Microsoft expands security offerings to election officials

Microsoft announced Thursday it is expanding its cybersecurity offerings to state and local election officials, including access to a free service that offers threat detection on email or other accounts, and specialized services from the company’s incident-response group.

The announcement is part of Microsoft’s two-year-old Defending Democracy Program, a suite of election-security products that the company has been providing to campaigns and officials in both the United States and abroad. The first offering announced Thursday gives state and local officials — as well as members of Congress and their staffs — access to AccountGuard, a service that alerts users of Microsoft’s Outlook and Hotmail email platforms or its Office 365 suite of productivity applications if their accounts are threatened or compromised by hackers known to be associated with a foreign government.

Previously, AccountGuard, which was introduced in 2018, was only available to campaigns, political parties and some nonprofit organizations.

Microsoft said the move was brought on in part by the novel coronavirus pandemic, which has upended elections in the United States and elsewhere.

“Democracies were already facing adversaries intent on using cyberattacks to disrupt our elections and democratic processes,” Jan Neutze, the head of Microsoft’s Cybersecurity & Democracy team, wrote in a blog post. “Now, as the world battles the COVID-19 pandemic, we have seen, and others have reported, that nation states and cybercriminals are taking advantage of the crisis by using virus-themed phishing attacks and other techniques to attack critical institutions. We must assume they will use these techniques to target our elections as well.”

Microsoft also said it will make members of its Detection and Response Team, or DART, its incident-response group, available to election officials at discounted rates through a program the company’s calling “Election Security Advisors.” Cybersecurity, including functions like incident response and forensics, accounted for more than half of states’ expenditures with the $380 million that the U.S. Election Assistance Commission awarded in 2018. More spending is expected following another $425 million grant round approved in a federal spending package approved last December, and $400 million that was included in last week’s emergency relief act.

Additionally, Microsoft on Thursday also issued a set of recommendations that election officials should adopt as they adjust their procedures to the COVID-19 public health crisis, which has already led to several states postponing primary elections and expanding the use of absentee and mail-in ballots to avoid voters clustering at polling places at a time when people are being urged to stay at home. Microsoft’s paper endorsed those moves, and also suggested other measures states can use to continue the democratic process even if in-person voting is discouraged.

In particular, the company recommended that the handful of states that still require voters to cite a specific excuse — such as illness or travel — to obtain an absentee ballot request drop those restrictions. (One of those states, West Virginia, said that voters can now list public health advisories against large crowds as a valid reason to get an absentee ballot in the state’s upcoming primary.)

The paper said states should also make it easier in general for voters to get absentee ballots by allowing people to request them online. While absentee applications in every state can be downloaded to be printed out and physically mailed — or scanned and emailed — back to local election authorities, just nine states and the District of Columbia allow their voters to submit their requests electronically without needing to print physical documents. On Thursday, for example, a StateScoop reporter requested an absentee ballot for D.C.’s June 2 primary by filling out a form on a mobile app and signing it digitally with his fingertip — with the ballot itself being mailed to the reporter’s residence.

“Ensuring additional methods of voting are available in times of a global pandemic and improving the security and trustworthiness of elections cannot be solved by the public or private sector acting alone,” the Microsoft paper reads. “In a time where unprecedented public health challenges, as well as sophisticated nation-state actors have the potential to disrupt elections, all stakeholders must work together in new ways to protect our core democratic processes.”