With just days to go before the midterms, two Democrats are accusing Republican Brian Kemp of downplaying election security for his own political gain in his run for Georgia governor.
Senator Ron Wyden (D-Ore.) calls the potential insecurity of Georgia's paperless voting machines a “disaster.” And Rep. Earl Blumenauer (D-Ore.) told me the fact that Georgia voters will be going to the polls without a paper backup is “outrageous.”
“Secretary of State Kemp has shown a total disregard for election security,” Wyden said in an email. “He seems to see a personal benefit to ignoring the urgent warnings from experts and intelligence agencies about the threats to Georgia’s election system.”
In a bitterly divided Congress, election integrity was expected to be an issue where lawmakers could find bipartisan consensus. But it's poised to get even more political as Democrats promise to make election security a key priority if they are able to gain power in Washington after the midterms. For now, they are focusing their ire on Kemp, who as secretary of state controls Georgia's voter rolls -- and is currently administering his own election battle against Democrat Stacey Abrams.
Kemp has resisted pressure — and the overwhelming recommendations of security experts and policymakers — to use paper ballots in the midterms amid concerns about the security of the state's electronic voting machines. Election integrity advocates brought a federal lawsuit seeking to force the state to adopt paper ballots in the midterms amid fears that votes will not be safe from potential hackers, especially from Russia. Last month, a federal judge denied a motion that would have forced Georgia to adopt paper ballots ahead of the midterms.
Voting advocates have also accused Kemp of improperly preventing new citizens from joining the voter rolls. And in a win for civil rights groups, a federal judge ruled last week that Georgia election officials must stop rejecting absentee ballots or applications for ballots with mismatched signatures. With Kemp locked in a dead heat with Abrams, the stakes are high. And the legal battles have prompted questions from Democrats over whether Kemp is trying to suppress turnout for those who might support Abrams, who if elected would be the country's first black female governor -- which he denies.
Democrats are seizing the opportunity to pile on Kemp. As Wyden tweeted Monday:
Imagine if Georgia Secretary of State Brian Kemp put as much energy into replacing Georgia’s insecure, paperless voting machines as he does suppressing minority voters. #PaperBallotsNOW— Ron Wyden (@RonWyden) October 29, 2018
It is flatly unacceptable and un-American for Brian Kemp to force thousands and thousands of voters to wait in long lines just to cast their ballots on ancient, insecure voting machines. #PaperBallotsNOW— Ron Wyden (@RonWyden) October 29, 2018
The jabs might not be just talk (and tweets) for long. Wyden has been pushing for Congress to require states to have paper backups, which would help ensure the votes are able to be audited correctly if there is any interference — or concern that there might have been interference. He has introduced the Protecting American Votes and Elections Act (PAVE) that would accomplish this.
While many states have taken action on their own, Georgia is one of just five states that will vote without paper backups next week. But the momentum will only grow stronger if Democrats take the House.
“Congress won’t solve voting security before the end of this year,” Wyden emailed. “It would be a disaster for states to continue to use paperless voting machines in November 2020.”
Blumenauer introduced a House companion to Wyden’s bill, and said Democrats will use hearings to bring greater awareness and oversight to election security issues if they take back the House. Blumenauer said Republicans should have been more concerned and done more to address election security after reports of Russian influence in the 2016 election.
“If we're in charge, there will be an effort to do it right,” Blumenauer said.
Kemp’s campaign did not immediately respond to a request for comment. Kemp, who has been a vocal opponent of federal election assistance, argued in the lawsuit that the transition to paper ballots would cause chaos and said the state’s election systems are secure. He has also argued for this is an issue of states' rights, saying earlier this year that the federal government could use security as an excuse to “subvert the Constitution” and federalize the election process.
But lawmakers say states' varying attitudes towards election security exactly why they need to step in.
"States could have made it a priority,” Blumenauer said. “They didn’t, and now they need help.”
Getting anything done in Congress may still be a challenge, as the parties diverge on the best approach. Earlier this year, the bipartisan Secure Elections Act stalled after the Senate Rules Committee canceled a key vote on the legislation when the White House raised concerns about giving the federal government too much power in election administration. The legislation would have given the Department of Homeland Security more authority on election security, putting it in charge of sharing threats with the states.
The growing partisan divide on election integrity is also reflected in recent polls. The public is not confident that election systems in the United States are secure from hacking, according to data out this week from the Pew Research Center, but "[in] general, Republicans express greater confidence than Democrats in the security of election systems and in the seriousness with which government officials are treating the threat of hacking and other technological threats."
"This is especially true at the national level: Republicans and Republican leaners are 25 percentage points more likely than Democrats and Democratic leaners to say they are very or somewhat confident that election systems in the U.S. are secure (59% vs. 34%), and they are 29 percentage points more likely to say that the federal government is making serious efforts to protect these systems (72% vs. 43%)," according to Pew.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: “With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking,” ABC News's Chris Good reported Tuesday. A DHS spokesman told ABC News that 21 states have undergone such testing or are scheduled to do so — but declined to specify which states did and did not receive the assessment.
“ABC News asked election officials in all 50 states whether they have participated, and 19 states — Arizona, Colorado, Connecticut, Delaware, Iowa, Illinois, Indiana, Maryland, Massachusetts, Minnesota, Montana, Nebraska, North Carolina, Pennsylvania, Rhode Island, South Carolina, Utah, Washington and Wisconsin — confirmed that they had, while several others declined to comment,” Good wrote. “A Louisiana election official said the state is currently undergoing a DHS assessment, which will be complete after the November midterms. A New York official said the state has completed paperwork and is awaiting an assessment.”
The assessments can include looking for cybersecurity vulnerabilities and conducting phishing tests, according to ABC News. “In public appearances and talks with election officials, Secretary Kirstjen Nielsen has made it clear that her department is ready to assist but acknowledged that efforts vary widely state by state,” according to Good.
PATCHED: eSlate direct-recording electronic voting machines by Hart InterCivic, which have been reported to change the candidate selections of some Texas voters, have had known vulnerabilities for years, a computer security expert told Kim Zetter in a Motherboard article on Tuesday. The state has said the glitch stems from the fact that users misused the machines when they chose to vote for a straight-party ticket, but Zetter reported that “Dan Wallach, a computer science professor at Rice University in Houston who has examined the systems extensively in the past, told Motherboard in a phone interview that the problem is a common type of software bug that the maker of the equipment could have fixed a decade ago and didn’t, despite previous voter complaints.”
Additionally, Wallach told Motherboard that Hart InterCivic has not updated the eSlate voting machines in over a decade. “He notes that the company hasn’t released any new software at all for the eSlate system since 2007, despite a report he helped publish in 2007 showing severe security problems with the machines,” Zetter wrote. “Wallach, who conducted an extensive review of the systems for California and published the report with colleagues, says Hart has not fixed the problems in the intervening years.”
PWNED: “The Justice Department on Tuesday unsealed charges against 10 Chinese spies, hackers and others accused of conspiring to steal sensitive commercial airline and other secrets from U.S. and European companies,” The Washington Post's Ellen Nakashima reported. The superseding indictment, filed on Oct. 25 in the U.S. District Court for the Southern District of California, did not identify the American company or the French manufacturer, which has an office in Suzhou, China. “The defendants hacked the French firm, as well as companies in Arizona, Massachusetts and Oregon that made parts for the jet engine, officials alleged,” according to Ellen. “At the time of the intrusions, a Chinese state-owned aerospace company was developing a comparable commercial jet engine, they said.”
Prosecutors alleged that the conspiracy lasted from at least January 2010 till May 2015. “Two of the defendants, Zha Rong and Chai Meng, are officers with the Jiangsu Province Ministry of State Security [JSSD], a provincial arm of the [Ministry of State Security],” my colleague reported. “Zha Rong is accused of directing the intrusion into the French firm. Chai Meng, who is also known as ‘Cobain,’ coordinated the hackers and the activity of two Chinese employees of the French company, who also were charged for their role in facilitating the technology theft, U.S. officials alleged. Those employees, Gu Gen and Tian Xi, worked in the company’s Suzhou office.”
— “The special counsel investigation is pressing witnesses about longtime Trump ally Roger Stone’s private interactions with senior campaign officials and whether he had knowledge of politically explosive Democratic emails that were released in October 2016, according to people familiar with the probe,” The Washington Post's Robert Costa, Carol D. Leonnig, Rosalind S. Helderman and Manuel Roig-Franzia reported Tuesday. “As part of his investigation into Russia’s interference in the 2016 campaign, special counsel Robert S. Mueller III appears to be focused on the question of whether WikiLeaks coordinated its activities with Stone and the campaign, including the group’s timing, the people said. Stone and WikiLeaks have adamantly denied being in contact.”
My colleagues wrote that Mueller's team has “been scrutinizing phone and email records from the fall of 2016, looking for evidence of what triggered WikiLeaks to drop the Podesta emails right after the ‘Access Hollywood’ tape story broke, according to people with knowledge of the probe.”
— More cybersecurity news from the public sector:
— “The hacking group behind the costly cyberattack that shut down many of the Atlanta [government's] computer systems earlier this year is primarily targeting U.S.-based organizations, according to a new report,” the Hill's Olivia Beavers reported. “Cybersecurity firm Symantec on Tuesday said the SamSam hacking group, which specializes in ransomware attacks, has gone after at least 67 different targets this year, mostly located in the U.S.”
— More cybersecurity news from the private sector:
— “A federal employee infected a U.S. government network with malware after viewing more than 9,000 pornographic Web pages at work, according to an inspector general’s report,” The Post's Michael Brice-Saddler reported Tuesday. “The report, published Oct. 17, shows that the employee’s actions were discovered during a security audit of the computer network at the U.S. Geological Survey. The employee had an ‘extensive history of visiting adult pornography websites’ on a work computer, many of which were Russian and contained malware that spread to the USGS network.”
- CyberCon 2018 organized by Fifth Domain tomorrow in Arlington, Va.
- The National Institute of Standards and Technology hosts the 2018 Cybersecurity Risk Management Conference on Nov. 7 through Nov. 9 in Baltimore.
“They were always ready with a greeting”: Friend remembers Cecil and David Rosenthal.
Whitey Bulger: Murderer, robber, racketeer.
Late-night reactions to Trump’s interview on birthright citizenship: