THE KEY

A congressional hearing that was supposed to focus on protecting the 2020 election from foreign interference devolved into a partisan slugfest yesterday, with Republicans slamming Democrats’ impeachment inquiry into President Trump and some even echoing the president's bizarre conspiracy theories.

For nearly 2 1/2 hours, the House Judiciary Committee slingshotted between stark warnings about Russian hacking efforts in 2020 and Republican talking points – including the unsubstantiated claim that Ukraine interfered in the 2016 election and jibes about the affair between former FBI agent Peter Strzok and lawyer Lisa Page.

The fracas is the strongest indication to date that congressional efforts to guard the 2020 election against Russian hacking and disinformation have been subsumed by the impeachment inquiry, which threatens to stall even moderate progress.

“When we come to these hearings it’s impeachment all the time. That’s what this is,” Rep Andy Biggs (R-Ariz.) declared as he attacked Democrats for questioning Trump’s alleged efforts to compel Ukrainian President Volodymyr Zelensky to investigate the son of his 2020 rival, former vice president Joe Biden.

Biggs went on to decry “CrowdStrike Ukrainian interference in the 2016 election,” referencing a debunked theory embraced by Trump that the president raised during a July 25 call with Zelensky.

Trump apparently believes that the cybersecurity company CrowdStrike helped fake the 2016 Democratic National Committee breach and that a smoking-gun DNC server that proves the collusion is stashed somewhere in Ukraine. There is no evidence whatsoever to substantiate this claim.

Some Republicans have tried to argue Trump's call with Zelensky didn't improperly link aid for Ukraine with his personal political agenda. They say the president wanted Zelensky to investigate the location of the DNC server, not the Biden family. That's one of several Ukraine-linked conspiracies Republicans have pushed in recent weeks as my colleague Glenn Kessler explained

Rep. Debbie Lesko (R-Ariz.) joined the fray, asking FBI and Justice Department witnesses whether “CrowdStrike still [has] possession of the Clinton server” and whether they believe it’s appropriate for a president to “ask a foreign government to investigate a previous election interference.” 

While CrowdStrike investigated the DNC breach, the company never took physical possession of any DNC severs, insteady relying on digital copies, according to a contemporaneous fact sheet. The company never investigated the private server Hillary Clinton used while she was secretary of state and which was the subject of a separate FBI investigation -- though Trump himself has conflated the matters and suggested without evidence that emails Clinton deleted from her server might be in Ukraine. The State Department inspector general recently released its own report on that matter.

Rep. Matt Gaetz (R-Fla.), meanwhile, harangued law enforcement officials to follow up on a Ukrainian court ruling — which was later overturned — that found information revealed about Trump’s former campaign chairman Paul Manafort's work in the country might have unfairly influenced the 2016 U.S. election.

That ruling is frequently touted by those who suggest Ukraine played a shadowy role helping Clinton in 2016, but Gaetz said, “I hope sincerely that this Ukrainian election meddling is being identified and being pursued by our government.”

Gaetz, an ardent Trump defender, also spent much of his questioning reviewing the Strzok-Page affair – Republicans used anti-Trump text messages between the pair to discredit the Mueller investigation – as did Rep. Steve Chabot (R-Ohio).

“Would you agree that the FBI’s reputation was significantly damaged by political bias against the president … that was exhibited by a number of top-level officials in your organization?” Chabot asked Nikki Floris, deputy assistant director of the FBI’s Counterintelligence Division.

When Floris declined to answer, Chabot shot back: “Okay. Well, I’ll answer it: It really was.”

The focus on anything but election security was a distraction for reporters trying to cover the hearing.

Here’s freelance cybersecurity journalist Kim Zetter:

Reuters’s Raphael Satter:

And Politico’s Tim Starks:

The fiery hearing comes just weeks after Democrats opened the impeachment inquiry but just over three years after the U.S. government’s top law enforcement, intelligence and cybersecurity agencies first sounded an alarm about foreign efforts to undermine the 2016 election.

Since that time, lawmakers have sanctioned Russians involved in manipulating the election and delivered $380 million in election security money to states. But they’ve failed to mandate any new election security protections or to approve a second tranche of funding -- largely because of fierce resistance by Senate Majority Leader Mitch McConnell (R-Ky.).

That funding is desperately needed, Election Assistance Commissioner Ben Hovland warned during a rare noncombative moment in the hearing.

“Additional funding is crucial to allow states to continue to make necessary improvements that increase the strength and resiliency of our election system,” he said. “When we talk about election administration, we are talking about the infrastructure of our democracy.”

PINGED, PATCHED, PWNED

PINGED:  House Democrats, meanwhile, are still pushing on election measures. A House committee finalized a bill that will likely reach a floor vote later this week. 

The ‘‘Stopping Harmful Interference in Elections for a Lasting Democracy Act," or  SHIELD Act. will also require campaigns to report offers of illegal foreign assistance to the FBI and Federal Election Commission and compel social media companies to maintain and disclose who is buying online political ads. The House Rules Committee added language yesterday making it easier to deport  foreigners suspected of entering the country to interfere in U.S. elections or who were accused of doing so in the past. 

The bill faces fierce opposition from House Republicans, who claim it would have a "chilling effect" on online speech. It's unlikely to be taken up in the Senate where Majority Leader Mitch McConnell (R-Ky.) has refused to allow votes on an election security legislation.

Meanwhile, Sen. Amy Klobuchar (D-Minn.) once again tried but failed to force a Senate floor vote on The Honest Ads Act, her version of legislation that would similarly regulate online political ads.

"Just yesterday, Facebook announced that it removed a network of Russian backed accounts posing as locals weighing in on political issues in swing states.” Klobuchar said. “The next major elections are just 378 days away – so the clock is ticking."

Sen. John Kennedy (R-La.), who argued the Honest Ads Act has “more red flags than the Chinese Embassy,” said he plans to introduce his own bill that would require state election officials to report any foreign individuals who have access to election machines to the Election Assistance Commission, Maggie Miller at The Hill reports.

PATCHED: The Federal Trade Commission banned three stalkerware apps yesterday in the agency's first enforcement action against surveillance technology that domestic abusers use to track spouses, exes and other victims. The FTC ordered the apps’ creator Retina-X to delete all data the apps collected.

Stalkerware apps typically bypass manufacturers’ restrictions to surreptitiously collect users' locations, messages and other sensitive data. Retina-X has argued that its apps — MobileSpy, PhoneSheriff and TeenShield — were designed to monitor mobile devices used by children and employees, not by stalkers and domestic abusers. But the company took no steps to prevent misuse, the FTC says. 

“Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection.

The company also failed to adequately secure information the apps collected, the FTC found. Twice between 2017 and 2018 hackers accessed usernames, passwords, text messages, GPS locations, contacts, and photos from the apps, as Motherboard first reported. Because some of that data belonged to children, the FTC also found Retina-X violated a federal law protecting children's privacy online.

Retina-X stopped selling the apps after the second hack. 

PWNED: Russia, China, Iran and North Korea are all actively targeting the United Kingdom with cyberattacks, and the government is their number one target, according to an annual report from the National Cyber Security Centre. The agency has fielded over 658 attacks against almost 900 victims in the past 12 months, Danny Palmer at ZDNet reports.

Academic institutions and tech companies are the second and third most targeted sectors. The government cybersecurity agency has disrupted nearly 200,000 phishing attempts in the past year, the report said.

But the agency is also looking ahead to new threats that "advanced cyber attack techniques could find their way into the hands of new actors, through proliferation of such tools on the open market," said Ciaran Martin, NCSC chief executive. 

PUBLIC KEY

— Cybersecurity news from the public sector:

Democratic lawmakers in the House and Senate on Tuesday introduced legislation to increase the security of internet-connected devices.
The Hill
U.S. Cyber Command was on the verge of publicly calling out North Korean hackers in late September, but ultimately backed off the plan by early October.
CyberScoop
Hotel room numbers, phone numbers and names were left exposed on an unencrypted server, researchers say.
BBC News
Business
Esper’s son is employed with one of the contract’s bidders. Deputy Defense Secretary David Norquist will handle the review going forward.
Aaron Gregg
Local
Former Virginia Gov. Terry McAuliffe is joining a global law firm’s privacy and cybersecurity think tank
Associated Press

PRIVATE KEY

— Cybersecurity news from the private sector:

StateScoop presents a new interactive map highlighting the scourge of ransomware attacks that are growing more frequent.
StateScoop

THE NEW WILD WEST

New, more sophisticated attacks are targeting Uighurs’ phones — even iPhones and even abroad, security researchers say. They warn that foreigners could be next.
The New York Times
Czech officials said Russian operatives used local companies to launch cyber-attacks against foreign targets.
ZDNet

ZERO DAYBOOK

— Coming up:

  • The Cybersecurity Coalition, the Cyber Threat Alliance, and the National Security Institute at George Mason University’s Antonin Scalia School of Law will host the third annual CyberNextDC policy day in Washington on Thursday.