THE KEY

Election experts are warning about more tech and security red flags as Nevada Democrats race to develop a new game plan for their second-in-the-nation caucuses on Feb. 22. 

Those warning signs include vital caucus functions conducted with iPads that probably will be connected to the Internet, a dwindling timeframe to test new tech procedures and a lack of transparency. They threaten a repeat of the Iowa’s caucuses debacle where results were delayed for days and online misinformation swirled. 

“It’s terrifying that this is happening 11 days before the caucus,” Gregory Miller, chief operating officer of the OSET Institute, a nonprofit election technology organization, told me. “This all should have been baked in several months ago.” 

Another blunder could be a disaster for the Democratic Party, which is reeling from the debacle in Iowa and is desperate to prove its tech and cybersecurity bona fides after Hillary Clinton’s 2016 campaign was upended by a Russian hacking and disinformation operation aimed at helping her opponent, Donald Trump.

Tech problems in Nevada will be slightly tempered by a smooth count in the New Hampshire Democratic primary last night, which used a far simpler process to tally votes and was run by election officials rather than the state party. News outlets declared Sen. Bernie Sanders (I-Vt.) the narrow winner of that contest shortly after 11 p.m. Eastern time. 

Nevada Democrats have been frantically revamping their caucus operations since last week when they scrapped plans to use apps developed by Shadow Inc., the tech firm launched by veterans of Clinton’s 2016 campaign that also built the app that imploded in Iowa. The Iowa app wasn’t just shoddily built but also contained security vulnerabilities, according to experts who reviewed it after the fact. 

The new Nevada procedures present tech and security problems of their own, however. 

On Monday evening the state party outlined plans for volunteers to check in early voters using iPads with county-specific PDFs of voter rolls preloaded on the Books app and to record who has voted early using a Google form, according to a document sent to campaigns and detailed by my colleagues Holly Bailey and Isaac Stanley-Becker.

That creates a danger hackers could try to manipulate those forms or simply overwhelm wireless networks so it’s tougher to access them, Miller told me. 

Nevada Democrats didn’t respond to questions I sent asking how long those tools would be connected to the Internet and what security testing is planned. The party also hasn’t answered detailed questions about a separate digital tool it intends to use to do the complex math integrating the candidate preferences of early voters with the preferences of people who show up on caucus night. 

That lack of transparency could be dangerous because it prevents outside experts from pointing out pitfalls and gives fodder to rumors and misinformation.

“To set up a process for voting and early voting in a caucus on a tight time frame [is] a really big challenge. It would be a tall order for anybody,” David Levine, the elections integrity fellow at the Alliance for Securing Democracy, told me. “So, it’s incumbent on the Nevada Democratic Party to be as transparent and forthcoming as possible.”

If something does go wrong on caucus night, it’s also vital that Nevada officials explain what’s happening as quickly and clearly as possible to avoid the rumors that swirled in Iowa and damaged the contest’s credibility, Levine said. 

“If there’s a vacuum, it’s going to be filled,” he said. “To avoid a situation where misinformation or disinformation can drown out accurate information, it’s really important the Nevada Democratic Party steps up and is clear about what they’re doing and how they’re doing it.” 

For some election experts, the Iowa failures and concerns about Nevada are enough to call into question the caucus system itself, in which citizens gather to hash out which candidates to support rather than voting individually and the process is run by state parties rather than election professionals.

“Caucuses are passing from being antiquated to being outright obsolete,” Miller told me. “Sure, there’s some romance to the caucus process of everyone getting together, but romance can be very messy.”

Some security experts, meanwhile, praised the decision to use Google Forms rather than any custom-built tools, saying its safer to rely on large commercial technology that's been rigorously tested — especially given the incredibly tight time frame before this month's Nevada contests. 

“Google dedicates enormous resources to keep their core infrastructure secure,” Chad Loder, founder of the cybersecurity training company Habitu8, told me. “They have experience in protecting their systems and applications from nation states. Sometimes, simpler is better. "

PINGED, PATCHED, PWNED

PINGED: The Chinese telecommunications company Huawei has covertly maintained access to mobile phone networks through backdoors meant exclusively for law enforcement, U.S. officials say, according to Bojan Pancevski at the Wall Street Journal. That’s the most serious and specific charge U.S. officials have yet leveled against the Chinese company, which they’re trying to restrict from the next generation of super-fast wireless networks known as 5G. 

Officials declined to say whether the United States has observed Huawei using this access, but said classified intelligence shows it has had the capability to do so since at least 2009. The company also failed to disclose that access to customers or to intelligence services in nations where it operates, officials told Bojan. 

“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” national security adviser Robert O’Brien said.

Huawei denied the story, saying that it “has never and will never do anything that would compromise or endanger the security of networks and data of its clients.” U.S. officials have long warned that Chinese leaders could compel Huawei to assist government spying, but have stopped short of making more specific charges. 

Washington privately shopped the classified intelligence to allies for months as it ramped up efforts to convince other nations to ban Huawei from their 5G networks, Bojan reported. 

The warnings didn't stop the United Kingdom from allowing Huawei a limited role in its 5G network build out last month, however. They could carry more weight in Germany, where lawmakers will vote in the coming weeks on whether to allow Huawei access to its 5G market. Diplomats there described a memo detailing the U.S. findings as “smoking gun” evidence that Huawei poses a spying risk, according to a confidential memo seen by the Journal, Bojan reports. 

Some privacy advocates, meanwhile, pointed to the story as evidence that law enforcement backdoors into technology can be exploited far too easily by criminals or other nations a dig at the Justice Department, which is pushing for similar special access to encrypted communications. 

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation:

PATCHED: Senators again tussled again over election security legislation yesterday, with Democrats slamming Republicans for blocking three bills requiring campaigns to report offers of foreign assistance and mandate additional cybersecurity measures to protect hacking. By refusing to pass the measures even with primaries and caucuses in full swing Republicans are putting American elections at serious risk of foreign interference, Democrats said.

“Despite all of the ways foreign hackers have already made it into our election infrastructure, Congress has refused to arm state and county elections officials with the knowledge and funding they need to secure their systems,” Sen. Ron Wyden (D-Ore.) said. “I fear the 2020 election will make 2016 look like small potatoes.”

Sen. Marsha Blackburn (R-Tenn.), meanwhile, not only blocked Democrats' efforts but also accused them of trying to seize control over elections from the states. 

Blackburn countered with a bill seeking an investigation into what went wrong with the results of the Iowa Democratic caucuses called the “Determining Election Blunders And Correcting Logical Errors,” or DEBACLE, Act.

Senate Minority Leader Chuck Schumer (D-N.Y.) accused Republicans of being afraid of the wrath of President Trump and Senate Majority Leader Mitch McConnell (R-Ky.).

The current president of the United States, far from having the same fears about foreign interference as our founders, has been very public about his openness to foreign assistance and manipulation in support of his election, Schumer said.

PWNED: Tech entrepreneur Andrew Yang dropped out of the presidential race after a disappointing showing in New Hampshire last night, my colleagues David Weigel and Amy B Wang reported. Yang, a tech entrepreneur, was the only candidate to endorse mobile voting, an idea largely panned by election security experts.

He also advocated reviving the defunct Office of Technology Assessment that would be tasked with making Congress smarter about tech and cybersecurity issues. 

Yang spoke out against election interference on the debate stage and praised congressional efforts to guard against it during a Post Live event in October though he took a softer line than most of his Democratic challengers on directly criticizing Russia for interfering in the 2016 contest. 

Sen. Michael F. Bennet (D-Colo.) also ended his campaign last night. Bennet was a co-sponsor of Democrats' major election security bills and had urged House and Senate appropriations committees to increase funding for election security grants and the Election Assistance Commission.

PUBLIC KEY

--Social media companies have ramped up efforts to take down phony and misleading posts by actors tied to Iran that attempt to sway public opinion in the United States and abroad. Now it's the U.S. government's turn to step up, says a new report out today from the Atlantic Council.

The report urges the Department of Homeland Security to create an intergovernmental agency that would attribute and publicize foreign influence operations, which they say could help demystify Iran's ongoing information warfare campaign against the United States.

“The U.S. government has struggled profoundly to come up with a coordinated response to these threats, Emerson T. Brooking, resident fellow at the Atlantic Council's Digital Forensic Research Lab and co-author of the report with Suzanne Kianpour, told our researcher Tonya Riley. The stakes are too high for these kinds of attributions to be left to the private sector alone." 

— More cybersecurity news from the public sector:

Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities t
The Hill
On Small Business
James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message.
Kartikay Mehrotra | Bloomberg
House lawmakers on Tuesday touted progress toward bipartisan legislation on self-driving cars, with plans to release draft language that includes cybersecurity measures soon.
The Hill
National Security
The resignations could plunge the department into political crisis over its independence.
Matt Zapotosky, Devlin Barrett, Ann Marimow and Spencer Hsu

PRIVATE KEY

--Malicious websites containing the word “valentine” increased by 200 percent in February over previous months in both 2018 and 2019, researchers at Check Point found. Fraudulent websites using the word “chocolate" also spiked those months but to a lesser degree, the researchers found. They urged internet users to be wary of special online offers containing the keywords. But who would click on a Valentine's Day offer in October? 

— More cybersecurity news from the private sector:

Losses from cryptocurrency crime surged to $4.52 billion last year, as insider t...
Reuters
Motherboard obtained a video of a so-called relay attack from EvanConnect, who sells keyless repeaters that can be used to break into and steal luxury cars.
Vice

THE NEW WILD WEST

— Cybersecurity news from abroad:

Switzerland said on Tuesday it was probing reports that the U.S. Central Intelli...
Reuters

ZERO DAYBOOK

Coming up:

  • The Senate Armed Services Committee will host hearings to examine United States Special Operations Command and United States Cyber Command in review of the Defense Authorization Request for fiscal year 2021 and the Future Years Defense Program on Thursday at 10 a.m.
  • RSA Conference 2020 is scheduled for Feb. 24 to 28 in San Francisco.