Overnight Cybersecurity: Trump reportedly briefed on Russian ties to hacks | Watchdogs sue over surveillance | Lawmakers dig into election hack threat

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–YESTERDAY MIGHT NOT HAVE BEEN SO BAD. Lawmakers and officials are turning their attention to the threat of election hacks, but how serious is the threat?

“Pieces of our voter system are vulnerable, but it’s really hard,” said Rep. Will Hurd (R-Texas), summarizing the challenge lawmakers and officials face over election hacking at a Wednesday hearing of his House Oversight Subcommittee on IT.

{mosads}FBI head James Comey also discussed election hack threats in front of the House Judiciary Committee on Wednesday. “There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August,” he said.

Those comments could give the impression that the United States is only 40 days away from a presidential election being stolen. One recent headline cited a Princeton professor saying it was possible someone might steal this year’s elections.

–HOLD ON. But the four other witnesses at Hurd’s hearing Wednesday said it was profoundly unlikely the election could be hacked. As witnesses noted, one of the best protections the voting system has is that voting machines are not physically connected to each other or the internet and that there are many of them. That means, for the most part, hackers need physical access to each machine for it to be compromised. There are exceptions. Princeton professor and voting machine hacking expert Andrew W. Appel noted that the AccuVote machines Georgia uses can spread viruses to each other by infecting ballot definition cartridges that get carried from machine to machine.

–COMEY SOUNDS SCARIER THAN HE IS. Other experts also downplayed Comey’s talk about foreign actors scanning for vulnerabilities.

“There is also wide speculation around the current ‘probing’ activity directed at online voter registration sites. In isolation, this might seem alarming. However, all online systems are ‘probed’ all the time. Automated and routine vulnerability scans of internet assets is a normal part of online weather, is sourced from all over the world, and is well understood by experienced IT security practitioners,” said Tod Beardsley, senior research manager at the security firm Rapid7.

Probing of voter registration websites is a considerable threat to privacy and could even lead to hacks of voter rolls. But as the witnesses noted, there is still no direct way to change votes via voter registration websites.

–NONE OF THIS MEANS ELECTIONS ARE PERFECT. But there could be more legitimacy to concerns about local election. While its tough to alter a national election, local elections can be determined by relatively few votes. And, as Norden mentioned, there are other concerns for voting machines than being hacked. Fewer than 10 states have machines that are not at pushing at least 10-years old, the end of the lifespan for voting machines not given careful maintenance. Norden said that, in interviews with elections officials, some mentioned having to go to eBay to find replacement parts for even minor repairs, like replacing an ink cartridge. Many of the officials who would like to update machines do not know where the money would come from.

A LIGHTER CLICK:

–GO HOME. TAKE A NAP. We weren’t up as late as we thought we would be last night, but it was still a late night. No one has time for giggles.

A LAWSUIT IN FOCUS:

–STOP THAT. Ten privacy watchdog groups sued the U.S. and its closest allies in bulk surveillance practices for violating the European Convention on Human Rights.

The suit pits civil liberties advocates from the U.S., Egypt, Ireland and Canada as will as international groups like Amnesty International against the U.S., Australia, Canada, New Zealand and United Kingdom.

The privacy groups allege that bulk surveillance violates the Convention’s right to privacy because the U.K.-based wing of the program does not implement adequate safeguards.

In the filing, the groups cite European Advocate General Saugmandsgaard Øe quoting James Madison to describe the need for adequate safeguards.

“If men were angels, no government would be necessary. If angels were to govern men, neither internal nor external controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself,” they wrote.

The brief also contains an apology for its abnormal length, 115 pages, saying that the size was needed to address allegations made in a similarly long government filing.

To read our full piece, click here.

WHO’S IN THE SPOTLIGHT:

–DONALD TRUMP. (AGAIN.) (SORRY.) Intelligence officials told the Republican nominee that they had “high confidence” that Russia was behind the hacks of several Democratic organizations, including the Democratic National Committee (DNC). That briefing reportedly came before he said during the first presidential debate of 2016 that no one knew Moscow was involved.

After Democratic nominee Hillary Clinton said during the debate that Russia perpetrated the attacks, Trump said he was not certain.

“She’s saying, ‘Russia, Russia, Russia,’ but I don’t know. Maybe it was. It could be Russia, but it could also be China. It could also be lots of other people. It could also be someone sitting on their bed that weighs 400 pounds,” Trump said.

It is widely believed in the intelligence community that Russia was behind the attacks. More than a year ago, officials briefed members of Congress that Russia was trying to attack Democratic groups. Later, officials warned the groups they were likely to be under attack, although they omitted crucial details to preserve active intelligence-gathering operations.

To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The State Department has agreed to process thousands of pages of Hillary Clinton’s deleted emails that were recovered by the FBI in time for the general elections. (The Hill)

The top antitrust regulator in the European Union said on Thursday that officials are weighing whether to more heavily factor the acquisition of data into the way it vets mergers. (The Hill)

You can now make $1.5 million for jailbreaking an iPhone. (Motherboard)

U.S. officials are increasingly confident that Guccifer 2.0 is part of a network of individuals and groups kept at arm’s length by Russia to mask its involvement in cyber intrusions. (The Wall Street Journal)