With Tonya Riley

THE KEY

The brief detente in partisan bickering over how to ensure people are safe to vote – and their votes are safe – amid the coronavirus pandemic just burst into open warfare. 

President Trump suggested on Fox and Friends that one reason he opposed a $4 billion infusion of election money Democrats sought for the coronavirus stimulus was that it might have led to more Democratic victories. Democrats wanted the money to go toward expanding secure vote by mail or early voting options to reduce the risk of people getting infected, should the pandemic still pose risks by November. 

“They had things, levels of voting that if you ever agree to it, you’d never have a Republican elected in this country again,” he said, seeming to suggest that higher turnout would help Democrats. 

House Administration Committee Chair Zoe Lofgren (D-Calif.) shot back, calling that “a monstrous example of putting party ahead of America” and accusing the president of forcing citizens to vote in unsafe ways. The stimulus bill ultimately included $400 million for election security related to the pandemic but no rules for how states must spend it. 

“Every American, regardless of party affiliation, should condemn the president’s apparent belief that it’s a good thing for American voters to risk their lives when safer voting alternatives are possible,” she said.

The partisan flame-throwing is also happening on the state level: Voting rights advocates in Ohio and Wisconsin, two important swing states in November, are suing to stop primary elections they say are being rushed in ways that threaten voters’ safety or could tamp down turnout. 

The response to coronavirus is now officially a new front in the fight about election security in Washington, which until now has focused on preventing foreign adversaries from upending 2020 with hacking or disinformation campaigns. 

And with a pressure cooker atmosphere of just seven months to go before the general election and no clear indication how long American life will be upended by the pandemic, it risks undermining voters’ confidence that elections will be safe and secure. State election officials, who so far seem relatively united across party lines in pushing for more voting by mail and extended early-voting periods to manage the crisis, will each have to make tough choices about how to proceed. 

Trump critics quickly lashed out at the president’s comments on Twitter. 

Here’s from Vanita Gupta, former head of the Justice Department’s civil rights division, who’s now chief executive of the Leadership Conference on Civil and Human Rights:

And Rep. Bill Pascrell Jr. (D-N.J.):

Things are already getting messy on the state level. In Ohio, the state’s chapter of the American Civil Liberties Union filed a lawsuit last night to delay an April 28 mostly vote-by-mail primary scheduled by the Republican-controlled legislature. It would make up for a conventional primary Gov. Mike DeWine (R) canceled two weeks ago citing a public health crisis. 

A single month isn’t nearly long enough to manage the complex process of an all-mail election, according to the lawsuit, which was also filed on behalf of the League of Women Voters of Ohio; the Ohio A. Philip Randolph Institute, which advocates for seniors and union members; and several Ohio voters. The early primary date will disenfranchise wide swaths of voters who aren’t used to voting by mail and will have trouble navigating the process, they say. 

That’s effectively the same position advocated by DeWine and Ohio Secretary of State Frank LaRose (R) who asked the legislature for an early June primary date and $10.5 million in new funding — enough to send forms to request an absentee ballot to every registered Ohio voter along with a postage-paid envelope. 

The legislative plan includes sending voters a postcard with instructions for requesting an absentee ballot but requires the voters to handle more of the details themselves and cover postage. 

LaRose hoped to raise the approximately 35 percent of Ohioans who typically vote by mail to as near 100 percent as possible without diminishing turnout, he told me last week — a process that will be far harder with the earlier primary date. 

After the legislature nixed his proposal, LaRose described the new timeline as “very tight” to the Associated Press

“I’m a good soldier,” he said. “And when the Legislature has spoken, we’re going to carry out the legislation they created to the best of our ability.”

In Wisconsin, meanwhile, voting advocacy groups have filed a bevy of lawsuits aimed at loosening rules for absentee voters and delaying the state’s primary — which is still scheduled for April 7 despite widespread concerns that it will be unsafe for voters to gather then. 

Wisconsin Gov. Tony Evers (D) is also locked in battle with the GOP-controlled legislature over whether to send absentee ballots to the state’s 3.3 million registered voters ahead of the primary. Evers just introduced the plan on Friday, with about two weeks to go before the primary, the New York Times reported

Scott Fitzgerald, the state Senate’s Republican majority leader, called Evers’s plan a “fantasy,” the Times reported. 

“In pitching this idea, the governor is lying directly to Wisconsinites about this even being remotely possible. Acting like this is doable is a hoax,” Fitzgerald said. 

Evers defended the effort, saying, “It ain’t gonna be easy, but we’re gonna do it.” 

PINGED, PATCHED, PWNED

PINGED: New York regulators want answers about how the videoconferencing app Zoom, which has surged in popularity during the coronavirus pandemic, is protecting users' data and privacyDanny Hakim and Natasha Singer at the New York Times report

New York Attorney General Letitia James expressed concerns that Zoom might not have the resources to deal with a boom in users that has made the platform an attractive target for hackers and scam artists. She also wants to know how the company dealt with past security bugs, including a vulnerability that allowed hackers to access users' cameras. 

The letter also asks what other companies Zoom is sharing user data with, noting a recent Motherboard report that the company shared data from its iPhone app users with Facebook. (Zoom has since removed the feature.)

Zoom might also be violating state requirements that companies protect student data as more teachers flock to the service to teach remote lessons, James said. 

Zoom pledged to cooperate with James's requests and told the Times it takes “its users’ privacy, security and trust extremely seriously.” 

PATCHED: Remote voting is not going to happen anytime soon for lawmakers in the House despite the danger the chamber’s close quarters could spread coronavirus, Speaker Nancy Pelosi (D-Calif.) told reporters yesterday, according to my colleague Felicia Sonmez.

Both the House and Senate failed to pass rule changes that would allow for remote voting before leaving Washington last week, despite members from both parties pushing for the changes. Nearly 70 members of the House joined Rep. Katie Porter (D-Calif) in urging the House Rules Committee to allow for remote voting. The committee responded with a memo citing concerns including that manipulated videos could be used to fake votes.

But open-government advocates warn that if lawmakers aren't able to vote during the national emergency, it could open the door to a power grab by the White House. Demand Progress Policy Director Daniel Schuman:

Right now it's unclear when the House is set to return, and that date could remain in limbo as more members have to self-quarantine or are unable to travel for other reasons. That could delay future efforts to fight the virus and manage essential government operations.

The Senate is set to return April 20.

PWNED: A well-known company that organizes ethical hackers to test products for bugs is refusing to do business with the mobile voting app Voatz after researchers reported hostile interactions with the company, CyberScoop's Sean Lyngaas reports

The move by Hacker One comes after repeated clashes between Voatz and researchers that reported hackable vulnerabilities in its app. Voatz also changed its policy last month to say it couldn't guarantee legal protections for hackers digging into its systems, sparking alarm from researchers.

We partner with organizations that prioritize acting in good faith towards the security researcher community and providing adequate access to researchers for testing, a HackerOne representative told Sean. It's the first time the platform, which works with companies including Uber and AT&T, has publicly expelled a client.

Researchers and lawmakers have heavily scrutinized Voatz, which they say has too many vulnerabilities to be used safely. 

“Voatz’s bug bounty was more of a PR talking point than an attempt to truly engage with the security community,” Kevin Skoglund, chief technologist at the nonprofit group Citizens for Better Elections, told Sean.

Voatz chalked up the criticism to a grudge by researchers who have accused the company of reporting a hacker to the FBI. The company will soon launch its own system for independent researchers to report bugs, it said.

PRIVATE KEY

Hackers are continuing to exploit government and private-sector responses to the coronavirus pandemic, and they’re finding new ways to hack users stuck indoors and online, new reports show. Here's a rundown:

  • Hackers are creating bogus sites that claim to have information about stimulus cash for citizens recently approved by Congress but that actually contain information-stealing malware, researchers at Cisco Talos say
  • Hackers have posed as officials with the U.S. Small Business Administration to seed struggling business owners with malware, IBM X-Force researchers found. In just the past 14 days, the researchers have seen a 14,000 percent increase in spam related to covid-19, they said. 
  • The number of suspicious domains and files referring to the teleconferencing company Zoom have also increased, researchers at Check Point observed

A coalition of 13 nonprofit organizations joined a new initiative from the Global Cyber Alliance to help businesses secure their newly remote workforces. Members of the campaign include Aspen Digital, part of the Aspen Institute, the Cyber Threat Alliance and The Cyber Readiness Institute.

— More cybersecurity news from the private sector:

Contractors battle bogus assertions about canine vaccines and free baby formula: “We’ve maxxed out.”
Wall Street Journal
The health care sector has increasingly turned to artificial intelligence to aid in everything from performing surgeries to helping diagnose and predict outcomes of patient illnesses. 
The Hill

PUBLIC KEY

— Cybersecurity news from the public sector:

Exclusive: The exposed cache of code contained app secrets and internal passwords.
TechCrunch
Official Chinese accounts adopted a "more confrontational posture" in messaging on COVID-19, beginning in late February and March, as cases were confirmed across Europe and within the U.S.
CBS News
Courts have struggled to interpret the vague Computer Fraud and Abuse Act.
Ars Technica
FBI agents have arrested a Russian citizen accused of laundering money for a cybercriminal gang that allegedly stole funds from a range of U.S. banks.

THE NEW WILD WEST

— Cybersecurity news from abroad:

Israel's defense ministry plans to use software that analyses data gathered from mobile phones - produced, according to Israeli media, by the spyware firm NSO - to help locate likely carriers of the coronavirus in order to test them.
Reuters

ZERO DAYBOOK

  •  The Alliance for Securing Democracy  will hold an interactive webinar to discuss narratives and long-term trends in China’s information manipulation efforts at 10:00 a.m. ET.