THE KEY

The White House is once again trying to show it's taking Russian election interference seriously. But its latest effort appears to be a largely toothless one. 

My colleagues Shane Harris, Josh Dawsey and Ellen Nakashima reviewed a draft of an executive order that would authorize President Trump to sanction foreigners who interfere with U.S. elections. The draft is, of course, subject to change. But they report that the current version would create a new category of offense -- “election interference” which includes “Internet-based disinformation efforts” -- that could carry harsh penalties.

That may sound tough, but the draft order is unlikely to change anything about the administration's posture toward Moscow — or any other foreign adversary for that matter.

For one thing, it doesn't require sanctions for anything the Trump administration hasn't done already. As my colleagues report: "The only mandatory sanctions would be against individuals found to have taken part in an interference campaign against a U.S. election, a step that the Obama and Trump administrations have taken against Russian intelligence officers. The Trump administration also sanctioned people working for a Russian 'troll' factory, churning out divisive social media posts." They add: "So far, these steps have not prompted changes in Moscow’s behavior.”

Other measures in the draft order could have a bigger impact but are purely discretionary. My colleagues note: "The draft order specifies that the president may impose sanctions on '10 of the 30 largest business entities' in a country whose government has interfered in an election. That measure could be quite powerful, experts said. But its discretionary nature, combined with the administration’s lack of a clear Russia policy, undermines its effectiveness, they said." 

And it's up to Trump to use that power — and he's done little to indicate he would.

Michael Carpenter, a former Pentagon and White House official who worked on Russia policy for the Obama administration, told my colleagues the draft “looks much more like a cover-your-behind exercise to show the administration is doing something when in fact it doesn’t oblige them to do much of anything... To be a credible deterrent, a foreign country like Russia would need to think that sanctions would automatically go into effect if X, Y and Z happened.”

To be sure, the administration is engaged in an array of activities beyond sanctions designed to punish Russia for election interference and help safeguard the upcoming midterms. The Justice Department has indicted Russian government hackers and Internet trolls, and the Department of Homeland Security is helping states around the country protect their election systems. Deputy Attorney General Rod J. Rosenstein also recently unveiled a new Justice Department policy to alert the public to malign foreign influence operations targeting U.S. democracy.

Yet Trump's own wavering on whether Russia is responsible is hindering the administration's work to counter Moscow's cyber-aggression, experts told me in a survey the Cybersecurity 202 published yesterday asking whether the administration is doing enough to deter Russian cyberattacks. Some members of The Network, a panel of more than 100 cybersecurity leaders we gathered from government, academia and the private sector, were granted anonymity in exchange for their participation.

“To deter an adversary, the adversary must feel like there are serious and painful consequences for it adversarial actions,” said Anup Ghosh, a former program manager at the Pentagon's Defense Advanced Research Projects Agency. “Since the president refuses to acknowledge Russia is responsible for hacking [Hillary Clinton's] campaign and social media influence ops to help him get elected, Russia will not feel there are meaningful consequences in spite of what steps other executive branch agencies or Congress may take.”

“The message from the White House itself is undermining those efforts, even if only in terms of public perception,” said another expert who responded under condition of anonymity. “The message to the Russian government needs to be uniform and forceful, and also needs to encourage the working part of the government, the rank and file 'doers' from the undersecretaries down, by letting them know that they are doing important work and it is recognized

Indeed, there are even parts of the draft order that analysts viewed as attempts to assuage Trump, as Shane, Josh and Ellen report. “It includes references to apparent attempts by the Soviet Union to interfere in past U.S. elections, including to 'frustrate President Nixon’s election in 1968 and President Reagan’s reelection in 1984,'" according to my colleagues. Another part “notes that 'there has been no evidence of a foreign power altering a single vote in a United States election,' echoing another of Trump’s repeated assertions about the 2016 election.”

PINGED, PATCHED, PWNED

PINGED: “Minnesota, a swing state that has been attacked by foreign hackers more than once, has millions in federal funds to spend on election security ahead of the 2018 midterms — but will be the only state in the country that can't touch that cash because of a standoff between Republicans and Democrats,” NBC News's Likhitha Butchireddygari reported on Wednesday. The Republican-controlled legislature approved the funds as part of a spending bill but Gov. Mark Dayton (D) vetoed the bill for reasons that where unrelated to the issue of election security. (I wrote in May about how the roughly $6.6 million in federal funding for Minnesota got caught in political battles.)

Ben Petok, director of communications for the office of Minnesota Secretary of State Steve Simon, told NBC News that the agency is still taking steps to improve election security. “These efforts include providing security guidance to counties and cities as well as grants for equipment upgrade, implementing software patches on the state voter registration system and multifactor authentication and working with federal intelligence officials to conduct vulnerability assessments of their systems, which is why Simon is still 'confident' ahead of the midterm elections,” Butchireddygari reported.

PATCHED: The Intercept’s Ryan Gallagher has new details about Google’s project, called Dragonfly, to launch a censored version of its search engine in China via an Android app. “Google analyzed search terms entered into a Beijing-based website to help develop blacklists for a censored search engine it has been planning to launch in China, according to confidential documents seen by The Intercept,” Gallagher reported on Wednesday. “Engineers working on the censorship sampled search queries from 265.com, a Chinese-language web directory service owned by Google.” Here is how Google used 265.com to fine-tune the censored search engine, according to the Intercept:

“After gathering sample queries from 265.com, Google engineers used them to review lists of websites that people would see in response to their searches. The Dragonfly developers used a tool they called ‘BeaconTower’ to check whether the websites were blocked by the Great Firewall. They compiled a list of thousands of websites that were banned, and then integrated this information into a censored version of Google’s search engine so that it would automatically manipulate Google results, purging links to websites prohibited in China from the first page shown to users.”

Several senators have expressed dismay about the Internet giant’s plan. “Google claims to value freedom and one hopes Google will put its corporate principles and America first, ahead of Chinese cash,” Sen. Tom Cotton (R-Ark.) said in an Aug. 2 statement.

PWNED: Raffi Krikorian, the Democratic National Committee’s chief technology officer, wants to enlist the help of Facebook in fighting online disinformation, CNN’s Donie O’Sullivan reported on Wednesday. While Facebook already uses third-party fact-checking on its platform, Krikorian said the social network should share information with both political parties about the scope of online propaganda operations. “Krikorian said he's not calling on Facebook to identify individual users, only the audiences that have seen the misinformation,” O’Sullivan wrote. “For example, if Ohio college students receive bogus details on their polling location, the DNC wants to know that so it can deliver accurate information to that same audience.”

Krikorian, a former executive at Uber, said such cooperation with Facebook would enable the Democratic and Republican parties to keep campaigns regularly informed about disinformation activities. “What we would love to do is give every campaign [something] like a weather report to tell every campaign what is being said on social media in the morning and how they can combat it,” Krikorian said, as quoted by O’Sullivan.

PUBLIC KEY

— Sen. Bill Nelson (D-Fla.) told the Tampa Bay Times on Wednesday that Russian hackers “have already penetrated certain counties in the state and they now have free rein to move about.” But state officials aren’t sure what Nelson means, according to the Times’s Alex Leary, Steve Bousquet and Kirby Wilson. “‘The Florida Department of State has received zero information from Senator Nelson or his staff that support his claims,’ agency spokeswoman Sarah Revell said in a statement,” Leary, Bousquet and Wilson wrote.

From the Wall Street Journal’s Dustin Volz:

— WikiLeaks on Wednesday said the Senate Intelligence Committee wants to interview Julian Assange, the founder of the anti-secrecy group, as part of its investigation into Russian interference in the 2016 presidential election. WikiLeaks’s legal team said it is “considering the offer but testimony must conform to a high ethical standard,” according to a tweet from the group. WikiLeaks’s tweet also included a letter signed by Sens. Richard Burr (R-N.C.), the committee’s chairman, and Mark R. Warner (D-Va.), the panel’s vice chairman. The committee asked Assange to take part in “a closed interview with bipartisan Committee staff at a mutually agreeable time and location,” according to the letter. The offices of Burr and Warner declined to comment on the letter.

— “The former employee of a national security contractor who pleaded guilty to violating the Espionage Act by leaking a document about Russian meddling in the 2016 presidential election has an Aug. 23 sentencing date,” the Augusta Chronicle’s Sandy Hodson reported on Wednesday. “Although Reality Leigh Winner's plea agreement calls for a 63-month prison term, U.S. District Court Chief Judge J. Randal Hall is not bound by it. The crime can be punished by up to 10 years in prison, but in the federal judicial system maximum sentences are generally reserved for defendants with extensive criminal histories. Winner, 26, had no prior criminal conviction.”

— More cybersecurity news from the public sector:

House Homeland Security Committee Chairman Michael McCaul (R-Texas) on Wednesday again urged the Senate to pass legislation that would rename and reorganize the Department of Homeland Security’s cyber wing, citing compounding threats to U.S. interests in cyberspace.
The Hill
PowerPost
The president and the senator, who traveled to Moscow this week, stand at the vanguard of a Republican electorate that is increasingly warming to the Kremlin.
Karoun Demirjian
PowerPost
Although Brian Kemp is not required to step down as secretary of state, activists say it poses an ethical dilemma for him to be a candidate and overseer of the gubernatorial election.
Vanessa Williams
Kansas’ most populous county left the rest of the state waiting nearly 13 hours until Wednesday morning for complete primary election results that proved to be pivotal in a high profile and close Republican race for governor — the second consecutive major election fumble by the affluent Kansas City-area county.
The Associated Press
With practically every member of Congress now on at least one social media platform, it’s easier than ever to reach legislators and influence their decision-making.
FCW
PRIVATE KEY
The social network’s links to violence and unrest may not be exclusive to developing countries like India or Myanmar, as some once argued.
The New York Times
The delicate process for disclosing software and hardware bugs in medical devices has made important strides in recent years, according to experts, as big manufacturers have set up disclosure programs and the threat of lawsuits against security researchers has receded.
CyberScoop
When it comes to online comments and discourse and what you can do to limit their toxicity, you only have a certain amount of power. The real leverage lies with the tech companies.
The New York Times
SECURITY FAILS

— Researchers at Graz Technical University in Austria have found that that the Meltdown vulnerability affects Samsung’s Galaxy S7 phones, Reuters’s Jack Stubbs reported on Wednesday. The researchers said the flaw can expose Galaxy S7 handsets to attacks. “A Samsung spokeswoman did not comment on how many Galaxy S7 smartphones had been sold,” Stubbs wrote. “She said there were no reported cases where Meltdown had been exploited to attack an S7 handset and that no other Samsung phones were known to be vulnerable.”

— “A new report from Alejandro Hernández, a security consultant at IOActive, found that nearly all of the 40 major online trading platforms he investigated had at least some form of vulnerability,” Wired’s Brian Barrett wrote Wednesday. “While they range widely in severity and scope, the overall picture is of an industry that has not taken security measures proportional to the sensitive information involved.”

— More news about security vulnerabilities:

Cybercrime and social media surveillance comes super-powered with facial recognition, new software created by good-guy hackers shows.
Forbes
It’s not just elections. Hackers are now targeting major golf tournaments too.
Golfweek
The nightmare scenario for computer security - artificial intelligence programs that can learn how to evade even the best defenses - may already have arrived.
Reuters
THE NEW WILD WEST
Researchers at a university in Israel have found ways to turn smart irrigation systems into a botnet that could theoretically drain some of a city’s water reserves. But don’t panic.
Motherboard
In India, the world's second-biggest smartphone market, Apple Inc's normally deft management of government relations is being put to a fresh high-stakes test.
Reuters
ZERO DAYBOOK

Today

  • Black Hat USA security conference in Las Vegas.
  • DEF CON security conference through Aug. 12 in Las Vegas.
EASTER EGGS

Rep. Chris Collins (R-N.Y.) says the charges against him are “meritless”:

Brothers receive their father’s dog tag from Korean War:

Oscars to get popular movies category: