Anonymous readers share a report: Sen. Bill Nelson, a Florida Democrat, has reaped the political whirlwind in the 10 days since he proclaimed that Russian hackers had "penetrated" some of his state's county voting systems. The governor of Florida, Rick Scott, a Republican who is running against Nelson for his U.S. Senate seat this fall, has blasted his claim as irresponsible. The top Florida elections official, also a Republican, said he had seen no indication it's true. And The Washington Post weighed in Friday with a 2,717-word fact check that all but accused Nelson -- without evidence -- of making it up. However, three people familiar with the intelligence tell NBC News that there is a classified basis for Nelson's assertion, which he made at a public event after being given information from the leaders of the Senate Intelligence Committee. The extent and seriousness of the threat remains unclear, shrouded for reasons of national security.

[...] Through a spokesman, Nelson declined to comment. At a, Aug. 7 campaign event in Florida's capital, Nelson said Intelligence Committee leaders asked that he "let supervisors of elections in Florida know that Russians are inside our records." He added that Russian hackers "have already penetrated certain counties in the state and they now have free rein to move about." "Either Bill Nelson knows of crucial information the federal government is withholding from Florida election officials, or he is simply making things up," said Scott, who is seeking to take Nelson's Senate seat, which the senator has held since 2001. But Scott, who as governor has a security clearance, has not actually disputed Nelson's assertion. His spokesman said the governor had not personally called anyone at the Department of Homeland Security to seek a classified briefing to get to the bottom of the matter.

A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers. From a report: Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations. The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security www.cisecurity.org, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters. [...] As of August 7, 36 of 50 states had installed Albert at the "elections infrastructure level," according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.

President Trump has reversed an Obama-era memorandum dictating how and when the U.S. government can deploy cyberweapons against its adversaries, in an effort to loosen restrictions on such operations [Editor's note: the link may be paywalled; alternative source], WSJ reports. From the report: Mr. Trump signed an order on Wednesday reversing the classified rules, known as Presidential Policy Directive 20, that had mapped out an elaborate interagency process that must be followed before U.S. use of cyberattacks, particularly those geared at foreign adversaries. The change was described as an "offensive step forward" by an administration official briefed on the decision, one intended to help support military operations, deter foreign election influence and thwart intellectual property theft by meeting such threats with more forceful responses. The Trump administration has faced pressure to show that it is taking seriously national-security cyberthreats -- particularly those that intelligence officials say are posed by Moscow.

An anonymous reader quotes a report from TechCrunch: In an effort to provide more transparency and deliver on a promise to Congress, Google just published an archive of political ads that have run on its platform. Google's new database, which it calls the Ad Library, is searchable through a dedicated launch page. Anyone can search for and filter ads, viewing them by candidate name or advertiser, spend, the dates the ads were live, impressions and type. For anyone looking for the biggest ad budget or the farthest reaching political ad, the ads can be sorted by spend, impressions and recency, as well. Google also provided a report on the data, showing ad spend by U.S. state, by advertiser and by top keywords.

The United States voiced deep suspicion on Tuesday over Russia's pursuit of new space weapons, including a mobile laser system to destroy satellites in space, and the launch of a new inspector satellite which was acting in an "abnormal" way. From a report: Russia's pursuit of counterspace capabilities was "disturbing," Yleem D.S. Poblete, U.S. Assistant Secretary of State for Arms Control, Verification and Compliance, told the U.N.'s Conference on Disarmament which is discussing a new treaty to prevent an arms race in outer space. A Russian delegate at the conference dismissed Poblete's remarks as unfounded and slanderous. Russian Foreign Minister Sergei Lavrov, at the Geneva forum in February, said a priority was to prevent an arms race in outer space, in line with Russia's joint draft treaty with China presented a decade ago.

About 30 percent of House candidates running for office this year have significant cybersecurity issues with their campaign websites, according to a new study. Reuters: The research was unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations. A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security. Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation. The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party's national, state and campaign operations.

UnknowingFool writes: At this year's DEFCON, a group of 50 children aged 8 to 16 participated in a hack of 13 imitation election websites. One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes. Overall, more than 30 of the 50 children were able to hack the websites in some form. The so-called "DEFCON Voting Machine Hacking Village" allowed kids the chance to manipulate vote tallies, party names, candidate names and vote count totals. The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.

The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

Top officials at the Environmental Protection Agency pushed through a measure to review applications for using asbestos in consumer products, and did so over the objections of E.P.A.'s in-house scientists and attorneys, internal agency emails show. From a report: The clash over the proposal exposes the tensions within the E.P.A. over the Trump administration's efforts to roll back environmental rules and rewrite other regulations that industries have long fought. Asbestos, a naturally occurring mineral and known carcinogen, was once common in insulation and fireproofing materials, but today most developed countries ban it. The United States still allows limited use in products including gaskets, roofing materials and sealants. The proposed new rule would create a new process for regulating uses of asbestos, something the E.P.A. is obliged to do under a 2016 amendment to a toxic substances law.

An anonymous reader quotes a report from Gizmodo: The Democratic nominee for governor of Colorado, U.S. Representative Jared Polis, wants to add blockchain to the list of items voters consider this year. Polis currently represents Colorado's 2nd district in the House, and he won the Democratic gubernatorial nomination last month. He's held his seat in the House for about a decade and has been a fairly solid progressive. On Wednesday, Polis added a set of limited proposals regarding blockchain to his gubernatorial platform that at least give us an idea of what it means for a politician to campaign on blockchain. Polis told us he would like to resolve some of the "ambiguity" in federal rules, encourage fintech company investment, remove some licensing requirements for token securities, and exempt cryptocurrencies from state money transition laws. He says these companies are "trying to fit what they're doing into an obsolete, outdated, and often obsolete federal law."

Polis also wants to explore how blockchain could be used for voting security. Polis isn't ready to necessarily endorse moving all voting to the blockchain system. He likes paper ballots and told us, "this would be more how the information is generated and stored from those paper ballots rather than doing so in a centralized database it would be done across a distributed ledger." The congressman also thinks that blockchain could be used to streamline the process for storing public records and making them available to the public. "We're talking more about everything from Colorado contracts, expenditures, titles, a lot of the data-intensive aspects of state government can be more secure and more accessible through distributed ledgers," he said.

Vice President Mike Pence on Thursday laid out details for President Donald Trump's proposed new branch of the U.S. military responsible for protecting national security in outer space. From a report: In a speech at the Pentagon, Pence said the new Space Force would be established by 2020. "As President Trump has said, in his words, it is not enough to merely have an American presence in space -- we must have American dominance in space. And so we will," Pence said. "Space is, in his words, a war-fighting domain just like land and air and sea." He added, "History proves that peace only comes through strength, and in the realm of outer space, the United States Space Force will be that strength in the years ahead." The Space Force would ultimately become the sixth branch of the U.S. Armed Forces and would be equal to the other five, Pence said. The Department of Defense has prepared a report laying out the phases of creating the new branch, which will ultimately have to be reviewed and approved by Congress.

"In Chicago, it used to be claimed that even death couldn't stop a person from voting," writes Slashdot reader lunchlady55. "But in the Deep South, there are new reports of discrepancies in voter turnout with the approval of new electronic voting systems." Ars Technica reports: [I]f any state is a poster child for terrible election practices, it is surely Georgia. Bold claims demand bold evidence, and unfortunately there's plenty; on Monday, McClatchy reported a string of irregularities from the state's primary election in May, including one precinct with a 243-percent turnout.

McClatchy's data comes from a federal lawsuit filed against the state. In addition to the problem in Habersham County's Mud Creek precinct, where it appeared that 276 registered voters managed to cast 670 ballots, the piece describes numerous other issues with both voter registration and electronic voting machines. (In fact it was later corrected to show 3,704 registered voters in the precinct.) Multiple sworn statements from voters describe how they turned up at their polling stations only to be turned away or directed to other precincts. Even more statements allege incorrect ballots, frozen voting machines, and other issues. "George is one of four states in the U.S. that continues to use voting machines with no ability to provide voters a paper record so that they can verify the machine counted their vote correctly," the report adds.

West Virginians serving overseas will be the first in the country to cast federal election ballots using a smartphone app, a move designed to make voting in November's election easier for troops living abroad. But election integrity and computer security experts expressed alarm at the prospect of voting by phone, and one went so far as to call it "a horrific idea." CNN: The state's decision to pioneer mobile voting comes even as the United States grapples with Russian interference in its elections. A recent federal indictment outlined Russia's attempts to hack US voting infrastructure during the 2016 presidential race, and US intelligence agencies have warned of Russian attempts to interfere with the upcoming midterm election. Still, West Virginia Secretary of State Mac Warner and Voatz, the Boston company that developed the app, insist it is secure. Anyone using it must first register by taking a photo of their government-issued identification and a selfie-style video of their face, then upload them via the app. Voatz says its facial recognition software will ensure the photo and video show the same person. Once approved, voters can cast their ballot using the Voatz app.

The Republican-controlled Senate has defeated a push by Democrats to set aside an additional $250 million for states to upgrade their voting systems to protect against hacking and other cyberattacks. From a report: An amendment offered by Vermont Sen. Patrick Leahy received 50 yes votes, 10 short of the 60 needed for approval. Leahy said securing U.S. elections and "safeguarding our democracy" is not a partisan issue. He said the Senate "must send a clear message to Russia and other foreign adversaries that tampering in our elections will not be tolerated. The president will not act. This duty has fallen to us." A similar effort was also rejected in the House.

An anonymous reader shares a report: Microsoft has launched a pilot program aimed at providing cybersecurity protection for political campaigns and election authorities. The pilot program -- named AccountGuard -- was launched at the end of July, Bleeping Computer has learned, and was set in motion for the 2018 US midterm elections. According to the pilot's website, AccountGuard "provides additional security and threat monitoring for Microsoft accounts belonging to participating US campaigns, political committees, campaign tech vendors, and their staff, who are likely to be at a higher risk in the lead up to elections."

Microsoft is now running a website where participants in the 2018 US midterm elections can sign up for this increased protection. According to the portal, participation is offered on a non-partisan basis and is by invitation only. Users from the following organizations are eligible to participate: (1) US-based political campaigns (2) US-based political committees (3) Select campaign technology vendors (4) Select individuals may also participate, if invited by eligible campaigns and affiliated organizations Last month, Microsoft said they had detected and helped block hacking attempts -- the first known example of cyber interference in the midterm elections -- against three congressional candidates this year. On Tuesday, Facebook said it was blocking more than two dozen pages that it believed were part of an ongoing political influence campaign.

The Department of Homeland Security announced on Tuesday the creation of a new center aimed at guarding the nation's banks, energy companies and other industries from major cyberattacks that could cripple critical infrastructure. From a report: The launch of the National Risk Management Center was unveiled by DHS Secretary Kirstjen Nielsen at a government-hosted cyber summit in New York City, at which Vice President Mike Pence and several other cabinet secretaries are expected to speak. In prepared remarks, Ms. Nielsen said that cyber threats now posed a greater threat to the country than physical attacks. DHS was founded 15 years ago to prevent another Sept. 11, 2001, Ms. Nielsen said, but "today I believe the next major attack is more likely to reach us online than on an airplane." The center's creation was motivated by a growing recognition in government that sophisticated cyberattacks, particularly those deployed by foreign adversaries, can not only harm a company or industry but can cause systemic failure across society, Chris Krebs, DHS's top cyber official, said in an interview.

Facebook is preparing to announce that it has identified a coordinated political influence campaign, with dozens of inauthentic accounts and pages that are believed to be engaging in political activity ahead of November's midterm elections, The New York Times reported Tuesday, citing three people briefed on the matter. From the report: In a series of briefings on Capitol Hill this week, the company told lawmakers that it detected the influence campaign as part of its investigations into election interference. It has been unable to tie the accounts to Russia, whose Internet Research Agency was at the center of an indictment earlier this year for interfering in the 2016 election, but company officials told Capitol Hill that Russia was possibly involved, according to two of the officials. Facebook is expected to announce its findings on Tuesday afternoon. The company has been working with the F.B.I. to investigate the activity. Like the Russian interference campaign in 2016, the recently detected campaign dealt with divisive social issues. Update: Facebook has confirmed the story, adding: Today we removed 32 Pages and accounts from Facebook and Instagram because they were involved in coordinated inauthentic behavior. This kind of behavior is not allowed on Facebook because we don't want people or organizations creating networks of accounts to mislead others about who they are, or what they're doing. We're still in the very early stages of our investigation and don't have all the facts -- including who may be behind this. But we are sharing what we know today given the connection between these bad actors and protests that are planned in Washington next week. We will update this post with more details when we have them, or if the facts we have change. It's clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency (IRA) has in the past. We believe this could be partly due to changes we've made over the last year to make this kind of abuse much harder.

On Monday, Senator Mark Warner published 20 proposals on how to regulate big tech platforms. What's interesting is that none of the proposals call for breaking up the pseudo-monopolies. Instead, they aim to start a substantive debate by laying out different paths to address problems posed by the platforms. Gizmodo reports: What may be more important than the individual proposals themselves is that the document is at least trying to organize a holistic way of thinking about the issues now on the table. It breaks down the areas that need addressing into the promotion of disinformation, privacy and consumer protection, and ensuring competition in the marketplace. Just to highlight a few of the good issues on the table, the white paper blessedly brings the conversation back to privacy and data ownership -- something that seems to have been lost as the conversation has turned to content moderation. The easiest recommendation is to implement what it calls "GDPR-like" data protection legislation that would give Americans similar data rights as EU citizens gained in May. The jury is still out on the long-term consequences of those reforms, but they require greater transparency and consent for a company's terms of service, along with many more tools for keeping track of what information a company collects on you.

On the competition side of things, the proposal suggests a data-transparency bill that would give users a more granular idea of how their data is being used and how much its worth to an individual platform. One concern it addresses is that platforms expand how they monetize a person's data while the user is often unaware of how much they're actually giving up, value-wise, when they agree to hand over their data in exchange for a particular service. Another benefit would be that regulators would have a better idea of what they're evaluating in antitrust enforcement cases. The proposals relating to disinformation are a little more worrisome. A requirement that platforms "clearly and conspicuously label bots" wouldn't be so bad, but it's a daunting task and opens up the potential for false positives. Likewise, demanding networks identify a user's true identity is unrealistic, and the option of anonymity online should be protected. Axios was first to publish the list of 20 proposals compiled by Warner's staff. Is there a proposal that resonates with you? If not, how would you regulate the Big Tech platforms?

"The UK parliament has provided another telling glimpse behind the curtain of Facebook's unregulated ad platform by publishing data on scores of pro-Brexit adverts..." reports TechCrunch, adding that the 2016 ads "were run prior to Facebook having any disclosure rules for political ads. So there was no way for anyone other than each target recipient to know a particular ad existed or who it was being targeted at." An anonymous reader quotes their report: The targeting of the ads was carried out on Facebook's platform by AggregateIQ, a Canadian data firm that has been linked to Cambridge Analytica/SCL... [I]t's not clear how many ad impressions they racked up in all. But total impressions look very sizable. While some of what runs to many thousands of distinctly targeted ads which AIQ distributed via Facebook's platform are listed as only garnering between 0-999 impressions apiece, according to Facebook's data, others racked up far more views. Commonly listed ranges include 50,000 to 99,999 and 100,000 to 199,999 -- with even higher ranges like 2M-4.9M and 5M-9.9M also listed....

The publication of the Brexit ads is, above all, a reminder that online political advertising has been allowed to be a blackhole -- and at times a cesspit -- because cash-rich entities have been able to unaccountably exploit the obscurity of Facebook's systemically dark ad targeting tools for their own ends, and operate in a darkness where only Facebook had oversight (and wasn't exercising any), leaving the public no right of objection let alone reply, despite it being people's lives that are indelibly affected by political outcomes.... The company has been making some voluntary changes to offer a degree of political ad disclosure, as it seeks to stave off regulatory rule. Whether its changes -- which at best offer partial visibility -- will go far enough remains to be seen.
Earlier this month the UK's data watchdog released a report titled "Democracy disrupted?" in which the UK's Information Commissioner recommends an "ethical pause" of political advertising on social media to allow key players "to reflect on their responsibilities in respect to the use of personal data..." And this weekend an interim report from the House of Commons' media committee "said democracy is facing a crisis because the combination of data analysis and social media allows campaigns to target voters with messages of hate without their consent," according to the Associated Press.

"Tech giants like Facebook, which operate in a largely unregulated environment, are complicit because they haven't done enough to protect personal information and remove harmful content, the committee said."

An anonymous reader quotes a report from VICE News: Twitter is limiting the visibility of prominent Republicans in search results -- a technique known as "shadow banning" -- in what it says is a side effect of its attempts to improve the quality of discourse on the platform. The Republican Party chair Ronna McDaniel, several conservative Republican congressmen, and Donald Trump Jr.'s spokesman no longer appear in the auto-populated drop-down search box on Twitter, VICE News has learned. It's a shift that diminishes their reach on the platform -- and it's the same one being deployed against prominent racists to limit their visibility. The profiles continue to appear when conducting a full search, but not in the more convenient and visible drop-down bar. (The accounts appear to also populate if you already follow the person.)

Democrats are not being "shadow banned" in the same way, according to a VICE News review. McDaniel's counterpart, Democratic Party chair Tom Perez, and liberal members of Congress -- including Reps. Maxine Waters, Joe Kennedy III, Keith Ellison, and Mark Pocan -- all continue to appear in drop-down search results. Not a single member of the 78-person Progressive Caucus faces the same situation in Twitter's search. Presented with screenshots of the searches, a Twitter spokesperson told VICE News: "We are aware that some accounts are not automatically populating in our search box and shipping a change to address this." Asked why only conservative Republicans appear to be affected and not liberal Democrats, the spokesperson wrote: "I'd emphasize that our technology is based on account *behavior* not the content of Tweets."

Russian President Vladimir Putin's gift of a soccer ball to U.S. President Donald Trump last week set off a chorus of warnings -- some of them only half in jest -- that the World Cup souvenir could be bugged. Republican Senator Lindsey Graham even tweeted, "I'd check the soccer ball for listening devices and never allow it in the White House." It turns out they weren't entirely wrong. From a report: Markings on the ball indicate that it contained a chip with a tiny antenna that transmits to nearby phones. But rather than a spy device, the chip is an advertised feature of the Adidas AG ball. Photographs from the news conference in Helsinki, where Putin handed the ball to Trump, show it bore a logo for a near-field communication tag. During manufacturing, the NFC chip is placed inside the ball under that logo, which resembles the icon for a WiFi signal, according to the Adidas website. The chip allows fans to access player videos, competitions and other content by bringing their mobile devices close to the ball. The feature is included in the 2018 FIFA World Cup match ball that's sold on the Adidas website for $165 (reduced to $83 in the past week).