[CAVO] Fwd: [VVSG-election] [VVSG-interoperability] Single Point of Failure - the Scan Head - RE: By November, Russian hackers could target voting machines

Brent Turner turnerbrentm at gmail.com
Thu Jul 28 16:01:27 UTC 2016


---------- Forwarded message ----------
From: Brent Turner <turnerbrentm at gmail.com>
Date: Thu, Jul 28, 2016 at 8:58 AM
Subject: Re: [VVSG-election] [VVSG-interoperability] Single Point of
Failure - the Scan Head - RE: By November, Russian hackers could target
voting machines
To: Arthur Keller <ark at soe.ucsc.edu>
Cc: "Wack, John (Fed)" <john.wack at nist.gov>, Stephen Berger <
stephen.berger at suddenlink.net>, vvsg-election <vvsg-election at nist.gov>,
vvsg-pre-election <vvsg-pre-election at nist.gov>, vvsg-post-election <
vvsg-post-election at nist.gov>, vvsg-interoperability <
vvsg-interoperability at nist.gov>


Aha..  the infamous David Dill quip to Congress " Open Source is no panacea
" !!

No one I have ever heard has EVER posed open source as a " panacea "   -
that would be silly talk.. so to refute a statement that has never been
made is an interesting statement indeed.

San Francisco is in it's infancy stage.. so hopefully the OS community --
with Dr. Gilbert / Brian Fox and others will be available for the task..
CAVO's role will remain to watch the watchers..  If anyone pulls up in a
new Rolls Royce with plates that read DIE BOLD I will sound appropriate
alarms..  ha ha

i defer to experts whether or not it is realistic to think a master gamer
could plant all the COTS of the world..  seems unlikely..  to a layperson..
but please enlighten..

Best-  BT







On Thu, Jul 28, 2016 at 8:48 AM, Arthur Keller <ark at soe.ucsc.edu> wrote:

> Open source is useful but not a panacea. COTS hardware, which lowers the
> cost, is still subject to Stuxnet style attacks.
>
> What security experts are reviewing the design for the SF style system?
>
> Best regards,
> Arthur
>
> On Jul 28, 2016, at 8:11 AM, Brent Turner <turnerbrentm at gmail.com> wrote:
>
> Thanks for the nod, John..
>
> We have the first count systems in motion for build out in SF. The plan is
> to utilize GPL v3 open source with COTS hardware..
>
> The real obstacle has been the Microsoft / Intellectual Property lobbyist
> stranglehold on the politicians that apparently runs through the business
> leagues of the election administrators.  Currently the vendors are pushing
> for " one more bite of the apple " before the jurisdictions follow New
> Hampshire and CA toward open source systems.
>
> Perhaps a memo should go out to the jurisdictions mentioning the looming
> open source voting system availability .. and advising them to " stand in
> place " regarding further purchases of proprietary systems.
>
> Best-
>
> Brent
>
> On Thu, Jul 28, 2016 at 7:38 AM, Wack, John (Fed) <john.wack at nist.gov>
> wrote:
>
>> I hesitate to jump in, but I do agree that it’s very very important to
>> get the election night count accurate.  I tend to think that no matter
>> what, it’s a human process, a logistical nightmare for some locales, and
>> that this needs to be recognized in technical discussions and
>> recommendations.  One of the best things to do, in my opinion, to make
>> things more secure and more accurate, falls into the usability category for
>> tabulation: perhaps election results shall not be released until such and
>> such a time on the next day, say noon.  Pressure to get everything correct
>> in a very short amount of time after a long day works against security and
>> accuracy.  No matter what technology we use or how secure or whatever, it
>> can’t erase the fact that the overall process is a very demanding
>> management issue.
>>
>>
>>
>> The CDF work can help to make that easier, common identifiers for
>> geopolitical geography and contests can help to make it easier, and there
>> are probably a host of other items that could help to reduce the amount of
>> time (and software required) to get all the equipment to work together
>> smoothly.  So as I’m reading the posts, I’m thinking about future VVSG
>> requirements to make all the equipment work together so that the overall
>> tabulation process is more usable to the election people conducting it.  Of
>> course, giving them more time to do would help significantly.
>>
>>
>>
>> Cheers, John
>>
>>
>>
>> *From:* vvsg-interoperability-bounces at nist.gov [mailto:
>> vvsg-interoperability-bounces at nist.gov] *On Behalf Of *Arthur Keller
>> *Sent:* Thursday, July 28, 2016 10:20 AM
>> *To:* Stephen Berger <stephen.berger at suddenlink.net>
>> *Cc:* vvsg-election <vvsg-election at nist.gov>; vvsg-pre-election <
>> vvsg-pre-election at nist.gov>; vvsg-post-election <
>> vvsg-post-election at nist.gov>; vvsg-interoperability <
>> vvsg-interoperability at nist.gov>
>> *Subject:* Re: [VVSG-interoperability] Single Point of Failure - the
>> Scan Head - RE: By November, Russian hackers could target voting machines
>>
>>
>>
>> Thanks, Stephen. I think you mean scanner software is NEVER examined.
>>
>>
>>
>> Best regards,
>>
>> Arthur
>>
>>
>> On Jul 28, 2016, at 7:02 AM, Stephen Berger <
>> stephen.berger at suddenlink.net> wrote:
>>
>> Susan,
>>
>>
>>
>> Good points.
>>
>>
>>
>> Let add to the landscape that currently we have a single point of failure
>> that I think deserves some attention.  That point is when the ballot is
>> scanned.  Typically the scan mechanism is not specified and the initial
>> processing software is not specified.  Almost all, actually to my knowledge
>> all of the scanners first throw away a lot of information.  Modern scanner
>> electronics is able to get excellent resolution and color differentiation.
>> There is a lot that can be done with high quality can images.  However, the
>> scanner software immediately throws away most of that information and make
>> everything black or white.  This is done because it makes mark recognition
>> easier and it saves on machine memory.  However, what is a vote is
>> determined not off the image of the ballot but the processed image.  To
>> make matters worse, neither the VVSG or any election official, decides when
>> a pixel should be determined to be black or white or how many pixels make a
>> valid mark.  This is left to each company and even each design team at each
>> company.  Even worse, it is often decided by the scanner engine
>> manufacturer and that software is very examined in any of our processes.
>>
>>
>>
>> It would seem worth paying some attention to what happens between the
>> ballot being feed to the scanner and a decision being made about what votes
>> are on that paper.  It also seems reasonable that election officials should
>> be the ones deciding how big a mark is a valid mark and how various kinds
>> of uncertain marks should be dealt with.
>>
>>
>>
>> Best Regards,
>>
>>
>>
>> Stephen Berger
>>
>> *TEM Consulting, LP*
>>
>> Web Site - *www.temconsulting.com <http://www.temconsulting.com>*
>> E-MAIL - stephen.berger at ieee.org
>> Phone - (512) 864-3365
>> Mobile - (512) 466-0833
>> FAX - (512) 869-8709
>>
>>
>>
>> *From:* vvsg-interoperability-bounces at nist.gov [
>> mailto:vvsg-interoperability-bounces at nist.gov
>> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Susan Eustis
>> *Sent:* Thursday, July 28, 2016 8:31 AM
>> *To:* Arthur Keller <ark at soe.ucsc.edu>
>> *Cc:* vvsg-election <vvsg-election at nist.gov>; vvsg-pre-election <
>> vvsg-pre-election at nist.gov>; vvsg-post-election <
>> vvsg-post-election at nist.gov>; vvsg-interoperability <
>> vvsg-interoperability at nist.gov>
>> *Subject:* Re: [VVSG-interoperability] By November, Russian hackers
>> could target voting machines
>>
>>
>>
>> Arthur, I agree, I concur.   My new book lays this scenario out in detail
>> and provides suggestions for preventing the hacks, ways to protect the
>> integrity of the election results, there needs to be safe guards and
>> automatic recounts the very next day with observers representing all
>> candidates, no matter whether the election was close or not.  There needs
>> to be an audit trail and a way to protect the integrity of the balloting
>> that occurs before election day.  There needs to be a way for the observers
>> to make a duplicate of the original ballots as the recount goes on and to
>> run those through their own counting scanner to determine the validity of
>> the election.  There needs to be a way to interrupt the recount at any time
>> if someone has to go to the bathroom or falls asleep so that the recount
>> process has continuity and integrity.  Things like this.
>>
>> Susan
>>
>>
>>
>> On Thu, Jul 28, 2016 at 9:22 AM, Arthur Keller <ark at soe.ucsc.edu> wrote:
>>
>> But vote tabulation and especially roll up is often connected to the
>> Internet. And with the lack of effective audits in more jurisdictions,
>> hacking the Internet-connected vote tabulation systems would do the trick.
>>
>>
>>
>> In particular, if the vote tabulation system is connected to the web
>> reporting system, then that's an avenue for attack.
>>
>>
>>
>> There's a difference between auditable and actually audited. If the
>> results are sufficiently skewed on election night, post election audits may
>> not matter anyway. They didn't even matter in Florida in 2000 where the
>> election was close.
>>
>>
>>
>> Could the programming of electronic voting machines be hacked in a
>> Stuxnet type attack while they are loaded with the election data file?
>>
>>
>>
>> If China can hack Google, do we really believe there's no way Russia
>> can't hack enough counties or states to change the outcome of the
>> presidential election?
>>
>>
>>
>> Best regards,
>>
>> Arthur
>>
>>
>> On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>>
>> Voting machines are not attached to the internet.  You can’t hack them
>> without physical control and that is auditable.
>>
>>
>>
>> *From:* vvsg-interoperability-bounces at nist.gov [
>> mailto:vvsg-interoperability-bounces at nist.gov
>> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Arthur Keller
>> *Sent:* Thursday, July 28, 2016 12:30 AM
>> *To:* John Wack
>> *Cc:* vvsg-election; vvsg-pre-election; vvsg-post-election;
>> vvsg-interoperability
>> *Subject:* [VVSG-interoperability] By November, Russian hackers could
>> target voting machines
>>
>>
>>
>> What should the election community do about this threat?
>>
>>
>>
>> Best regards,
>>
>> Arthur
>>
>>
>>
>>
>> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>>
>>
>> By November, Russian hackers could target voting machines
>> If Russia really is responsible, there's no reason political interference
>> would end with the DNC emails.
>>
>> <image001.jpg>
>>
>> By Bruce Schneier July 27 at 3:10 PM
>>
>> Bruce Schneier <https://www.schneier.com> is a security technologist and
>> a lecturer at the Kennedy School of Government at Harvard University. His
>> latest book is *Data and Goliath: The Hidden Battles to Collect Your
>> Data and Control Your World* <https://www.schneier.com/book-dg.html>.
>>
>> Russia was behind the hacks into the Democratic National Committee’s
>> computer network that led to the release of thousands of internal emails
>> just before the party’s convention began, U.S. intelligence agencies have
>> reportedly
>> <http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html>
>> concluded.
>>
>> The FBI is investigating. WikiLeaks promises
>> <http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there
>> is more data to come. The political nature
>> <http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/>
>> of this cyberattack means that Democrats and Republicans are trying to spin
>> this as much as possible. Even so, we have to accept that someone is
>> attacking our nation’s computer systems in an apparent attempt to influence
>> a presidential election. This kind of cyberattack targets the very core of
>> our democratic process. And it points to the possibility of an even worse
>> problem in November — that our election systems and our voting machines
>> could be vulnerable to a similar attack.
>>
>> If the intelligence community has indeed ascertained that Russia is to
>> blame, our government needs to decide what to do in response. This is
>> difficult because the attacks are politically partisan, but it is
>> <http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/>
>>  essential
>> <https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If
>> foreign governments learn that they can influence our elections with
>> impunity, this opens the door for future manipulations
>> <http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>,
>> both document thefts and dumps like this one that we see and more subtle
>> manipulations that we don’t see.
>>
>> Retaliation is politically fraught and could have serious consequences,
>> but this is an attack against our democracy. We need to confront Russian
>> President Vladimir Putin in some way — politically, economically or in
>> cyberspace — and make it clear that we will not tolerate this kind of
>> interference by any government. Regardless of your political leanings this
>> time, there’s no guarantee the next country that tries to manipulate our
>> elections will share your preferred candidates.
>>
>> Even more important, we need to secure our election systems before
>> autumn. If Putin’s government has already used a cyberattack to attempt to help Trump
>> win
>> <http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>,
>> there’s no reason to believe he won’t do it again — especially now that Trump
>> is inviting the “help.”
>> <https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>
>>
>> Over the years, more and more states have moved to electronic voting
>> machines and have flirted with Internet voting. These systems are
>> <http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/>
>>  insecure
>> <https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us>
>>  and <https://www.salon.com/2011/09/27/votinghack/> vulnerable
>> <https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security>
>>  to
>> <http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/>
>>  attack
>> <http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>
>> .
>>
>> *[Your iPhone just got less secure. Blame the FBI.
>> <https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
>> *
>>
>> But while computer security experts like me
>> <https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html>
>>  have sounded
>> <https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962>
>>  the <http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm
>> <https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html>
>>  for <https://citp.princeton.edu/research/voting/> many years, states
>> have largely ignored the threat, and the machine manufacturers have thrown
>> up enough obfuscating babble that election officials are largely mollified.
>>
>> We no longer
>> <https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92>
>>  have time <https://xkcd.com/463/> for that. We must ignore the machine
>> manufacturers’ spurious claims
>> <https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger
>> teams to test the machines’ and systems’ resistance to attack, drastically
>> increase their cyber-defenses and take them offline if we can’t guarantee
>> their security online.
>>
>> Longer term, we need to return to election systems that are secure from
>> manipulation. This means voting machines with voter-verified paper audit
>> trails
>> <http://votingmachines.procon.org/view.answers.php?questionID=000291>,
>> and no
>> <http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/>
>>  Internet
>> <https://www.verifiedvoting.org/resources/internet-voting/vote-online/>
>> voting
>> <http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I
>> know it’s slower and less convenient to stick to the old-fashioned way, but
>> the security risks are simply too great.
>>
>> There are other ways to attack our election system on the Internet
>> besides hacking voting machines or changing vote tallies: deleting voter
>> records
>> <http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>,
>> hijacking candidate or party websites, targeting and intimidating campaign
>> workers or donors. There have already been multiple instances of
>> political doxing
>> <https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> —
>> publishing personal information and documents about a person or
>> organization — and we could easily see more of it in this election cycle.
>> We need to take these risks much more seriously than before.
>>
>> Government interference with foreign elections isn’t new, and in fact,
>> that’s something the United States itself has repeatedly done
>> <https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in
>> recent history. Using cyberattacks to influence elections is newer but has
>> been done before, too — most notably in Latin America
>> <http://www.bloomberg.com/features/2016-how-to-hack-an-election/>.
>> Hacking of voting machines isn’t new, either. But what is new is a foreign
>> government interfering with a U.S. national election on a large scale. Our
>> democracy cannot tolerate it, and we as citizens cannot accept it.
>>
>> *[Why would Russia try to hack the U.S. election? Because it might work.
>> <https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]
>> *
>>
>> Last April, the Obama administration issued
>> <https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know>
>>  an
>> <https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats>
>>  executive
>> <https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi>
>>  order
>> <https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining
>> how we as a nation respond to cyberattacks against our critical
>> infrastructure. While our election technology was not explicitly mentioned,
>> our political process is certainly critical. And while they’re a hodgepodge
>> of separate state-run systems, together their security affects every one of
>> us. After everyone has voted, it is essential that both sides believe the
>> election was fair and the results accurate. Otherwise, the election has no
>> legitimacy.
>>
>> Election security is now a national security issue; federal officials
>> need to take the lead, and they need to do it quickly.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> --
>>
>> Susan Eustis
>> President
>> WinterGreen Research
>> 6 Raymond Street
>> Lexington, Massachusetts
>> phone 781 863 5078
>> cell     617 852 7876
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160728/35ff7e01/attachment.html>


More information about the CAVO mailing list