With Tonya Riley

THE KEY

Democrats are pushing hard to include a huge expansion of voting by mail in a mammoth coronavirus stimulus bill being crafted on Capitol Hill, arguing the nation is ill prepared to ensure the November contest is conducted safely and securely.

If the virus is still active on Election Day, they worry that could devastate turnout, leading to widespread doubt the outcome reflects the will of the people and damaging faith in the electoral process even more than potential Russian hacking and disinformation. Concerns are rising as seven states have already delayed their presidential primaries because of worries about the health of voters and elderly poll workers. 

But, as with the fight against Russian election interference, the move to allow states to hold elections by mail is sparking an ideological battle between Democrats who want to require that states dramatically increase such capabilities and Republicans who consider such top-down mandates government overreach. 

The battle over election funding is just one of many sticking points holding up the unprecedented $1.8 trillion rescue package as lawmakers scramble to respond to the pandemic. Senate Democrats blocked a vote on the bill last night out of concern it tilted too far in favor of businesses and lawmakers will be negotiating again this morning. 

The price tag for a nationwide vote-by-mail system would likely land between $982 million and $1.4 billion, according to a Brennan Center for Justice analysis. The center estimated it would cost about $2 billion to also make other election improvements such as expanding early voting, maintaining safe in-person voting and making online voter registration easier. 

House Democratic leaders are developing a measure including “billions of dollars to expand early voting, increase access to vote by mail, provide for emergency vote by mail and increase access to voter registration,” a Democratic aide told me. 

The current Senate bill, meanwhile, includes just $140 million in grants for state and local election officials to “prevent, prepare for and respond to” the virus — but it doesn’t specify how that money should be spent. 

“There are a lot of things that one side or another might not be comfortable with under normal circumstances that become politically possible in this crisis. I hope this will be one of them because no one has an interest in the November election being less than 100 percent credible,” Rep. Tom Malinowski (D-N.J.), a leader of the House effort, told me. 

Advocates fear if states can’t start preparing for a massive nationwide vote-by-mail-operation now, there won’t be another chance before November. 

“Very little is going to get done in the next couple of months that isn’t directly related to fighting this epidemic, so it’s important to get it into this must-pass bill,” Malinowski told me. “There are a lot of things we can postpone as we hunker down to address this crisis, but the one thing that we absolutely cannot postpone is the November elections.”

Here's more from Malinowski, who stumped for the vote-by-mail provisions on Twitter:

State and local election officials are already clamoring for more money. 

In a letter sent last night to House and Senate leaders, 19 election officials including Democratic secretaries of state from Colorado and Arizona call the $140 million in the Senate bill far too little to manage the necessary changes to run the 2020 election during the coronavirus outbreak. 

The local election officials who signed the letter include both Democrats and Republicans from Texas, Arizona, Colorado, Missouri, Pennsylvania, California and Ohio, among other states. 

“We urge you to include substantial funding in the coronavirus stimulus package so that we have the ability and resources to ensure that our voters can participate safely and with confidence in our elections,” the letter, which was organized by New York University’s Brennan Center, states. 

Every state offers some voters an option to mail in ballots, and over half of them allow anyone to mail in a ballot without providing an excuse, such as being in the hospital or out of town on Election Day. Only three states offer mail-in voting as a default, however, and it will require a major bureaucratic lift to establish broad mail-in voting across the nation by November, as my colleagues Amy Gardner and Isaac Stanley-Becker report

The to-do list includes machinery to print huge numbers of paper ballots, high-speed scanners to count filled-out ballots and a totally revamped security system to ensure no one tampers with the ballots between people’s homes and election offices. In some cases, states that don’t offer no-excuse mail in voting would also have to change their constitutions to do so, Amy and Isaac report.

And unlike securing elections against Russian hacking with new paper trails for votes and post-election audits, which has taken place over three years, the shift to mail-in voting would have to happen over just seven months. 

Senate Democrats are also pushing to expand voting by mail. 

Sens. Amy Klobuchar (D-Minn.) and Chris Coons (D-Del.) sent a letter to leaders in both chambers pushing for their vote-by-mail bill, the Natural Disaster and Emergency Ballot Act to be included in the stimulus package. That bill would require states to offer a mail-in voting option to all their citizens and provide $325 million to help handle the added workload. 

“Protecting the right to vote is critical — and we can’t let this crisis stop Americans from being heard at the ballot box,” the senators wrote. 

“This pandemic has already strained state election systems to the breaking point. Expanding vote by mail and early voting will cost a tiny fraction of any relief package, but could very well be the difference between orderly elections and total chaos,” Sen. Ron Wyden (D-Ore.), another sponsor of the bill, told me in an email. 

Leaders of the Democratic National Committee and Democrats’ House and Senate campaign committees endorsed the bill in a USA Today op ed this weekend along with leaders of Democratic associations of mayors, attorneys general and secretaries of state. 

The advocacy group Stand Up America is also rallying public support for the bill and organized roughly 40,000 calls to members of Congress on the issue last week, the group said. 

PINGED, PATCHED, PWNED

PINGED: The Justice Department brought its first case against coronavirus scammers yesterday, winning a restraining order against a site selling fake vaccine kits to treat the virus, my colleague Matt Zapotosky reports. The case is a warning shot to a growing number of fraudsters seeking to take advantage of the fear and uncertainty created by the global health crisis.

The order comes after Attorney General William P. Barr last week urged U.S. attorneys to prioritize prosecuting coronavirus cybercrimes and fraud. DOJ also recently launched a centralized system for reviewing coronavirus-related consumer complaints as well as increased internal efforts to monitor “potentially problematic content on the Web,” an official told Matt.

The website, “coronavirusmedicalkit.com” promised consumers access to vaccine kits from the World Health Organization in exchange for their credit card information and a payment of $4.95. No such vaccines exist and it’s unclear how many people paid for the phony vaccines.

Officials don't know who is behind the scam, but the domain-hosting site used by the fraudster was also named in the restraining order, Matt reports. “There’s fraudsters all over the world that will look at this epidemic as an opportunity,” a Justice Department official told Matt.

DOJ officials are also monitoring a rise in robocall scams taking advantage of the pandemic, the official said.

PATCHED: Despite DOJ's actions, coronavirus-themed scams are unlikely to abate anytime soon. In fact, the scams probably will skyrocket, according to a new report from analysts at Moody’s Investor Service, a division of the credit rating agency, especially as more employees work from home, straining their employers’ digital protections. 

Some scammers are also getting more creative. The cybersecurity firm Sophos found scammers threatening to infect victims and their families with coronavirus if they don't pay a $4,000 ransom. It's a twist on a classic “sextortion scam,” where hackers threaten to release alleged private videos or messages if the victim doesn't pay up.

Cybersecurity firm SentinelOne has also noticed an uptick in coronavirus-themed scams, including malware-laced documents posing as important public-health information.

Correction: The name of SentinelOne has been updated.

PWNED: As International Olympics Committee officials mull whether to move forward with the 2020 games in July amid the pandemic, they're also preparing for an onslaught of digital attacks from Russia, my colleagues Isabelle Khurshudyan and Simon Denyer report.

The Tokyo games probably would face a repeat of the cyberattacks that crippled broadcast systems and created chaos for ticket holders during the 2018 PyeongChang games, cybersecurity experts warn. U.S. intelligence officials anonymously blamed Russia for those attacks and said they probably were retaliation for Russian athletes being banned for doping violations. The U.S. government, however, has not publicly attributed the attacks to Russia.

“There's a strong chance that we're going to see the same incident again [in Tokyo],” said John Hultquist, the director of intelligence analysis at FireEye. “Russia is obviously not going to have learned their lesson because nobody even bothered to blame them.”

Japanese organizers are trying to get ahead of the attackers, Isabelle and Simon report. 

“There are vulnerabilities that are known, but there are also vulnerabilities that are not evident,” Akira Saka, chief information security officer for the event, told my colleagues. “So we’ve been sharing all sorts of information on this with related parties and government offices and Olympics-related agencies and service providers.” 

PUBLIC KEY

— Cybersecurity news from the public sector:

Two Republican lawmakers on Friday called on Twitter to ban the Chinese Communist Party (CCP) from its platform following a surge in Chinese misinformation around the coronavirus. 
The Hil
The group, launched by the state and the U.S. Department of Justice, targets cybercriminals seeking to exploit fears of the growing public health crisis.
StateScoop
Tracking entire populations to combat the pandemic now could open the doors to more invasive forms of government snooping later.
New York Times
The U.S. government, IBM and others are giving researchers world-wide access to at least 16 supercomputers to help speed the discovery of vaccines and drugs to combat the novel coronavirus.
Wall Street Journal

PRIVATE KEY

— Cybersecurity news from the private sector:

Android app will steal all your contacts and then spam them. It might also steal your credit card information in the future, a researcher warns.
Forbes
Since at least May of last year, Fancy Bear has used hacked email accounts belonging to personnel working at defense firms to send phishing emails.
CyberScoop
Economy
American business practices long have shown the scars of national trauma: Devastating fires spawned major factory regulations. World War II hastened the entrance of women into the workforce. Analysts say the novel coronavirus pandemic could push broad societal shifts, with industry-wide disruption and a new normal for economic change.
Craig Timberg, Drew Harwell, Laura Reiley and Abha Bhattarai

ZERO DAYBOOK

Hosting a virtual event about cybersecurity? Email tonya.riley@washpost.com and we will share it with our readers here.