Yet there's a sense of urgency to boost public confidence in elections.
The delay could be damaging as some Trump supporters continue to spread baseless claims about election hacking in 2020 and push for partisan audits in states Donald Trump narrowly lost to President Biden in November.
“It’s reasonable to wonder whether the slow pace of change at the EAC and in the vendor community are up to the task of combating a loss of public confidence in elections,” Edward Perez, global director of technology development at OSET Institute, a nonprofit election technology organization, told me.
In February, the EAC approved the basic rules for the upgrades. It’s the 2.0 version of a document called the Voluntary Voting System Guidelines (VVSG), which, despite its name, is often incorporated into mandatory guidelines approved by states.
Among other changes, the update requires the strongest form of encryption of voting data and technology that makes it easier to audit vote counts.
Even when the upgraded machines are available, many states and counties will struggle to afford them.
Without funding help from the federal government, the upgrades might be impossible, Tim Mattice, executive director of the National Association of Election Officials told EAC commissioners.
The timing is especially difficult because between the 2017 and 2020 elections, many states and counties replaced machines that lacked paper records of votes out of concern that paperless machines are more vulnerable to hacking.
Under normal circumstances, they’d expect to use those machines for 10 to 15 years. But they were designed for the VVSG 1.0 standards. Those standards were adopted in 2005, but there have been some interim updates. It’s possible some existing machines can be retrofitted to meet the 2.0 standard, officials said.
Some election officials “believe the VVSG 2.0 compliant systems will go a long way to quelling the unfounded accusations and beliefs about the security of our voting equipment in the eyes of the voters,” Mattice said.
But even if that’s the case, the updated systems mostly won't be in place until after the next presidential election.
Meanwhile, partisan audits that cast baseless doubts on the 2020 election results are picking up steam.
The most prominent such review in Maricopa County, Ariz., concluded in August after a parade of security failures. The auditors’ report to the state Senate was delayed when three members of the five-person team leading the audit contracted the coronavirus. It will be another week or more before the audit is delivered, the Arizona Republic reports.
The new EAC voting guidelines have also come under fire from some lawmakers and security advocates.
They fault the guidelines for not outright banning hardware from voting machines that can connect wirelessly to the Internet. Instead, the guidelines describe how to disable any wireless technology.
Allowing such technology could make it easier for hackers to breach voting machines and change election results, the critics say. It could also give fuel to the sort of baseless election fraud claims embraced by Trump and his supporters during the 2020 cycle.
“Benign misconfigurations that could enable connectivity are commonplace and malicious software can be directed to enable connectivity silently and undetectable, allowing hackers access to the voting system software,” a bipartisan group of more than 20 members of Congress wrote in a letter to the EAC when the guidelines were released in February.
Another letter from 22 security experts, activists and former election officials warned the EAC’s move “profoundly weakens voting system security and will introduce very real opportunities to remotely attack election systems,” Politico reported.
But the EAC said in a fact sheet that it could be cost prohibitive to ban wireless technology from voting machines because such technology is increasingly common in election systems.
Fake social media accounts linked to Beijing tried to rally Asian Americans to protest racism, researchers say.
It’s the first known example of a Chinese influence operation trying to get Americans to attend real-world events, the Wall Street Journal’s Dustin Volz reports. The researchers from Mandiant and Google did not explicitly say China carried out the campaign. But Mandiant Vice President of Analysis John Hultquist told Volz that it was “almost certainly supported by a government sponsor.”
U.S. authorities have lobbed similar charges at Russia. Prosecutors in 2020 accused a Kremlin-backed Internet troll farm of trying to organize U.S. rallies in the run-up to the 2016 election. “They’re copying the Kremlin’s playbook,” Hultquist said.
The campaign was active on dozens of social media networks. Facebook, YouTube and Twitter suspended accounts linked to the network, researchers said.
Lawmakers demand answers about how Russian hackers breached federal prosecutors’ networks.
More than a dozen federal lawmakers representing Florida asked Attorney General Merrick Garland for details on the breach of 27 federal prosecutors’ offices, including three in Florida. The lawmakers also want to know how the Justice Department is responding to cyberattacks and whether it’s boosting the number of staff who work on fighting cybercrime.
Hackers compromised email accounts belonging to people working in federal prosecutors’ offices as part of the SolarWinds cyberattack, according to the Justice Department.
The breach of the Florida networks is especially concerning because federal prosecutors in the state bring high-profile cases related to drug trafficking, the lawmakers said.
The ACLU and other groups want Biden to appoint privacy and transparency advocates to a surveillance watchdog board.
Biden should nominate privacy advocates “as expeditiously as possible” to the Privacy and Civil Liberties Oversight Board, according to the privacy, civil liberties and technology policy groups. The independent privacy watchdog examines the privacy and civil liberties implications of how the U.S. government responds to terrorism. The five-member board has three unfilled seats and no chairperson.
Disagreements at the PCLOB spilled into public this summer when board member Travis LeBlanc said the National Security Agency’s XKeyscore surveillance program operates with little oversight. NSA officials and former board chairman Adam Klein pushed back on LeBlanc’s claims.
On the move
- Victoria Dillon is the new chief of external affairs at the Cybersecurity and Infrastructure Security Agency. She was previously a communications executive at Cisco.
- Ciaran Martin, the former chief executive of the United Kingdom’s National Cyber Security Centre, is joining the Global Cyber Alliance’s board along with Estonia Ambassador-at Large for Cyber Diplomacy Heli Tiirmaa-Klaar and Singapore Digital Assets Exchange board chairman Khoo Boon Hui.
- NetAbstraction named retired Adm. Michael S. Rogers, who led the National Security Agency and U.S. Cyber Command, as the chairman of its advisory board.
- National Cyber Director Chris Inglis discusses the United States’ cyber defenses at an event hosted by the Reagan Institute today at 10:30 a.m.
- Rep. Lauren Underwood (D-Ill.), who previously chaired the House Homeland Security Committee’s cybersecurity subcommittee, discusses cybersecurity diversity and inclusion at an event hosted by the Aspen Institute today at noon.
- Retired Adm. Michael S. Rogers, who led the National Security Agency and U.S. Cyber Command, speaks at a Heritage Foundation event today at noon.
- Director of National Intelligence Avril Haines; Gen. Paul Nakasone, who leads the NSA and U.S. Cyber Command; National Cyber Director Chris Inglis and others speak at the two-day Intelligence and National Security Summit, which begins Sept. 13.
- Chris Krebs, the former Cybersecurity and Infrastructure Security Agency, keynotes the Insider Risk Summit on Sept. 14.
- Rep. John Katko (R-N.Y.), the top Republican on the House Homeland Security Committee, and Google executive Jeanette Manfra, a former CISA official, discuss cybersecurity at a Washington Post Live event on Sept. 14 at 12:30 p.m.