The Race to Secure Voting Tech Gets an Urgent Jumpstart

Numerous electronic voting machines used in United States elections have critical exposures that could make them vulnerable to hacking. Security experts have known that for a decade. But it wasn’t until Russia meddled in the 2016 US presidential campaigns and began probing digital voting systems that the topic took on pressing urgency. Now hackers, researchers, diplomats, and national security experts are pushing to effect real change in Washington. The latest update? It’s working, but maybe not fast enough.

On Tuesday, representatives from the hacking conference DefCon and partners at the Atlantic Council think tank shared findings from a report about DefCon’s Voting Village, where hundreds of hackers got to physically interact with—and compromise—actual US voting machines for the first time ever at the conference in July. Work over three days at the Village underscored the fundamental vulnerability of the devices, and raised questions about important issues, like the trustworthiness of hardware parts manufactured in other countries, including China. But most importantly, the report highlights the dire urgency of securing US voting systems before the 2018 midterm elections.

“The technical community … has attempted to raise alarms about these threats for some years,” said Frederick Kempe, president and CEO of the Atlantic Council, in a panel discussion. “Recent revelations have made clear how vulnerable the very technologies we use to manage our records, cast our votes, and tally our results really are … These findings from the Voting Village are incredibly disconcerting.”

Fortunately, the past few months have seen signs of progress. The Department of Homeland Security is moving forward with its critical infrastructure designation for voting systems, which frees up resources for helping states secure their platforms. The Texas Supreme Court is currently considering a lawsuit challenging the state’s use of digital voting machines. And in Virginia, state officials are converting voting systems to use paper ballots and electronic scanners before the November 7 elections. They say the change was motivated by the findings at DefCon’s Voting Village.

Susan Greenhalgh, an elections specialist for the vote-security group Verified Voting, which worked with Virginia officials this fall, applauded the “transition into real-world change” that had transpired in just the last few months.

Virginia and Texas represent important progress, but plenty of work remains. Five states still rely solely on digital voting machines without paper backups, and at least 10 states have mixed voting infrastructure, with certain counties that use digital voting without paper. These systems are the most vulnerable to manipulation, because you can’t audit them afterward to confirm or dispute the digital vote count in the case of suspected tampering.

“The one core point that election security experts and others have been making about why our votes are safe was that the decentralized nature of our voting systems, the thousands and thousands of voting offices around the country that administer the election, is what kept us safe,” Jake Braun, a DefCon Voting Village organizer and University of Chicago researcher said. “Because Russians [or other attackers] would need to have tens of thousands of operatives go get physical access to machines to actually infiltrate the election. We now know that’s false.”

With only a handful of companies manufacturing electronic voting machines, a single compromised supply chain could impact elections across multiple states at once. The Voting Village report emphasizes that there is a huge amount of change required in the US to address security issues at every point in the election workflow, from developing more secure voting machines to sourcing trustworthy hardware, and then actually setting up voting system devices and software for use in a secure way. DefCon founder Jeff Moss says that the goal for next year’s Voting Village is to have a full election network set up so hackers can evaluate and find weaknesses in a complete system, not just individual machines.

The Department of Homeland Security recently confirmed that Russia infiltrated various election-related systems in 21 states during 2016, and access to a full voting-system setup would give security researchers additional real world insight into defending US voting infrastructure. But as was the case with acquiring real voting machines for last summer’s conference, Moss says it has been extremely difficult to gain access to the third-party proprietary systems that states use to coordinate voting.

Related Stories

  • Brian Barrett

    America’s Electronic Voting Machines Are Scarily Easy Targets

  • Lily Hay Newman

    The Simple Fix That’d Help Protect Georgia From Election Hacks

  • Andy Greenberg

    Hacked or Not, Audit This Election (And All Future Ones)

“I would love to be able to create any kind of a complete system, that’s what we’re aiming for,” he said during the panel. “The part that’s really hard to get our hands on is the backend software that ties the voting machines together to tabulate and accumulate votes, to provision voting ballots, to run the election, and to figure out a winner. And boy do we want to have a complete voting system for people to attack. There’s never been a test of a complete system—it’s just mind boggling.”

DefCon’s voting village and interdisciplinary partnerships are certainly raising awareness about election security and motivating change, but with some elections just a few weeks away and the midterms rapidly approaching, experts agree that change may not be coming quickly enough.

“We’ve got a lot to do in a short period of time,” said Douglas Lute, a former national security advisor to President George W. Bush and former US ambassador to NATO under President Barack Obama. “In my over 40 years of working on national security issues I don’t believe I’ve seen a more severe threat to American national security than the election hacking experience of 2016. Russia is not going away. This wasn’t a one shot deal.”

Tech

The Oracle-Google jury includes at least one person with an aversion to tech

A lawyer, an accountant and a retired CFO are among the eight women and two men who were selected Monday to decide Oracle’s huge copyright infringement case against Google.

With the 10-member jury sworn in, lawyers for each side will make their opening statements Tuesday morning, kicking off a high-profile trial that’s expected to last four weeks.

It’s a technical case, and at least one of the jurors seems likely to have trouble keeping up. She’s a retired woman from Berkeley who said she struggles with technology and thought the case would not be a good one for her to hear.

To read this article in full or to leave a comment, please click here


All articles

These are 50 of Europe’s fastest-growing tech companies (fine, they’re baby EUnicorns)

shutterstock_3259980021-1024x400

(Tech.eu) – For the second year running, Tech Tour has presented its ‘Growth 50’ list at yesterday’s Growth Forum (the organization’s flagship event) in Switzerland.

The list represents 50 of Europe’s fastest-growing tech businesses, which regular Tech.eu readers will no doubt be able to identify as baby EUnicorns, albeit with a light chuckle.

Tech Tour, together with Silverpeak Investment Bank and in conjunction with a selection committee of international investors from firms like Accel Partners, DN Capital, Earlybird and Highland Europe, has researched and evaluated over 175 European private tech companies valued under $ 1 billion.

1

The organization claims the Tech Tour Growth 50 companies have created over 8, 000 high-tech jobs, attracted over $ 3.5 billion of investment, and have an estimated combined valuation of $ 14.2 billion.

Compared to 2015, the composition of the list has changed significantly in terms of vertical, with ‘B2C eCommerce’ dropping in importance (from 50% to 30%) and FinTech –unsurprisingly – coming up strongly.

Here are some more interesting facts and figures, straight from the report:

23456

Subscribe to Tech.eu’s newsletter here.

 

Get more stories like this:  twitter  facebook



All articles

We’re hosting a week of 100+ tech events – including Amazon’s AWS Summit

TECHWEEK
By now, you’ve probably already seen our amazing lineup for TNW Europe, the festival bringing you top-flyers from the likes of Facebook, Google, Adyen, Booking.com, Uber, Thuisbezorgd, Reddit, Zalando, Blendle, WeTransfer and many, many more. But did you know that a ticket for TNW Europe is so much more than a simple, all-access pass to one of the world’s favourite two-day conferences: it’s also the key to free registration and 50 percent discounts for a week of incredible side events running from May 23-27, 2016. Amazon’s AWS Summit, Young Creators Assembly, Crowdfunding Day Europe, The Next Women and many more are all on-board for…

This story continues at The Next Web


All articles

How to make your tech beautiful enough to be in a museum

091615-diy-marble-cover-thumbnail-3

Feed-twFeed-fb

Your tech accessories are like works of art, and they should look like it, too.

As much as we use our laptops and smartphones in our everyday lives, they can take a hefty amount of wear and tear. So it’s important to keep them protected in a way that’s both secure and stylish.

Update and refurbish an old laptop cover or keep your brand new smartphone from those dreaded cracks with a gorgeously trendy marble finish that you’ll be proud to put on display.

DIY Marble Laptop Cover

Materials:

091615 DIY Marble Cover-23

Image: Mashable, Jhila Farzaneh

  • Your laptop

  • Marble contact paper* Read more…

  • More about Iphone, Diy, Tech, Home, and Laptop


    All articles