Elec­tion of­fi­cials con­fi­dent vot­ing is se­cure

Baltimore Sun Sunday - - FRONT PAGE -

VOT­ING, Iran are try­ing to “un­der­mine con­fi­dence” in U.S. democ­racy.

The U.S. Depart­ment of Home­land Se­cu­rity has been work­ing with elec­tion of­fi­cials na­tion­wide to se­cure vot­ing sys­tems. Mary­land has re­ceived par­tic­u­lar at­ten­tion since 2016 when the state, like sev­eral oth­ers that year, de­tected an at­tempted hack of its on­line voter reg­is­tra­tion sys­tem. The FBI con­cluded there was “no breach or com­pro­mise,” ac­cord­ing to a state re­port.

Home­land Se­cu­rity stepped up its ef­forts in July when the FBI re­vealed that one of Mary­land’s elec­tion con­trac­tors, ByteGrid, was con­nected to Vladimir Potanin, a wealthy ally of Rus­sian Pres­i­dent Vladimir Putin. Potanin’s pri­vate eq­uity firm, Alt­point Cap­i­tal of Greenwich, Conn., bought an own­er­ship stake in ByteGrid in 2011.

A fi­nal re­port on ByteGrid is ex­pected in mid-Novem­ber. But in a let­ter last month to Gov. Larry Ho­gan, Home­land Se­cu­rity wrote that its agents have “found no ev­i­dence of an ad­ver­sary pres­ence in the net­works.”

The fed­eral depart­ment has been work­ing for months with Mary­land of­fi­cials to safe­guard the state’s elec­tions sys­tem.

The agency, which started weekly “vul­ner­a­bil­ity scans” on Mary­land’s elec­tion board web­sites in Oc­to­ber 2016, has been con­duct­ing other scans, risk as­sess­ments and train­ing ever since.

Last Novem­ber the depart­ment be­gan per­form­ing re­views of lo­cal elec­tion of­fices and ware­houses in Mary­land. And after the ByteGrid rev­e­la­tion, the depart­ment has been con­duct­ing 24-hour mon­i­tor­ing of the state sys­tems hosted by the Sil­ver Spring­based con­trac­tor. They in­clude the on­line voter reg­is­tra­tion sys­tem and statewide man­age­ment sys­tem for voter reg­is­tra­tion, can­di­dacy and elec­tions.

In April Home­land Se­cu­rity staged an email “phish­ing” at­tack on all 220 state and lo­cal elec­tion board em­ploy­ees, see­ing if they would open sus­pi­cious emails that could al­low hack­ers en­try.

“We learned that the more so­phis­ti­cated, the more real an email looks, the more vul­ner­a­ble we are,” deputy elec­tions ad­min­is­tra­tor Nikki Charl­son said. Staff were trained on screen­ing emails to avoid open­ing ones they were not ex­pect­ing.

Such se­cu­rity ef­forts are hap­pen­ing across the coun­try. Congress al­lo­cated $380 mil­lion this year to a lit­tle-known — and rarely funded — U.S. Elec­tion As­sis­tance Com­mis­sion to dole out grants to states, in­clud­ing $7 mil­lion to Mary­land. The com­mis­sion, au­tho­rized by a 2002 law passed in re­sponse to the 2000 pres­i­den­tial elec­tion re­count, has been funded spar­ingly over the years. The new in­fu­sion of money is to be used over five years, pri­mar­ily for cy­ber­se­cu­rity.

“This will be one of the most se­cure elec­tions that has ever hap­pened in this coun­try,” said Amy Co­hen, ex­ec­u­tive direc­tor of the Na­tional As­so­ci­a­tion of State Elec­tion Direc­tors. “Ev­ery state is work­ing to train staff and lo­cal elec­tion of­fi­cials and in­crease sys­tem se­cu­rity to pre­pare and bat­ten down the hatches.”

U.S. Sen. Chris Van Hollen, a Demo­crat from Mont­gomery County, said he is “con­fi­dent” — based on in­for­ma­tion from the state elec­tions board and Home­land Se­cu­rity — that Mary­land is pre­pared.

The state board over­sees 20,000 poll work­ers across the state’s 79 early vot­ing lo­ca­tions and 1,991 precincts open on Nov. 6. To mon­i­tor that mas­sive sys­tem, the board uses its own soft­ware and em­ploys con­trac­tors to mon­i­tor for sus­pi­cious be­hav­ior. That in­cludes ByteGrid. “ByteGrid con­tin­ues to co­op­er­ate fully with all of­fi­cial in­quiries in­volv­ing this mat­ter,” said com­pany spokes­woman An­nie Eissler.

The irony about ByteGrid, La­mone said, is that it was re­spon­si­ble for de­tect­ing the 2016 hack­ing at­tempt of the on­line voter reg­is­tra­tion web­site. (The at­tempt did not in­volve the state voter reg­is­tra­tion data­base, which has no con­nec­tion to the in­ter­net.)

Still, Mary­land’s con­gres­sional del­e­ga­tion is un­easy over how a Rus­sian oli­garch was able to hold a ma­jor­ity stake in ByteGrid for seven years with­out any no­tice by state or fed­eral agen­cies.

Van Hollen, fel­low Mary­land Demo­cratic Sen. Ben Cardin and Re­pub­li­can Sen. Su­san Collins of Maine in­tro­duced a bill this month that would “pro­hibit any for­eign ad­ver­saries from own­ing any part of our elec­tion in­fra­struc­ture sys­tems.”

“While they’ve de­ter­mined that there’s been no in­ter­fer­ence, I think we would all breathe eas­ier if we didn’t have to worry about a for­eign ad­ver­sary own­ing an as­pect of our elec­tion sys­tem,” Van Hollen said.

Cardin and Van Hollen also in­tro­duced a bill that would re­quire such com­pa­nies to dis­close for­eign own­er­ship to the Elec­tion As­sis­tance Com­mis­sion.

Back in July, Rep. Jamie Raskin in­tro­duced a mea­sure to pro­hibit states from con­tract­ing with elec­tion sys­tem ven­dors that are “owned or con­trolled” by for­eign­ers or that “do not meet cy­ber­se­cu­rity best prac­tices.” The mea­sure has 25 co-spon­sors but has yet to get a hear­ing, a spokes­woman said.

While fed­eral and state of­fi­cials say Mary­land’s vot­ing sys­tem is pre­pared, crit­ics re­main wary about the on­line ab­sen­tee vot­ing process es­tab­lished by state law in 2013.

The on­line tool al­lows vot­ers to re­ceive a bal­lot over the in­ter­net and fill it out on a com­puter. The com­pleted bal­lot must be printed and mailed to a lo­cal elec­tions board. But un­der the law, it does not need to be signed — just as bal­lots filed in per­son at polling places are not signed. Charl­son said of­fi­cials have felt it would be in­ap­pro­pri­ate to im­pose a dif­fer­ent stan­dard on ab­sen­tee vot­ers.

A fed­eral judge has up­held the sys­tem, which was de­signed in part to fa­cil­i­tate vot­ing by peo­ple with dis­abil­i­ties and by mil­i­tary per­son­nel over­seas.

Michael Green­berger, direc­tor of the Cen­ter for Health and Home­land Se­cu­rity at the Univer­sity of Mary­land, has been sound­ing an alarm about Mary­land’s on­line ab­sen­tee bal­lots for years. He has rec­om­mended that the state re­quire sig­na­tures and a ver­i­fi­ca­tion process for bal­lots sent to vot­ers over the in­ter­net. If not, he rec­om­mends that the bal­lots be sent only to phys­i­cal ad­dresses rather than over the in­ter­net.

Van Hollen also is con­cerned. “The state has to fo­cus on that is­sue go­ing for­ward,” the sen­a­tor said. “I don’t see it be­ing a prob­lem in the elec­tion com­ing up. But as more and more peo­ple uti­lize on­line vot­ing it’s go­ing to be even more im­por­tant that all safe­guards be im­ple­mented.”

Green­berger also said there have been too many mis­steps at the state elec­tions board and that the Gen­eral Assem­bly needs to “ap­point a bi­par­ti­san com­mis­sion of in­de­pen­dent ex­perts to in­ves­ti­gate what is go­ing on there.”

State leg­isla­tive au­di­tors in April 2017 found that the board ex­posed full So­cial Se­cu­rity num­bers of al­most 600,000 vot­ers to po­ten­tial hack­ing from 2012 to 2015. The au­dit also faulted state elec­tion of­fi­cials’ han­dling of is­sues in­clud­ing bal­lot se­cu­rity, disas­ter pre­pared­ness, con­tract­ing and bal­anc­ing its books.

The state bud­get anal­y­sis for the cur­rent fis­cal year cred­ited the elec­tions board with fix­ing sev­eral of the au­dit is­sues.

Van Hollen and other elec­tion ex­perts said Congress and the White House need to con­tinue pro­vid­ing fund­ing to the Elec­tion As­sis­tance Com­mis­sion to help states im­ple­ment best prac­tices and con­tin­u­ally up­grade sys­tems.

“We have to make sure this re­mains a front burner is­sue,” Van Hollen said. “The in­tegrity of our elec­tions de­pends on it.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.