Internet Security Issues

A Year After, Our Elections Aren’t Much More Secure

From Buzzfeed’s Cyber Security Correspondent, Kevin Collier:  A Year After Trump’s Victory, Our Elections Aren’t Much More Secure

But the focus on how Facebook and Twitter were used to sow division in the US electorate has diverted attention from one of the weakest spots in the system: … a simple cyberattack can be effective against weak infrastructure and unprepared IT workers. Whether that can be fixed by 2018 or even 2020 is an open question…

“We’re not doing very well,” Alex Halderman, a renowned election security expert, told BuzzFeed News. “Most of the problems that existed in 2016 are as bad or worse now, and in fact unless there is some action at a national policy level, I don’t expect things will change very much before the 2018 election.”

Samantha Bee: The Matrix has your vote

Election hacking, especially the risks in Georgia explained to Samantha Bee.

Just a step in the right direction: Merrill meets with Homeland Security

“Yesterday, along with representatives from the state’s information technology and public safety departments, I met with regional officials from the United States Department of Homeland Security to discuss how we can work together to ensure that Connecticut elections are safe from outside interference or manipulation. We had a productive meeting and I look forward to working together in the months and years to come to protect our elections, the bedrock of our democracy.” – Denise Merrill, Connecticut Secretary of the State

We applaud this step in the right direction.  Last year as leader of the National Association of Secretaries of State, Merrill opposed the designation of elections as critical infrastructure, leading in expressing the concern for a Federal take-over of elections. We were critical of that stand then and remain so.

In our opinion this is just a step. There are several aspects to election security/integrity that should be addressed,. This  step may assist in those that are under direct control of the of the the State, yet less so those under local control.

Beware of the Watchdog that does not bark any details

NYTimes story that justifies our skepticism on NC ePollbook story:  In Election Interference, Its What Reporters Didn’t Find That Matters

Among other things, we learned that intelligence agencies had intentionally worded their conclusions to specifically address “vote tallying,” not the back-end election systems—conclusions that were not even based on any in-depth investigation of the state election systems or the machines themselves, but on the accounts of American spies and digital intercepts of Russian communications, as well as on assessments by the Department of Homeland Security—which were largely superficial and not based on any in-depth investigation of the state electionsystems or machines themselves.

As we said in our earlier post: See No Evil, Find No Monkey Business, ePollbook Edition

the simple case is that we now have no reason to trust the claim that it was all a simple software error, that the Federal and State Governments were actually protecting us.

If [Connecticut] Voting Machines Were Hacked, Would Anyone Know?

NPR story by Pam Fessler:  If Voting Machines Were Hacked, Would Anyone Know?   Fessler quotes several experts and election officials including Connecticut Assistant Secretary of the State Peggy Reeves:

Still, Connecticut Election Director Peggy Reeves told a National Academies of Sciences, Engineering, and Medicine panel on Monday that many local election officials are ill-equipped to handle cybersecurity threats.

“Many of our towns actually have no local IT support,” she said. “Seriously, they don’t have an IT director in their town. They might have a consultant that they call on if they have an issue. So they look to us, but we’re a pretty small division.”

Reeves said the best protection against hackers is probably the fact that the nation’s voting system isso decentralized, with different processes and equipment used in thousands of different locations.

We certainly agree with that and the cybersecurity experts quoted.

Amid Charges Russia Hacked U.S. Election, Keith Alexander Encourages eVoting for Canada

Former NSA Chief and now CEO cyber security contractor says Canada needs more cyber security, cyber weapons,  and should deploy electronic voting:  Don’t let cyberattack threat deter Canada from online voting, says former head of NSA

foreign interference that may have influenced the U.S. election should not deter Canada and other countries from embracing online voting, says the former head of the U.S. National Security Agency.

Retired U.S. general Keith Alexander, speaking at a defence industry trade show in Ottawa, also said it is important the Canadian military have some kind of offensive cyber capacity, even if that ability is limited.

There is no going back to a manual voting system, Alexander said in an interview with CBC News following his remarks to defence contractors, in which he warned that both government and private sector networks are vulnerable to a rising tide of “destructive” cyberattacks…

The U.S. experience is something to learn from, he said, but it should not make countries like Canada leery of e-voting.

Dr. Harri Hursti addresses the potential for Russian election attacks

Dr. Harri Hursti is a respected international expert on electronic security, especially electronic voting.  In a recent interview he addressed  the risks and chances of correctly attributing the source of attacks, specifically focusing on Russia.

What do you think of the news that a member of Congress says there is “no doubt” that Russia is behind recent attacks on state election systems

The article makes several dangerous assumptions about the security of elections and election systems. Representative Adam Schiff said he doubted (Russians) could falsify a vote tally in a way that effects the election outcome. He also said outdated election systems makes this unlikely, but really, it just makes it easier. The voting machines were designed at a time when security wasn’t considered, included, or part of the specifications at all.

A Meeting, A Hearing, and Lots of Nonsense

In the last two weeks there was a meeting of the Election Assistance Commission (EAC) and a hearing of the House Science and Technology Committee on “Cyber and Voting Machine Attacks”.  In total there were seven “experts” giving their opinions along with many of the committee members giving theirs. For the most part, solid facts and reason were missing.  The general plan seemed to be officials going overboard in reassuring the public.

Hack Pointless? Or State of Denial?

Earlier this week Secretary of the State Denise Merrill, ROVAC President Melissa Russell  and the Manchester CT Registrars of voters talked to NBC Connecticut.  We add some annotation to the transcript,  in [Brackets].

Even the machines used to digitally tabulate election results aren’t connected to the internet in cities and towns. Melissa Russell, a Bethlehem Registrar of Voters, with the Registrars of Voters Association of Connecticut reiterated the point that physical record keeping in Connecticut places the state at an advantage. [Not having voting systems connected to the Internet is definitely an advantage. Yet, not so much against local insider attacks, especially when local officials and their leaders are so confident (overconfident?)]

Local registrars, like Jim Stevenson and Tim Becker in Manchester, wonder what a hacker could really get from a hack of even a local election computer. [The answer, known for years is: Even skilled amateurs could change the result printed by the scanner.  One method is the widely know Hursti Hack. UConn has articulated others.  We are left to wonder why NBC did not interview anyone with expertise to answer the registrars questions. ]

How to excite the public about electronic voting: “Russia Might Hack an Election”

Apparently Donald Trump and the media have done in a few days what computer scientists, security experts, and voting integrity advocates have failed at for at least sixteen years:  Excite the public about the dangers of electronic voting.

Apparently the threat of a sophisticated Russian hack is more threatening that an election being taken by the equivalent of amateur electronic ballot stuffing.

There are a lot of articles we could site, but one of the most comprehensive comes from Politico Magazine.  It is written from the prospective of Princeton researchers, with lots of history and articulated concerns, with relatively little red baiting.  How To Hack An Election In 7 Minutes

Page 1 of 712345...Last »