-On Listening Devices Could Soon Be Everywhere (Wall Street Journal)


— The British government on Thursday proposed that the European Union and Britain continue to share information about cyber threats after the country leaves the bloc. Britain suggests “continuing to share cyber threat information to ensure the UK’s and the EU’s infrastructure is robust, resilient and able to adapt to evolving threats online or to digital infrastructure,” according to a report outlining the vision of British Prime Minister Theresa May’s government for Brexit. The British government also wants to maintain a “strategic dialogue” on cybersecurity with the E.U. and “promote and uphold shared values and beliefs that existing international law applies to cyberspace, underpinned by a vision of a ‘free, open, peaceful and secure global cyberspace,’” according to the report.

— More international cybersecurity news:

NATO summit boosts cybersecurity amid uncertainty (Fifth Domain)


Hackers are selling access to law firm secrets on dark web sites (CNBC)

This GPS Spoofing Hack Can Really Mess With Your Google Maps Trips (Forbes)


— You probably don’t need to wear a mask and beanie if you’re a cybercriminal.

Robo-calls are getting worse. And some big businesses soon could start calling you even more. (Tony Romm)

Review | Your password has probably been stolen. Here’s what to do about it. (Geoffrey A. Fowler)



Coming soon


Protesters flock to British palace hosting gala attended by Trump:

Protesters gathered at Blenheim Palace in Oxfordshire July 12 to protest President Trump’s Britain trip. Trump attended a black-tie dinner there that evening. (Video: Reuters)

 Your guide to the 2018 World Cup final:

France and Croatia will face off on July 15 in the 2018 World Cup final at the Luzhniki Stadium in Moscow. Here's a guide to watch. (Video: Melissa Macaya/The Washington Post)

Late-night laughs: Trump goes to NATO.

President Trump attended the 2018 NATO summit. Here’s how Conan O’Brien, Stephen Colbert and others reacted to Trump’s remarks and behavior. (Video: The Washington Post)