The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: The partisan split on voting security extends to the nominating conventions


with Tonya Riley

As Democrats and Republicans spar over the safest and most secure way to cast ballots in November, their national conventions are showcasing two different approaches to pandemic-era voting.

The models reflect the parties' differing stances on voting in November: Democrats are prioritizing limiting the risk of the coronavirus spreading and Republicans are putting a premium on in-person voting. 

At Democrats’ online convention, which kicks off today, delegates will cast ballots by email on a handful of issues, including nominating Joe Biden as the party’s official presidential candidate. That mildly increases the risk that hackers or technical snafus could undermine the voting process, but it protects delegates from the virus. 

By contrast, while Republicans’ convention next week will be dramatically scaled down, all of the voting will happen in person at the Charlotte convention site with a maximum of 336 delegates. In some cases, the party will allow the delegates in Charlotte to cast votes on behalf of other delegates who do not attend in person – but not when it comes to selecting the party's presidential nominee. 

The decisions about convention voting send a major cultural message since the events' biggest votes aren’t in doubt; Biden and President Trump are assured of their parties’ nominations. 

“Democrats are taking an approach that is more dependent on technology that could be vulnerable [to hacking], but it’s done in the service of public health and the health of delegates,” Edward Perez, global director of technology development at OSET Institute, a nonprofit election technology organization, told me. “In contrast, Republicans are effectively saying, ‘What we think matters is for the delegates to be in Charlotte because we believe the country needs to know people can meet in person.’”

Securing convention voting is just one of the cybersecurity challenges Democrats will have to juggle this week. 

To ramp up the excitement of the online event, the party will be broadcasting live feeds from hundreds of living rooms, stages and other locations across the country, Michael Scherer reports. That’s in addition to major speeches from Biden, presumptive vice-presidential nominee Sen. Kamala D. Harris (D-Calif.) and party luminaries including former presidents Bill Clinton and Barack Obama, all of which will be streamed in from different locations. 

That could create opportunities for hackers to disrupt the broadcast or embarrass the party if they can outsmart systems for verifying that the participants are who they say they are. 

The party is trying to reduce that danger by working with top cybersecurity companies and deploying “redundant and diverse connections and pathways for the programming and infrastructure that supports the programming,” a Democratic National Committee official told me last month. The official did not provide specific details about participants verifying their identities. 

The good news: A handful of other major televised virtual events during the pandemic have faced similar challenges and avoided major incidents. That includes the NFL draft and the “Graduate Together” broadcast that marked high school graduations in May. 

“We’ve learned a lot in the past four to five months about how to do large high-profile events like this and how to secure them,” said Mark Testoni, chief executive of SAP NS2, the national security-focused division of the major multinational software firm.

If the broadcast is disrupted either because of hacking or IT failures, that might not be a huge embarrassment — provided the organizers are able to get things up and running again quickly, Testoni said. 

Republicans' convention broadcast will also be highly complicated. But many of the live speeches will be delivered from Washington.

Convention voting security is important to signal Americans are able to vote safely. 

The topic of election security is likely to play an outsize role in both conventions.

Republicans have largely stepped back from Trump’s early blanket assault on voting by mail. But they’re still trying to rein in the practice. Most recently, officials have trained their criticism on states that send ballots automatically to registered voters rather than requiring them to request ballots first. 

That’s the way ballots are managed in Colorado, Hawaii, Oregon, Washington and Utah, which voted nearly entirely by mail before the pandemic. Four other states — California, Nevada, Vermont and New Jersey — have shifted to the practice for November. White House Chief of Staff Mark Meadows warned on CNN’s “State of the Union” on Sunday that more states might follow suit if Republicans don’t hold a firm line. 

This is more about states trying to re-create how they get their ballots, and they’re trying to do it on a compressed timeline that won’t work,” he said.

Democrats, meanwhile, are accusing Trump of trying to suppress votes by discouraging mail voting and limiting resources that could help the overtaxed Postal Service ensure ballots are delivered expediently. 

Here’s Harris on Twitter:

Those arguments got supercharged last week when Trump said during a Fox Business Network interview that he opposes new election funding for states and money to shore up the Postal Service because he believes it will help to expand voting by mail. 

By the end of the weekend, House Speaker Nancy Pelosi (D-Calif.) called the House back into session to pass legislation to ensure the Postal Service could maintain its current delivery standards through the end of the year. She’s pushing to pass a bill by the end of this week. Senate Minority Leader Charles E. Schumer (D-N.Y.) is also urging Majority Leader Mitch McConnell (R-Ky.) to bring the Senate back to pass the bill. 

Election security experts generally gave a thumbs-up to Democrats’ email voting plan for the convention. 

For November, those experts oppose any form of voting that doesn’t include a paper trail so officials can audit votes afterward and make sure they were tallied correctly. But those concerns are mostly mitigated in cases such as party conventions, where votes aren’t secret and delegates can verify their votes were counted accurately afterward. 

“Nonsecret ballots cast by email are totally fine because you can validate it,” Daniel Schuman, policy director for the progressive group Demand Progress, told me. Schuman’s group has been pushing Congress to use email or other technology for remote voting to make it easier to conduct business during the pandemic. 

Schuman was more critical of the Republican plan

“I think from a public health perspective, of course, you shouldn’t be meeting in person if it’s not absolutely required,” he said. “I’m concerned that showing up in person is becoming a litmus test for supporting the president. And in this case, the price of loyalty is a significant risk of illness or even death.” 

The keys

Other Democrats are also putting pressure on Postal Service leadership over mail voting readiness.
As officials from the Trump administration and campaign defended the president on Aug. 16, Democrats claimed Postal Service cuts could hurt the 2020 election. (Video: The Washington Post)

Sen. Bernie Sanders (I-Vt.) told NBC's “Meet The Press” that Trump is doing everything he can to suppress the vote by making it harder to vote by mail.

The House Oversight Committee also moved up a hearing for Postmaster General Louis DeJoy initially scheduled for September to next week. Democrats on the committee allege that the former RNC finance chairman is pushing policies that threaten to silence millions of Americans. Since taking on the role, DeJoy has banned postal workers from making extra trips to ensure on-time mail delivery. Congress also expressed concerns about USPS removing mailboxes in some states. (The agency said it would pause the process until after the election.)

The White House has pushed back against claims that the changes are a result of Trump's attacks on mail voting. The president is open to Congress passing a bill to make sure USPS is adequately funded to manage the surge in November mail, Meadows told CNN.

Some rural telecoms are in trouble after a final reprieve on working with Huawei ran out. 

The reprieve allowed U.S. tech companies to send some software patches to Huawei so it could better protect its cellphones and networking gear used by U.S. telecom providers. Without it, some rural and small carriers won't be able to update their software from the Chinese company, potentially leading to outages and vulnerabilities that could be exploited by hackers, Jeanne Whalen reports

Many of those small telecoms are also still awaiting funding promised by the government to help swap out Huawei equipment that was designated a national security risk.  

“The longer they wait, the more likely it is that we’re going to have problems” with the functioning of the network, said Jerry Whisenhunt, general manager of Pine Telephone Company, a network in rural Oklahoma that uses Huawei equipment.

Google, which provides Android software to Huawei, could also be forced to stop updating Huawei phones.

As he delays the TikTok ban, Trump’s eyeing restrictions on other Chinese tech companies.

Among the targets could be the Chinese e-commerce giant Alibaba, Steve Holland at Reuters reports.

“We’re looking at other things, yes, Trump said when asked whether there were other Chinese companies the administration was looking to put pressure on.

Trump issued an executive order Friday that extends from 45 days to 90 days the deadline for TikTok’s Chinese owner ByteDance to sell the social media company. Trump says he will ban the app if a U.S. company has not acquired its U.S. operations by then. Microsoft is one of the leading contenders. 

“There is credible evidence that leads me to believe that ByteDance might take action that threatens to impair the national security of the United States,” Trump said in the order. TikTok has denied that it has been asked to share U.S. user data with China and said it would not do so if asked.

Cyber Insecurity

The Department of Homeland Security hosted a cybersecurity drill with about 2,000 participants.

The exercise, known as Cyber Storm, tested the cybersecurity protections of key industries including health care and manufacturing, CyberScoop’s Sean Lyngaas reports. It was the seventh biannual Cyber Storm exercise DHS has hosted. 

One key takeaway: Industries don’t always grasp all the digital vulnerabilities that are introduced by other companies they work with.

“[It] was clear that many organizations do not have a full understanding of their reliance on third-party services,” said Brian Harrell, assistant director of DHS’s Cybersecurity and Infrastructure Security Agency. “Just because you think you are compliant and secure doesn’t necessarily mean that the folks that you rely on in your time of need are equally as secure.”

Chat room

Many Republicans recoiled at Trump’s suggestion that he might pardon NSA whistleblower Edward Snowden.

He was asked about his position after the New York Post reported that he had polled his aides about the possible pardon.

“I’m going to start looking at it. There are many, many people, it seems to be a split decision, and many people think that he should somehow be treated differently, and other people think he did very bad things,” Trump said during a news conference at his New Jersey golf resort.

Here's Rep. Mike Gallagher (R-Wis.):

Rep. Liz Cheney (R-Wyo.):

House Intelligence Committee Chairman Adam B. Schiff (D-Calif.) also dismissed the idea:

Some Republicans, however, sided with the president. Sen. Rand Paul (R-Ky.):

Rep. Thomas Massie (R-Ky.):

Snowden also weighed in:


  • The Democratic National Convention will take place Monday through Thursday.

Secure log off

Zoom meetings in haiku: