THE KEY

As the 2020 election approaches, voting security groups are trying to rally the public behind an effort to ban Internet connections from U.S. voting machines that could be hacked by Russia and other foreign adversaries.

And they’re getting an assist from activists on the left, who are still burned by the 2016 election, when Russia hacked troves of Democratic emails and strategically released them to damage the Hillary Clinton campaign.

The joint effort has resulted in a staggering number of people -- 50,000 -- submitting comments on the issue to the Election Assistance Commission, a federal body that’s rewriting voluntary guidelines for voting machines, the organizing groups told me. 

The fact that a topic this technical can be an effective rallying cry for tens of thousands of people underscores that election security has become an increasingly pivotal issue in the 2020 contest — and tangible proof it's resonating with a Democratic base that fears Russia, which sought to help the Trump campaign in 2016, might try to deliver the president a second term.

Democrats in Congress are seizing this momentum. They're pushing legislation that would impose new cybersecurity requirements on local election offices — such as paper ballots and post-election audits. And some 2020 hopefuls such as Sens. Kamala Harris (Calif.) and Amy Klobuchar (Minn.) are touting their election security efforts on the campaign trail.

And all this high-level focus on election security has helped produce grass roots public interest — on both the right and the left — in pushing for the 2020 contest to be as secure as possible, Susan Greenhalgh, policy director for the National Election Defense Coalition, another group pushing the Internet ban, told me.

"There are a lot of peple commenting on this specific issue," Greenhalgh said. “It’s astounding to me that in this day and age, when we know foreign nations are trying to hack into our voting equipment, the EAC wouldn’t be taking a stronger stance on something that’s really a no-brainer."

A big catalyst for the comments came from the liberal blog Daily Kos and the liberal advocacy group People for the American Way, which sent email blasts to their members urging them to submit comments and warning that the 2020 election could be a repeat of 2016 if the effort wasn’t successful.

The number of people who’d submitted comments through the group’s main Web tool surged from about 1,000 a few days before the Daily Kos email on Friday to more than 30,000 a few days after, Aquene Freechild, co-director of Public Citizen’s Democracy is for People Campaign, one of the organizing groups, told me. The EAC's comment period closed Wednesday. 

“We must demand election security, especially with the stakes as high as they are for the 2020 elections,” that email blast warned.

While the email blasts didn't get into technical details, the broad concern is about network connections to share unofficial results after voting has concluded, not connections during the actual voting process.

Security experts worry that hackers could disrupt that process by interrupting wireless signals, delaying election reports and lowering the public’s confidence in them. Hackers might also crack into the connections when election offices are testing them, implanting malware to disrupt or alter vote totals, they say. 

EAC spokeswoman Brenda Soder declined to comment specifically about the push to ban wireless connections, but told me the commission would organize the comments by topic and consider all of them during its final revision of the guidelines.

Security experts have long agreed that the process of casting votes should be segregated from the Internet. But there's been less attention paid to Internet connections during other parts of the election process. Voting machines that allow network connections to deliver unofficial vote tallies are certified for use in states including Florida, Illinois, Michigan and Wisconsin among others, according to an October 2018 report from McClatchy. But they’re also banned in some states including New York and Colorado, Greenhalgh told me.

And even though the new EAC guidelines will be voluntary, they’re likely to spur other states to follow New York and Colorado’s lead, she said.

The primary advantage of voting machines with an Internet connection is that they speed up the process of reporting results by allowing voting sites to share the information digitally rather than, say, having someone from every voting location drive a thumb drive or disk with voting results to a central location, Maurice Turner, senior technologist at the Center for Democracy and Technology, told me.

That speedy reporting was a big focus for election officials before 2016, he told me, fed by the public’s desire for fast election results. But now officials are focused more on balancing speed with security, he said.

PINGED, PATCHED, PWNED

PINGED: Special counsel Robert S. Mueller III closed his one and only news conference Wednesday by restating a central conclusion of his office’s investigation: “That there were multiple, systematic efforts to interfere in our election,” an allegation that he said “deserves the attention of every American.” 

Democrats in Congress were quick to oblige with a fresh push for election security bills — and attacks on Republicans who are blocking them. “Mr. Mueller made clear today that the Russians interfered in our elections, the wellspring of our democracy. and yet, inexplicably, Senator McConnell and the Republicans in the Senate are blocking bipartisan election security legislation,” Senate Minority Leader Chuck Schumer (N.Y.) said in a statement.

House Homeland Security Chairman Bennie Thompson (Miss.) “urge[d] House Republicans to join House Democrats” in supporting his Election Security Act, which would deliver more than $1 billion in election security grants to states.

Other Democrats used the Mueller moment to call for a renewed focus on election security but were less partisan in their calls.  

Sen. Mark Warner (Va.), the ranking Democrat on the Senate Intelligence Committee, warned that “going forward, we must take steps to protect our democracy by passing legislation that enhances election security, increases social media transparency, and requires campaign officials to report any contact with foreign nationals attempting to coordinate with a campaign.”

Republican Sen. James Lankford (Okla.), the main sponsor of bipartisan election security legislation last Congress, also got in on the action.

Lankford hasn’t reintroduced his bill this Congress and Sen. Ron Blunt (R-Miss.), chairman of the Senate Rules Committee, has said the bill is unlikely to get Senate consideration if Lankford does introduce it.

Here’s more on the Mueller statement from my colleagues Devlin Barrett and Josh Dawsey.

PATCHED: A bipartisan group of lawmakers from New York is pushing New York City subway authorities for answers about a Chinese state-owned company’s proposal to build new rail cars for the city — raising concerns the new trains could be a digital spying platform for Beijing.

The company, China Railway Rolling Stock Corp., or CCRC, won a contest to design New York rail cars last year and proposed investing $50 million of its own money to outfit the rail cars with new technology. “While we welcome innovation and continued enhancements to the operation of our subway system, we have serious concerns regarding the intimate involvement of a Chinese state-owned enterprise in these efforts,” the lawmakers led by Reps. Kathleen Rice (D) and John Katko (R) write.

Senate Minority Leader Charles Schumer (D-N.Y.) has already raised concerns about the CCRC cars.

The company has also sought to build D.C. metro cars — a move that Maryland and Virginia lawmakers are seeking to block.

Here’s more on the story from the Hill’s Maggie Miller.

PWNED: Bond market investors don’t seem overly troubled about U.S. government efforts to restrict the Chinese telecom Huawei’s business over Chinese spying concerns, the Wall Street Journal’s Quentin Webb reported.

“Prices of U.S. dollar bonds issued by the privately-owned Chinese producer of smartphones and networking gear have fallen in recent weeks…[but] remain far from distressed territory and imply a low likelihood of the company running into financial trouble,” Webb reported.

The news comes after the Trump administration banned Huawei from U.S. next-generation 5G wireless networks earlier this month and after a Commerce Department order restricting U.S. companies from supplying Huawei with software and components.

U.S. officials are also urging allies to bar Huawei from their 5G networks. “While investors are demanding higher returns to hold Huawei’s bonds, they don’t think the debt is particularly risky,” Webb reported.

“Steve Wang, a credit analyst at CITIC CLSA in Hong Kong, said its bond prices implied it was as creditworthy as a company with a low investment-grade rating,” the Journal reported. “Huawei doesn’t have credit ratings from international rating firms.”

PUBLIC KEY

Misplaced your handy guide to the FBI’s most wanted cybercriminals? ZDNet has you covered.

More cybersecurity news from the public sector:

The agency is using its authority under a new cybersecurity regulation to investigate a mistake by a title insurer that revealed a trove of sensitive data.
New York Times
U.S. Vice President Mike Pence and Canadian Prime Minister Justin Trudeau will d...
Reuters
Technology
House Speaker Nancy Pelosi (D-Calif.) said Wednesday that Facebook’s refusal to take down an altered video of her shows that the company’s leaders were active contributors to online disinforrmation and “willing enablers" of Russian interference in the 2016 election.
Drew Harwell
Most California counties think they will make the deadline to update their voting systems, but 10 are requesting exemptions or extensions.
NBC News
New York data security law could look different if the state's lawmakers pass the SHIELD Act, which would cover any business working with state residents.
Cyberscoop
Governments are collecting lots of data on the people using roads, trains and buses, and without proper oversight, that information could easily be misused.
Nextgov
Designed to rapidly map enemy fighters based on electronic surveillance, the revolutionary NSA system merged intelligence from different sources, including its closest allies. The ramifications are still being felt.
The Intercept
PRIVATE KEY

Cybersecurity news from the private sector:

Pension groups in the United States and UK have investments in Novalpina Capital, which controls a portion of the board at NSO Group.
Cyberscoop
Tens of millions of records about users of different dating apps have been discovered in a single database that doesn’t include any password protection, according to new research findings.
Cyberscoop
THE NEW WILD WEST

Cybersecurity news from abroad:

For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country's growing IT independence.
Defense One
New Zealand police believe early accessing of sensitive budget information from ...
Reuters
Canadian lawmakers fumed on Tuesday when Facebook Inc founder and Chief Executiv...
Reuters