The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Democratic base fired up by effort to ban Internet-connected voting machines

Placeholder while article actions load


As the 2020 election approaches, voting security groups are trying to rally the public behind an effort to ban Internet connections from U.S. voting machines that could be hacked by Russia and other foreign adversaries.

And they’re getting an assist from activists on the left, who are still burned by the 2016 election, when Russia hacked troves of Democratic emails and strategically released them to damage the Hillary Clinton campaign.

The joint effort has resulted in a staggering number of people -- 50,000 -- submitting comments on the issue to the Election Assistance Commission, a federal body that’s rewriting voluntary guidelines for voting machines, the organizing groups told me. 

The fact that a topic this technical can be an effective rallying cry for tens of thousands of people underscores that election security has become an increasingly pivotal issue in the 2020 contest — and tangible proof it's resonating with a Democratic base that fears Russia, which sought to help the Trump campaign in 2016, might try to deliver the president a second term.

Democrats in Congress are seizing this momentum. They're pushing legislation that would impose new cybersecurity requirements on local election offices — such as paper ballots and post-election audits. And some 2020 hopefuls such as Sens. Kamala Harris (Calif.) and Amy Klobuchar (Minn.) are touting their election security efforts on the campaign trail.

And all this high-level focus on election security has helped produce grass roots public interest — on both the right and the left — in pushing for the 2020 contest to be as secure as possible, Susan Greenhalgh, policy director for the National Election Defense Coalition, another group pushing the Internet ban, told me.

"There are a lot of peple commenting on this specific issue," Greenhalgh said. “It’s astounding to me that in this day and age, when we know foreign nations are trying to hack into our voting equipment, the EAC wouldn’t be taking a stronger stance on something that’s really a no-brainer."

A big catalyst for the comments came from the liberal blog Daily Kos and the liberal advocacy group People for the American Way, which sent email blasts to their members urging them to submit comments and warning that the 2020 election could be a repeat of 2016 if the effort wasn’t successful.

The number of people who’d submitted comments through the group’s main Web tool surged from about 1,000 a few days before the Daily Kos email on Friday to more than 30,000 a few days after, Aquene Freechild, co-director of Public Citizen’s Democracy is for People Campaign, one of the organizing groups, told me. The EAC's comment period closed Wednesday. 

“We must demand election security, especially with the stakes as high as they are for the 2020 elections,” that email blast warned.

While the email blasts didn't get into technical details, the broad concern is about network connections to share unofficial results after voting has concluded, not connections during the actual voting process.

Security experts worry that hackers could disrupt that process by interrupting wireless signals, delaying election reports and lowering the public’s confidence in them. Hackers might also crack into the connections when election offices are testing them, implanting malware to disrupt or alter vote totals, they say. 

EAC spokeswoman Brenda Soder declined to comment specifically about the push to ban wireless connections, but told me the commission would organize the comments by topic and consider all of them during its final revision of the guidelines.

Security experts have long agreed that the process of casting votes should be segregated from the Internet. But there's been less attention paid to Internet connections during other parts of the election process. Voting machines that allow network connections to deliver unofficial vote tallies are certified for use in states including Florida, Illinois, Michigan and Wisconsin among others, according to an October 2018 report from McClatchy. But they’re also banned in some states including New York and Colorado, Greenhalgh told me.

And even though the new EAC guidelines will be voluntary, they’re likely to spur other states to follow New York and Colorado’s lead, she said.

The primary advantage of voting machines with an Internet connection is that they speed up the process of reporting results by allowing voting sites to share the information digitally rather than, say, having someone from every voting location drive a thumb drive or disk with voting results to a central location, Maurice Turner, senior technologist at the Center for Democracy and Technology, told me.

That speedy reporting was a big focus for election officials before 2016, he told me, fed by the public’s desire for fast election results. But now officials are focused more on balancing speed with security, he said.


PINGED: Special counsel Robert S. Mueller III closed his one and only news conference Wednesday by restating a central conclusion of his office’s investigation: “That there were multiple, systematic efforts to interfere in our election,” an allegation that he said “deserves the attention of every American.” 

Democrats in Congress were quick to oblige with a fresh push for election security bills — and attacks on Republicans who are blocking them. “Mr. Mueller made clear today that the Russians interfered in our elections, the wellspring of our democracy. and yet, inexplicably, Senator McConnell and the Republicans in the Senate are blocking bipartisan election security legislation,” Senate Minority Leader Chuck Schumer (N.Y.) said in a statement.

House Homeland Security Chairman Bennie Thompson (Miss.) “urge[d] House Republicans to join House Democrats” in supporting his Election Security Act, which would deliver more than $1 billion in election security grants to states.

Other Democrats used the Mueller moment to call for a renewed focus on election security but were less partisan in their calls.  

Sen. Mark Warner (Va.), the ranking Democrat on the Senate Intelligence Committee, warned that “going forward, we must take steps to protect our democracy by passing legislation that enhances election security, increases social media transparency, and requires campaign officials to report any contact with foreign nationals attempting to coordinate with a campaign.”

Republican Sen. James Lankford (Okla.), the main sponsor of bipartisan election security legislation last Congress, also got in on the action.

Lankford hasn’t reintroduced his bill this Congress and Sen. Ron Blunt (R-Miss.), chairman of the Senate Rules Committee, has said the bill is unlikely to get Senate consideration if Lankford does introduce it.

Here’s more on the Mueller statement from my colleagues Devlin Barrett and Josh Dawsey.

PATCHED: A bipartisan group of lawmakers from New York is pushing New York City subway authorities for answers about a Chinese state-owned company’s proposal to build new rail cars for the city — raising concerns the new trains could be a digital spying platform for Beijing.

The company, China Railway Rolling Stock Corp., or CCRC, won a contest to design New York rail cars last year and proposed investing $50 million of its own money to outfit the rail cars with new technology. “While we welcome innovation and continued enhancements to the operation of our subway system, we have serious concerns regarding the intimate involvement of a Chinese state-owned enterprise in these efforts,” the lawmakers led by Reps. Kathleen Rice (D) and John Katko (R) write.

Senate Minority Leader Charles Schumer (D-N.Y.) has already raised concerns about the CCRC cars.

The company has also sought to build D.C. metro cars — a move that Maryland and Virginia lawmakers are seeking to block.

Here’s more on the story from the Hill’s Maggie Miller.

PWNED: Bond market investors don’t seem overly troubled about U.S. government efforts to restrict the Chinese telecom Huawei’s business over Chinese spying concerns, the Wall Street Journal’s Quentin Webb reported.

“Prices of U.S. dollar bonds issued by the privately-owned Chinese producer of smartphones and networking gear have fallen in recent weeks…[but] remain far from distressed territory and imply a low likelihood of the company running into financial trouble,” Webb reported.

The news comes after the Trump administration banned Huawei from U.S. next-generation 5G wireless networks earlier this month and after a Commerce Department order restricting U.S. companies from supplying Huawei with software and components.

U.S. officials are also urging allies to bar Huawei from their 5G networks. “While investors are demanding higher returns to hold Huawei’s bonds, they don’t think the debt is particularly risky,” Webb reported.

“Steve Wang, a credit analyst at CITIC CLSA in Hong Kong, said its bond prices implied it was as creditworthy as a company with a low investment-grade rating,” the Journal reported. “Huawei doesn’t have credit ratings from international rating firms.”


Misplaced your handy guide to the FBI’s most wanted cybercriminals? ZDNet has you covered.

More cybersecurity news from the public sector:

New York Regulator to Investigate Exposure of Mortgage Documents (New York Times)

Pence, Trudeau to discuss Huawei and China trade issues in Ottawa:... (Reuters)

Pelosi says altered videos show Facebook leaders were ‘willing enablers’ of Russian election interference (Drew Harwell)

California counties must update voting systems by March 2020 (NBC News)

New York could soon pass its own GDPR-inspired data security law - CyberScoop (Cyberscoop)

Report: Smart Transportation Systems Pose ‘Profound’ Privacy Risks (Nextgov)

Mission Creep: How the NSA’s Game-Changing Targeting System Built for Iraq and Afghanistan Ended Up on the Mexican Border (The Intercept)


Cybersecurity news from the private sector:

Facebook Sees ‘Many Open Questions’ in Years-Long Privacy Pivot (Bloomberg)

Rights groups probe investments in NSO Group’s private equity firm - CyberScoop (Cyberscoop)

Chinese database exposes 42.5 million records compiled from multiple dating apps - CyberScoop (Cyberscoop)

Flipboard hacks prompt password resets for millions of users – TechCrunch (TechCrunch)


Cybersecurity news from abroad:

Russia's Would-Be Windows Replacement Gets a Security Upgrade (Defense One)

New Zealand budget leaks not deemed illegal - Treasury (Reuters)

Canadian lawmakers fume after Facebook's Zuckerberg snubs invitation (Reuters)