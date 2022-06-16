Placeholder while article actions load

Welcome to The Cybersecurity 202! Happy Bloomsday to those who celebrate! May your day be half as eventful as Leopold Bloom’s when he wandered the streets of Dublin on this day in 1904. Below: The leader of Wisconsin Republicans’ partisan election review is in legal hot water, and House Democrats are pushing for $400 million in state election security grants — with some strings attached.

A threat to abortion is prompting long-demanded reforms to the data broker industry

Senate Democrats launched a broadside against companies that sell people’s health and location data yesterday, prompted by widespread fears the data could be used to identify women seeking abortions.

The bill, which would effectively block the trade in personal health and location data culled mostly from smartphone apps, marks a long-awaited effort to rein in the sprawling $2 billion data broker industry.

Prompting this is a fear – whether real or perceived – that surreptitiously collected data could be used to identify and prosecute abortion seekers and providers. The Supreme Court's anticipated reversal of the Roe v. Wade decision that legalized abortion nationwide has prompted a media frenzy around the security of personal health data – a wave of concern far greater than anything sparked by industry data breaches of recent years.

It’s also prompted a wave of digital reforms at clinics that provide abortion services, abortion rights advocacy groups and companies that run reproductive and menstruation apps — all concerned that data they collect could be used to prosecute abortion seekers or providers after the practice becomes illegal in some states.

It's unclear how much these concerns are warranted. No states have announced plans to prosecute women who get abortions if Roe v. Wade is reversed, however, several would make it a felony for doctors and others to assist abortions.

But here’s what has happened in less than two months since the opinion leaked:

Data marketplaces pledged to stop selling data culled from period-tracking apps, and privacy and security experts warned women to stop using many of the apps altogether.

Rep. Sara Jacobs (D-Calif.) introduced a bill that would ban those apps from collecting and retaining any reproductive health data that’s not strictly necessary to provide their services, as my colleague Cristiano Lima reported

Clinics that provide abortions have switched to paper records to avoid creating digital trails of their services and begun communicating using encrypted apps rather than traditional emails and text messages.

The data broker bill is the most significant legislation to emerge so far from concerns about Roe’s reversal.

Sen. Elizabeth Warren (D-Mass.), the lead sponsor of the data broker bill, described it as an effort to “protect Americans’ right to privacy” in a post-Roe world.

Data brokers rake in huge profits by collecting & selling Americans' sensitive data, including the location data of people visiting abortion clinics. With the Supreme Court poised to overturn Roe, I’ve got a new bill to protect Americans’ right to privacy.https://t.co/hIkzKPfYZF — Elizabeth Warren (@SenWarren) June 15, 2022

The bill was prompted by a Motherboard story that detailed the ease with which information purchased from data brokers could be mined to identify people who visit clinics that provide abortions.

It was also sponsored by Sens. Ron Wyden (D-Ore.), Patty Murray (D-Wash.), Sheldon Whitehouse (D-R.I.) and Bernie Sanders (I-Vt.). No Republicans have joined the bill, suggesting it will face long odds in the Senate where Democrats hold the narrowest possible majority.

Data brokers buy user data that’s collected by mobile apps and websites, including location data, and sell it to third parties — often advertisers who are looking to target ads more effectively.

The industry has faced long-standing criticism that such widespread data collection violates people’s privacy. The large collections of personal data the industry deals with can also be catnip for hackers.

The bill also:

Provides $1 billion for the Federal Trade Commission (FTC) to get tough on abuses of digitally collected data.

Creates new authorities for the FTC and state attorneys general to sue for misuse of health and location data.

The keys

Former judge leading Wisconsin partisan election review is in legal trouble

Former Wisconsin Supreme Court justice Michael Gableman must pay $2,000 every day until he proves he has complied with a public records request, Dane County Circuit Judge Frank Remington has ruled. It’s not clear if taxpayers will foot the bill, the Milwaukee Journal Sentinel’s Molly Beck reports.

Remington also blasted Gableman — and referred him for potential disciplinary action — for a tirade of “sophomoric” and “misogynistic” comments in the courtroom, Beck reports. Remington ordered that a transcript of Gableman’s remarks be sent to the Wisconsin Office of Lawyer Regulation, which could discipline him.

Gableman's tirade — caught on a hot mic while the court was in recess — involved suggesting Remington and the female lawyer representing the nonprofit that's suing for Gableman's records were in cahoots. Here are details via Beck:

This video incorrectly attributes the “Westerberg with a beard” comment to Attorney Ron Stadler. He tells me he did not say that. — Molly Beck (@MollyBeck) June 13, 2022

Context: Wisconsin Assembly Speaker Robin Vos (R) announced Gableman’s hiring last year despite courts not finding evidence of widespread fraud in Wisconsin. President Biden won the state by about 20,000 votes.

The review has been plagued by blunders from the start, including typos in subpoenas and Gableman describing a public employee as probably being a Democrat because she “has a weird nose ring,” enjoys playing video games, lives with her boyfriend and “loves nature and snakes.”

House Appropriations Committee proposes $400 million in grants for election security

The $400 million proposal for Election Assistance Commission grants to boost state and local election security would be a bon for jurisdictions trying to upgrade aging voting machines and introduce other security measures.

There's a catch: The bill would require jurisdictions that purchase new voting machines to buy equipment with paper voting records, Politico’s Maggie Miller reports:

The House Appropriations Committee included $400 million for the EAC in election security grants as part of the draft 2023 Financial Services and General Government funding bill released today. States are required to use the funds to buy voter-verified paper ballot systems. — Maggie Miller (@magmill95) June 15, 2022

Election security experts universally agree that having paper records of votes is the best defense against hacking because those paper records can be audited to ensure digital vote counts were accurate.

Background: Lawmakers have approved $880 million in election security grants since 2018. Democrats have traditionally sought to make those grants contingent on specific security upgrades, but they have been blocked by Republicans. In practice, however, most of the money has gone to upgrades that meet Democrats' proposed requirements.

Here’s a rundown:

2018 appropriations bill: $380 million in grants

2020 appropriations bill: $425 million in grants

2022 appropriations bill: $75 million in grants

Appropriators also want CISA to get $417 million more than the Biden administration asked for. They proposed a $2.93 billion budget for CISA next year, which is around $330 million more than the agency got this year. The committee's subcommittees plan to discuss the proposals today.

New Mexico’s high court orders intransigent county to certify 2022 election results

New Mexico's Supreme Court directed commissioners in Otero County to certify their primary election results two days after county officials refused, citing unsubstantiated fraud concerns, Annie Gowen reports.

The commissioners' refusal is driven by baseless claims of 2020 election fraud. Otero County Commissioner Couy Griffin is scheduled to be sentenced Friday for trespassing at the Capitol on Jan. 6. He falsely claimed that voting machines’ “software had not been updated since 2011 — a bipartisan commission recertified the machines just last year — and repeated the debunked rumor that the machines, which are not linked to the internet, could be hacked,” Annie writes.

It’s the most brazen standoff yet by public officials who have bought into baseless Trump-backed claims about election integrity.

Alex Curtas, a spokesperson for New Mexico Secretary of State Maggie Toulouse Oliver (D), said Oliver’s office is pursuing a criminal referral that could see the commissioners charged with contempt or removed from office if they don’t comply.

“This is terra nova; it’s unchartered territory,” Curtas said. “Hopefully it doesn’t come to that.”

The deadline to certify the results is Friday. “Under state law, county boards must prove there were discrepancies in election returns if they decline to certify results; so far, the commissioners have only said they are generally distrustful of state officials and of the electronic voting machines,” Annie writes.

Government scan

Pitfalls abound as the government updates its cyber guidance, a think tank report warns

The federal government is shifting to “zero trust architecture” — a model that sets much higher standards for people to prove they’re not hackers before they can access data.

But that effort will fall flat unless the government also shifts away from a cyber management model that’s overly bureaucratic and too light on serious oversight, warns a new report from the Center for Strategic and International Studies.

Per the report, big priorities should include:

Cyber officials clarifying their roles and responsibilities

Urging Congress to ask hard questions about federal cybersecurity measures

The project was led by CSIS staffers who are former top government officials: Emily Harding, who worked on cyber issues at the Senate Intelligence Committee; Jim Lewis, who worked on cyber in the Commerce and State departments; and Suzanne Spaulding, who led Department of Homeland Security cyber efforts.

Michael B. Farrell is is joining CyberScoop as its editor in chief. Farrell most recently worked as media director at the cybersecurity firm Synack.

Iranga Kahangama and Eric Mill , a senior adviser to Federal Chief Information Officer Clare Martorana , Assistant Secretary for Cyber, Infrastructure, Risk, and Resilienceand, a senior adviser to Federal Chief Information Officer speak at a Billington CyberSecurity event today at 8 a.m.

The Center for Strategic and International Studies hosts an event on obstacles to implementing the federal government’s cybersecurity efforts today at 2:30 p.m.

Jen Easterly and energy executives CISA Directorand energy executives discuss cybersecurity at the EEI 2022 conference Tuesday.

Third Way hosts an event on China and the digital world order Tuesday at 11 a.m.

