with Tonya Riley

THE KEY

Time’s running short for states and counties to prepare for a possible massive surge of mail-in voting in November prompted by the coronavirus pandemic. 

That’s the assessment from companies that manage the printing, mailing and sorting of absentee ballots that are already ramping up to manage the crush. 

If counties don’t start inking contracts to handle the increase in the next two months, they’ll risk problems that could lead to chaos or shatter voter confidence in November. They could include ballots failing to reach voters who request them, voters getting the wrong ballot for their districts or reams of ballots arriving late and delaying election results. 

“Time is what’s going to kill this whole thing,” Jeff Ellington, president of Runbeck Election Services, one of the largest mail ballot printers in the nation, told me. 

Most state officials, however, haven’t released plans that look beyond their primaries — many of which were postponed by the pandemic. And President Trump and other Republicans are launching legal and rhetorical assaults on mail-in voting that could further delay preparations. 

That could be a recipe for disaster if states are left unprepared and the coronavirus is still making in-person voting unsafe in November. A glimpse of such a scenario came from Wisconsin, which held its primary on Tuesday and was slammed with more than one million absentee ballots far more than in 2016 election when voters cast a record 865,000 ballots by mail. 

Because of the rush and lack of preparation in Wisconsin, at least 900,000 people requested absentee ballots but didn’t get them, the state Elections Commission said — forcing them to risk voting in person or not voting at all and contributing to a chaotic election marred by long lines and shuttered polling sites. 

Wisconsin is among about two-thirds of states that allow all voters to request absentee ballots without an excuse such as illness or travel and where mail voting could surge for the general election even without any intervention by lawmakers. 

“[Voting by mail] isn’t really up to election officials but to voters, and there’s going to be a big jump. Wisconsin just showed that,” Amber McReynolds, a former top election official in Denver and CEO of the National Vote at Home Institute, told me. “Most states are going to experience a huge increase in ballot requests, which is going to create a huge backlog. They need to start having conversations with vendors now.”

McReynolds’s group issued a strategy for ramping up mail voting during the pandemic recommending states consider centralizing mail voting operations instead of managing them by county. The group also suggests standardizing ballot formats and procedures, expanding mail voting deadlines and implementing best practices such as allowing voters to track their ballots like a FedEx package.  

The group also estimates a mail-in surge would come with massive costs— about $38 million for a state the size of Michigan. The Brennan Center for Justice at New York University estimates it would cost about $2 billion to increase voting by mail and make other coronavirus-related changes nationwide. 

But there’s no evidence the federal government is interested in ponying up. Democrats and Republicans are already locking horns over the issue after Democrats sought $4 billion for election protections in the $2 trillion coronavirus stimulus bill passed last month –  but got only $400 million with no guarantee states would use the money for mail-in balloting.

Republican leaders are also planning to fight state-level statutes that could expand absentee voting in Michigan, Minnesota, Arizona and other states, the New York Times’s Jim Rutenberg, Maggie Haberman and Nick Corasiniti report.

Trump, meanwhile, has railed against voting by mail even though he voted by mail himself in Florida earlier this year claiming without evidence that mail voting systems are prone to widespread fraud and corruption.

Trump argued voting by mail is more secure for a select group of people such as senior citizens and military members. Most experts say all-mail voting states such as Oregon, Washington and Utah do a better job of verifying voters’ identities and ensuring ballots are going to the right people.

Part of the problem is the group of companies that support voting by mail is far larger and more diverse than the market for in-person voting, where just three companies produce or manage voting machines used by more than 90 percent of people.

By contrast, mail-voting components are spread among a vast array of large and small printing companies and envelope-stuffing and sorting services, some of which specialize in elections but many of which don’t. 

Many of them are also mom-and-pop shops that would struggle to manage a two- or three-fold increase in mail ballots. And many small counties also manage mail-in voting themselves by sorting and stuffing the envelopes by hand and would need to switch to a vendor to handle the increase in volume. 

Runbeck started scaling up in early March for a pandemic-related surge, Ellington told me. The company is prepared to handle about 10 million mail-in ballots now, or about 10 percent of all registered voters, he said. It could expand further but needs word from counties as soon as possible to do that in time for November.

BlueCrest offers services for all phases of mailing ballots but focuses most on machines that fill envelopes with ballots, voting instructions and return envelopes that ensure the correct ballot is going to the right address. The company serves 30 counties now but has gotten a slew of inquiries in recent weeks from potential new customers, the company’s vice president for sortation, Rick Becerra, told me. 

“People want to be able to vote, and they don’t want to get sick, so we’re getting calls on a daily basis,” he said. 

Becerra estimated that the largest counties, with more than 3 million voters, will have to be ready for increased mail voting by mid-May and that counties with more than 500,000 registered voters will have to be ready by mid-June. Smaller counties can wait until mid-July, he said, but after that, time will have basically run out to get new machines in place, train workers to use them and educate voters.

“For some counties, the capacity will be there, but in others, it’s going to be a little challenging,” he said. 

PINGED, PATCHED, PWNED

PINGED: Former vice president Joe Biden, who sewed up the Democratic presidential nomination yesterday, has urged a tough stance against cyberattacks from Russia and other U.S. adversaries even as he’s shied away from some of the Trump administration’s more bellicose rhetoric about striking back in cyberspace.

Biden has slammed Trump for being soft on Russian hacking and criticized Senate Majority Leader Mitch McConnell (R-Ky.), who he said refused to join with the Obama administration in condemning Russian interference before the 2016 election.

But he’s also urged hitting Russia with economic sanctions and diplomatic pressure rather than jumping into a tit-for-tat hacking conflict that might escalate and do more damage to the United States than to Russia. That’s a point Biden made in a January 2018 Foreign Affairs article with Michael Carpenter, a former top Pentagon official, and a related panel discussion.

That basically puts the former vice president in line with the Obama administration’s cybersecurity policy, which marshaled a series of carrots and sticks to try to keep adversaries in line. That policy saw some success, especially a 2015 deal that led to a brief reduction in Chinese digital espionage. But the administration proved unable to rein in hacking operations from Russia, Iran and North Korea and faced some criticism for being too slow to retaliate against cyberattacks.

Biden has also urged increasing efforts to secure vital U.S. infrastructure against foreign digital attacks including energy plants, airports and government computer networks. And he's pushed states to invest in secure election technology that includes paper trails and post-election audits.

PATCHED: Top cybersecurity agencies in the United States and United Kingdom are warning about a surge in cyberattacks during the pandemic targeting health-care workers and employees working from home. 

The attackers are posing as doctors and even World Health Organization officials to trick users into opening messages that then infect their computers with malware, steal personal information and lock up computer files to hold them for ransom. The report included a list of over 2,500 domains tied to known coronavirus scams.

The Australian government, meanwhile, is taking things even further and hacking back against criminals that are exploiting the pandemic, the country's cybersecurity agency said. The agency has successfully disrupted activities from foreign criminals by disabling their infrastructure and blocking their access to stolen information,” Australian Minister of Defense Linda Reynolds said.

PWNED: Cybercriminals are piggybacking off Trump’s promotion of an anti-malaria drug as a possible coronavirus cure and buying up domains related to the drug they can use to hack unwitting victims, researchers at the cybersecurity company NormShield found

The number of suspicious domains mentioning the drug hydroxychloroquine has quadrupled since Trump first mentioned it was being investigated as a treatment, researchers found. Overall, the NormShield team found 362 new suspicious web domains referencing 10 possible coronavirus cures including hydroxychloroquine in the first three months of 2020.

Some of the domains researchers examined referred users to a checkout page that would capture their credit or debit card information. Many of the domains were registered by the same person, researchers said, which makes them even more suspicious. Hackers often buy up domains in bulk so they can quickly shut them down once theyve reached a certain number of customers to avoid detection.  

Researchers at the cybersecurity firm Check Point also uncovered hackers registering tens of thousands of domains that advertise coronavirus-related Android apps that are actually designed to steal users’ personal information from their text messages, microphone and camera.

PUBLIC KEY

— Cybersecurity news from the public sector:

The U.S. Senate has told its members to not use Zoom's video conferencing app due to data security concerns, the Financial Times reported on Thursday, even as the company attempts to stem a global backlash against its fast-growing app.
Reuters
The report comes as election security experts remain on alert for efforts to manipulate the 2020 election from Russia and many other countries and nonstate actors.
NBC News

PRIVATE KEY

— Cybersecurity news from the private sector:

Zoom has exploded in popularity during the coronavirus pandemic while also coming under fire over security issues.
BuzzFeed News
The features that allowed companies to hop on videoconferences also made it easy for trolls to hijack meetings and harass students.
The New York Times

THE NEW WILD WEST

— Cybersecurity news from abroad:

Asia & Pacific
Chinese companies are reopening with tight rules for preventing second-wave coronavirus infections.
Eva Dou