The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: First DHS chief Tom Ridge knocks Trump’s attacks on voting by mail

with Tonya Riley

The first secretary of Homeland Security has a message for President Trump: Stop bashing voting by mail. 

Former Pennsylvania governor Tom Ridge (R) told me Trump’s efforts to limit voting by mail are “counterintuitive,” and that he sees no reason more Democrats than Republicans will vote that way during the coronavirus pandemic, as the president has claimed. 

He also called the president’s claims that mail voting leads to widespread fraud far off base and criticized Republican lawsuits aimed at reining in mail voting in some states in November. 

“You're not going to resolve the potential for fraud in a courtroom. You're going to do it by training and oversight,” Ridge said in an interview. “The remedy against potential fraud isn't running to the courthouse and claiming fraud. The remedy is you set up a process that's apolitical or bipartisan to ensure that there's no fraud that's conducted by absentee ballots.” 

Restricting mail-in voting is only likely to reduce voting participation without reducing actual fraud to the limited extent it exists, he said. A Washington Post analysis recently found possible voter fraud cases in states that vote primarily by mail accounted for just 0.0025 percent of ballots in 2016 and 2018  – or about one out of every 39,000. 

Ridge’s comments underscore how Trump’s assault on mail voting is out of the historical mainstream for a party that had few concerns about the process until the coronavirus pandemic made it the safest and most secure option for voters. 

It also reflects a pragmatism about voting that remains common for many state election officials from both parties but is increasingly rare in Washington. 

Ridge launched a group in March with former Michigan governor Jennifer Granholm (D) that aims to build bipartisan support for mail voting. 

The group called VoteSafe has just two principles it is asking politicians, election officials and advocacy groups to endorse: “All states and U.S. territories should ensure voters have accessible, secure mail-in ballots and safe, in-person voting sites” and “Congress should ensure that states have the resources necessary to protect their voters and elections.”

It has been endorsed by Republican secretaries of state in Georgia and Washington and Democratic secretaries of state in Michigan, Colorado, Connecticut and New Mexico. 

Those states already allow all their residents to vote by mail without an excuse except for Connecticut, which offered that option in this year’s primaries and may do so again in the general election. Washington and Colorado are among five states where nearly everyone votes by mail. 

That’s also made the Democratic-led states a target for Trump. He has attacked Michigan in particular, which is a likely swing state, for sending absentee ballot request forms to all registered voters. He even threatened to cut off federal funding to the state, though it’s highly unlikely he could do so. 

That move puzzled Ridge, who said the president would be better served by trying to make it easier for his supporters to vote during the pandemic rather than harder. 

“It’s counterintuitive to me why he wouldn't be saying to everybody, ‘Let's maximize participation. Let's get everybody who can't go to the polls to vote for me by absentee,’ ” Ridge said. 

Ridge is also urging Congress to compromise on providing additional federal funding for mail voting.

He stopped far short, however, of endorsing Democrats’ main proposal, which would deliver $3.6 billion in election money to states in exchange for a slew of new mandates. Those include that they allow all citizens to vote by mail in future elections and provide 15 days of early voting. 

Federal funding should be based on detailed requests from secretaries of state and should include matching money from the states so they have skin in the game, he said. 

Ridge also said he’s opposed to attaching any strings to the federal money. “As a former Republican governor, I never like mandates from the feds,” he said. 

Republicans and Democrats have compromised on three rounds of federal election funding totaling about $1.2 billion since the 2016 contest was upended by a Russian hacking and disinformation campaign. Those deals always involved Democrats giving up efforts to attach mandates to the money, which are fiercely opposed by Senate Majority Leader Mitch McConnell (R-Ky.). 

Another such deal could be possible if there’s a future round of coronavirus stimulus funding. But election experts warn that time is quickly running out for election officials to purchase all the material they need to run a safe election in November. So, if the money arrives after July it could be less useful. 

Ridge also stressed the importance of ramping up preparations as quickly as possible for the general election — especially given major primary day problems in Wisconsin, Georgia, the District of Columbia and elsewhere.

“If we don't learn the lessons of the long lines in Milwaukee and Atlanta and we don't take remedial action now and be better prepared for November 3rd, then it would be a rather shameful abdication of responsibilities by political figures on both sides of the aisle,” he said. 

Ridge praised DHS’s work to help states secure election systems against hacking. 

The department’s cybersecurity division has grown immensely since he left DHS in 2005 and gained far broader authorities related to helping critical industries protect themselves in cyberspace. That expanded to include helping to protect election systems in 2017, but the department has far less authority to combat online disinformation from Russia or elsewhere.

“They've done a great job since 2016. Frankly, I think the security impact on the election won't be voting machines, it will be the use of electronic media and social media to influence voters’ preferences,” he said. “The Russians maintained undue influence in 2016 and we shouldn't be so naive as to think that the Russians, maybe the Iranians, maybe the Chinese, won’t try to do it again.”

Ridge criticized Trump for repeatedly wavering on whether Russia was responsible for that interference but said he doesn’t think many people agree with the president. 

The president and some of his strongest supporters may ignore the conclusion…but I think it’s a minority,” he said. 

The keys

The Trump administration will allow U.S. companies to work with Huawei on 5G standards. 

Commerce Secretary Wilbur Ross signed off on the change, which is essentially a carve-out from a ban on U.S. companies working with the Chinese firm, Reuters’s Karen Freifeld and David Shepardson report. U.S. officials have accused Huawei of being a possible spying tool for Beijing.

The administration banned U.S. companies from partnering with Huawei last year over spying concerns. But the ban caused confusion over whether they could participate in international discussions that included Huawei setting technical standards for next-generation 5G wireless networks, artificial intelligence and other key topics. That gave Huawei a strong voice in discussions and put the United States at a disadvantage, companies and lawmakers argued. 

“The United States will not cede leadership in global innovation,” Ross said.

Six former eBay employees were charged with cyberstalking after allegedly sending a bloody pig mask to online critics.

The alleged harassment campaign also included sending the Massachusetts couple a fetal pig. It started in 2019 after the couple published an article about a lawsuit involving eBay on their e-commerce blog, Rachel Lerman reports.

The eBay employees included James Baugh, former senior director of safety, and David Harville, former director of global resiliency. They harassed the couple by sending them a book about surviving the loss of a spouse and posted a fake Craigslist ad with their address soliciting sex. One of the employees also sent vulgar and harassing messages to one victim and used the fake account to criticize their site. 

EBay said in a statement it was investigating the incident and had fired all the employees charged as well as the company's chief communications officer. The company said there was no evidence that former CEO Devin Wenig, who left the company in September, knew in advance or authorized the actions.

A Twitter account that spread conspiracy theories about the Iowa caucuses and coronavirus may have belonged to a Russian troll.

The New York Times traced the promotion of viral tweets about the conspiracy theories to an account named @DanWals83975326, which had only 1,200 followers, Nicole Perlroth reports.

The phony conspiracies included that former Hillary Clinton staffer Robby Mook was responsible for building an app that imploded on Iowa caucus night and that the United States created the coronavirus.

It’s a prime example of how Russia-backed agents are now taking divisive content from real Americans and spreading it through networks of low-profile accounts rather than creating their own divisive social media campaigns as they did in 2016. The more subtle approach has made influence campaigns harder to spot, researchers warn.

“Russia’s trolls learned it is far more effective to find the sore spots and amplify content by native English speakers than it is to spin out their own wackadoodle conspiracy theories,” said Cindy Otis, a former CIA analyst who specializes in disinformation.

Twitter suspended the account after the New York Times published its story.

Global cyberspace

Norway suspended its coronavirus contact-tracing app following privacy concerns from the country's data protection watchdog.

The app "presented a disproportionate risk to privacy given low download rates," according to regulators, Politico Europe reports. Watchdogs pointed out that the app collected location data when other European apps did not. Norway's public health body deleted all the data the app collected but argued the order weakened the country's fight against the spread of coronavirus.

More global news:

Huawei CFO’s Lawyers Say She Is Falsely Accused by U.S. (Wall Street Journal)

China Reports Progress in Ultra-Secure Satellite Transmission (The New York Times)

‘Vendetta’ hackers are posing as Taiwan's CDC in data-theft campaign (CyberScoop)

Cyber insecurity

T-Mobile's network went out Monday morning for users across the United States.  

There is no evidence the outage was caused by a cyberattack, TechCrunch reports. A Twitter account associated with the online collective Anonymous claimed to have launched a widespread denial of service attack that shut down numerous phone networks, but TechCrunch and other outlets found no evidence for the claim. AT&T and Verizon reported their networks were working normally.

The FCC announced an investigation:

More news about hacks and breaches:

Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More (Wired)

CenturyLink Exposed 2.8 Million Customer Records, Lawsuit Claims (Bloomberg Law)

Chat room

More details from @MalwareTechBlog on how a service outage can snowball into unverified claims of a major denial of service attack trending on Twitter:

Cloudflare's Matthew Prince also disputed rumors of a widespread DDoS attack:

In other news, welcome to Twitter U.S. Cyber Command chief Gen. Paul M. Nakasone. 


  • The House Financial Services committee will host a hearing on how cybercriminals are exploiting the covid-19 pandemic today at noon.
  • The House Homeland Security Committee will host a hearing on DHS operations today at noon.

Secure log off

John Oliver explains the debate over facial recognition technology.