Select Page
How a Right-Wing Controversy Could Sabotage US Election Security

How a Right-Wing Controversy Could Sabotage US Election Security

It remains unclear how many of Warner’s colleagues agree with him. But when WIRED surveyed the other 23 Republican secretaries who oversee elections in their states, several of them said they would continue working with CISA.

“The agency has been beneficial to our office by providing information and resources as it pertains to cybersecurity,” says JoDonn Chaney, a spokesperson for Missouri’s Jay Ashcroft.

South Dakota’s Monae Johnson says her office “has a good relationship with its CISA partners and plans to maintain the partnership.”

But others who praised CISA’s support also sounded notes of caution.

Idaho’s Phil McGrane says CISA is doing “critical work … to protect us from foreign cyber threats.” But he also tells WIRED that the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), a public-private collaboration group that he helps oversee, “is actively reviewing past efforts regarding mis/disinformation” to determine “what aligns best” with CISA’s mission.

Mississippi’s Michael Watson says that “statements following the 2020 election and some internal confidence issues we’ve since had to navigate have caused concern.” As federal and state officials gear up for this year’s elections, he adds, “my hope is CISA will act as a nonpartisan organization and stick to the facts.”

CISA’s relationships with Republican secretaries are “not as strong as they’ve been before,” says John Merrill, who served as Alabama’s secretary of state from 2015 to 2023. In part, Merrill says, that’s because of pressure from the GOP base. “Too many conservative Republican secretaries are not just concerned about how the interaction with those federal agencies is going, but also about how it’s perceived … by their constituents.”

Free Help at Risk

CISA’s defenders say the agency does critical work to help underfunded state and local officials confront cyber and physical threats to election systems.

The agency’s career civil servants and political leaders “have been outstanding” during both the Trump and Biden administrations, says Minnesota secretary of state Steve Simon, a Democrat.

Others specifically praised CISA’s coordination with tech companies to fight misinformation, arguing that officials only highlighted false claims and never ordered companies to delete posts.

“They’re just making folks aware of threats,” says Arizona’s Democratic secretary of state, Adrian Fontes. The real “bad actors,” he says, are the people who “want the election denialists and the rumor-mongers to run amok and just spread out whatever lies they want.”

If Republican officials begin disengaging from CISA, their states will lose critical security protections and resources. CISA sponsors the EI-ISAC, which shares information about threats and best practices for thwarting them; provides free services like scanning election offices’ networks for vulnerabilities, monitoring those networks for intrusions and reviewing local governments’ contingency plans; and convenes exercises to test election officials’ responses to crises.

“For GOP election officials to back away from [CISA] would be like a medical patient refusing to accept free wellness assessments, check-ups, and optional prescriptions from one of the world’s greatest medical centers,” says Eddie Perez, a former director for civic integrity at Twitter and a board member at the OSET Institute, a nonprofit group advocating for improved election technology.

Anne Neuberger, a Top White House Cyber Official, Is Staying Surprisingly Optimistic

Anne Neuberger, a Top White House Cyber Official, Is Staying Surprisingly Optimistic

The fact that in 2023 we’re rolling out mandated minimum cybersecurity practices for the first time in critical infrastructure—we’re one of the last countries to do that.

Building in the red-teaming, the testing, the human-in-the-loop before those models are deployed is a core lesson learned from cybersecurity that we want to make in the AI space.

In the AI executive order, regulators were tasked to determine where their existing regulations—let’s say for safety—already account for the risks around AI, and where are there deltas? Those first risk assessments have come in, and we’re going to use those both to inform the Hill’s work and also to think about how we roll those into the same cybersecurity minimum practices that we just talked about that regulators are doing.

Where are you starting to see threat actors actually use AI in attacks on the US? Are there places where you’re seeing this technology already being deployed by threat actors?

We mentioned voice cloning and deepfakes. We can say we’re seeing some criminal actors—or some countries—experimenting. You saw FraudGPT that ostensibly advances criminal use cases. That’s about all we can say we’re releasing right now.

You have been more engaged recently on autonomous vehicles. What’s drawn your interest there?

There’s a whole host of risks that we have to look at, the data that’s collected, patching—bulk patches, should we have checks to ensure they’re safe before millions of cars get a software patch? The administration is working on an effort that probably will include both some requests for input as well as assessing the need for new standards. Then we’re looking very likely in the near term to come up with a plan to test those standards, ideally in partnership with our European allies. This is something we both care about, and it’s another example of “Let’s get ahead of it.”

You already see with AVs large amounts of data being collected. We’ve seen a few states, for example, that have given approval for Chinese car models to drive around and collect. We’re taking a look at that and thinking, “Hold on a second, maybe before we allow this kind of data collection that can potentially be around military bases, around sensitive sites, we want to really take a look at that more carefully.” We’re interested both from the perspective of what data is being collected, what are we comfortable being collected, as well as what new standards are needed to ensure American cars and foreign-made cars are built safely. Cars used to be hardware, and they’ve shifted to including a great deal of software, and we need to reboot how we think about security and long-term safety.

You’ve also been working a lot on spectrum—you had a big gathering about 6G standards last year. Where do you see that work going, and what are the next steps?

First, I would say there’s a domestic and an international part. It comes from a foundational belief that wireless telecommunications is core to our economic growth—it’s both manufacturing robotics in a smart manufacturing factory, and then I just went to CES and John Deere was showing their smart tractors, where they use connectivity to adjust irrigation based on the weather. On the CES floor, they noted that integrating AI in agriculture requires changes to US policies on spectrum. I said, “I don’t understand, America’s broadband plan deploys to rural sites.” He said, “Yeah, you’re deploying to the farm, but there’s acres and acres of fields that have no connectivity. How are we going to do this stuff?” I hadn’t expected to get pinged on spectrum there, on the floor talking about tractors. But it shows how it’s core to what we want to do—this huge promise of drones monitoring electricity infrastructure after storms and determining lines are down to make maintenance far more efficient, all of that needs connectivity.

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

United States lawmakers are receiving a flood of warnings from across civil society not to be bend to the efforts by some members of Congress to derail a highly sought debate over the future of a powerful but polarizing US surveillance program.

House and Senate party leaders are preparing to unveil legislation on Wednesday directing the spending priorities of the US military and its $831 billion budget next year. Rumors, meanwhile, have been circulating on Capitol Hill about plans reportedly hatched by House speaker Mike Johnson to amend the bill in an effort to extend Section 702, a sweeping surveillance program drawing fire from a large contingent of Democratic and Republican lawmakers favoring privacy reforms.

WIRED first reported on the rumors on Monday, citing senior congressional aides familiar with ongoing negotiations over the bill, the National Defense Authorization Act (NDAA), separate versions of which were passed by the House and Senate this summer.

More than 80 civil rights and grassroots organizations—including Asian Americans Advancing Justice | AAJC, Color of Change, Muslims for Just Futures, Stop AAPI Hate, and United We Dream—signed a statement this morning opposing “any efforts” to extend the 702 program using the NDAA. The statement, expected to hit the inboxes of all 535 members of Congress this afternoon, says that failure to reform contentious aspects of the program, such as federal agents’ ability to access Americans’ communications without a warrant, poses an “alarming threat to civil rights,” and that any attempt to use must-pass legislation to extend the program would “sell out the communities that have been most often wrongfully targeted by these agencies and warrantless spying powers generally.”

“As you’re aware, this extremely controversial warrantless surveillance authority is set to expire at the end of the year, but will continue to operate as it does currently until April, as government officials have recognized for many years,” the groups say.

Johnson and Senate majority leader Chuck Schumer did not respond to WIRED’s request for comment. Leadership of the House and Senate armed services committees likewise did not respond.

Section 702 of the Foreign Intelligence Surveillance Act authorizes the US government, namely, the US National Security Agency, to surveil the communications of foreign citizens believed to be overseas. Oftentimes, these communications—texts, calls, emails, and other web traffic—“incidentally” involve Americans, whom the government is forbidden from directly targeting. But certain methods of interception, those that tap directly into the internet’s backbone, may make it impossible to fully disentangle foreign communications from domestic ones.