with Tonya Riley

The Trump campaign’s latest effort to overturn the election results pits the allure of conspiracy theories against years of efforts to create the most secure and auditable election in U.S. history. 

Trump lawyers Rudy Giuliani, Jenna Ellis and Sidney Powell presented no evidence for their claims during a lengthy news conference that the election was rigged by faulty voting machines, foreign powers and an opaque cast of corrupt politicians. 

Officials who ran the election and are preparing to certify it, meanwhile, have spent years improving security protections, testing technology and ensuring there are paper records of votes that can be audited after an election to prove they were tallied correctly. 

Indeed, the same day President Trump’s lawyers lobbed their baseless accusations, Georgia completed a hand count audit of its votes that found no evidence of fraud and upheld Joe Biden’s narrow win in that state.

But the Trump argument now is based in paranoia and gut feeling rather than evidence and logic

“It’s very easy to assert nefarious connections and to cast doubt,” Edward Perez, global director of technology development at OSET Institute, a nonprofit election technology organization, told me. “We’d like to believe that official statements from all national election officials and from agencies including DHS about the integrity of the election and the absence of deleted votes or compromised machines should make a difference. It should be enough, but clearly it’s not.” 

Although the lawyers’ claims are outlandish, experts fear they could do real damage. 

Chris Krebs, who until this week was the federal government’s top election security official, called the news conference “the most dangerous 1hr 45 minutes of television in American history” on Twitter. 

Trump earlier this week fired Krebs, who led the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency,  for statements vouching for the integrity of the election and for running a rumor control page that knocked back false claims of election fraud. 

Carrie Cordero, general counsel at the Center for a New American Security think tank, warned the lawyers were introducing “chaos and instability” into the transition process. 

The claims echo Trump’s long history of embracing conspiracy theories. 

For example, among the favors the president requested of Ukrainian President Volodymyr Zelensky that led to his impeachment in 2019 was to investigate a bizarre conspiracy theory concerning the cybersecurity firm CrowdStrike. 

The spurious claim, which was widely spread on right-wing media and conspiracy sites, posits that CrowdStrike, which investigated the Democratic National Committee breach, was actually colluding with the DNC to fake the breach — and that a server with evidence of this crime is in Ukraine. 

The president also repeatedly erroneously claimed that President Barack Obama was not born in the United States. 

To be clear, neither claim has any basis in reality. 

The lawyers’ claims about election fraud were convoluted and nearly impossible to follow. 

Many of them had been previously debunked, such as a central claim that companies that supplied election equipment are connected to the regime in Venezuela and its deceased former president Hugo Chávez.

Some were outlandish

Giuliani falsely suggested Biden had directed a “national conspiracy” to alter ballot-counting in multiple states, relying on officials in “big cities controlled by Democrats … that have a long history of corruption,” as my colleague John Wagner reported

“It comes right directly from the Democrat Party, and it comes from the candidate,” he said. 

Notably, Trump’s legal team has never alleged such widespread fraud in any of its court cases and has fared poorly in the narrower claims it has made

At one point, Powell bizarrely argued that “we have got to have an American company that uses paper ballots that we can all verify so every one of us can see that our vote is our vote.” 

In fact, the states where Trump is contesting Biden’s victory all use hand-marked paper ballots or machines that produce paper records for all voters — a significant improvement since 2016 when Georgia and Pennsylvania lacked paper records for many or all voters.   

Here’s more from David Becker, executive director of the Center for Election Innovation and Research:

The company at issue, Dominion, was founded in Canada, but is effectively based out of Denver now. And the nationality of the company should have nothing to do with the trustworthiness of ballots that are marked and verified by voters themselves. Dominion is devoting the front page of its website to a refutation of all the conspiracy theories that Trump and his allies have lobbed at the company. 

At another point, Giuliani suggested paper ballots can’t be trusted because election officials may have replaced legitimate absentee ballots with phony ones at some point in the process — a conspiracy that would require the cooperation of thousands of poll workers at locations across the country, for which there's no public evidence. 

Biden campaign spokesman Michael Gwin called the news conference a “Rudy Giuliani spectacle” that “exposes, as his appearances always do, the absurdity of Donald Trump’s thoroughly discredited claims of voter fraud.” 

The claims come after years in which the Trump administration and Republicans have blocked Democrats’ efforts to make elections more secure and transparent. 

Democrats sought about $3 billion for elections and mandates that states use paper ballots and conduct post-election audits. What they got, after bargaining with Republicans, was about $1 billion total and no mandates. 

They also pushed for more transparency from election technology companies, including Dominion, but got no help from Republicans or the Trump administration. 

At one point during the news conference, Giuliani touted a letter in which Democrats including Sen. Elizabeth Warren (D-Mass.) sought information about the ownership of Dominion and other voting machine companies, pointing to it as evidence of nefarious activity. 

That letter, in fact, had nothing to do with Giuliani’s wild claims about Venezuelan influence on the companies. 

The thrust of the lawmakers’ concerns was that the three largest U.S. voting machine manufacturers — Election Systems & Software, Dominion and Hart InterCivic — are all at least partially owned by private equity firms that may be focusing on profitability over security. They were pushing for more transparency to determine whether that is true. 

Although there’s probably no way to put an end to conspiracy theories, such increased transparency could make it easier to combat them

“I don’t want to give any oxygen to these conspiracy theories,” Perez said. “But if we made it more difficult for these companies’ ownership to be as opaque as they are today, that would make it harder to make some of these baseless claims.” 

The keys

Trump’s firing of CISA officials will make protecting a covid-19 vaccine harder, Sen. Gary Peters (D-Mich.) warns.

Krebs's firing and the forced resignation of two other DHS leaders will give Russia, China and other adversaries a perception of instability, the Michigan Democrat wrote in a letter to Trump shared exclusively with The Cybersecurity 202.

“CISA, with the Department of Defense, is responsible for the cybersecurity of your own Operation Warp Speed to develop a covid-19 vaccine and you’ve removed its top three cybersecurity leaders,” wrote Peters, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee. “While I have full confidence in the dedicated workforce at CISA to continue to execute their mission despite your actions, the removal of these individuals invites attacks from our adversaries based on a perception of instability, rather than prevent them.”

Vaccine researchers have seen a surge in attacks from state-sponsored hackers. The Justice Department indicted two Chinese hackers over the summer for attempting to steal research. The FBI and DHS also warned of threats.

Peters first wrote to Trump about the dangers in May.

Not only have you not taken adequate action to stop Chinese government aggression, but your inaction has invited additional attackers, he wrote this week.

Peters is urging the White House to take additional steps to protect vaccines including using the threat of sanctions to deter attackers, as well as putting cybersecurity funding for hospitals and medical research institutions in the next coronavirus relief package.

Questions loom about the security clearance of CISA's incoming assistant director. 

Sean Plankey's security clearance came under review last year and it's unclear whether the issue was resolved or if he currently has a clearance, three former officials told  CyberScoop's Sean Lyngaas

The former Department of Energy official is slated to become CISA's assistant director and could move into the director's role as the only political appointee remaining at the agency. He would replace acting director Brandon Wales, who has been serving in the role since Trump fired Krebs on Tuesday. 

The White House announced it planned to appoint  Plankey for the role of assistant director for infrastructure security in October. He previously served as a senior official at the Energy Department's Office of Cybersecurity, Energy Security and Emergency Response.

The United Kingdom launched an offensive hacking unit to take on threats, including China and Russia. 

The new National Cyber Force also has a mandate to take on organized crime, terrorist groups and sexual predators, Dan Sabbagh at the Guardian reports

The United Kingdom is rumored to have conducted offensive hacking operations for nearly a decade, but the new organization brings the operations under the shared purview of spy agency GCHQ and the Ministry of Defense. Most of the operations have been in secret with the exception of a public campaign in 2018 against the Islamic State.  

The U.K. follows the United States in building up offensive hacking operations as nation-states including Iran, China and Russia become more aggressive in their attacks.

Cyber insecurity

A Facebook vulnerability could have allowed attackers to access audio from Facebook Messenger calls on Android devices. 

The vulnerability, spotted by Google Project Zero's Natalie Silvanovich, has been patched, Lily Hay Newman reports. “What you would see is the attacker calling you and then the phone ringing and they could listen until you pick up or the call times out,” said Dan Gurfinkel, Facebook's security engineering manager. “We quickly patched this before it was exploited.” 

The vulnerability would have been difficult to execute since it required both the hacker and the victim to be simultaneously logged into Facebook on both an Android device and a web browser and to be Facebook friends.  

More cybersecurity news:

Chat room

Krebs has a new title.

A man of facts until the end:

Daybook

Secure log off

It has been a long week. Enjoy something cute: