with Tonya Riley

Voters got a split-screen view of pandemic-era elections yesterday in Oregon and Kentucky. 

Both states were scheduled to conduct their presidential primaries, but only Oregon, where voters cast ballots almost entirely by mail, carried it off. The state had tallied results from about 75 percent of 1.2 million ballots it received as of early this morning and declared winners in most major races. Former vice president Joe Biden, the last remaining Democratic presidential candidate, handily won the state’s presidential primary with about 70 percent of votes. 

Kentucky, where just about 2 percent of voters cast their ballots by mail in 2018, delayed its primary until June 23. Now, the state is scrambling to rebuild its voting operations from the ground up in just a matter of months.

The split demonstrates how some states are facing far greater challenges preparing for the primaries and general election during the pandemic — and how some voters are in greater danger of facing a choice between casting their votes and protecting their health. 

Kentucky is one of just 16 states where voters must typically provide an excuse before voting by mail.

The state created a temporary exception to that rule on April 24 but only after weeks of wrangling between Democratic Gov. Andy Beshear and Republican Secretary of State Mike Adams, who opposed expanding mail voting before the pandemic struck. 

The agreement came about a week after Wisconsin pushed through with a mostly in-person primary during the height of the pandemic, resulting in thousands of voters who requested absentee ballots but didn’t get them in time and blocks-long lines of voters standing six feet apart. More than 50 new cases of the novel coronavirus have been tied to the primary. 

Adams now hopes up to 90 percent of Kentucky voters cast their ballots by mail in the primary, he told the Kentucky public radio station WKMS.

The state is setting up an online system where voters can request mail ballots and urging counties to offer 15 days of early in-person voting. 

But it’s still unclear whether Kentucky will grant a similar exception during the general election in November. 

Nor is it clear whether officials will make a decision in time for all the necessary preparations, such as buying loads of envelopes, stuffing and sorting machines for mail ballots, and hiring poll workers who can manage the process. 

That will be a massive undertaking, according to voting security experts and election officials in states with large vote-by-mail elections. States must begin preparations by June if not sooner, they say. 

The Brennan Center for Justice at New York University has estimated the cost of implementing vote by mail and other coronavirus-related reforms across the nation in November at $2 billion. 

Kentucky is one of numerous states scrambling to re-engineer its typical voting process with just months to go before November.

About half of states had less than 10 percent of their voters cast ballots by mail in 2018 regardless of those states’ voting by mail rules, according to figures maintained by the Brennan Center. That means it will be a huge undertaking to run general elections primarily by mail if the virus is still making voting in person unsafe.

The list includes several large states, such as Texas (6 percent) and New York (4 percent), where a judge ordered last night the state must go forward with a Democratic primary next month it had tried to cancel. 

Oregon, meanwhile, has a far easier road during the pandemic. 

Near 100 percent of the state’s residents already vote by mail. The major exceptions are voters with disabilities that make voting by mail impractical, homeless voters and people who register to vote on Election Day. 

The state retained in-person voting for those people during yesterday’s primary and expanded polling places by leasing nearby spaces so it would be easier to maintain social distancing. 

Oregon Secretary of State Bev Clarno (R) boasted about the system in a recent newsletter, saying “it will prevent Oregon voters from having to choose between staying safe at home and casting their ballot,” during the pandemic. 

Oregon Democrats also used the primary to tout voting by mail as a “no-brainer" during coronavirus. 

But it’s unclear whether Kentucky and other states will have the money they need for new mail voting operations. 

States are mostly strapped for cash during the pandemic. And experts say $400 million Congress provided for elections in the $2 trillion coronavirus stimulus bill won’t be nearly enough to cover the tab.

House Democrats passed another $3 trillion coronavirus stimulus last week that included $3.6 billion for elections. But it also included a lot of mandates — including that states permanently remove restrictions on voting by mail — even after the pandemic is over. 

That will be a nonstarter with Senate Majority Leader Mitch McConnell (R-Ky.), who has long opposed federal mandates on state-run elections. 

The bill also mandates that states send absentee ballots directly to registered voters rather than ballot request forms — which Republicans say creates too great a risk of fraud if voter rolls are out of date. 

President Trump has also vilified voting by mail despite voting by mail himself in Florida this year. 

The president has claimed without evidence that voting by mail produces widespread fraud.  He specifically objected to those parts of the Democratic bill during a lunch with Republican lawmakers yesterday, Erica Werner, Seung Min Kim and Jeff Stein reported

Democrats, meanwhile, are trying to pressure Republicans by lobbying the public to support voting changes. 

Top Senate supporters of election changes have been doing near-weekly media calls advocating for more money for voting by mail since the pandemic began, including Sens. Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.).

“[We’re] trying to get more people engaged in this issue around the country and present it in the Senate, not simply as a partisan position, but as something we should all care about, protecting our democracy,” Sen. Elizabeth Warren (D-Mass.) said during one of those calls organized by the advocacy group Stand Up America. 

For our voting system to have legitimacy, we all must believe that all citizens have equal access to the vote,” she said. 

The keys

Chinese hackers are suspected of stealing email addresses and travel details of 9 million EasyJet customers. 

The same Chinese hacking group has targeted multiple other airlines in recent months, two sources familiar with the investigation told Reuters's Jack Stubbs and Kate Holton. The British budget airline EasyJet has not confirmed who was behind the attack but said it was a "highly sophisticated source." The company is working with British authorities to investigate.

Based on previous hacks, the Chinese group may be looking for intelligence about travel records of specific individuals rather than credit card numbers and other data it could use for financial gain. The company notified 2,200 customers in April that the breach exposed their credit card information. But it revealed the full extent of the breach only yesterday.

EasyJet did not disclose when the breach began or how long it lasted but said the hackers have been shut out of its systems. 

The breach could lead to a hefty fine for the company. Competitor British Airways faces a $230 million fine by British authorities for a breach that affected 500,000 customers in 2018.

Lawmakers are pushing to protect phone calls between the House and Senate from foreign spying.

The group of 20 lawmakers wants Congress's top security officials to craft a plan to encrypt all phone calls and electronic communications between the chambers by June 12, according to a letter led by Sens. Ron Wyden (D-Ore.), Mike Rounds (R-S.D.) and Rep. Anna Eshoo (D-Calif.).

The Senate encrypted its internal phone calls in late 2018, months after a warning from the nation's top counterintelligence official that the lack of encryption made its communications vulnerable to interception by hackers and spies. The most recent models of House desk phones are also encrypted.

But calls between the two chambers don't have encryption that would similarly protect them.

Scammers are posing as coronavirus contact tracers to steal personal information, the FTC warns. 

The scammers are sending text messages posing as state and local health department employees hired to get the names and phone numbers of people infected with covid-19. But unlike legitimate tracers, they're asking for sensitive information such as people’s Social Security numbers, bank account and credit card information.

A legitimate text message from a contact tracer will inform a recipient to expect a call from the health department, wrote Colleen Tressler, consumer education specialist at the Federal Trade Commission.

The FTC didn't say how many contact-tracing scams consumers have reported, but the warning comes amid a rapid surge in coronavirus-related fraud. The agency suggests users block text messages from unknown senders that may be spam.

Government scan

The Senate will vote on the nomination of Rep. John Ratcliffe (R-Tex.) to be Trump's top intelligence official.

Ratcliffe's nomination passed the Senate Intelligence Committee along party lines. He is expected to be confirmed by the full Senate after Memorial Day despite Democratic opposition, Shane Harris reports.

More government news:

Global cyberspace

Japan’s defense ministry is investigating a hack of its next generation missile system.

Hackers may have gleaned detailsa bout the missiles in a large-scale breach of Mitsubishi Electric Corp, the Asahi Shimbun newspaper reported, per Reuters.

More global cybersecurity news:

Cyber insecurity

The Nigerian cybercriminal gang probably behind mass unemployment fraud has a long history of stealing government relief, researchers say. 

In addition to unemployment fraud, the “Scattered Canary” group has committed fraud related to Social Security benefits, disaster relief and student aid over the past decade, researchers at the cybersecurity firm Agari reported yesterday

A government memo didn't name “Scattered Canary” directly, but Agari researchers say they've tied it to fraudulent applications in three states.

More hacking news:

Industry report

Two of the largest groups sharing cybersecurity threat information in the IT sector will be joining forces.

The Cyber Threat Alliance is joining with the IT Information Sharing and Analysis Center to coordinate on sharing threat information and responding to cybersecurity emergencies, according to a release out this morning.

CTA is a private-sector group that includes Cisco, McAfee, Verizon and Symantec among its members. The IT-ISAC is designated by the government to share cybersecurity information among IT companies.

Chat room

Advice from computer security researcher Chris Kubecka:


  • The Senate Commerce Committee will mark up the CYBER LEAP Act on today at 10 a.m.
  • The Tech, Law and Security program at the American University Washington Collect of Law and R Street Institute will host a virtual discussion on the challenge of alternative voting systems during the pandemic today at 2 p.m.

Secure log off

Don't try this at home. Or literally anywhere.