Internet Security Issues

Dr. Harri Hursti addresses the potential for Russian election attacks

Dr. Harri Hursti is a respected international expert on electronic security, especially electronic voting.  In a recent interview he addressed  the risks and chances of correctly attributing the source of attacks, specifically focusing on Russia.

What do you think of the news that a member of Congress says there is “no doubt” that Russia is behind recent attacks on state election systems

The article makes several dangerous assumptions about the security of elections and election systems. Representative Adam Schiff said he doubted (Russians) could falsify a vote tally in a way that effects the election outcome. He also said outdated election systems makes this unlikely, but really, it just makes it easier. The voting machines were designed at a time when security wasn’t considered, included, or part of the specifications at all.

A Meeting, A Hearing, and Lots of Nonsense

In the last two weeks there was a meeting of the Election Assistance Commission (EAC) and a hearing of the House Science and Technology Committee on “Cyber and Voting Machine Attacks”.  In total there were seven “experts” giving their opinions along with many of the committee members giving theirs. For the most part, solid facts and reason were missing.  The general plan seemed to be officials going overboard in reassuring the public.

Hack Pointless? Or State of Denial?

Earlier this week Secretary of the State Denise Merrill, ROVAC President Melissa Russell  and the Manchester CT Registrars of voters talked to NBC Connecticut.  We add some annotation to the transcript,  in [Brackets].

Even the machines used to digitally tabulate election results aren’t connected to the internet in cities and towns. Melissa Russell, a Bethlehem Registrar of Voters, with the Registrars of Voters Association of Connecticut reiterated the point that physical record keeping in Connecticut places the state at an advantage. [Not having voting systems connected to the Internet is definitely an advantage. Yet, not so much against local insider attacks, especially when local officials and their leaders are so confident (overconfident?)]

Local registrars, like Jim Stevenson and Tim Becker in Manchester, wonder what a hacker could really get from a hack of even a local election computer. [The answer, known for years is: Even skilled amateurs could change the result printed by the scanner.  One method is the widely know Hursti Hack. UConn has articulated others.  We are left to wonder why NBC did not interview anyone with expertise to answer the registrars questions. ]

How to excite the public about electronic voting: “Russia Might Hack an Election”

Apparently Donald Trump and the media have done in a few days what computer scientists, security experts, and voting integrity advocates have failed at for at least sixteen years:  Excite the public about the dangers of electronic voting.

Apparently the threat of a sophisticated Russian hack is more threatening that an election being taken by the equivalent of amateur electronic ballot stuffing.

There are a lot of articles we could site, but one of the most comprehensive comes from Politico Magazine.  It is written from the prospective of Princeton researchers, with lots of history and articulated concerns, with relatively little red baiting.  How To Hack An Election In 7 Minutes

If Russia hacked the DNC? What me worry?

Did Russia hack the DNC, DCCC, and Hillary’s Campaign.  And does it only matter who the hackers are?

With little disclosed evidence, the prime story has been the question of who hacked the sites.  That is an important aspect of the news, yet there are other important issues obscured, perhaps intentionally by the focus on that one aspect of the hacks.

Online Voting Is Risky, Riskier than Online Banking

My letter to the Hartford Courant today.

To the Editor,

The article in the Sunday July, 10 Smarter Living Section, “Democracy in The Digital Age”, is a one-sided disservice to readers. The article, abbreviated from Consumer Reports original, provides a one-sided case for online voting.  The article quotes the CEO of a company selling online voting at a huge expense to governments around the world.  She touts the benefits without detailing the risks.  The system she touts as secure, has never been proven secure. It has never been subjected to a public security test.  Unlike the printed version, the original article at Consumer Reports details the risks of online voting…

If they fear Internet privacy and security, why would they vote that way?

A new government survey highlights the consequences of Internet insecurity.  From the Washington Post: Why a staggering number of Americans have stopped using the Internet the way they used to <read>

Nearly one in two Internet users say privacy and security concerns have now stopped them from doing basic things online — such as posting to social networks, expressing opinions in forums or even buying things from websites, according to a new government survey released Friday…

The research suggests some consumers are reaching a tipping point where they feel they can no longer trust using the Internet for everyday activities…

Connecticut Makes National Short List – Embarrassing

Yesterday the Connecticut Online Voter Registration System was down for the morning.  Reminiscent of last fall when the system was down for most of the last day local election officials had to print voter lists for polling places in the November election.

Last week Reuters covered a study of cybersecurity and Connecticut was cited as one of the weakest states. It also cited the U.S. Government as worse than most U.S. Corporations.

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

Safe as an ostrich, from cyber attack.

Imagine no Internet for a few weeks. Imagine if that is because there is no power grid. CNN.Money: Cyber-Safe: How Corporate America keeps huge hacks secret

The backbone of America — banks, oil and gas suppliers, the energy grid — is under constant attack by hackers.

But the biggest cyberattacks, the ones that can blow up chemical tanks and burst dams, are kept secret by a law that shields U.S. corporations. They’re kept in the dark forever.

Will encryption save us? No, “It’s Saturday Night!”

Last Saturday, some may have been channel surfing and mistakenly thought they were watching Saturday Night Live.  As one the 2% of voters spending last Saturday night intentionally watching the debate between the Democratic candidates and two ABC hosts, I was not the only one that noticed the flaws in one candidate’s claims for encryption that went unchallenged.

Fortunately, Jenna McLaughlin of The Intercept articulates the issues and the faulty assumptions of candidates and pundits: Democratic Debate Spawns Fantasy Talk on Encryption <read>

During Saturday’s debate, Democratic presidential frontrunner Hillary Clinton said the U.S. should commission a “Manhattan-like project,” a reference to the secret World War II-era atomic bomb endeavor, to address the alleged threat encryption poses to law enforcement. She also admitted she doesn’t actually understand the technology.

Page 1 of 612345...Last »