The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Los Angeles county voting machine breakdown sparks concerns about November

with Tonya Riley

With Tonya Riley.


Politicians and voters are fuming about technical problems that bedeviled Los Angeles County on Super Tuesday, producing hours-long voting lines and undermining confidence in the county’s new custom-built voting machines that were supposed to be a model for the nation.

It was an ugly debut for the $280 million machines, which marked the most ambitious effort in decades to create a super-secure and accessible voting system outside the grasp of a cadre of companies that control more than 90 percent of the voting machine market. The idea was to provide an alternative to mass-produced machines that experts fear are too vulnerable to Russian hacking. 

After the primetime debacle — in which about one-fifth of voting machines failed to work and network problems interfered with electronic poll books used by election workers to verify voters' eligibility — it’s hardly clear if other jurisdictions will want to follow L.A.'s lead and try to break free of the industry. 

Some former boosters of these machines are even worrying about another implosion in November, as my colleagues Neena Satija, Isaac Stanley-Becker and I report. 

“It was $300 million and a period of years that we have been developing this, so it was very troubling that on the day of the actual vote there were some big problems,” Janice Hahn, a member of the county’s nonpartisan Board of Supervisors, told me. 

Hahn introduced a measure yesterday demanding a full review of the problems from county election officials within 30 days. The Board of Supervisors is scheduled to vote on that measure next week. “The reason we changed to this system was to create more access for people and more flexibility, so I want to make sure that the problems people experienced yesterday didn’t cause just the opposite of what we were attempting to do,” she said. 

There were plenty of warnings there could be problems, as Neena and I reported before the Super Tuesday contest — including a December report from the California secretary of state’s office that found myriad security and accessibility issues. 

Among the problems: The machines that tally results could be started by inserting a flash drive, creating risks that hackers could infect them with malware, and the system lacked “full disk encryption,” a cybersecurity gold standard. Secretary of State Alex Padilla certified the system for use in the March primaries anyway, but imposed numerous conditions on them.

The county’s top election official, Dean Logan, told us in an interview those issues had all been remedied or mitigated before primary day. His office didn’t respond to multiple requests for comment Wednesday. He told the L.A. Times, however, that the glitches that did happen probably occurred during the voter check-in process but didn’t expand further. 

“This was a challenging day for a lot of voters in L.A. County, and I certainly apologize for that. That’s something that has to be better,” he said, adding, “I had hoped for a smoother transition.” 

Voter advocates, election observers and candidates, meanwhile, slammed the county, saying the technical problems probably disenfranchised voters who couldn’t wait for hours in line. And they expressed frustration that the county used a new system for the first time during such a crucial election. 

“Voters should never have to wait four hours in line to exercise their constitutional right to cast their ballot,” Anna Bahr, a campaign spokeswoman for Sen. Bernie Sanders (I-Vt.), said. “Long wait times and malfunctioning machines like the ones we saw yesterday disproportionately affect working-class voters who can’t afford to take extra hours off work or pay for child care to stand in line.”

The Sanders campaign filed an unsuccessful lawsuit trying to force the county to extend voting hours Tuesday night.  

Mark Gonzalez, chair of the county’s Democratic Party, said he saw elderly voters and those with disabilities waiting in line for hours.

“We believed in the technology and we believed it would work because that’s what we were told, and that’s not what happened,” he said. “Machines completely went out. Voting centers completely shut down.”

Reporters on the ground, meanwhile, documented voters who waited in line late into the night — and sometimes nearly to the next day. Under California law, anyone can vote provided they’re in line before polls’ 8 p.m. closing time. 

Here’s Alexander Tin with CBS News: 

Brianna Sacks with BuzzFeed:

Sam Alipour with ESPN had to wait two hours to vote himself:


PINGED: Executives from the European telecommunications firms Nokia and Ericsson threw their support behind legislation aimed at hindering their Chinese competitor Huawei in its bid to provide global next-generation 5G services. 

Among the bills the executives endorsed at a Senate Commerce Committee hearing: the recently passed Secure and Trusted Communications Network Act, which would create a $1 billion program to help small U.S. telecom providers remove and replace Huawei equipment and the Utilizing Strategic Allied (USA) Telecommunications Act, which would invest more than $1 billion in Western alternatives to Chinese equipment providers. 

Lawmakers introduced the bills in reaction to growing concerns that Huawei could be compelled to provide China with a back door for spying into any networks that use its equipment. 

Telecommunications companies AT&T, Verizon and Juniper also wrote to Senate Commerce Committee members ahead of the hearing supporting the bill.

Huawei wasn’t invited to testify at the hearing, but two officials, Chief Security Officer Andy Purdy and Congressional affairs lead Donald Morrissey, showed up anyway and sat in the front row. 

Purdy has been pushing a transparency initiative for companies that build 5G networks, which he says will demonstrate Huawei’s doing a good job of securing its systems against hacking and hasn’t inserted any backdoors to aid Chinese spying.

He and Morrissey panned the hearing for focusing more on senators’ criticism of Huawei than on ways to guarantee that all components of 5G networks are secure as possible. 

“The U.S. government has embarked on a brand demolition campaign against Huawei globally, so we need to be here to respond,” Morrissey said.

PATCHED: Sen. Josh Hawley (R-Mo.) announced he will introduce legislation to ban the popular video app TikTok from all government devices, over Chinese spying concerns. The Departments of State and Homeland Security, as well as several military branches, have already banned the use of the social network on government devices. 

Hawley said the ban is needed because the Chinese-owned app tracks your search history, your keystrokes, your location, and sends that information to the Chinese government:

Top cybersecurity officials echoed his concerns at the Senate Judiciary Committee hearing.

There's certainly no place for applications like TikTok on government devices and government  networks, Bryan Ware, assistant director at DHS's Cybersecurity and Infrastructure Security Agency, testified. China has amazing programs now in collection of data ... and when that data is our voices, our faces, our locations and things that are tied very closely to our identity like our phones are, that should give us great concern.

Both TikTok and Apple declined to send executives to the hearing, the second called by Hawley on the relationship between Big Tech and China. So far, there's no public evidence that TikTok shares any data from Americans with the Chinese government, and TikTok has repeatedly denied the allegations.

While we think the concerns are unfounded, we understand them and are continuing to further strengthen our safeguards while increasing our dialogue with lawmakers to help explain our policies,” TikTok said in a statement.

PWNED: Cybercriminals are increasing their efforts to exploit coronavirus fears to hack unsuspecting Internet users looking for information about the disease, researchers at the cybersecurity company Check Point found.

In one case, hackers posing as officials from the World Health Organization targeted thousands of organizations in Italy, where more than 100 people have died of the disease, with phishing emails aiming to steal their usernames  and passwords.

Researchers at another cybersecurity firm, ProofPoint, also spotted an uptick in malicious emails mentioning coronavirus, James Rundle, Catherine Stupp and Kim S. Nash at the Wall Street Journal report.


Mike Bloomberg wasn’t the only long-shot former tech tycoon to drop out of the 2020 presidential race yesterday. Perennial candidate John McAfee, the gonzo founder of the anti-virus firm that bears his name, also announced his departure on Twitter. McAfee said he plans to seek the vice-presidential slot as a Libertarian.


— Cybersecurity news from the public sector:

FBI working to ‘burn down’ cyber criminals’ infrastructure (Alanna Durkin Richer | AP)

US Cyber Command leader says election security is agency's 'top priority' (The Hill)

Lawmakers grill Mnuchin on Treasury's cyber sanctions (FCW)

Accused LinkedIn hacker worked with alleged SEC hacker, according to DOJ filing (CyberScoop)


— Cybersecurity news from the private sector:

J.Crew says a hacker accessed customer accounts – TechCrunch (TechCrunch)

Can You Really Hire a Hit Man on the Dark Web? (The New York Times)

This Small Company Is Turning Utah Into a Surveillance Panopticon (Motherboard)


— Cybersecurity news from abroad:

Putin says Russia targeted from abroad by fake news on coronavirus (Reuters)

New Bill to prepare Australian law enforcement for the US CLOUD Act (ZDNet)


—Coming up:

  • The Cyberspace Solarium Commission will release of its final report and recommendations during a public event on Wednesday at 2:30 p.m.
  • The Senate Committee Judiciary will hold a hearing Wednesday on “The EARN IT Act: Holding the Tech Industry Accountable in the Fight Against Online Child Sexual Exploitation” on Wednesday at 10:00 a.m.