Suspected Iranian hackers infiltrated former national security adviser John Bolton’s email account and threatened to release sensitive materials, his indictment alleges.
The indictment on charges that Bolton mishandled classified information, released Thursday, comes after President Donald Trump’s unprecedented public call for the Justice Department to prosecute his enemies. Bolton served under Trump in his first term as national security adviser and since has become a critic.
The passage of the indictment related to the Iranian hackers seeks to demonstrate a representative of Bolton knew his personal emails included information they shouldn’t have.
In early July of 2021, according to the indictment, the Bolton representative contacted the FBI to alert the bureau about the apparent hack, and their suspicion that it was someone from Iran. The indictment states that it was “a cyber actor believed to be associated with the Islamic Republic of Iran.”
The Justice Department had recently closed an investigation into whether Bolton illegally published classified information in a memoir. Later that July, the apparent hackers threatened to release Bolton’s emails, drawing comparisons to the leak of 2016 Democratic presidential candidate Hillary Clinton’s emails.
“I do not think you would be interested in the FBI being aware of the leaked content of John’s email (some of which have been attached), especially after the recent acquittal,” the threatening note from on or about July 25 read, the indictment states. “This could be the biggest scandal since Hillary’s emails were leaked, but this time on the GOP side! Contact me before it’s too late.”
Days later — on or about July 28, the indictment states — Bolton’s representative also told the FBI that they were “[j]ust sending you the text (not the documents [the hacker] attached since there might be sensitive information in them.)”
According to the indictment, “A day later, on or about July 29, 2021, Bolton’s representative told the FBI that Bolton would be deleting the contents of his personal email account that had been hacked.”
Bolton got one more message from the apparent hackers in August. “OK John … As you want (apparently), we’ll disseminate the expurgated sections of your book by reference to your leaked email…” It’s not clear if the hackers followed through on the threat, or what they demanded of Bolton not to release the sections.
Bolton didn’t disclose to the FBI that he had used a hacked email account to share classified information with two unnamed relatives, “nor did he tell the FBI that the hackers now held this information,” the indictment reads.
A search warrant affidavit released last month contains a passage headed “Hack of Bolton AOL Account by Foreign Entity,” but the passage itself is redacted.
Bolton surrendered to authorities on Friday. The law firm of the lawyer defending did not immediately respond to an email about the indictment passages related to the alleged hack, but his attorney, Abbe Lowell, has denied Bolton committed any crimes.
“These charges stem from portions of Ambassador Bolton’s personal diaries over his 45-year career — records that are unclassified, shared only with his immediate family, and known to the FBI as far back as 2021,” Lowell said in a statement. “Like many public officials throughout history, Ambassador Bolton kept diaries — that is not a crime.”
The post John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats appeared first on CyberScoop.
A Massachusetts man who previously pleaded guilty to a cyberattack on PowerSchool, exposing data on tens of millions of students and teachers, was sentenced to four years in prison Tuesday — half the amount federal prosecutors sought in sentencing recommendations submitted to the court.
Matthew Lane, 20, stole data from PowerSchool belonging to nearly 70 million students and teachers, extorted the California-based company for a ransom, which it paid, causing the education software vendor more than $14 million in financial losses, according to prosecutors.
U.S. District Judge Margaret Guzman sentenced Lane to four years in prison, followed by three years of supervised release. Lane was also ordered to pay almost $14.1 million in restitution and a $25,000 fine for crimes involving the attack on PowerSchool and an undisclosed U.S. telecommunications company.
Federal prosecutors were seeking a sentence of eight years for Lane, arguing that the crimes he pleaded guilty to follow a series of cybercriminal activity dating back to 2021. “The government has serious concerns that Lane poses an ongoing threat to the community and remains in denial about the scope of his criminal activity,” prosecutors said in a sentencing memo filed Oct. 7 in the U.S. District Court for the District of Massachusetts.
Prosecutors cited multiple examples of other cybercriminals who committed and were convicted of less serious crimes. In those cases, the lighter sentences cybercriminals received did not sufficiently deter them from reengaging in cybercrime upon their release from jail. Lane’s attack on PowerSchool put 10 million teachers and 60 million children, some as young as five years old, at risk of identity theft for the remainder of their lives, prosecutors said.
The PowerSchool attack, which Lane committed in September 2024 by using a PowerSchool contractor’s credentials to gain unauthorized access, is reportedly the single largest breach of American schoolchildren’s data on record. Lane threatened to release the data in December 2024 if PowerSchool didn’t pay a ransom valued at nearly $2.9 million at the time.
Multiple school district customers of PowerSchool received follow-on extortion demands linked to the stolen same data, the company said in May. The downstream extortion attempts underscore how cybercriminals, affiliated or not, will continue to exploit sensitive data for financial gain.
Lane forfeited almost $161,000 traced to his crimes, but about $3 million in illicit proceeds remains unaccounted for, according to court documents. “The money he returned is barely one percent of the financial loss he caused,” prosecutors said in the court filing.
Lane is required to surrender to the Federal Bureau of Prisons by Dec. 1.
The post PowerSchool hacker sentenced to 4 years in prison appeared first on CyberScoop.
Federal cyber authorities issued an emergency directive Wednesday requiring federal agencies to identify and apply security updates to F5 devices after the cybersecurity vendor said a nation-state attacker had long-term, persistent access to its systems.
The order, which mandates federal civilian executive branch agencies take action by Oct. 22, marked the second emergency directive issued by the Cybersecurity and Infrastructure Security Agency in three weeks. CISA issued both of the emergency directives months after impacted vendors were first made aware of attacks on their internal systems or products.
F5 said it first learned of unauthorized access to its systems Aug. 9, resulting in data theft including segments of BIG-IP source code and details on vulnerabilities the company was addressing internally at the time. CISA declined to say when F5 first alerted the agency to the intrusion.
CISA officials said they’re not currently aware of any federal agencies that have been compromised, but similar to the emergency directive issued following an attack spree involving zero-day vulnerabilities affecting Cisco firewalls, they expect the response and mitigation efforts to provide a better understanding of the scope of any potential compromise in federal networks.
Many federal agencies and private organizations could be impacted. CISA said there are thousands of F5 product types in use across executive branch agencies.
These attacks on widely used vendors and their customers are part of a broader campaign targeting key elements of America’s technology supply chain, extending the potential downstream effect to federal agencies, critical infrastructure providers and government officials, Nick Andersen, executive assistant director for cybersecurity at CISA, said during a media briefing.
CISA declined to name the country or specific threat groups behind the attack on F5’s systems. Generally, the broader goal of nation-state attackers is to maintain persistent access within the targeted victim’s network to hold those systems hostage, launch a future attack, or gather sensitive information, Andersen said.
CISA’s order requires federal agencies to apply security patches F5 released in response to the attack, disconnect non-supported devices or services, and provide CISA a report including a detailed inventory of all instances of F5 products within scope of the directive.
Officials referred questions about the effectiveness of F5’s security patches back to the vendor and declined to independently verify if the software updates have fixed the vulnerabilities attackers gained information on during the breach.
Neither CISA nor F5 have explained how the attackers gained access to F5’s internal systems.
Officials repeatedly insisted that the government shutdown and multiple waves of reductions to CISA’s workforce did not negatively affect or delay the government’s ability to coordinate with partners, respond to this threat and issue the emergency directive. Andersen declined to say how many CISA employees have been dismissed with reduction-in-force orders since the federal government shut down two weeks ago.
“This is really part of getting CISA back on mission,” Andersen said.
“While, yes, this may be the third emergency directive that’s been issued since the beginning of the Trump administration, this is the core operational mission for CISA,” Andersen said. “That’s really what we should be doing, and we’re able to continue to perform that mission in collaboration with our asset partners right now.”
The post CISA warns of imminent risk posed by thousands of F5 products in federal agencies appeared first on CyberScoop.
Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nation’s primary cybersecurity agency, writing that the “Trump Administration has undertaken multiple efforts to decimate CISA’s workforce, undermining our nation’s cybersecurity.”
Swalwell, the ranking member on the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, called out the agency for its reported shift of cybersecurity personnel to the Department of Homeland Security’s deportation efforts, on top of the approximately 760 people that have been let go from the agency since January.
“Amid reports that the Department of Homeland Security is now forcibly transferring CISA’s cybersecurity employees to other DHS components, it has become apparent that the Department’s exclusive focus on its mass deportation campaign is coming at the expense of our national security,” Swalwell writes. “As further evidence of the Administration’s failure to prioritize cybersecurity, CISA is now engaging in Reductions in Force (RIFs) that threaten CISA’s capacity to prevent and respond to cybersecurity threats. I demand you immediately cease all efforts to cut CISA’s workforce, reinstate employees who were transferred or dismissed, and provide details on the impacts of the agency’s workforce reductions.“
The letter is not the first time Swalwell has asked for information about CISA’s workforce. In April, he asked the agency to brief the subcommittee on its workforce plans. He wrote in Tuesday’s letter he had not heard back from CISA.
Further in the letter, Swalwell says shifting CISA personnel to deportation efforts takes away from the agency’s core mission at a time of “unprecedented cybersecurity threats,” pointing to the emergency directive issued last month about an ongoing and widespread attack spree affecting Cisco firewalls. He also questions CISA’s ability to leverage third-party expertise, given the agency’s September termination of its agreement with the Multi-State Information Sharing and Analysis Center — a partnership previously underpinned by $27 million in federal funding for fiscal year 2025.
“In order to combat these threats, CISA needs to have sufficient personnel to carry out its mission, particularly at a time when canceled contracts and cooperative agreements have left CISA without critical third-party support,” Swalwell writes.
You can read the full letter below.
A CISA spokesperson sent CyberScoop the following statement:
“During the Biden Administration, Rep. Swalwell had no issue with CISA performing duties outside of its statutory authority – including censorship, branding, and electioneering. Under the leadership of President Trump and Secretary Noem, CISA focused squarely on executing its statutory mission: serving as the national coordinator for securing and protecting U.S. critical infrastructure. CISA is delivering timely, actionable cyber threat intelligence, supporting federal, state, and local partners, and defending against both nation-state and criminal cyber threats.”
Update: October 18, 2025, 4:00 pm: This article has been updated with comment from CISA.
The post Swalwell seeks answers from CISA on workforce cuts appeared first on CyberScoop.
How much private and sensitive data can you get by pointing $600 worth of satellite equipment at the sky?
Quite a bit, it turns out.
Researchers from the University of Maryland and the University of California, San Diego say they were able to intercept sensitive data from the U.S. military, telecommunications firms, major businesses and organizations by passively scanning and collecting unencrypted data from the satellites responsible for beaming that information across the globe.
The satellites they focused on — geostationary satellites — provide modern high-speed communications and services to rural or remote parts of the globe, including television, IP communications, internet and in-flight Wi-Fi capabilities. They also provide backhaul internet services — the links between a core telecom or internet network and its end users — for private networks operating sensitive remote commercial and military equipment.
Using cheap, commercially available equipment, researchers scanned 39 satellites across 25 distinct longitudinal points over seven months.
The goal was to see how much sensitive data they could intercept by “passively scanning as many GEO transmissions from a single vantage point on Earth as possible.” It was also to prove that you don’t need to be a well-resourced foreign intelligence service or have deep pockets to pull it off.
What they found was unsettling: “Many organizations appear to treat satellite[s] as any other internal link in their private networks. Our study provides concrete evidence that network-layer encryption protocols like IPSec are far from standard on internal networks,” write authors Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman.
They note that “severity” of their findings suggest “many organizations do not routinely monitor the security of their own satellite communication links” and that content scrambling “is surprisingly unlikely to be used for private networks using GEO satellite to backhaul IP network traffic from remote areas.”
“Given that any individual with a clear view of the sky and $600 can set up their own GEO interception station from Earth, one would expect that GEO satellite links carrying sensitive commercial and government network traffic would use standardized link and/or network layer encryption to prevent eavesdroppers,” the researchers wrote.
Wired first reported on the academic study.
Researchers reached out to major businesses and organizations that were leaking data via satellite communications to notify them and address the vulnerabilities, but said they declined to engage in any bug bounties that included a nondisclosure agreement.
The researchers said discussions with the U.S. military, the Mexican government, T-Mobile, AT&T, IntelSat, Panasonic Avionics, WiBo and KPU all took place between December 2024 and July 2025 as the study was ongoing.
Satellites are outfitted with multiple transponders to collect different kinds of telemetry, and here the research focuses on a single type — Ku-Band transponders — that are heavily used for internet and television services. Using their consumer-grade equipment, the researchers were able to tap into 411 different transponders around the globe, collecting reams of sensitive data in the process.
They observed unencrypted data for T-Mobile users, including plaintext user SMS messages, voice call contents, user internet traffic, metadata, browsing history and cellular network signaling protocols, leaking out over the skies. Over a single, nine-hour listening session, the dish picked up phone numbers and metadata for 2,711 individuals. Similar leakages were spotted for calls over Mexican telecoms TelMex and WiBo, and Alaskan telecom KPU Telecommunications.
They also picked up unencrypted and encrypted traffic coming from U.S. military sea vessels, including plaintext that included the ships’ names — something the researchers said allowed them to determine they were all “formerly privately-owned ships” that are now owned by the government. Meanwhile, unencrypted HTTP traffic leaking out through the satellites gave them details into internal applications and systems used for infrastructure, logistics and administrative management.
The researchers say that while this kind of capability isn’t novel, previous research has suggested that only foreign governments and well-resourced companies have the capabilities to conduct such widespread monitoring. Their study, which developed a new way to parse through issues around signal quality, suggests that the barrier of entry is far lower than previously thought, requiring technical knowhow and just a few hundred dollars worth of commercial tech.
“To our knowledge, our threat model of using low-cost consumer grade satellite equipment to comprehensively survey GEO satellite usage has not been explored before in the academic literature.”
The findings underscore how much governments and businesses rely on standard satellite communications today to move their data around, and the lack of security attention these critical nodes receive compared to other technologies.The federal government has designated 16 sectors of society and industry as “critical infrastructure” and prioritized these sectors for additional security investment and assistance. Space is not one of those sectors, though policymakers have pushed the idea as a means to quickly retrofit our space-based communications for security.
The post Researchers find a startlingly cheap way to steal your secrets from space appeared first on CyberScoop.
Federal authorities seized 127,271 Bitcoin, valued at approximately $15 billion, from Chen Zhi, the alleged leader of a sprawling cybercrime network based in Cambodia, the Justice Department said Tuesday. Officials said it’s the largest financial seizure on record.
“Today’s action represents one of the most significant strikes ever against the global scourge of human trafficking and cyber-enabled financial fraud,” Attorney General Pamela Bondi said in a statement.
Officials said Chen, a 38-year-old United Kingdom and Cambodian national who has renounced his Chinese citizenship, built a business empire under the Prince Group umbrella headquartered in Phnom Penh, Cambodia, that constructs, operates and manages scam compounds that rely on human trafficking and modern-day slavery.
A criminal indictment against Chen was also unsealed in the U.S. District Court for the Eastern District of New York. He remains at large and the FBI is seeking information about his whereabouts. Chen faces up to 40 years in prison for his alleged crimes.
Chen is accused of founding and running Prince Group since 2015, resulting in a global expansion that has brought the cybercrime network’s operations to dozens of entities spanning more than 30 countries.
Officials said Chen was directly involved in managing the scam compounds and committed violence against people in the forced labor camps where schemes targeted victims around the world, including in the United States. One network based in Brooklyn, New York, scammed more than 250 people in New York and across the country out of millions of dollars, according to the indictment.
Authorities in the U.S. and U.K also imposed coordinated sanctions against the Prince Group’s cybercrime networks in Southeast Asia accused of long-running investment scams and money laundering operations.
Officials said the sanctions against people and organizations involved with the Prince Group transnational criminal organization and its severing of Huione Group from the U.S. financial system mark the most extensive action taken against cybercrime operations in the region to date.
“The rapid rise of transnational fraud has cost American citizens billions of dollars, with life savings wiped out in minutes,” Treasury Secretary Scott Bessent said in a statement.
The agency’s Office of Foreign Assets Control imposed sanctions on 146 people and organizations participating in Prince Group TCO, while the Financial Crimes Enforcement Network issued a rule under the USA PATRIOT Act to sever Cambodia-based financial services conglomerate Huione Group from the U.S. financial system.
OFAC also sanctioned a network of 117 illegitimate businesses affiliated with Prince Group. The agency published a complete list of people and entities sanctioned as part of the sweeping action.
Authorities said Prince Group is prolific and remains a dominant player in Cambodia’s scam economy, responsible for billions of dollars in illicit financial transactions. U.S. government officials estimate Americans lost more than $10 billion to Southeast Asia-based scam operations last year, noting that U.S. online investment scams surpass $16.6 billion.
Huione Group has allegedly laundered proceeds from cyberattacks initiated by North Korea and transnational criminal organizations in Southeast Asia responsible for virtual currency investment scams, authorities said. The organization laundered more than $4 billion in illicit proceeds between August 2021 and January 2025, the Treasury Department said.
The U.K.’s Foreign, Commonwealth, and Development Office also participated in the crackdown by imposing sanctions on Prince Holding Group, its alleged leader Chen and key associates.
“Today, the FBI and partners executed one of the largest financial fraud takedowns in history,” FBI Director Kash Patel said in a statement.
The post Officials crack down on Southeast Asia cybercrime networks, seize $15B appeared first on CyberScoop.
For more than a year, hackers from a Chinese state-backed espionage group maintained backdoor access to a popular software mapping tool by turning one of its own features into a webshell, according to new research from ReliaQuest.
In a report published Tuesday, researchers said that Flax Typhoon — a group that has been spying on entities in the U.S., Europe and Taiwan since at least 2021 — has had access for more than a year to a private ArcGIS server. To achieve and maintain that access, the group leveraged “an unusually clever attack chain” that allowed them to both blend in with normal traffic and maintain access even if the victim tried to restore their system from backups.
ArcGIS, made by Esri, is one of the most popular software programs for geospatial mapping and used widely by both private organizations and government agencies. Like many programs, however, it relies on backend servers and various other technical infrastructure to fully function.
For example, many ArcGIS users will use what is known as a Server Object Extension (SOE), which allows you to create service operations to extend the base functionality of map or image services” and implement custom code, according to ArcGIS documentation.
The attackers found a public-facing ArcGIS server connected to another private backend server used by the program to perform computations. They compromised a portal administrator account for the backend server and deployed a malicious extension, instructing the public-facing server to create a hidden directory to serve as the group’s “private workspace.” They also locked off access to others with a hardcoded key and maintained access long enough for the flaw to be included in the system’s backup files.
In doing so, the Chinese hackers effectively weaponized ArcGIS, turning it into a webshell to launch further attacks, and mostly did so using the software program’s own internal processes and functionality.
ReliaQuest researchers wrote that by structuring their requests to appear as routine system operations, they were able to evade detection tools, while the hardcoded key “prevented other attackers, or even curious admins, from tampering with its access.”
Infecting the backups, meanwhile, gave Flax Typhoon an insurance plan if their presence ultimately was discovered.
“By ensuring the compromised component was included in system backups, they turned the organization’s own recovery plan into a guaranteed method of reinfection,” ReliaQuest researchers claimed. “This tactic turns a safety net into a liability, meaning incident response teams must now treat backups not as failsafe, but as a potential vector for reinfection.”
This continues a consistent trend around Flax Typhoon’s behavior observed by researchers: the group’s propensity for quietly turning an organization’s own tools against itself rather than using sophisticated malware or exploits.
In 2023, Microsoft’s threat intelligence team detailed what it described as Flax Typhoon’s “distinctive” pattern of cyber-enabled espionage. The group was observed achieving long-term access to “dozens” of organizations in Taiwan “with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks.”
Earlier this year, the U.S. Treasury Department placed economic sanctions on Integrity Technology Group, a Beijing company the agency says has provided technical support and infrastructure for Flax Typhoon cyberattacks, including operating a massive botnet taken down by the FBI last year.
That may be why ReliaQuest researchers emphasized that the true threat revealed by their research isn’t about Esri or any specific vendor or their product. The real worry is that most enterprise software relies on the same kind of third-party applications and extensions that Flax Typhoon exploited to hijack an ArcGIS server. The same vulnerability exists wherever an external tool needs access that can be turned against the user when compromised.
“When a vendor has to rewrite its own security guidelines, it proves the flawed belief that customers treat every public-facing tool as a high-risk asset,” they wrote. “This attack is a wake-up call: Any entry point with backend access must be treated as a top-tier priority, no matter how routine or trusted.”
The post Flax Typhoon can turn your own software against you appeared first on CyberScoop.
The Trump administration wants your voter data.
Since President Donald Trump took office in January, the Department of Justice has made an ambitious effort to collect sensitive voter data from all 50 states, including information that one election expert described as “the holy trinity” of identity theft: Social Security numbers, driver’s license numbers and dates of birth.
In states where Trump’s party or allies control the levers of government, this information is handed over willingly. In states where they do not, the DOJ has formally asked, then threatened and then sued states that refuse. The department has also claimed many of these reluctant states are failing to properly maintain their voter registration rolls, and has pushed states to more aggressively remove potentially ineligible voters.
This week, Democrats in the House and Senate introduced new legislation that seeks to defang those efforts by raising the legal bar for states to purge voters based on several factors, such as inactivity or changing residency within the same state.
The Voter Purge Protection Act, introduced by Sen. Alex Padilla, D-Calif., and Rep. Joyce Beatty, D-Ohio, would amend the National Voter Registration Act to make it more difficult for states to kick large numbers of voters off their rolls for actions that Democrats — and many election officials — say are common, overwhelmingly benign and not indicative of voter fraud.
Padilla told reporters that the legislation would help ensure “that Americans cannot be stripped of their right to vote without proof that a voter has either passed away or has permanently moved out of their state.”
Voters targeted for removal must also be notified by election officials “so that there’s no surprise when they show up to vote on election day that their name is not on the list and it’s too late to address whatever the issue may or may not be,” Padilla said.
Beatty pointed to her home state, where Republican Secretary of State Frank LaRose removed more than 155,000 voters from active voter rolls in 2024, as an example where federal protections are needed. The primary factor for purging those voters were records showing they had not cast a ballot in an election for the past four years.
She claimed more than half of the voters who stand to be affected by similar purges in 2025 and 2026 are registered in counties where demographic minorities make up a majority of voters.
“Let me be clear: voting is not use-it-or-lose the right, because too often these so-called voter purges have silenced voices, people of color, people of low income communities, and even our seniors who have waited and fought for the right to vote,” Beatty said.
Meanwhile, a comprehensive post-election audit conducted by LaRose’s office in 2024 identified and referred 597 “apparent noncitizens” on state voter rolls to the state Attorney General for further review, out of 8 million state voters. Critically, 459 of those registered voters never cast an actual ballot, and similar audits performed by LaRose in 2019, 2021 and 2022 found that such people made up similarly miniscule percentages of all active registered voters in the state. Last month, his office put out a press release touting an additional 78 “apparent noncitizens” registered, 69 of whom had no evidence of voting.
“States have the responsibility to keep accurate voter rolls and ensure election integrity,” LaRose added. “In order to meet that responsibility, we need more access to data from the federal government. I will continue to push until we have the resources we need to do our jobs to the standard Ohioans deserve.”
As any state election official will tell you, voter registration lists are never static — every day, people die, get married (or divorced), take on different names, become naturalized citizens or experience a range of other life events that can impact their registration status or result in outdated information. Further, it’s not typically viewed as unusual or a sign of fraud when voters sparingly make use of their registration to vote, though most election experts endorse some level of database maintenance to remove inactive voters.
But it is often these discrepancies that get highlighted by Trump and state allies as evidence of unacceptably messy voter rolls that justify stricter removal policies.
And there are election officials — mostly in Republican-controlled states — who have embraced the philosophy that even small numbers of questionable registrations or voter fraud must be aggressively stamped out or it will lead to American voters losing faith in their democracy. LaRose and Georgia Republican Secretary of State Brad Raffensperger have long championed a similar approach to voter maintenance, and have called for Congress to pass laws making it easier for states to remove voters during election years.
“List maintenance is about election security and voter confidence,” Raffensperger said last month while announcing that approximately 146,000 Georgia voters would be moved to inactive voter rolls, including 80,754 voters who had moved to another county within the state. “We want every Georgian to have full faith in the system, knowing that our elections are free, fair — and fast.”
Critics have pointed out that states already have numerous, effective means for preventing mass voter registration or fraud that have been borne out by post-election audits finding very low instances of fraud, and that overly harsh policies around list maintenance can and do end up disenfranchising far more eligible voters than bad actors. Further, they argue against removing large numbers of voters without a robust follow-up process from states to give affected voters an opportunity to appeal or address any discrepancies that may affect their registration.
The bill has 22 Democratic co-sponsors in the Senate and 24 in the House but is unlikely to gain serious consideration under a Republican-controlled Congress, where most GOP members have long believed voter fraud is rampant and are broadly supportive of state and federal efforts to remove voters based on those same factors.
Asked by CyberScoop how Democrats would navigate that reality, Padilla said the legislation was part of a broader overall effort to push back on these efforts at all levels of constitutional governance. That includes states fighting to protect their constitutional role as administrators of elections when denying data requests from the federal government, within the court system as states and voting rights groups fight in court to block the administration’s use of the SAVE database as a pretext for voter removal, and through public awareness and politics.
Teeing up legislation to prevent states from potentially disenfranchising voters from spurious purges, he said, is part of asserting Congress’ constitutional role in a much broader fight about the way elections are run.
“We’re pushing back on it at every turn and calling attention to it, so that voters understand what they may be facing and make all the necessary preparations so that their right to vote is not denied, whether it’s in next year’s midterm elections or even other regular or special elections before then,” Padilla said.
The post Dems introduce bill to halt mass voter roll purges appeared first on CyberScoop.
A top Senate Democrat introduced legislation Thursday to extend and rename an expired information-sharing law, and make it retroactive to cover the lapse that began Oct. 1.
Michigan Sen. Gary Peters, the ranking member of the Homeland Security and Governmental Affairs Committee, introduced the Protecting America from Cyber Threats (PACT) Act, to replace the expired Cybersecurity and Information Sharing Act of 2015 (CISA 2015) that has provided liability protections for organizations that share cyber threat data with each other and the federal government. Industry groups and cyber professionals have called those protections vital, sometimes describing the 2015 law as the most successful cyber legislation ever passed.
The 2015 law shares an acronym with the Cybersecurity and Infrastructure Security Agency, which some Republicans — including the chairman of Peters’ panel, Rand Paul of Kentucky — have accused of engaging in social media censorship. As CISA 2015 has lapsed and Peters has tried to renew it, “some people think that’s a reauthorization of the agency,” Peters told reporters Thursday in explaining the new bill name.
“There are some of my Republican colleagues who have concerns about CISA as the agency, and I remind them, this is not about the agency,” he said. “It’s about … cybersecurity protections and the ability to have liability protections and to be able to share information. I’ve often heard the chair conflate the two, and I have to continually remind him.”
A House bill also would establish a different name.
Paul has objected to Peters’ attempts on the floor to extend CISA 2015. A shorter-term extension of the law was included in the House-passed continuing resolution to keep the government open, but that bill didn’t advance in the Senate, prompting a shutdown.
Peters’ latest bill, like earlier legislation he co-sponsored with Sen. Mike Rounds, R-S.D., would extend CISA 2015 for 10 years. He rejected the idea of trying to get a shorter-term extension until a longer-term extension could be passed.
“One thing that is very clear from all of the stakeholders is that they need long-term certainty when it comes to these protections, that you can’t operate with just a few-week-patch and then another few-week–patch,” Peters said. “That’s no way to run a business. That’s no way to run a sophisticated cybersecurity operation.”
Michael Daniel, leader of the Cyber Threat Alliance made up of cybersecurity companies, told CyberScoop that his organization hasn’t been affected by the lapse yet, but that’s partially because it’s an organization that was set up with the long term in mind, with a formalized structure that included information-sharing requirements for members.
The lapse might also not immediately affect other organizations, he said, comparing it to the risks of the government shutdown underway.
“An hour-long lapse doesn’t really do very much, but the longer it goes on, the more you have time for organizations to say, ‘Well, maybe we need to reconsider what we’re doing, maybe we need to think about it differently,’” Daniel said. “The longer it goes on, you start having questions about, ‘Maybe this thing won’t get reauthorized down the road.’ And once you start questioning the long-term prospects, that’s when people start making changes in their behavior.”
Peters said he’s heard from organizations becoming increasingly nervous about the expiration, but didn’t want to comment on whether any had stopped sharing because that’s “sensitive information, important information, and our adversaries should know as little about what’s happening as possible.”
Peters said he wouldn’t comment on his deliberations with Paul, or comment on Paul’s motives for objecting to his floor maneuvers. Paul cancelled a planned markup of his own version of CISA 2015 renewal legislation in September that included language on free-speech guarantees under CISA the agency, with a spokesperson saying Democrats had requested more time and were “not negotiating in good faith.”
Peters told reporters that claim was “absolutely false … the problem is not on our end.”
The revised Peters legislation doesn’t touch on the topic of free speech. Democrats and Republicans have blamed one another for the government shutdown.
“Firstly, this authority will be turned back on when Democrats, including the bill sponsor, vote to reopen the government,” said Gabrielle Lipsky, a spokesperson for Paul. “The Senator has made it clear that a longer-term reauthorization will need robust free speech protections included.”
Peters said he had spoken to Senate Majority Leader John Thune, R-S.D., about getting the bill through Senate procedures. He and Rounds have both been speaking with colleagues to gain backing. The Trump administration also has been lobbying senators to support a CISA 2015 reauthorization.
“I’m confident that if this bill gets to the floor for a vote, it will not only pass, it will pass overwhelmingly,” he said. “And that’s what we’re working to do.”
The post Sen. Peters tries another approach to extend expired cyber threat information-sharing law appeared first on CyberScoop.
Login