Voting security, public sentiment on 5G security, and European money laundering law.

Summary

By the CyberWire staff

At a glance.

Voting security during (or even after) a pandemic.
Comments on UK 5G security policy trending against Huawei.
EU seeks authority to take stronger measures against money laundering.

Voting security during (or even after) a pandemic.

One thing the pandemic has done is put a spoke in the wheels of programs designed to train election workers in how to secure voting, the Washington Post reports. It's also raised the likelihood that more ballots, in the US and elsewhere, will have to be cast remotely, in all probability mostly by mail, but in some cases online. Neither are easy to improvise at the eleventh hour.

All electronic balloting presents problems that paper ballots don't. (Paper ballots aren't problem-free either, and the history of corrupt elections goes back to the early Nineteenth Century at least, but they come with a different set of problems.) A group of academic and industry experts concerned with electronic voting have sent the US Cybersecurity and Infrastructure Security Agency (CISA) a letter expressing their appreciation for CISA's work, but more importantly stating concerns about CISA's advisories about election security. The signatories see three basic problems:

"Online ballot marking greatly amplifies the security threats of online ballot delivery and introduces significant risks to ballot secrecy. It should be discouraged except for voters with relevant disabilities."
"Ballots delivered online are vulnerable to cybersecurity attacks. Unlimited/large scale online ballot delivery may enable the casting of fraudulent ballots if appropriate safeguards are not in place."
"The back-end processing of electronically transmitted blank ballots involves a much greater workload and potential health risk for election workers compared to the processing of preprinted absentee ballots. Large-scale adoption of electronically delivered ballots will both burden election offices and increase the risk of person-to-person contact among election workers during the novel coronavirus pandemic if proper sanitation and social distancing precautions are not taken."

Comments on UK 5G security policy trending against Huawei.

Ars Technica has a review of the comments being offered on the British government's current policy of allowing Huawei to participate in "non-core" sections of the country's coming 5G infrastructure. Sentiment is not running in Huawei's favor. As Ars Technica sums it up, "If the written submissions are anything to go by, Huawei is in trouble in the UK. The only ones defending the decision were from the government itself and from the two companies with the most to lose from a total ban on Huawei kit in the UK’s 5G networks. Everyone else is urging the government to change its position to just that."

The European Commission wants more authority to take action against money laundering.

The Wall Street Journal reports that the European Commission, the EU's executive arm, is asking for more authority to act against money laundering. While the EU currently has some limited scope for action, most money laundering law enforcement remains in national hands. The proposed changes would not only give the EU the ability to undertake such enforcement actions as direct inspection of banks, but would also help harmonize and standardize regulations across the EU, removing the loopholes between national laws that have permitted criminals to slip past the authorities.

Selected Reading

NHS reveals code behind virus-tracing app (BBC News) More than 40,000 people have downloaded the contact tracing app so far, ahead of a wider release.

Contact-tracing app fails to protect privacy and human rights (ComputerWeekly) Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee.

Privacy International to Palantir: We are watching you (ComputerWeekly) Privacy International expresses a qualified welcome for Palantir’s responses to questions about its data integration role in the NHS Covid-19 data store, but continues to raise concerns

A passwordless server run by NSO Group sparks contact-tracing privacy concerns (TechCrunch) Experts say centralized databases of citizens' location data pose a security and privacy risk.

Israel to Launch ‘Cyber Defense Shield’ for Health Sector (The Media Line) Israel is preparing to inaugurate a “cyber defense shield” for the country’s health care sector amid a spike in attacks since the beginning of the global COVID-19 epidemic.

For PPP recipients: You may be subject to whistleblower lawsuits under false claims law (Silicon Valley Business Journal) For the vast majority of small businesses that received money under the Paycheck Protection Program (PPP) initiative, the structure of the loan terms may have inadvertently exposed them to a well-known, but rarely used, federal law.

Europe Seeks Greater Powers to Tackle Its Money-Laundering Problem (Wall Street Journal) The EU said it wants to boost the continent’s power to fight money laundering following a series of scandals that have made Europe a center of financial crime.

Submissions to UK 5G security review are mostly hostile to Huawei (Telecoms.com) UK Parliament is reviewing the government’s decision to allow the limited involvement of Huawei kit in its 5G networks.

Pentagon official: FCC decision on 5G threatens GPS, national security (TheHill) Pentagon officials on Wednesday criticized the Federal Communications Commission's (FCC) recent decision to allow Virginia-based satellite communications company Ligado to deploy a nationwide mobile network, saying that it could have adv

Pentagon, Senators Blast FCC Decision to Let Company Share GPS Spectrum (Nextgov.com) Space Force chief, Pentagon tech leaders, and the Armed Services chairman led calls to reconsider the controversial license for Ligado.