CT

Letter: Focus on Russia Takes Heat Off Multitude of Election Vulnerabilities

My letter, published in the Courant today:

Many Election Security Risks

The Sept. 6 article “U.S. Fears Russia Hack” [Page 1] provides an inflammatory view of the risks to U.S. elections. Focusing on one potential risk from our current enemy of choice takes the attention off the multitude of risks…
We can do much better in the long run, if the actual risks are not forgotten after November.

Highly Recommended: Hacking Elections Is Easy!

From the Institute for Critical Infrastructure Technology: Hacking Elections Is Easy <read>. It is the most layperson accessible comprehensive overview of the problems we face protecting our elections that I have seen in a long time.  It is 23 pages yet very readable.  The main points are:

  • We face multiple risks our elections:  Registration systems, voting systems, reporting systems, and ballot security.
  • We face risks from multiple actors: Nations with interests in manipulating our elections, corporations, U.S. Government agencies, sophisticated hackers, and insiders at all levels.
  • For the unsophisticated, Hacking Is Easy.  There are simple insider attacks, simple cyber attacks, and kits on the Internet to compromise results or simply disrupt elections.
  • Most election officials are of high integrity.  Yet, blind trust in all officials, machines, and that hacking is difficult is perhaps our greatest risk.

Just a couple excerpts from the Introduction:

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an APT could effortlessly exploit a national election and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces. Yes, hacking elections is easy…

Hack Pointless? Or State of Denial?

Earlier this week Secretary of the State Denise Merrill, ROVAC President Melissa Russell  and the Manchester CT Registrars of voters talked to NBC Connecticut.  We add some annotation to the transcript,  in [Brackets].

Even the machines used to digitally tabulate election results aren’t connected to the internet in cities and towns. Melissa Russell, a Bethlehem Registrar of Voters, with the Registrars of Voters Association of Connecticut reiterated the point that physical record keeping in Connecticut places the state at an advantage. [Not having voting systems connected to the Internet is definitely an advantage. Yet, not so much against local insider attacks, especially when local officials and their leaders are so confident (overconfident?)]

Local registrars, like Jim Stevenson and Tim Becker in Manchester, wonder what a hacker could really get from a hack of even a local election computer. [The answer, known for years is: Even skilled amateurs could change the result printed by the scanner.  One method is the widely know Hursti Hack. UConn has articulated others.  We are left to wonder why NBC did not interview anyone with expertise to answer the registrars questions. ]

Report: Secret Ballot At Risk

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

NPV Note: Trump and Hillary visit Connecticut

Donald Trump is visiting Connecticut tonight at Sacred Heart University in Fairfield, while Hillary is visiting Greenwich on Monday for a fundraiser <read>

This provides a great opportunity to discuss a couple of points often touted in favor of the National Popular Vote.

  • That presidential candidates will never campaign in Connecticut until we have a national popular vote.
  • That candidates only come to Connecticut to take money out of the state.
  • And apparently we would benefit from the money they would spend here.

What Could Elections Officials Learn From the Delta Airlines Outage

  • System failures are generally explained away as accidents, usually unique and isolated ones.
  • Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.
  • If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county,  and local systems be expected to be reliable?

Connecticut is not the pick of the litter here, as we said last April:

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

 

Warning: 15 states without paper records, half without audits

A Computer World article reminds us how much more there is to go to achieve verifiable, evidence based elections:  A hackable election? 5 things to know about e-voting <read>

Voting results are “ripe for manipulation,” [Security Researcher Joe] Kiniry added.

Hacking an election would be more of a social and political challenge than a technical one, he said. “You’d have a medium-sized conspiracy in order to achieve such a goal.”

While most states have auditable voting systems, only about half the states conduct post-election audits, added Pamela Smith, president of Verified Voting.

Let us not forget that even states, like Connecticut, with post-election audits have a long way to go in making the audits sufficient to assure that election results are correct or confidence that incorrect results would be reversed.

Online Voting Is Risky, Riskier than Online Banking

My letter to the Hartford Courant today.

To the Editor,

The article in the Sunday July, 10 Smarter Living Section, “Democracy in The Digital Age”, is a one-sided disservice to readers. The article, abbreviated from Consumer Reports original, provides a one-sided case for online voting.  The article quotes the CEO of a company selling online voting at a huge expense to governments around the world.  She touts the benefits without detailing the risks.  The system she touts as secure, has never been proven secure. It has never been subjected to a public security test.  Unlike the printed version, the original article at Consumer Reports details the risks of online voting…

The web: Hardly ready for Internet voting.

So many articles this week demonstrating that the web is not safe for voting. Especially when in the hands of under-resourced government agencies and political parties. (It is also unsafe in the hands of fully-resourced governments and cyber-experts.)

 

  • Singapore plans to take its Government offline.
  • Then we have an above average size government agency that cannot create a safe voter registration system.
  • Meanwhile the party that allows overseas voters to participate in its primaries via Internet voting has its own problems.

As CTVotersCount readers know, Internet voting should not be compared to a normal application. Its not like the risk of copying some public information, information that should be public, stealing a few million from a bank. Its about billions in government spending, changing election results and covering that up.

Another example of a transparent, evidence-based vote

 

Last week I spent a morning in New London’s historic Town Hall observing a post-election audit. I noticed this interesting device. Can you explain it, without reading further?

Page 3 of 6212345...102030...Last »