By Luther Weeks on September 8, 2016
My letter, published in the Courant today:
Many Election Security Risks
The Sept. 6 article “U.S. Fears Russia Hack” [Page 1] provides an inflammatory view of the risks to U.S. elections. Focusing on one potential risk from our current enemy of choice takes the attention off the multitude of risks…
We can do much better in the long run, if the actual risks are not forgotten after November.
Posted in CT, Electronic Vulnerability, National
By Luther Weeks on September 6, 2016
From the Institute for Critical Infrastructure Technology: Hacking Elections Is Easy <read>. It is the most layperson accessible comprehensive overview of the problems we face protecting our elections that I have seen in a long time. It is 23 pages yet very readable. The main points are:
- We face multiple risks our elections: Registration systems, voting systems, reporting systems, and ballot security.
- We face risks from multiple actors: Nations with interests in manipulating our elections, corporations, U.S. Government agencies, sophisticated hackers, and insiders at all levels.
- For the unsophisticated, Hacking Is Easy. There are simple insider attacks, simple cyber attacks, and kits on the Internet to compromise results or simply disrupt elections.
- Most election officials are of high integrity. Yet, blind trust in all officials, machines, and that hacking is difficult is perhaps our greatest risk.
Just a couple excerpts from the Introduction:
To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an APT could effortlessly exploit a national election and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces. Yes, hacking elections is easy…
Posted in CT, Electronic Vulnerability, National, Reports
By Luther Weeks on September 2, 2016
Earlier this week Secretary of the State Denise Merrill, ROVAC President Melissa Russell and the Manchester CT Registrars of voters talked to NBC Connecticut. We add some annotation to the transcript, in [Brackets].
Even the machines used to digitally tabulate election results aren’t connected to the internet in cities and towns. Melissa Russell, a Bethlehem Registrar of Voters, with the Registrars of Voters Association of Connecticut reiterated the point that physical record keeping in Connecticut places the state at an advantage. [Not having voting systems connected to the Internet is definitely an advantage. Yet, not so much against local insider attacks, especially when local officials and their leaders are so confident (overconfident?)]
Local registrars, like Jim Stevenson and Tim Becker in Manchester, wonder what a hacker could really get from a hack of even a local election computer. [The answer, known for years is: Even skilled amateurs could change the result printed by the scanner. One method is the widely know Hursti Hack. UConn has articulated others. We are left to wonder why NBC did not interview anyone with expertise to answer the registrars questions. ]
Posted in CT, Electronic Vulnerability, Internet Security Issues
By Luther Weeks on August 28, 2016
We hear from Richard Clarke, President Obama, Pam Smith, and Secretary of the State Denise Merrill. We annotate Denise Merrill’s recent press conference.
Posted in CT Law, Electronic Vulnerability, Internet Voting, Mail/Absentee Voting
By Luther Weeks on August 22, 2016
A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>
We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.
Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth. Nor does it cover the risks to the secret ballot posed by absentee voting.
Posted in CT, CT Law, Electronic Vulnerability, Reports, Skulduggery and Errors
By Luther Weeks on August 17, 2016
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, by Kim Zetter covers in detail the discovery, exposure, and detailing of the Stuxnet virus. It is a fascinating, educational, and important read. Relevant to anyone interested in cyber security, war, foreign affairs, and election integrity. There is also a new documentary, ZER0DAYS.
I read the book and then watched the movie. I recommend the book over the documentary, although it is complementary. The book covers Stuxnet and its discovery in much more detail. Yet, the book is accessible to everyone. After reading the book, even the non-technical reader, will have an understanding of what Stuxnet could do, its wider implications for security, and foreign affairs. I am not convinced those that watch the movie will have an anywhere equivalent understanding.
Posted in Electronic Vulnerability
By Luther Weeks on August 11, 2016
- System failures are generally explained away as accidents, usually unique and isolated ones.
- Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.
- If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county, and local systems be expected to be reliable?
Connecticut is not the pick of the litter here, as we said last April:
We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.
Posted in CT, Electronic Vulnerability
By Luther Weeks on August 6, 2016
Apparently Donald Trump and the media have done in a few days what computer scientists, security experts, and voting integrity advocates have failed at for at least sixteen years: Excite the public about the dangers of electronic voting.
Apparently the threat of a sophisticated Russian hack is more threatening that an election being taken by the equivalent of amateur electronic ballot stuffing.
There are a lot of articles we could site, but one of the most comprehensive comes from Politico Magazine. It is written from the prospective of Princeton researchers, with lots of history and articulated concerns, with relatively little red baiting. How To Hack An Election In 7 Minutes
Posted in Electronic Vulnerability, Internet Security Issues
By Luther Weeks on July 31, 2016
Did Russia hack the DNC, DCCC, and Hillary’s Campaign. And does it only matter who the hackers are?
With little disclosed evidence, the prime story has been the question of who hacked the sites. That is an important aspect of the news, yet there are other important issues obscured, perhaps intentionally by the focus on that one aspect of the hacks.
Posted in Electronic Vulnerability, Internet Security Issues, National
By Luther Weeks on June 21, 2016
Down for the Count: Dirty Elections and the Rotten History of Democracy in America
by Andrew Gumbel. An updated version of Gumbel’s earlier Steal This Vote. A lot has happened in 12 years!
I highly recommend, for an overview of the history of voting issues in the United States.. I can add a small caveat the to the description on Amazon:
Down for the Count explores the tawdry history of elections in the United States—a chronicle of votes bought, stolen, suppressed, lost, miscounted, thrown into rivers, and litigated up to the U.S. Supreme Court—and uses it to explain why we are now experiencing the biggest backslide in voting rights in more than a century…
Posted in Electronic Vulnerability, National, Skulduggery and Errors
