At a glance.
- Voting machines with improved security aren't expected in the US until 2026.
- Proposed UK data and ICO changes.
- A Chinese influence campaign.
More secure election machines aren’t due for the US midterms.
The Washington Post says voting machines designed to meet updated Voluntary Voting System Guidelines (VVSG) probably won’t be rolled out until 2026, according to a status report this week from election equipment vendors. Issued in February by the US Election Assistance Commission (EAC), VVSG 2.0 will guide, and in many cases require, states to boost encryption standards and auditing functionality. The rollout is complicated by budgetary restrictions and the fact that numerous regions recently upgraded their systems. “It’s reasonable to wonder whether the slow pace of change at the EAC and in the vendor community are up to the task of combating a loss of public confidence in elections,” commented OSET Institute executive Edward Perez.
VVSG 2.0 has also drawn criticism for failing to prohibit wireless connectivity in voting machines. Twenty-plus members of Congress wrote to the EAC, “Benign misconfigurations that could enable connectivity are commonplace and malicious software can be directed to enable connectivity silently and undetectabl[y], allowing hackers access to the voting system software.” The EAC indicated that banning wireless connectivity could prove too expensive.
UK’s proposed data and ICO reforms.
The UK’s planned “common sense” Information Commissioner’s Office (ICO) and data protection reforms seem poised to preserve privacy protections despite prioritizing economic growth, contra worries about dramatic divergence from GDPR rules, Computing reports. “Whether that plan survives contact with the real world, of course, remains to be seen,” Computing notes.
“There is no doubt that some aspects of the GDPR do not work well,” Centre for Information Policy Leadership President Bojana Bellamy remarked, “and some areas are unhelpfully obscure. For example…individuals' consent to data processing has been rendered meaningless through overuse; and international data flows have become mired in red tape.” The consultation period on the reforms will wind up in November.
Beijing’s influence campaign.
As we’ve seen, Beijing appears to be moving towards some elements of Moscow’s playbook on both the privateering and disinformation fronts. Reuters breaks down a pro-CCP group’s latest efforts to spread the line that the pandemic originated on US soil and to catalyze in-person anti-racism protests. The effort encompasses “thousands of handles on dozens of sites around the world,” including Google, Twitter, and Facebook, and has thus far obtained minimal traction.
Threat analysts worry, however, about the initiative’s evolving tactics and eventual maturation. “They've clearly got a wide mandate that's global. Someone is giving them pretty broad orders,” said FireEye VP John Hultquist. While the campaign has not yet been attributed to a particular threat group, its content mirrors Chinese state propaganda. ZDNet notes that the operation is “far more extensive than previously believed,” spanning seven languages, thirty social platforms, and forty other known sites.