THE KEY

Democrats are rallying around a pledge not to reference hacked documents in the 2020 contest — and using it as a cudgel to pound President Trump and other Republicans who won’t make similar guarantees.

Out of 20 Democratic presidential candidates polled by The Post, 18 renounced using hacked material in their campaigns to some degree while two didn’t respond, my colleagues Sean Sullivan and Michael Scherer reported. President Trump’s reelection campaign, however, declined to say whether or how it would use hacked materials in the race.

The message isn't just shared by those running for the highest office: Democratic Congressional Campaign Committee Chairwoman Cheri Bustos (Ill.) has challenged her Republican counterpart Tom Emmer (Minn.) to make a similar pledge. 

The all-hands push just months into the presidential race shows Democrats plan to make Russian interference a wedge issue in 2020 -- to rally their base by reminding voters that intelligence agencies concluded that Moscow sought to influence the last election in favor of Trump and damage Democratic nominee Hillary Clinton. 

And Trump, who openly sought to make hay of the hacked documents in the 2016 race, may be especially vulnerable to charges he isn't serious about stopping Russian election interference in 2020.

While special counsel Robert S. Mueller III didn’t find evidence any Trump campaign officials knowingly assisted the Russian hacking effort, the Mueller report documented numerous contacts between Trump campaign officials and WikiLeaks, which published the hacked emails. Trump frequently urged his supporters to read the hacked documents -- and even publicly urged Russia to find more of Clinton’s emails. 

Democrats are seizing the pledge as a way to press the issue this time around. From Democratic National Committee Chairman Tom Perez: 

From Sen. Kirsten Gillibrand (D-N.Y.), who was the first 2020 candidate to publicly come out against using hacked material: 

Democrats made a similar push to get Republicans to swear off hacked documents in advance of the 2018 midterms but didn’t press the issue nearly as hard. Talks about a joint pledge dragged on until just two months before the midterm vote when Republicans withdrew amid squabbles over specific wording, CNN reported at the time

But with Trump at the top of the ticket, any effort at compromise seems to be out of the question. 

The president’s attorney Rudy Giuliani stoked Democrats’ ire when he said on CNN last week that there’s "nothing wrong" with taking dirt on an opponent from Russian sources. 

That drew a quick rebuke from Perez:

Vice President Pence also ducked a question about using hacked material, according to NBC News’s Vaughn Hillyard.

But even Democrats aren’t all on the same page about hacked material in certain circumstances, my colleagues reported.

A spokeswoman for Democratic candidate Marianne Williamson, for example, said the campaign reserved the right to talk about hacked material if it had already been reported and verified by the mainstream media.

And some want the candidates to go further and make specific pledges about how they’ll deal with online disinformation operations and other tactics used by Russian agents in 2016. 

“Refusal to forgo both hacking and the use of hacking materials is a great start, but clear stances on use of fake social media accounts, fake websites and images, high-volume bots, troll farms, and other illicit tactics in common use today by Russia, Saudi Arabia, China and other authoritarian nations will also be necessary,” Simon Rosenberg, who was a senior adviser to the House Democratic campaign arm in 2016 and helped run a program to search for online election interference, told Sean and Michael.

PINGED, PATCHED, PWNED

PINGED: Russian hackers were “in a position” to alter voter roll data in one Florida county in advance of the 2018 elections, Sen. Marco Rubio (R-Fla.) told the New York Times’s Frances Robles this weekend, ratcheting up concerns about a vulnerability that was mostly dismissed before the midterm contest.

Russian hackers probably compromised election systems in that county with a malware-laden email that appeared to come from the county’s voting system vendor, Robles reported. But U.S. intelligence agencies that discovered the breach didn’t alert the county, Rubio said — instead issuing a general warning to all counties.

Before the 2018 contests, Rubio and then-Sen. Bill Nelson (D-Fla.) sent a letter to all Florida election officials warning about Russian hacking — written at the request of Senate Intelligence Chairman Richard Burr (R-N.C.) and ranking Democrat Mark Warner (Va.). Nelson also warned that Russians were actively inside Florida county networks at the time, but that wasn’t confirmed by the Department of Homeland Security or the other senators.

The issue was reopened by the Mueller report, which revealed for the first time that FBI officials believed Russian hackers had penetrated a Florida county government’s computer networks. Nelson told me last week he felt vindicated by the report.

The FBI will brief Sen. Rick Scott (R-Fla.), who was governor at the time of the breach, and Gov. Ron DeSantis (R) in the next few weeks, Politico reported.

PATCHED: A new working group of former government officials and academics is hoping to launch a “more constructive” public conversation about end-to-end encrypted communication systems — which are inaccessible to law enforcement even with a warrant. The group is sponsored by the Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy.

The dispute between law enforcement officials who say such systems allow criminals and terrorists to “go dark” online and tech companies that say there’s no way to give police special access to encrypted communications without weakening cybersecurity for everyone reached a climax in 2016. That's when Apple refused to help the FBI crack into an encrypted iPhone used by San Bernardino, Calif., shooter Syed Farook.

The new working group plans to “take a step back” from that big question about police access and focus on broader encryption issues that haven’t received as much focus, Tim Maurer, co-director of the Carnegie Endowment’s Cyber Policy Initiative, told me. One of the group’s first white papers, for example, focuses on how new super-powerful quantum computers will require more powerful encryption systems.

The group may or may not ultimately weigh in on law enforcement access to encryption, Maurer told me.

The group does not include any representatives from law enforcement or the tech industry but is weighted toward former government officials, including former FBI general counsel Jim Baker, former CIA deputy director Avril Haines and former NSA deputy director Chris Inglis as well as former Obama White House chief of staff Denis McDonough and homeland security adviser Lisa Monaco.

PWNED: An Irish data regulator has opened an investigation into Facebook’s failure to properly secure hundreds of millions of user passwords — adding to the social media company's growing security and regulatory woes.

 “The latest regulatory headache for Facebook comes a day after it confirmed to investors that the company had set aside $3 billion for a potential privacy fine linked to an ongoing investigation by the U.S. Federal Trade Commission,” Politico’s Mark Scott reported.

And “Canada’s federal privacy commissioner on Thursday announced the results of a probe that found Facebook had committed serious contraventions of privacy law and failed to take responsibility for protecting the personal information of citizens,” Reuters noted.

Facebook earlier acknowledged it stored the passwords in an unencrypted format on an internal server that employees could access. There’s no evidence any of the passwords leaked out to malicious hackers or that employees used the passwords inappropriately, Facebook has said.

PUBLIC KEY

Cybersecurity news from the public sector:

Politics
The Republican senator said Russia’s interference in the 2016 election was “not just a few Facebook ads,” as Trump’s son-in-law asserted last week. 
Rachael Bade
The two selected vendors will prototype cloud-based systems that isolate the department’s internal network from the public internet while still allowing employees to browse the web.
Nextgov
The Government Accountability Office is pushing the Department of Homeland Security on tardy cybersecurity reforms.
FCW
PRIVATE KEY

Cybersecurity news from the private sector:

City of Cleveland says the system was not hacked nor were there any ransom demands made as a result of the technical problems.
Cleveland.com
Slack fears nation-state hackers above all, expects to see attacks, warns of potential stock hit.
ZDNet
Two years after highly classified exploits built by the National Security Agency were stolen and published, hackers are still using the tools for nefarious reasons.
THE NEW WILD WEST

Cybersecurity news from abroad: