THE KEY

Some Senate Democrats see an opening to take action on election interference following the release yesterday of a mammoth new report outlining Russian disinformation efforts in the 2016 election.

Senate Majority Leader Mitch McConnell (R-Ky.) has been blocking the most expansive of those efforts, arguing that states shouldn't be forced to adopt federal election mandates. But the Republican leader has been less adamant about combating disinformation.

But some key Democrats say the second volume of the Senate Intelligence Committee's bipartisan report -- which offers a damning portrait of efforts by Russia’s propaganda arm that only increased after the election -- provides an opening.  Activity by accounts linked to Russia’s notorious Internet Research Agency jumped 200 percent on Instagram after the election and 50 percent on Facebook, Twitter and YouTube, the committee found. 

“There’s a kind of new awakening, if you will, about the magnitude of the problem we’re facing and I certainly hope this report will help stimulate some movement,” Sen. Angus King (I-Maine), a member of the committee, told me.

The timing of the report's release could also be auspicious. McConnell recently eased his hard line by endorsing $250 million in extra money for states to secure their elections but without mandating any particular cybersecurity protections such as paper ballots or post-election audits.

“There may be some softening of his position and the fact this report was unanimous is very significant. This came from a very diverse committee and the findings are unequivocal,” King said.

McConnell's far from on board yet, however. 

A McConnell spokesman declined to discuss specific disinformation bills and pointed me to a CNBC interview last week in which McConnell praised Trump administration efforts to protect the 2018 election as “a big success story” and said he’s “convinced we’re ready for 2020.”

“Any foreign country that messes with us will have a serious problem in return,” McConnell said.

The new report, spearheaded by Intelligence Chairman Richard Burr (R-N.C.) and ranking Democrat Mark Warner (Va.), outlines several ways lawmakers could take action to tighten election security. It presses for Congress to consider legislation to help block Russia and other adversaries from buying online political ads and to foster cooperation between social media companies and law enforcement — though it doesn’t endorse any particular bills.

And some Republicans have previously supported more robust action aimed at 2020.

Soon after the report came out, Sen. Amy Klobuchar (D-Minn.) took to Twitter to tout the Honest Ads Act, which would mandate transparency about who pays for online political advertisements. Trump ally Sen. Lindsey O. Graham (R-S.C.) is a co-sponsor.

A Burr aide declined to speculate on any next steps the Senate might take and Graham's office didn't respond to a query about whether he'll push the Senate to consider his bill. 

Warner also put out a clarion call for Senate action, warning that “Congress must step up and establish guardrails to protect the integrity of our democracy.”

Senate Minority Leader Chuck Schumer (D-N.Y.) said the report “makes it crystal clear to everyone that Vladimir Putin exploited social media to spread false information in the 2016 elections and that the Senate must take action to ensure Americans know who is behind online political ads to help prevent it from happening again.”

He also attacked McConnell for “block[ing] a full-throated U.S. response.”

Congressional action is also likely to be complicated by the House impeachment inquiry into whether Trump improperly leaned on Ukraine to investigate his political rivals. Trump has routinely lashed out at any talk of Russia’s 2016 interference operations, arguing that it takes away from his come-from-behind election victory.

And Trump's push back on disinformation could make those efforts even more effective in 2020.

“One of the things we found as a committee is that probably the best defense against disinformation is citizens being informed about the fact they’re being misinformed … and taking it with a grain of salt,” King told me. “For the president to continue to deny this, he’s disarming the country. He’s disarming one of the best defenses we have.”

PINGED, PATCHED, PWNED

PINGED: A secret intelligence court ruled last year that some FBI searches of thousands of pieces of raw intelligence violated the constitutional rights of Americans, Dustin Volz and Byron Tau at the Wall Street Journal report. The ruling — disclosed by the intelligence community Tuesday — marks a rare censure of U.S. surveillance activities and prompted fresh criticism of the FBI’s oversight of the program. 

The Foreign Intelligence Surveillance Court found between 2017 and 2018 that the FBI was conducting searches targeting Americans that may have violated the Fourth Amendment, which protects against unreasonable searches. The searches also could have run afoul of the law authorizing the program, which requires that warrantless searches of the surveillance database be backed by criminal investigations or in pursuit of foreign intelligence information. In one case, a contractor used the highly secretive database to search for himself and relatives, Dustin and Byron report.

The disclosure of the ruling reignited criticism of the controversial legal provision authorizing the program, Section 702 of the Foreign Intelligence Surveillance Act. Some senators argued the revelations underscore why Section 702 should not have been renewed earlier this year.

“Today’s release demonstrates how baseless the FBI’s position was and highlights Congress’ constitutional obligation to act independently and strengthen the checks and balances on government surveillance,” Sen. Ron Wyden (D-Ore.) wrote. He also expressed concern that the remaining redacted portions of the court opinion contains additional information “the public deserves to know.”

Rep. Justin Amash (I-Mich.), who moved to let the program expire, criticized President Trump for pushing to reauthorize it.

PATCHED: Twitter may have "inadvertently" taken emails and phone numbers users shared with the company for cybersecurity purposes and used them for advertising, the company revealed in a blog post yesterday. The company says it didn’t share any personal data with the advertisers and that it ended the practice last month.

But the privacy gaffe could still land the company in hot water with federal regulators, my colleague Tony Romm reports. The Federal Trade Commission penalized Facebook in a similar case for failing to disclose that it took phone numbers users provided to verify their identities and used them to target the users with advertisements. The FTC could also slap Twitter with heavy fines if the agency finds the recent incident violates the terms of a 2011 settlement between the agency and the social media giant.

This isn't Twitter's first recent data security problem. The company temporarily accidentally disabled settings allowing users to protect tweets for Android users in January. Months later the company revealed it was "inadvertently collecting and sharing iOS location data" with an unnamed party. The company fixed both issues.

PWNED: California’s top election official is urging political parties to ramp up cybersecurity protections, including boosting employee training and mandating secure logins to protect upcoming primaries and the 2020 geleral elections. 

"Elections administrators cannot be alone in the fight against malicious actors who seek to undermine our elections," California Secretary of State Alex Padilla writes in letters to Repulican and Democratic party chairs. 

The letter comes as national political parties are also boosting efforts to ensure campaigns are protected against foreign hacking in 2020. The Democratic National Committee has issued a checklist of basic protocols for campaigns and organized trainings. The National Republican Congressional Committee has pledged hands-on cybersecurity assistance for campaigns.

But hacking efforts may just be getting started. Just last week, Microsoft revealed Iranian hackers had already targeted an undisclosed presidential campaign.

PUBLIC KEY

— Cybersecurity news from the public sector:

A group of House Democrats led by Administration Committee Chairwoman Zoe Lofgren (Calif.) on Tuesday introduced legislation aimed at combating foreign efforts to interfere in U.S. elections.
The Hill
An Iran-linked hacking group that targeted a U.S. presidential campaign has also been trying to breach cybersecurity analysts who have exposed the hackers’ operations, new research shows.
CyberScoop
The Pentagon’s controversial $10bn JEDI cloud computing deal is one of the most lucrative defense contracts ever. Amazon’s in pole position to win—and its move into the military has been a long time coming.
MIT Technology Review
The bugs, which allow hackers to remotely download files and monitor network traffic, are already being exploited by foreign actors.
Nextgov
PRIVATE KEY

— Cybersecurity news from the private sector:
 

The U.S. decision to add eight Chinese companies to its trade blacklist strikes directly at China’s ambitions in artificial intelligence, threatening its companies’ access to crucial components and relationships with U.S. firms.
Wall Street Journal
Insurance giant AIG argues that it's not responsible to cover nearly $6 million in losses incurred by a client that was victimized by Chinese hackers.
CyberScoop
Small- and medium-size businesses are becoming a favorite as targets for cybercriminals.
ZDNet
THE NEW WILD WEST

— Cybersecurity news from abroad:

The Danish politician had an easy ride with European Union lawmakers as she outlined her agenda for the next five years.
Politico
French cybersecurity agency warns of ongoing cyberespionage campaign after Airbus and Expleo hacks.
ZDNet
ZERO DAYBOOK

— Coming up:

  • The House Committee on Homeland Security will host a Field hearing “Preparing for 2020: How Illinois is Securing Elections” on October 15 at 10 a.m. in Gurnee, Illinois.