Categories
Arizona Election Security Intelwars Testimony

Bombshell testimony out of Arizona raises more questions about election security

Steven gives a recap of the most important allegations leveled in yesterday’s marathon hearing on Arizona main-in ballot concerns. He later covers what appears to be a striking flip-flop on election security since 2016.

Use promo code LWC to save $10 on one year of BlazeTV.

Want more from Steven Crowder?

To enjoy more of Steven’s uncensored late-night comedy that’s actually funny, join Mug Club — the only place for all of Crowder uncensored and on demand.

Share
Categories
Commentary Election Security Intelwars Security

Elections Are Partisan Affairs. Election Security Isn’t.

An Open Letter on Election Security

Voting is the cornerstone of our democracy. And since computers are deeply involved in all segments of voting at this point, computer security is vital to the protection of this fundamental right.  Everyone needs to be able to trust that the critical infrastructure systems we rely upon to safeguard our votes are defended, that problems are transparently identified, assessed and addressed, and that misinformation about election security is quickly and effectively refuted.  

While the work is not finished, we have made progress in making our elections more secure, and ensuring that problems are found and corrected. Paper ballots and risk-limiting audits have become more common.  Voting security experts have made great strides in moving elections to a more robust system that relies less on the hope of perfect software and systems.

This requires keeping partisan politics away from cybersecurity issues arising from elections. Obviously elections themselves are partisan. But the machinery of them should not be.  And the transparent assessment of potential problems or the assessment of allegations of security failure—even when they could affect the outcome of an election—must be free of partisan pressures.  Bottom line: election security officials and computer security experts must be able to do their jobs without fear of retribution for finding and publicly stating the truth about the security and integrity of the election. 

We are profoundly disturbed by reports that the White House is pressuring Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), to change CISA’s reports on election security. This comes just after Bryan Ware, assistant director for cybersecurity at CISA, resigned at the White House’s request. Director Krebs has said he expects to be fired but has refused to join the effort to cast doubt on the systems in place to support election technology and the election officials who run it. Instead, CISA published a joint statement renouncing “unfounded claims and opportunities for misinformation about the process of our elections.”  The White House pressure threatens to introduce partisanship, and unfounded allegations, into the expert, nonpartisan, evaluation of election security. 

We urge the White House to reverse course and support election security and the processes and people necessary to safeguard our vote.  

Signed,

(Organizations and companies)

Electronic Frontier Foundation

Bugcrowd

Center for Democracy & Technology

Disclose.io

ICS Village

SCYTHE, Inc.

Verified Voting

(Affiliations are for identification purposes only; listed alphabetically by surname.)

William T. Adler, Senior Technologist, Elections & Democracy, Center for Democracy & Technology
Matt Blaze, McDevitt Chair of Computer Science and Law, Georgetown University
Jeff Bleich, U.S. Ambassador to Australia (ret.)
Jake Braun, Executive Director, University of Chicago Harris Cyber Policy Initiative
Graham Brookie, Director and Managing Editor, Digital Forensic Research Lab, The Atlantic Council
Emerson T. Brooking, Resident Fellow, Digital Forensic Research Lab of the Atlantic Council.
Duncan Buell, NCR Professor of Computer Science and Engineering, University of South Carolina
Jack Cable, Independent Security Researcher.
Joel Cardella, Director, Product & Software Security, Thermo Fisher Scientific
Stephen Checkoway, Assistant Professor of Computer Science, Oberlin College
Casey Ellis, Chairman/Founder/CTO, Bugcrowd
Larry Diamond, Senior Fellow, Hoover Institution and Principal Investigator, Global Digital Policy Incubator, Stanford University
Renée DiResta, Research Manager, Stanford Internet Observatory
Michael Fischer, Professor of Computer Science, Yale University
Camille François, Chief Innovation Officer, Graphika
The Gruqq, Independent Security Researcher
Joseph Lorenzo Hall, Senior Vice President for a Strong Internet at The Internet Society (ISOC)
Candice Hoke, Founding Co-Director, Center for Cybersecurity & Privacy Protection, Cleveland State University
David Jefferson, Computer Scientist, Lawrence Livermore National Laboratory (retired)
Douglas W. Jones, Associate Professor of Computer Science, University of Iowa
Lou Katz, Commissioner, Oakland Privacy Advisory Commission
Joseph Kiniry, Principal Scientist, Galois, CEO and Chief Scientist, Free & Fair
Katie Moussouris, CEO, LutaSecurity
Peter G. Neumann, Chief Scientist, SRI International Computer Science Lab
Marc Rogers, Director of Cybersecurity, Okta
Aviel D. Rubin, Professor of Computer Science, Johns Hopkins University
John E. Savage, An Wang Emeritus Professor of Computer Science, Brown University
Bruce Schneier, Cyber Project Fellow and Lecturer, Harvard Kennedy School
Alex Stamos, Director, Stanford Internet Observatory
Philip B. Stark, Associate Dean, Mathematical and Physical Sciences, University of California, Berkeley
Camille Stewart, Cyber Fellow, Harvard Belfer Center
Megan Stifel, Executive Director, Americas; and Director, Craig Newmark Philanthropies Trustworthy Internet and Democracy Program, Global Cyber Alliance
Sara-Jayne Terp, CEO Bodacea Light Research
Cris Thomas (Space Rogue), Global Strategy Lead, IBM X-Force Red
Maurice Turner, Election Security Expert
Poorvi L. Vora, Professor of Computer Science, The George Washington University
Dan S. Wallach, Professor, Departments of Computer Science and Electrical & Computer Engineering, Rice Scholar, Baker Institute for Public Policy, Rice University
Nate Warfield, Security Researcher
Elizabeth Wharton, Chief of Staff, SCYTHE, Inc.
Tarah Wheeler, Belfer Center Cyber Fellow, Harvard University Kennedy School, and member EFF Advisory Board
Beau Woods, Founder/CEO of Stratigos Security and Cyber Safety Innovation Fellow at the Atlantic Council.
Daniel M. Zimmerman, Principal Researcher, Galois and Principled Computer Scientist, Free & Fair

Share
Categories
Election Security Intelwars

Election Security: When to Worry, When to Not, and the Takeaway from Antrim County, Michigan

Everyone wants an election that is secure and reliable. With technology in the mix, making sure that the technology supports this is critical. EFF has long-warned against blindly adopting technologies that can be easily manipulated or fail without having systems in place to test, secure, and catch problems, including through risk limiting audits. At the same time, not every problem is worth pulling the fire alarm about – we have to look at the bigger story and context.  And we have to stand down when our worst fears turn out to be unfounded.

A story out of Michigan last week in Antrim County provides a good opportunity to apply this. What seems to have happened is that a needed software update was not applied to a system that helps collect and report digital vote information—the county has paper ballots that are scanned—from the county. As a result,it appeared that 6,000 votes shifted from Republicans to Democrats in the unofficial reports.

This Michigan story isn’t worrisome after all, but that doesn’t mean that our elections are as secure as they need to be.

That is very worrisome. However, when the update was applied, the votes shifted back because the actual tabulation figures were correct. Of course there were paper ballots too, that would have been cross-checked under Michigan’s processes had this not been caught so early.  Our longtime election security friend and partner Professor Alex Halderman of the University of Michigan has a more technical rundown on his Twitter feed.

This story should be one that takes what could have been a big worry and instead gives us cause for relief. Instead of just direct-recording electronic voting machines (DREs) and election systems that don’t have fail-safes for errors, Michigan had good error-checking, and the error was caught quickly. Even if it hadn’t been, it is very likely that it would have been caught later, as the results shifted from unofficial to official. And it wasn’t even a computer or software error; it was a human one.  But, of course, systems should take steps to protect against errors by humans running them too.

Bottom line: No fire alarm needed. Whew! We should see this story a win for election security. It must not be promoted further as evidence of a fraud. It is, in fact, evidence of the safeguards against fraud working.

What Can We Learn From This Incident? 

First, and most importantly, we can learn that it is critical to have systems in place to support election technology and the election officials who run it. Failing to apply a software update is a predictable kind of mistake. The election officials were able to see what had happened and correct it because the system didn’t assume that everything would go smoothly.  This is unfinished work. We and our friends continue to push for more transparency in election systems, more independent testing and red-team style attacks, and most importantly, for Risk Limiting Audits of election results.

Second, that voting on paper ballots continues to be extremely important and the most secure strategy. The situation in Michigan was much less concerning because there were handmarked paper ballots available. With that backstop, most serious problems could be resolved without having to re-run the election. We still have many states and localities that do not have sufficient paper ballots, and we need to keep pushing.

Third, it is important to have the entire voting technical system under the control of the election officials so that they can investigate any potential problems, which is one of the reasons why Internet voting remains a bad, bad idea.

Fourth, that we should continue to be vigilant. Election officials have come a long way from when we started raising concerns about electronic voting machines and systems. But the public should keep watching and, when warranted, not be afraid to raise or flag things that seems strange.

There may be more claims of computer glitches and other forms of manipulation in the days and weeks ahead. Knowing when to worry and when NOT to worry will continue to be important. When there is no cause for worry, the story should stop, which is what should happen with this Michigan story now.

But most importantly, the work of securing our elections must continue. This Michigan story isn’t worrisome after all, but that doesn’t mean that our elections are as secure as they need to be. And that’s the biggest challenge – continuing to support and fund the work to secure our elections, even when the bright glare of a hotly contested election has faded.

Share