Democrats are pressing hard this week in what could be their final chance to pass legislation aimed at protecting the 2020 contest against Russian hackers.
Senate Democrats have failed for months to force Senate Majority Leader Mitch McConnell (R-Ky.) to allow a vote on bills committing an additional $600 million to election security and also mandating security reforms such as paper ballots and post-election cybersecurity audits. Now they’re shifting tactics and trying to force some of that funding into a must-pass spending bill.
Round one of the fight starts Thursday at a Senate Appropriations Committee meeting where the top-ranking Democrat, Sen. Patrick Leahy (Vt.), and the top Democrat on the committee’s general government panel, Sen. Chris Coons (Del.), will try to force the money into the Republican draft of a spending bill.
If that doesn’t work, Democrats can keep trying to push Republicans to add the measure through the lengthy give-and-take of the appropriations process that's likely to drag on for several months. Aides for Leahy and Coons declined to tell me precisely what was in the amendment they’ll be introducing Thursday, but Sen. Ron Wyden (D-Ore.) and other senators are pushing for at least the $600 million that’s included in legislation already passed by the House.
If the last-ditch effort fails, many Americans are likely to cast votes in 2020 in a process still governed by the same lax rules as in 2016 – when a Russian hacking and disinformation operation upended the election and severely damaged voters’ confidence in the democratic process. The federal government has surged its cybersecurity help to state election officials since then and several states and localities have voluntarily improved protections, but the improvements are far from universal.
“Right now what's going on is we're basically sending local election officials into battle against hackers without the tools or the guidance that is essential to defend our democracy,” Wyden, a major booster of election security legislation, said during a press conference organized by the civil liberties group Public Citizen.
Wyden described the effort as a “full court press with a focus on convincing one person…Mitch McConnell to make reforms that we believe are essential to secure elections.”
Sen. Richard Blumenthal (D-Conn.), speaking at the same press conference, described an “eroding trust in our elections” as a result of the failure to pass legislation. “That trust is necessary for people to turn out at the polls, for ordinary voters to feel that his or her vote counts and elections have consequences,” he said.
The senators calls were echoed by Democrats’ 2016 presidential nominee Hillary Clinton, who savaged McConnell and Trump legislation at a separate event as my colleague John Wagner reported.
“There is no way we can have the kind of secure election that we need without changing our laws and following it up with real investments,” Clinton said. “We have a fundamental set of threats to the bedrock of our democracy, and anyone who stands in the way of confronting those threats — from Mitch McConnell and his allies to the president himself — is abdicating their responsibility to protect and defend the Constitution.”
It’s not just the budgeting process that’s making timing tight, though.
States are already deep in the process of buying and certifying the technology they’ll use in 2020 and there’s not much time left for new purchases and upgrades. Time may have completely run out for some localities still using voting machines lacking paper trails to buy and certify paper-based machines before the 2020 general election.
“I am deeply alarmed that we are running out of time. Time is not on our side. Even now we are up against very serious deadlines,” Blumenthal said.
The senators may also have to figure out whether they’re willing to accept a deal that delivers money to states to upgrade the cybersecurity of their election systems and invest in cybersecurity training but doesn’t mandate any specific fixes such as paper ballots. McConnell and other Republicans have said those mandates would unfairly infringe on states’ rights to run elections.
That’s the deal Democrats took in 2018 when Congress added $380 million for election security upgrades to an earlier funding bill. About 85 percent of that money will be spent before the 2020 contest, Christy McCormick, chairwoman of the Election Assistance Commission, which distributed the money, has said.
Wyden, on Tuesday, called any bill that doesn’t include security mandates “sham legislation” that would only “increase the divide between states with good security and states that are open to foreign hacking.”
Blumenthal was more conciliatory, calling security mandates “the coin of the realm” but also acknowledging that “in a compromise you never achieve everything that we might want.”
A McConnell staffer told me earlier this month the majority leader would “consider serious bills that attend to real obstacles that still face federal, state, and local authorities as they work together to secure our elections” but declined to speculate on whether he might accept a funding-only bill.
PINGED: The Justice Department is suing ex-NSA contractor Edward Snowden for allegedly violating a non-disclosure agreement by publishing his new memoir Permanent Record without seeking government approval, my colleague Matt Zapotosky reports. DOJ wants to confiscate profits from the book, but has no desire to "stop or restrict the publication or distribution" of the new book, it says.
“The United States’ ability to protect sensitive national security information depends on employees’ and contractors’ compliance with their non-disclosure agreements," Assistant Attorney General Jody Hunt said in a statement. "This lawsuit demonstrates that the Department of Justice does not tolerate these breaches of the public’s trust."
In his book, Snowden details the events leading up to and following his decision in 2013 to leak information exposing secret government surveillance programs to the media. Snowden's legal team has already shot back arguing that the book doesn't include any secrets that news organizations haven't already revealed.
"Had Mr. Snowden believed that the government would review his book in good faith, he would have submitted it for review," Ben Wizner, director of the ACLU’s Speech, Privacy, and Technology Project and attorney for Snowden said in a statement.
Statement by the American Civil Liberties Union on the government's lawsuit against myself and the publishers: https://t.co/IIhwhO08k0— Edward Snowden (@Snowden) September 17, 2019
Here's an excepert from Snowden's memoir published by The Nation.
PATCHED: Ecuador’s government agency responsible for telecommunications and information technology has launched an investigation into a massive breach that exposed the personal data of nearly all of the country's population this week, Palko Karasz and Anatoly Kurmanaev at the New York Times' report. The exposed data included personal information for 20.8 million Ecuadorians (including the personal details of 6.7 million children). It also included 7.5 million financial and banking records and 2.5 million car ownership records. Officials have not disclosed whether any hackers actually stole the exposed data.
Researchers at vpnMentor discovered the data on an unprotected server in Miami, which has since been patched. The server appears to be owned by the Ecuadorian company Novaestrat, vpnMentor said. Authorities detained and questioned a legal representative for the company in connection with the breach on Tuesday, according to a statement from Ecuadoran officials.
PWNED: The failure by American tech companies and government agencies to rein in threats like disinformation and deepfakes is giving adversaries like Russia and China an edge when it comes to shaping global Internet standards, Sen. Mark Warner (D-Va.) warned at a symposium on information and election security. Warner pinned part of the problem on Americans' lax attitudes toward cybersecurity, pointing out that adversaries don't need "sophisticated tools" to wreak havoc.
"They are attacking us using phishing techniques, rattling unlocked doors. In many ways we brought this on ourselves," Warner told the crowd. "The level of security and integrity we accept from commercial technology products is shockingly low."
Warner, who is vice chairman of the Senate Intelligence Committee and a former technology executive, also criticized some American companies as complicit in China's "dystopian" version of the Internet.
"The truth is western companies who help authoritarian regimes build censored apps or walled garden versions of the internet are just as big a threat to a free and open internet as government actors," he said
— Cybersecurity news from the public sector:
— Cybersecurity news from the private sector:
— Cybersecurity news from abroad:
- The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency will host its second annual National Cybersecurity Summit this Wednesday through Friday in National Harbor, Maryland.
- The International Association of Privacy Professionals hosts a conference September 24-25 in Las Vegas.