with Tonya Riley

Ohio will today hold its primary election almost entirely by mail  in what could be a model for the rest of the nation in November. 

The contest is a canary in the coal mine for more than a dozen states still planning presidential and state primaries this year. They’re aiming for either a fully vote-by-mail elections or for far more ballots than usual to be cast by mail. Today's contest is also likely to guide officials as they plan for November’s presidential election, which could be similarly restricted by the novel coronavirus pandemic.

Ohio aims to be a counterpoint to Wisconsin, where the Republican-led legislature blocked Democratic Gov. Tony Evers’s efforts to delay the April 7 primary contest, resulting in thousands of people not receiving absentee ballots and blocks-long lines outside polling places on Election Day. At least 40 Milwaukee residents who stood in line or worked the polls have since tested positive.

The primary also takes place as New York, which has been ravaged by the coronavirus, yesterday canceled its primary.

What I saw from the outside looking in in Wisconsin looked very chaotic and candidly dangerous to me,” Ohio Secretary of State Frank LaRose (R) told me. “I would not want that scenario in Ohio and I think we’ve taken the right steps to prevent it.” 

Nearly 2 million Ohioans have requested mail-in ballots and about 1.5 million have cast those ballots, according to state figures. 

That’s a greater than 400 percent increase over absentee voting in the 2016 primary and basically on par with the total number of votes cast in the 2018 primary elections, according to numbers maintained by LaRose’s office. While former vice president Joe Biden has effectively wrapped up the Democratic presidential nomination, Ohio's ballot includes several congressional and local races that are still contested. 

That should be a lesson for other states that voting by mail is likely to surge in November — even if they don’t do anything to promote it, Marian Schneider, president of the voting security group Verified Voting and a former state election official in Pennsylvania, told me. 

It means states and counties should begin buying up tools such as industrial scanners and mail sorters they’ll need for a big increase in mail-in ballots, she said. They should also begin to ink new contracts for printing those ballots, she said. 

Those moves will be especially important for states where only a small percentage of people typically vote by mail or normally require an excuse such as illness or travel for absentee voting but plan to loosen restrictions during the pandemic.  

States should also consider sending ballots directly to registered voters rather than having them request ballots, Schneider said. That's a system that has been criticized by some Republicans who say it encourages voter fraud. 

There’s enormous interest in mail voting and it will be smoother if they spend the time ramping up,” she said. 

Ohio has also faced obstacles as it geared up for its primary.  

Notably, the U.S. Postal Service had to make a series of last-minute upgrades to ensure a large number of requested ballots aren’t stuck in transit on Election Day. 

LaRose said he expects a small number of people who didn’t yet receive their absentee ballots will today cast provisional votes at in-person polling sites — but far from the approximately 9,000 people in a similar situation in Wisconsin. They’ll vote at polling sites set up for people with disabilities that make it impractical to vote by mail and homeless voters who are also authorized to vote in person. 

The state legislature also rejected a plan from LaRose that would have delayed the election until June 2 and sent all registered voters a form to request an absentee ballot. Instead the state sent registered voters a postcard outlining how to request a mail-in ballot.  

The vote also highlights a division on mail voting between President Trump and many Republic election officials in the run-up to November. 

Trump has attacked the shift to voting by mail during the pandemic as “horrible,” “corrupt,” and “a very dangerous thing for this country,” saying the move could promote widespread fraud and be used to aid Democrats’ election chances. That’s despite voting by mail himself in Florida this year. 

Republican election officials in states including Ohio, Iowa and West Virginia, meanwhile, have embraced mail voting during the primaries as a solution to ensure voters can cast ballots without risking their health during the pandemic. 

Notwithstanding what a few folks have said, a lot of state and local election officials, both R and D, know the importance of voting by mail, especially during a pandemic,” David Levine, the elections integrity fellow at the Alliance for Securing Democracy, told me. “They know the role voting by mail can play in ensuring a safe, secure and accurate November election.”

But Trump’s criticism could make it more politically perilous for Republicans to embrace mail voting in the general election. 

It could also make it tougher for Democrats to secure about $3.6 billion in federal election funding they say is necessary to implement large-scale mail voting nationwide and to take other pandemic-related precautions such as mandating extra early voting days. 

LaRose, for one, says he hopes more Ohioans can vote in person in November. But he plans to be prepared for another all-mail contest. 

He will present plans to the governor and legislature in the next few weeks for how that can happen. The plans will include allowing voters to request mail voting forms and verify their identities online, and to mail absentee request forms with postage-paid envelopes to all the state’s registered voters. 

A lot of things about this primary election are not ideal, but given the circumstances I think we’ll be able to say we ran an election that was fair, accessible and secure,” he said. “Leaders across the world right now are making choices between bad and worse outcomes. For November there are a variety of things I hope we can do better.” 

The keys

Delaware will allow mobile voting for voters with disabilities in next month’s primary election. 

The move, which was first reported by NPR’s Miles Parks, makes Delaware the second state to announce it will launch such a pilot for the controversial voting system, which cybersecurity experts warn is impossible to verify and vulnerable to hacking. It means people can access their ballots over the Internet, or via a smartphone and app.

New Jersey is also considering such a plan, NPR reports. West Virginia already announced it would allow voters with disabilities to cast ballots using mobile devices during its primary. I earlier reported on the mobile voting pilots before the states were known. Tusk Philanthropies, a nonprofit funded by multimillionaire Bradley Tusk, is funding many of the pilots.

The Delaware and West Virginia programs will both use technology from the Seattle-based company Democracy Live. 

“Those in favor of Democracy Live's system argue that it is a paper-based system, because when a voter elects to electronically submit their ballot, an election official must print it out before it's counted,” NPR reports. “But most security experts scoff at that concept because the ballot is transmitted via the internet before it reaches the stage where it's printed, leaving it potentially vulnerable to cyber manipulation.”

Lawmakers are on track to enact many recommendations from a 9/11 commission-style cybersecurity panel.

The recommendations, including establishing a military reserve unit for cybersecurity pros and a digital bug-hunting program for the defense industrial base, will be included in a must-pass defense policy bill, Politico’s Morning Cybersecurity reports.  

There’s also bipartisan support for a Cyber Solarium Commission recommendation to revive and elevate a White House cybersecurity director position, Politico reports. Trump scrapped that post in 2018. That could give it the traction it needs to push changes outside the must-pass National Defense Authorization Act.

The commission’s co-chairs Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) pitched it as a 9/11 commission for cyber threats before the 9/11-level attack. They were planning to tout the report’s findings across the country but the report has largely been buried in the avalanche of coronavirus news. 

Cybersecurity pros are being shifted from critical security work to deal with remote-work IT hassles,  a study finds.

About 47 percent of cybersecurity workers have been drafted to help their organizations manage nonsecurity issues during the pandemic such as enabling remote work, according to the survey out this morning from (ISC)², the nation’s largest cybersecurity accrediting organization. Meanwhile, 23 percent of surveyed cybersecurity professionals say their organizations are experiencing up to double the number of hacking attempts. The group also found that:

  • 50 percent of respondents believe their workplaces could be doing more to secure their organization.
  • 15 percent say their information security teams don’t have the right resources to support remote working. 

Respondents also said they feared a surge in hacking while their organizations work remotely, with one noting that “covid-19 hit us with all the necessary ingredients to fuel cybercrime.” 

Privacy patch

Companies are embracing untested surveillance systems to police reopened workplaces, sparking privacy concerns.

The new systems include fever-screening stations and Bluetooth-enabled social distancing detectors, Drew Harwell reports

That could set a new norm as more workplaces and businesses such as hotels and grocery stores adopt thermal cameras to test for high temperatures that have yet to be backed by significant research. And while employers aren't using facial recognition to pair temperatures with identities yet, they could in the future.

Tech companies behind the new workplace tracking products, however, say the tools are crucial to safely reopening businesses. “We feel like this AI can help bring things back to normalcy,” said Daniel Putterman, co-chief of thermal surveillance company Kogniz. “I don’t believe body temperature is a piece of private information anymore.”

Last month the Equal Employment Opportunity Commission loosened rules to allow employers to take workers’ temperatures on the job and even reject job applicants who test positive for the virus. 

Government scan

A government website to help disburse emergency small-business loans crashed yesterday.

No hacking is suspected, but the crash has left many small businesses already reeling from the pandemic uncertain whether they'll get access to $310 billion in additional funding Congress passed last week, Aaron Gregg, Renae Merle and Ben Golliver report.

More in government news:

National Security
U.S. spy agency warnings were contained in the ‘President’s Daily Brief,’ a report that Trump routinely declines to read.
Greg Miller and Ellen Nakashima
The attackers are exploiting U.S. businesses' reliance on digital updates from the federal government about SBA aid.
CyberScoop

Cybersecurity report card

A slew of government agencies have been getting bad cybersecurity report cards in recent weeks. 

The departments of Justice, Commerce and Veterans Affairs and the Social Security Administration are all failing to protect their systems from hackers, recent Government Accountability Office reports find.

The Commerce Department, meanwhile, needs to address long-standing cybersecurity weaknesses in the 2020 Census that lawmakers and security experts have raised concerns about for well over a year. 

Industry report

Data stolen in coronavirus-related attacks is showing up online.

Hackers published the Social Security numbers, financial information, driver's licenses, passport numbers and other sensitive data of ExecPharm clients from a March ransomware attack, TechCrunch's Zack Whittaker reports.

Global cyberspace

Britain's National Health Service will eschew the contact-tracing technology that Apple and Google are rolling out and launch its own software.  

The government-designed app will match contacts on a centralized computer and then send alerts to people who might have come into contact with an infected person, Leo Kelion at BBC News reports.

Tech giants have said their approach better secures users' personal information, but global governments have been skeptical of their promises. The approach puts the United Kingdom at odds with a number of other U.S. allies including Germany and Switzerland that are moving forward with using Google and Apple developer tools.

More cybersecurity news from abroad:

Foreign suppliers worry that national-security assessments of equipment deals will put them at a disadvantage in the Chinese market.
Wall Street Journal

Chat room

Proposals to limit U.S. education options for Chinese students may backfire, Secure Democracy's Lindsay Gorman argues:

Daybook

  • The R Street Institute will host a discussion on "EARN IT Act and Its Broader Implications for Encryption and Cybersecurity" today at 2 p.m.
  • The McCrary Institute and Cyberspace Solarium Commission (CSC) will host live event discussing if deterrence is possible in cyberspace Wednesday at 1 p.m.

Secure log off

Just what we need right now.