The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

These swing-state GOP leaders are resisting election fraud claims

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Good morning! Welcome to The Cybersecurity 202 and thanks for joining me today, as I guest host today's edition.

Below: A Colorado election official has been barred from working in next month's election and Apple says an antitrust proposal would worsen the security of its app store.

GOP pressure for partisan audits isn’t taking root in other swing states

Of the six states former president Donald Trump narrowly lost, Arizona and Pennsylvania are undergoing partisan-prompted election audits.

But in the four other states Wisconsin, Georgia, Michigan and Nevada Trump supporters haven’t been able to gain enough traction for similar reviews. 

Despite varying degrees of political pressure, these other states seem unlikely to carry out GOP-led audits similar to those in Arizona and Pennsylvania. In some states, Democrats control part of the legislature. In others, the Republicans in charge don’t support claims of fraud. And some of the states recently refurbished their equipment, making claims of fraud even more implausible. 


Wisconsin is currently closest to a taxpayer-funded audit of the 2020 presidential election. Three separate investigations are going on, all at the request of Wisconsin Republicans, and former justice Michael Gableman threatened to subpoena election officials if they do not comply. 

This week, Wisconsin Attorney General Josh Kaul (D) blasted Gableman's subpoenas to major Wisconsin counties and some state officials, saying they were unlawful and “dramatically overbroad.” Kaul called on Republicans to “shut this fake investigation down,” Elise Viebeck writes.

Gableman’s review has had problems from the start, Elise writes. His team used a private email account under another name to tell county clerks to preserve evidence, and some clerks’ email systems flagged it as “junk.” He also said that most people, himself included, do not have “a comprehensive understanding or even any understanding of how elections work.” His office did not respond to a request for comment.

Republicans control the state’s General Assembly as well as its Senate – meaning the ball's in their court.

“They can pretty much do as they please, especially when it comes to funding,” said Tim Meyer, a professor at the University of Wisconsin at Green Bay.

Yet the state's highest-ranking Republican in the Wisconsin Assembly, Speaker Robin Vos, has resisted calls for a further forensic audit of the presidential election results, saying in July he didn't know “what that would prove.”

Some former GOP officials — in addition to election experts — say the current Wisconsin investigation lacks credibility, and spreading such misinformation raises security concerns. 

“I’m sorry, but there is not a reason to spread misinformation about this past election when we have all the evidence that shows otherwise,” state Sen. Kathy Bernier (R) said last month at a voting equipment tutorial at the Capitol.

Georgia and Michigan

In two other states, Republicans simply aren’t buying allegations of election fraud. In Georgia, state GOP leaders have shot down allegations from some Trump supporters of fraud.

“​​At this point, we've not seen any sort of credible examples,” Lt. Gov. Geoff Duncan told John Berman in an interview on CNN’s “New Day.”

Certainly, there is “pressure from some quarters,” according to M.V. Hood, a professor at the University of Georgia and director at SPIA Survey Research Center. However, other top GOP officials — including Gov. Brian Kemp and Secretary of State Brad Raffensperger — have also said with certainty that they have not seen evidence.

  • “President Trump did not carry the state of Georgia,” Raffensperger said in a Politico interview where he pointed to the multiple recounts that confirmed the accuracy of the Georgia results.
  • Kemp disputed unsubstantiated claims of election fraud even as Trump called for his resignation late last year.

Additionally, Georgia took many steps to minimize risk both before and after the election. After the election, the state conducted three counts: an initial count, a machine recount, then a hand recount. After all three, Trump still lost by a little under 12,000 votes.

As for Michigan, where the state legislature is split politically, Republicans released a report over the summer that dismissed the idea of undue influence in the election and recommended investigating individuals who pushed false claims for means of fundraising or publicity.

Republican state Sen. Ed McBroom, who led the report, said he found “no evidence of widespread or systematic fraud.” The report scorned claims by Trump supporters that fraud allegations in Antrim County were evidence of a broader rigged election.

“The committee finds those promoting Antrim County as the prime evidence of a nationwide conspiracy to steal the election place all other statements and actions they make in a position of zero credibility,” the report said.


The dynamics are different in Nevada, where Democrats control the state legislature and only meet part time.

David DaMore, a professor of political science at the University of Nevada at Las Vegas, predicts that nothing similar will happen in the state because of its political makeup. The only statewide Republican officeholder is Secretary of State Barbara Cegavske, who pushed back at Republican Party members who questioned the outcome.

After Nevada Republicans contended 122,000 instances of election irregularities in the state, Cegavske investigated each one and published a report rebutting the claims on the basis of insufficient evidence.

But many announced GOP candidates for the U.S. Senate currently push the Trump campaign's 2020 talking points in Nevada, most notably former state attorney general Adam Laxalt, who backed up claims of election fraud and alleged in a lawsuit with insufficient evidence that 3,000 Clark County absentee ballots were illegally cast.

Equipment matters 

The age and quality of ballot machines also makes a difference in the ability of GOP lawmakers to resist pressure from Trump supporters to undergo audits.

Before the election, Georgia had just invested millions of dollars into the refurbishment of its ballot system statewide. The state transitioned from a completely electronic voting system with equipment that was almost 20 years old to a ballot marking system with a QR code after printing.

“They can again check their ballot and look at their choices and if there’s a problem they can spoil their ballot and vote again,” Hood said. “Then they take their ballot to one of the voter tabulators, and the voter inserts the ballot into the tabulator.”

When counting the votes, election officials count by hand as well as scan the QR codes on the ballot to avoid human error.

And in Michigan, the election equipment is less than 5 years old. The state's hand-marked paper ballots, combined with rigorous auditing of the paper trail, makes it practically “impossible for any computerized attack to interfere with,” said Alex Halderman, a professor of computer science and engineering at the University of Michigan.

Wisconsin implements hand-marked paper ballots and direct recording systems with a hand count and a voter-verified paper audit trail, while Nevada uses a similar system with all-mail ballots and an optical scan.

The keys

A judge barred a Colorado election official from working on next month’s election

A Colorado judge prohibited Mesa County clerk and recorder Tina Peters from administrating the November election, Emma Brown reports. Judge Valerie J. Robison found that Peters “breached and neglected her duties and was ‘untruthful’ when she brought in someone who was not a county employee to copy the hard drives of Dominion Voting Systems machines,” Emma writes.

The lawsuit was filed in August by Secretary of State Jena Griswold (D) after Mesa County voting machine passwords were posted online and copies of the Dominion hard drives were presented at an event hosted by MyPillow executive Mike Lindell. Lindell denies that President Biden won the 2020 election.

  • In her ruling, Robison writes that Peters and her deputy are “unable or unwilling to appropriately perform the duties” of the county’s chief elections official. 
  • Peters said she is disappointed by the ruling and plans to appeal, according to a statement. She said Griswold's lawsuit is a “power grab” designed to be a “warning to all other potential whistleblowers.” The FBI, state prosecutors and the local district attorney are investigating whether to bring criminal charges in connection with the Dominion breach.

Apple sparred with critics over the security of its App Store

Forcing the company to allow users to install content from outside its App Store would heighten risks of cyberattacks, Apple said, repeating a criticism of antitrust proposals. But critics of the company dismissed that argument, Reuters’s Foo Yun Chee reports.

Apple's security argument has “no legs,” Damien Geradin, a lawyer for the Coalition of App Fairness — a group that includes Fortnite maker Epic, Corellium and Spotify — told Reuters. He also argued that payment mechanisms outside of Apple's payment system are as safe as Apple's.

Apple’s argument, which it laid out in a paper Wednesday, comes as the European Union considers draft rules to rein in the power of tech giants. Apple CEO Tim Cook has said that the proposal would “destroy the security of the iPhone.” European tech enforcer Margrethe Vestager in July warned Apple against using security to fend off such proposals.

Iranian hackers tried to distribute a malicious app on the Google Play Store

Google removed the spyware app, which was disguised as virtual private network software, “before any users had a chance to install it,” Google's Threat Analysis Group said in a blog post. The hacking group behind the campaign has tried to distribute the spyware on other platforms this year, Google said.

Researchers also highlighted the hacking group's use of compromised websites — like one belonging to a U.K. university — to phish victims. The group has also impersonated officials from high-profile conferences like the Munich Security Conference, Google said.

Industry report

Alperovitch launches cybersecurity institute at Johns Hopkins University

The Alperovitch Institute for Cybersecurity Studies, which was launched Wednesday, will focus on the intersection of cybersecurity, statecraft and policy. The institute will be led by Thomas Rid, Johns Hopkins University School of Advanced International Studies professor of strategic studies. The institute was endowed by former CrowdStrike chief technology officer Dmitri Alperovitch and Maureen Hinman.

Global cyberspace

As Russian voting moves online, Putin’s foes say another path to curb Kremlin is lost (Robyn Dixon)

EU legislation introduced to ban anonymous domain registration (Bleeping Computer)

New Australian ransomware plan could freeze or seize cryptocurrencies (The Record)

Privacy patch

Call of Duty’s new anti-cheat system includes a kernel-level driver to catch PC cheaters (The Verge)

Facebook faces privacy fine of up to €36M (Politico Europe)

Cyber insecurity

Acer confirms second security breach this year

Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected (The Record)


  • Cybersecurity executives and officials speak at the Pearson Global Forum today.
  • Palo Alto Networks Chair and CEO Nikesh Arora and Suzanne Spaulding, a senior adviser at the Center for Strategic and International Studies and former DHS official, speak at a Washington Post Live event today at 4 p.m.
  • CISA Deputy Director Nitin Natarajan speaks at the Oregon Cyber Resilience Summit today at 5:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.