Adventures in Electronic Voting Research - IC Research Day
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Adventures in Electronic Voting Research Dan S. Wallach Professor, Department of Computer Science Rice Scholar, Baker Institute for Public Policy Rice University
Many problems in voting! Traditional concerns: vote casting, tallying, gerrymandering Newer concerns: nation-state adversaries, misinformation Today: Where we are, what’s next
January Su Mo Tu We Th Fr Sa 2016 February Su Mo Tu We Th Fr Sa March Su Mo Tu We Th Fr Sa January Su Mo Tu We Th Fr Sa 2017 February Su Mo Tu We Th Fr Sa March Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 1 2 3 4 5 1 2 3 4 5 6 7 1 2 3 4 1 2 3 4 3 4 5 6 7 8 9 7 8 9 10 11 12 13 6 7 8 9 10 11 12 8 9 10 11 12 13 14 5 6 7 8 9 10 11 5 6 7 8 9 10 11 10 11 12 13 14 15 16 14 15 16 17 18 19 20 13 14 15 16 17 18 19 15 16 17 18 19 20 21 12 13 14 15 16 17 18 12 13 14 15 16 17 18 17 18 19 20 21 22 23 21 22 23 24 25 26 27 20 21 22 23 24 25 26 22 23 24 25 26 27 28 19 20 21 22 23 24 25 19 20 21 22 23 24 25 24 25 26 27 28 29 30 28 29 27 28 29 30 31 29 30 31 26 27 28 26 27 28 29 30 31 31 April May June April May June Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 7 1 2 3 4 1 1 2 3 4 5 6 1 2 3 3 4 5 6 7 8 9 8 9 10 11 12 13 14 5 6 7 8 9 10 11 2 3 4 5 6 7 8 7 8 9 10 11 12 13 4 5 6 7 8 9 10 10 11 12 13 14 15 16 15 16 17 18 19 20 21 12 13 14 15 16 17 18 9 10 11 12 13 14 15 14 15 16 17 18 19 20 11 12 13 14 15 16 17 17 18 19 20 21 22 23 22 23 24 25 26 27 28 19 20 21 22 23 24 25 16 17 18 19 20 21 22 21 22 23 24 25 26 27 18 19 20 21 22 23 24 24 25 26 27 28 29 30 29 30 31 26 27 28 29 30 23 24 25 26 27 28 29 28 29 30 31 25 26 27 28 29 30 30 July August September July August September Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 2 1 2 3 4 5 6 1 2 3 1 1 2 3 4 5 1 2 3 4 5 6 7 8 9 7 8 9 10 11 12 13 4 5 6 7 8 9 10 2 3 4 5 6 7 8 6 7 8 9 10 11 12 3 4 5 6 7 8 9 10 11 12 13 14 15 16 14 15 16 17 18 19 20 11 12 13 14 15 16 17 9 10 11 12 13 14 15 13 14 15 16 17 18 19 10 11 12 13 14 15 16 17 18 19 20 21 22 23 21 22 23 24 25 26 27 18 19 20 21 22 23 24 16 17 18 19 20 21 22 20 21 22 23 24 25 26 17 18 19 20 21 22 23 Our story starts here. 24 25 26 27 28 29 30 31 28 29 30 31 25 26 27 28 29 30 23 24 25 26 27 28 29 30 31 27 28 29 30 31 24 25 26 27 28 29 30 October November December October November December Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa 1 1 2 3 4 5 1 2 3 1 2 3 4 5 6 7 1 2 3 4 1 2 The election is 9here. 2 3 4 10 5 6 7 8 6 7 8 9 10 11 12 4 5 6 7 8 9 10 8 9 10 11 12 13 14 5 6 7 8 9 10 11 3 4 5 6 7 8 9 11 12 13 14 15 13 14 15 16 17 18 19 11 12 13 14 15 16 17 15 16 17 18 19 20 21 12 13 14 15 16 17 18 10 11 12 13 14 15 16 16 17 18 19 20 21 22 20 21 22 23 24 25 26 18 19 20 21 22 23 24 22 23 24 25 26 27 28 19 20 21 22 23 24 25 17 18 19 20 21 22 23 23 24 25 26 27 28 29 27 28 29 30 25 26 27 28 29 30 31 29 30 31 26 27 28 29 30 24 25 26 27 28 29 30 30 31 31 Federal Holidays 2016 Federal Holidays 2017 Jan 1 New Year's Day Jul 4 Independence Day Nov 24 Thanksgiving Day Jan 1 New Year's Day May 29 Memorial Day Nov 10 Veterans Day (observed) Jan 18 Martin Luther King Day Sep 5 Labor Day Dec 25 Christmas Day Jan 2 New Year's Day (observed) Jul 4 Independence Day Nov 11 Veterans Day Feb 15 Presidents' Day Oct 10 Columbus Day Dec 26 Christmas Day (obs.) Jan 16 Martin Luther King Day Sep 4 Labor Day Nov 23 Thanksgiving Day May 30 Memorial Day Nov 11 Veterans Day Feb 20 Presidents' Day Oct 9 Columbus Day Dec 25 Christmas Day Data provided 'as is' without warranty Data provided 'as is' without warranty © Calendarpedia® www.calendarpedia.com © Calendarpedia® www.calendarpedia.com
“33 states and 11 counties or local election officials” have requested help. (October 2016) 39 states compromised (June 2017)
The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day “red phone.” In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict.
What did the Russians do?
Phishing 101 Dear Sir: I have been requested by the Nigerian National Petroleum Company to contact you for assistance in resolving a matter. The Nigerian National Petroleum Company has recently Spammed emails, trying to steal concluded a large number of contracts for oil exploration in the things from users sub-Sahara region. The contracts have immediately produced moneys equaling US$40,000,000. The Nigerian National Passwords / credentials: useful for later Petroleum Company is desirous of oil exploration in other parts of the world, however, because of certain regulations of the hacking attacks (e.g., ransomware) Nigerian Government, it is unable to move these funds to Bank account data: steal their money another region. You assistance is requested as a non-Nigerian citizen to assist Response rate is tiny, but the activity the Nigerian National Petroleum Company, and also the Central is still profitable Bank of Nigeria, in moving these funds out of Nigeria. If the funds can be transferred to your name, in your United States account, then you can forward the funds as directed by the Nigerian National Petroleum Company. In exchange for your accommodating services, the Nigerian National Petroleum Company would agree to allow you to retain 10%, or US$4 million of this amount. …
“Spear phishing” Phishing a specific person Here, John Podesta (HRC’s campaign manager in 2016) Spear phishing attempts are harder to automatically detect Regular spam is high volume Spear phishing emails are customized
WikiLeaks Julian Assange: “hacktivist” Early 2000’s, working on privacy technologies http://caml.inria.fr/pub/ml-archives/caml-list/2000/08/6b8b195b3a25876e0789fe3db770db9f.en.html WikiLeaks founded in 2006 “Collecting” and disseminating newsworthy information One technique: Ran a Tor “exit node”, sifted through the data Chelsea Manning leaks in 2007 “Collateral Murder” drone videos https://www.commondreams.org/views/2015/04/04/five-years-wikileaks-collateral-murder-video-matters-more-ev
Russia + WikiLeaks Assange denies it, but U.S. intelligence says: Russian intel agencies collected on Hillary Clinton, DNC, etc. • Exact methods we don’t know • Definitely phishing, possibly other hacking techniques Used WikiLeaks as a cut-out / front organization • Assange may well believe his sources weren’t Russian Also: “DCLeaks” and “Guccifer 2.0” July 2018: U.S. Special Counsel Mueller indicted 12 Russian GRU agents
Propaganda Propaganda: Always a part of military strategy “Win the hearts and minds” Modern Russian military theory: “hybrid warfare” Includes cyber attacks, propaganda, etc. U.S. M105 Leaflet Bomb,1950’s
Agitprop = Agitation + Propaganda French anti-Jewish book, 1938 Russian anti-capitalist poster, German anti-American poster, WWII post-Communist Revolution
Russian agitprop in the 2016 election https://www.nytimes.com/interactive/2018/02/16/us/politics/russia-propaganda-election-2016.html
Russian agitprop in the 2016 election Facebook ad, purchased by Russians https://www.nytimes.com/interactive/2018/02/16/us/politics/russia-propaganda-election-2016.html
Russian agitprop in the 2016 election https://www.nytimes.com/interactive/2018/02/16/us/politics/russia-propaganda-election-2016.html
Russian agitprop in the 2016 election Actual Tennessee GOP Russians https://www.nytimes.com/interactive/2018/02/16/us/politics/russia-propaganda-election-2016.html
Russian agitprop in the 2016 election Russians Targeting the American left as well. https://www.nytimes.com/interactive/2018/02/16/us/politics/russia-propaganda-election-2016.html
“Texas Antifa” Russian fake antifascist Facebook group Threatened to remove Sam Houston statue in Hermann Park Russians Right-wing counter group (“This is Texas”) organized a rally in “defense” https://www.thedailybeast.com/texas-conservatives-fall-for-anti-antifa-hoax https://thinkprogress.org/hermann-park-protest-houston-28895d563f38/
“Texas Antifa” Russian fake antifascist Facebook group Threatened to remove Sam Houston statue in Hermann Park Russians Right-wing counter group (“This is Texas”) organized a rally in “defense” https://www.thedailybeast.com/texas-conservatives-fall-for-anti-antifa-hoax https://thinkprogress.org/hermann-park-protest-houston-28895d563f38/
“Texas Antifa” Russian fake antifascist Facebook group Threatened to remove Sam Houston statue in Hermann Park Russians Right-wing counter group (“This is Texas”) organized a rally in “defense” Nobody ever planned to touch the statue Actual KKK symbols and slogans https://www.thedailybeast.com/texas-conservatives-fall-for-anti-antifa-hoax https://thinkprogress.org/hermann-park-protest-houston-28895d563f38/
Star Wars: The Last Jedi (!?) Mission: Impossible Heat Vision Breakdown OCTOBER 01, 2018 4:31pm PT by Graeme McMillan Study by Morten Bay, USC Annenberg School Collected 1273 tweets mentioning the film’s director • 973 unique accounts after cleanup, deduplication • Manually analyzed the sentiment of each tweet • Manually categorized each tweeting account • Also used Indiana U.’s “Botometer” Courtesy of Walt Disney Studios Motion Pictures 'Star Wars: The Last Jedi' (2017) Results? • 22% of accounts were negative • 44 bot accounts, 61 “political” users Did Star Wars: The Last Jedi destroy the franchise and permanently rupture the fandom as its critics • 101 “fans” who were negative on the film (melodramatically) have accused it of doing? According to a new academic paper by researcher Morten Bay, the answer is clearly no. The paper, titled Weaponizing The Haters: The Last Jedi and the
Star Wars: The Last Jedi (!?) Mission: Impossible Heat Vision Breakdown OCTOBER 01, 2018 4:31pm PT by Graeme McMillan Study by Morten Bay, USC Annenberg School “Russian trolls weaponize Star Wars Collected 1273 tweets mentioning the film’s director criticism as an instrument of • 973 unique accounts after cleanup, deduplication information warfare with the purpose • Manually analyzed the ofsentiment ofpolitical pushing for each tweet change, while it is weaponized • Manually categorized each tweetingbyaccount right-wing fans to forward a conservative agenda and for • Also used Indiana U.’s “Botometer” Courtesy of Walt Disney Studios Motion Pictures 'Star Wars: The Last Jedi' (2017) some it is a pushback against what they Results? perceive as a feminist/social justice onslaught.” • 22% of accounts were negative • 44 bot accounts, 61 “political” users Did Star Wars: The Last Jedi destroy the franchise and permanently rupture the fandom as its critics • 101 “fans” who were negative on the film (melodramatically) have accused it of doing? According to a new academic paper by researcher Morten Bay, the answer is clearly no. The paper, titled Weaponizing The Haters: The Last Jedi and the
Social networks respond
Social networks respond ا ESP РУС DE FR ИНОТВ RTД RUPTLY Applications Russia Today, Feb. 2018 QUESTION MORE LIVE s 16:11 GMT, Oct 02, 2018 News USA UK Sport Russian politics Business Op-ed RT360 Shows Projects Home / US News / Where to watch Schedule ‘Russian bots’ outcry: Is Twitter cracking down on people who ‘challenge the status quo’? Published time: 22 Feb, 2018 13:16 Edited time: 23 Feb, 2018 08:55 Get short URL 0.016% of accounts: Twitter catches a few more 'Russian trolls' as Congress-spurred hunt continues © Richard James Mendoza / Global Look Press Twitter dismisses Russian interference in Brexit referendum It seems that ‘the bots’ (especially the ‘Russian bots’) narrative is being used as a kind of defensive mechanism, journalist and human rights activist Mike Raddie told RT amid reports of a massive account purge on Twitter. A crackdown on bot spam or dissent? “The whole meme of the bots, especially the ‘Russian bots,’ is actually being used as a kind of defensive mechanism,” said Mike Raddie. “Whenever people criticize the corporate media in the West – we’ve done it with the Guardian – they come back and say, ‘oh, you’re part of a Russian bot army,’ or a typical question is, ‘what’s the weather like in St. Petersburg? Is it snowing in Moscow yet?’ So it’s a very useful meme for corporate journalists to de ect any kind of criticism, especially over hot topics such as Syria, Ukraine – things like this.” A number of Twitter accounts are said to have been agged over the past few days, in what many have speculated is part of the company’s e orts to clamp down on the much-touted army of Russian-controlled automated accounts, or “bots.” However, Twitter has yet to elaborate on the reported mass purge, which allegedly also targeted users with right-wing Twitter doubles number of users it warned about interaction views – raising concerns of political censorship on the popular social media platform. The hashtag #TwitterLockOut began with 'Russian trolls' trending on the site shortly after the suspensions.
Social networks respond xclusive: Twitter is suspending millions of bots and fake accou... https://www.washingtonpost.com/technology/2018/07/06/twitter... The Washington Post Washington Post, July 2018 ا ESP РУС DE FR ИНОТВ RTД RUPTLY Applications The Switch s QUESTION MORE LIVE 16:11 GMT, Oct 02, 2018 Twitter is sweeping out fake accounts like never before, News USA UK Sport Russian politics Business Op-ed RT360 Shows Projects putting user growth at risk Home / US News / Where to watch Schedule ‘Russian bots’ outcry: Is Twitter cracking down on people who ‘challenge the status quo’? Published time: 22 Feb, 2018 13:16 Twitter suspended more than 70 million accounts in May Edited time: 23 Feb, 2018 08:55 Get short URL and June, and the pace has continued in July By Craig Timberg and 0.016% of accounts: Twitter catches a few more 'Russian Elizabeth Dwoskin trolls' as Congress-spurred hunt continues July 6 SAN FRANCISCO — Twitter has sharply escalated its battle against fake and suspicious accounts, suspending more than 1 million a day in recent months, a major shift to lessen the flow of disinformation on the platform, according to data obtained by The Washington Post. The rate of account suspensions, which Twitter confirmed to The Post, has more than doubled © Richard James Mendoza / Global Look Press Twitter dismisses Russian interference in Brexit referendum since October, when the company revealed under congressional pressure how Russia used fakeItandseems that ‘the bots’ (especially the ‘Russian bots’) narrative is being used as a kind of defensive mechanism, journalist human rights activist Mike Raddie told RT amid reports of a massive account purge on Twitter. accounts to interfere in the U.S. presidential election. Twitter suspended more than 70 million A crackdown on bot spam or dissent? “The whole meme of the bots, especially the ‘Russian bots,’ is actually being used as a kind of defensive mechanism,” accounts in May and June, and the pace has continued in July, according to the data. said Mike Raddie. “Whenever people criticize the corporate media in the West – we’ve done it with the Guardian – they come back and say, ‘oh, you’re part of a Russian bot army,’ or a typical question is, ‘what’s the weather like in St. Petersburg? Is it snowing in Moscow yet?’ So it’s a very useful meme for corporate journalists to de ect any kind of criticism, especially over hot topics such as Syria, Ukraine – things like this.” The aggressive removal of unwanted accounts may result in a rare decline in the number of A number of Twitter accounts are said to have been agged over the past few days, in what many have speculated is part of the company’s e orts to clamp down on the much-touted army of Russian-controlled automated accounts, or “bots.” monthly users in the second quarter, which ended June 30, according to a person familiar with However, Twitter has yet to elaborate on the reported mass purge, which allegedly also targeted users with right-wing Twitter doubles number of users it warned about interaction views – raising concerns of political censorship on the popular social media platform. The hashtag #TwitterLockOut began with 'Russian trolls' the situation who was not authorized to speak. Twitter declined to comment on a possible trending on the site shortly after the suspensions. https://www.washingtonpost.com/technology/2018/07/06/twitter-is-sweeping-out-fake-accounts-like-never-before-putting-user-growth-risk/ decline in its user base.
Social networks respond xclusive: Twitter is suspending millions of bots and fake accou... https://www.washingtonpost.com/technology/2018/07/06/twitter... The Washington Post Washington Post, July 2018 ا ESP РУС DE FR ИНОТВ RTД RUPTLY Applications The Switch s QUESTION MORE LIVE 16:11 GMT, Oct 02, 2018 Twitter is sweeping out fake accounts like never before, News USA UK Sport Russian politics Business Op-ed RT360 Shows Projects putting user growth at risk Home / US News / Where to watch Schedule ‘Russian bots’ outcry: Is Twitter cracking down on people who ‘challenge the status quo’? Published time: 22 Feb, 2018 13:16 Twitter suspended more than 70 million accounts in May Edited time: 23 Feb, 2018 08:55 Get short URL and June, and the pace has continued in July By Craig Timberg and 0.016% of accounts: Twitter catches a few more 'Russian Elizabeth Dwoskin trolls' as Congress-spurred hunt continues July 6 SAN FRANCISCO — Twitter has sharply escalated its battle against fake and suspicious accounts, suspending more than 1 million a day in recent months, a major shift to lessen the flow of disinformation on the platform, according to data obtained by The Washington Post. The rate of account suspensions, which Twitter confirmed to The Post, has more than doubled © Richard James Mendoza / Global Look Press Twitter dismisses Russian interference in Brexit referendum since October, when the company revealed under congressional pressure how Russia used fakeItandseems that ‘the bots’ (especially the ‘Russian bots’) narrative is being used as a kind of defensive mechanism, journalist human rights activist Mike Raddie told RT amid reports of a massive account purge on Twitter. accounts to interfere in the U.S. presidential election. Twitter suspended more than 70 million A crackdown on bot spam or dissent? “The whole meme of the bots, especially the ‘Russian bots,’ is actually being used as a kind of defensive mechanism,” accounts in May and June, and the pace has continued in July, according to the data. said Mike Raddie. “Whenever people criticize the corporate media in the West – we’ve done it with the Guardian – they come back and say, ‘oh, you’re part of a Russian bot army,’ or a typical question is, ‘what’s the weather like in St. Petersburg? Is it snowing in Moscow yet?’ So it’s a very useful meme for corporate journalists to de ect any kind of criticism, especially over hot topics such as Syria, Ukraine – things like this.” The aggressive removal of unwanted accounts may result in a rare decline in the number of A number of Twitter accounts are said to have been agged over the past few days, in what many have speculated is part of the company’s e orts to clamp down on the much-touted army of Russian-controlled automated accounts, or “bots.” monthly users in the second quarter, which ended June 30, according to a person familiar with However, Twitter has yet to elaborate on the reported mass purge, which allegedly also targeted users with right-wing Twitter doubles number of users it warned about interaction views – raising concerns of political censorship on the popular social media platform. The hashtag #TwitterLockOut began with 'Russian trolls' the situation who was not authorized to speak. Twitter declined to comment on a possible trending on the site shortly after the suspensions. https://www.washingtonpost.com/technology/2018/07/06/twitter-is-sweeping-out-fake-accounts-like-never-before-putting-user-growth-risk/ decline in its user base.
Social media summary Annals of Politics October 1, 2018 Issue A meticulous analysis of online activity during the 2016 campaign makes a powerful case that targeted cyberattacks by hackers and trolls were decisive. By Jane Mayer https://www.newyorker.com/ magazine/2018/10/01/how- russia-helped-to-swing-the- election-for-trump
Social media summary Annals of Politics October 1, 2018 Issue Joel Benenson, the Clinton pollster, was stunned when he learned, from the July indictment, that the Russians had stolen his campaign’s internal modelling. “I saw A meticulous analysis of online it during activity and the said, ‘Holy shit!’ 2016 campaign ” he told makes a powerful me. case that Among the proprietary information that targeted the Russian hackers could have obtained, he said, was campaign data showing cyberattacks by hackers and trolls were decisive. By Jane Mayer that, late in the summer of 2016, in battleground states such as Michigan, Wisconsin, and Pennsylvania, an unusually high proportion of residents whose demographic and voting profiles identified them as likely Democrats were “Hillary defectors”: people so unhappy with Clinton that they were considering voting for a third-party candidate. The Clinton campaign had a plan for winning back these voters. Benenson explained that any Clinton opponent who stole this data would surely have realized that the best way to counter the plan was to bombard those voters with negative information about Clinton. “All they need to do is keep that person where they are,” he said, which is far easier than persuading a voter to switch candidates. Many critics have accused https://www.newyorker.com/ Clinton of taking Michigan and Wisconsin for granted and spending virtually magazine/2018/10/01/how- no time there. But Benenson said that, if a covert social-media campaign targeting russia-helped-to-swing-the- “Hillary defectors” was indeed launched in battleground states, it might well have changed the outcome of the election. election-for-trump
Social media summary Annals of Politics October 1, 2018 Issue Joel Benenson, the Clinton pollster, was stunned when he learned, from the July indictment, that the Russians had stolen his campaign’s internal modelling. “I saw A meticulous analysis of online it during activity and the said, ‘Holy shit!’ 2016 campaign ” he told makes a powerful me. case that Among the proprietary information that targeted the Russian hackers could have obtained, he said, was campaign data showing cyberattacks by hackers and trolls were decisive. By Jane Mayer that, late in the summer Jamieson,of ever the social 2016, scientist, emphasizes in battleground states insuch her book that there is much that Americans still as Michigan, don’t know about the campaign, including the detailed targeting information that would clarify Wisconsin, and Pennsylvania, an unusually high proportion of residents whose exactly whom the Russian disinformation was aimed at, and when it was sent. She told me, “We need demographic andto voting know the profiles extent toidentified which the them astargeted Russians likely Democrats the three keywere states, and which citizens’ voting “Hillary defectors”: people patterns differedso substantially unhappy with fromClinton the onesthat you they wouldwere considering have predicted in the past.” voting for a third-party candidate. The Clinton campaign had a plan for winning Philip Howard, the Oxford professor, believes that Facebook possesses this data, down to the back these voters. Benenson location explained of a user’s computer,that andany that Clinton opponent such information who could stole this conceivably reveal whether an data would surely have realized undecided voter was that the best swayed way tocertain after viewing counter the plan content. was He also to that, if there was any thinks bombard those voters collusionwith betweennegative the St.information Petersburg trollsaboutand Clinton. the Trump“All they need campaign, Facebook’s internal data could to do is keep that personit,where document theycoordination by revealing are,” he said, which posts. on political is far But, easier thanFacebook has so far resisted he says, persuading a voter divulging such candidates. to switch data to researchers, Manyclaiming critics have https://www.newyorker.com/ that doing so would accused be a breach Clinton of of its user agreement. taking Michigan and Wisconsin for granted and spending virtually magazine/2018/10/01/how- no time there. But Benenson said that, if a covert social-media campaign targeting russia-helped-to-swing-the- “Hillary defectors” was indeed launched in battleground states, it might well have changed the outcome of the election. election-for-trump
So, how did the 2018 election go?
Military response! POLICY US & WORLD TECH US Cyber Command a acked Russian troll farm 9 on Election Day 2018 ‘Preventing this interference is one of our highest priorities,’ said US agencies at the time By Russell Brandom Feb 26, 2019, 2:07pm EST Illustration by Alex Castro / The Verge The United States Cyber Command launched an offensive campaign to silence one of Russia’s most notorious troll operations on the day of the 2018 midterm elections, according to a new report by The Washington Post. The operation targeted the Internet Research Agency, a private company linked to the Kremlin and often used for disinformation campaigns.
Military response! POLICY US & WORLD TECH US Cyber Command a acked Russian troll farm 9 on Election Day 2018 Some U.S. officials argued that ‘Preventing “grand strategic deterrence” this interference is one of our highest priorities,’ said US agencies at is not always the goal. “Part ofthe ourtime objective is to throw a little curveball, inject a little friction, sow confusion,” said By Russell Brandom Feb 26, 2019, 2:07pm EST one defense official. “There’s value in that. We showed what’s in the realm of the possible. It’s not the old way of doing business anymore.” The action has been hailed as a success by Pentagon officials, and some senators credited Cyber Command with averting Russian interference in the midterms. “The fact that the 2018 election process moved forward without successful Russian intervention was not a coincidence,” said Sen. Mike Rounds (R-S.D.), who did not Illustration by Alex Castro / The Verge discuss the specific details of the operation targeting the St. Petersburg group. Without Cybercom’s efforts, he said, there The United States Cyber Command launched an offensive campaign to silence one of Russia’s most notorious troll operations on the day of the 2018 midterm elections, “would have been some very according serioustocyber-incursions.” a new report by The Washington Post. The operation targeted the Internet Research Agency, a private company linked to the Kremlin and often used for disinformation campaigns.
How well defended are the voting machines, themselves?
Viral attack vulnerabilities (Hart InterCivic) California Top to Bottom Review (2007) End of election inventory SERVO management / auditing Attacked by voter
Viral attack vulnerabilities (Hart InterCivic) California Top to Bottom Review (2007) End of election inventory SERVO management / auditing Attacked by voter
Viral attack vulnerabilities (Hart InterCivic) California Top to Bottom Review (2007) End of election inventory SERVO management / auditing Attacked by voter
Viral attack vulnerabilities (Hart InterCivic) California Top to Bottom Review (2007) End of election inventory SERVO management / auditing Exploit Attacked by voter
Viral attack vulnerabilities (Hart InterCivic) California Top to Bottom Review (2007) End of election inventory SERVO management / auditing Exploit Attacked by voter
Viral attack vulnerabilities (Hart InterCivic) California Top to Bottom Review (2007) End of election inventory SERVO management / auditing Exploit All subsequent machines compromised. Attacked by voter
Post-2016 improvements Better “cyber-hygiene” for election officials, political campaigns Example: Growing use of “two factor authentication” EI-ISAC: Election Infrastructure Information Sharing and Analysis Center • A direct consequence of the DHS “critical infrastructure” designation • Federal assistance to states and counties Some federal funds to improve security But not enough to replace existing equipment Summary: Better than nothing.
More publicity: DefCon Voting Village / CORY DOCTOROW / 5:42 AM FRI Defcon Voting Village report shows that hacking voting machines takes less time than voting MAGAZINE EVENTS LEADERS NETWORK INSIGHT SUBSCRIPTIONS SIGN IN Sign Up Log In CAN DEAD HACKERS VOTE TWICE? — Latest Defcon Voting Village report: Bug in one system could “flip Electoral TLS is Dead, Long Live TLS College” High-speed tabulator vulnerable to remote attacks, and that's only part of the problem. SEAN GALLAGHER - 9/27/2018, 5:24 PM News Topics Features Webinars White Papers Events & Conferences Directory INFOSECURITY MAGAZINE HOME » NEWS » DEF CON VOTING VILLAGE REPORT CALLS FOR STANDARDS & FIXES 28 SEP 2018 NEWS DEF CON Voting Village Report Calls for Standards & Fixes BEST PRODUCTS REVIEWS NEWS VIDEO HOW TO SMART HOME CARS DEALS DOWNLOAD JOIN / SIGN IN Dan Raywood Contributing Editor, Infosecurity Magazine Why Not Watch? Email Dan Follow @DanRaywood Connect on LinkedIn Sean Gallagher SECURITY Congress and national security leaders have been urged to take action to address issues in voting machines. Half of US states using voting machines with a Enlarge / A voting machine is submitted to abuse in DEFCON's Voting Village. After DEF CON’s Voting Village came under fire from the National Association of Secretaries of State (NASS) over the introduction of an area designed to test voting machines, DEF CON’s known vulnerability, says report 12 MAR 2015 16 APR 2015 Today, six prominent information-security experts who took part in DEF CON's Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for report on the voting village said that Congress must act, as “problems outlined in this report March Patch Update April Patch Update - entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of are not simply election administration flaws that need to be fixed for efficiency’s sake, but - Sponsored by The security flaw was flagged in Sponsored by 2007. Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security prob- voters. "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the authors of the report warned. rather serious risks to our critical infrastructure and thus national security.” Qualys Qualys lems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local o cials to take action into im- B Y M A R R I A N Z H O U / S E P T E M B E R 2 7, 2 0 1 8 1 1 : prove 5 2 A MAmerica's PDT voting security. The machine in question, the ES&S M650, is used for counting both regular and absentee ballots. The device from Election Systems & Software of Omaha, In four steps to be taken, the report claims that Congress must take action, and also fund Nebraska, is essentially a networked high-speed scanner like those used for scanning standardized-test sheets, usually run on a network at the county clerk's office. Whether it's showing that "secure" rmware can be dumped with a $15 electronic component or that voting systems can be hacked in minutes, the Based on the QNX 4.2 operating system—a real-time operating system developed and marketed by BlackBerry, currently up to version 7.0—the M650 uses Iomega election security as “no state or local government will ever be able to raise enough capital to Zip drives to move election data to and from a Windows-based management system. It also stores results on a 128-megabyte SanDisk Flash storage device directly Voting Village researchers do yeoman duty, compiling comprehensive reports on the dismal state of America's voting machines, nearly 20 years af- defend itself from a determined nation state” and security standards must be funded and ter Bush v Gore put the country on notice about the defective systems behind our elections. mounted on the system board. The results of tabulation are output as printed reports on an attached pin-feed printer. implemented. This year's report is the most alarming yet: it singles out the ES&S M650 tabulating machine, manufactured by Election Systems & So ware of Om- The report authors—Matt Blaze of the University of Pennsylvania, Jake Braun of the University of Chicago, David Jefferson of the Verified Voting Foundation, Harri Hursti and Margaret MacAlpine of Nordic Innovation Labs, and DEF CON founder Jeff Moss—documented dozens of other severe vulnerabilities found in voting aha, Nebraska, which still has outstanding defects that were reported to the manufacturer a decade ago. The M650's manifest unsuitability is so terri- The other points called for a “Crisis Communications Plan” as State and local government systems. They found that four major areas of "grave and undeniable" concern need to be addressed urgently. One of the most critical is the lack of any sort of ble that it would be funny if it wasn't so serious: this is a machine that uses an operating system developed for the Blackberry phone (!) and then uses election results web pages are “the most insecure component of our election infrastructure,” 12 FEB 2015 5 FEB 2015 supply-chain security for voting machines—there is no way to test the machines to see if they are trustworthy or if their components have been modified. Zip cartridges (!!) to move data around. and while many local election officials have advocated for Congress to act and fund robust February Patch Encryption Under security practices, the report said it is not enough. The M650 is one of the most widespread pieces of equipment in American election systems, used to count in-person and absentee ballots by optical- Yikes! Update - Sponsored Attack: Government ly scanning ballot papers whose bubble-in forms have been lled in by voters. The system -- connected to the internet by default -- is used for coun- by Qualys vs Privacy ty-wide tabulations in 23 states. As the report states: "Hacking just one of these machines could enable an attacker to ip the Electoral College and de- "If an adversary compromised chips through the supply chain," the report notes, "they could hack whole classes of machines across the US, remotely, all at once." “National security leaders must also remind Congress daily of the gravity of this threat and And despite the claim by manufacturers that the machines are secure because they are "air gapped" from the Internet during use, testing over the last two years at termine the outcome of a presidential election." national security implications,” it said. “It is the responsibility of both current and former DEF CON discovered remote hacking vulnerabilities requiring no physical access to the voting machines. national security leaders to ensure Congress does not myopically view these issues as election The researchers identi ed defects in other systems, too: one could be compromised in two minutes, less time than it takes the average voter to cast a administration issues but rather the critical national security issues they are.” Related to This Story ballot on it. Another could be wirelessly hacked with a nearby mobile device and made to register an arbitrary number of votes. The report goes on to warn about attacks on voting machine supply chains, which could compromise whole batches of machines before they even reached the polling place. DEF CON officials said that among the “dozens of vulnerabilities identified in the last two years” of the Voting Village, the insecure supply chain, capability for remote attacks despite #DEFCON Vote Hacking Village Refute NASS 'Unfair' As always, this year's Voting Village report closes with a set of clear, sensible recommendations, focusing on legislative and regulatory action as well insistence that the machines are ‘air gapped’, the ability to hack a machine in an average of Claims as technical advice for manufacturers and electoral o cials making purchase decisions. six minutes and failure to fix serious flaws all prove a persistent problem. This summer, Senate Republicans killed bipartisan legislation to fund additional cybersecurity funding for American election systems. #DEFCON DHS Says Collaboration Needed for “The failure to fix existing, reported vulnerabilities and the disconnect between the reports of Secure Infrastructure and Elections The machine in question, the ES&S M650, is used for counting both regular and absentee ballots. The device from Election Systems & So - ware of Omaha, Nebraska, is essentially a networked high-speed scanner like those used for scanning standardized-test sheets, usually run on a election security experts and the reactions of some election equipment vendors speaks network at the county clerk's o ce. Based on the QNX 4.2 operating system—a real-time operating system developed and marketed by Black-
California's voting makeover: All 58 counties race to update voting systems by 2020 Most California counties think they will make the deadline to update their voting systems, but 10 are requesting exemptions or extensions. California's 58 counties race to update voting systems by 2020 MAY 29, 201902:54 May 29, 2019, 1:06 PM CDT By Kevin Monahan, Cynthia McFadden and Adiel Kaplan https://www.nbcnews.com/ politics/2020-election/ SANTA ANA, Calif. — A sprawling warehouse on South Grand Avenue holds the 11,000 voting machines that Orange County, California — the nation's fifth-largest voting district — has used in its elections for the past two decades. Every single one of them is california-s-58-counties- about to become scrap metal, thanks in part to the stroke of a state official's pen. must-update-voting- systems-march-or- California Secretary of State Alex Padilla has long been concerned about the vulnerability of the nation's voting machines. "We have done more to respond to hanging chads," he told NBC News, "than we have done to respond to Vladimir Putin and the threats by n1009041 Russian intelligence officials against our elections."
California's voting makeover: All 58 counties race to update voting systems by 2020 Most California counties think they will make the deadline to update their voting systems, but 10 are requesting exemptions or extensions. The problem is not unique to California, as states across the country scramble to deal with outdated voting technology before 2020. A study by the Brennan Center for Justice shows that 38 states use discontinued voting machines — machines that are no longer manufactured — in one or more jurisdictions. Another seven states use voting machines that have been discontinued in every jurisdiction. That means only five states don't use at least some California's 58 counties race to update voting systems by 2020 machines that are no longer manufactured. MAY 29, 201902:54 May 29, 2019, 1:06 PM CDT By Kevin Monahan, Cynthia McFadden and Adiel Kaplan https://www.nbcnews.com/ politics/2020-election/ SANTA ANA, Calif. — A sprawling warehouse on South Grand Avenue holds the 11,000 voting machines that Orange County, California — the nation's fifth-largest voting district — has used in its elections for the past two decades. Every single one of them is california-s-58-counties- about to become scrap metal, thanks in part to the stroke of a state official's pen. must-update-voting- systems-march-or- California Secretary of State Alex Padilla has long been concerned about the vulnerability of the nation's voting machines. "We have done more to respond to hanging chads," he told NBC News, "than we have done to respond to Vladimir Putin and the threats by n1009041 Russian intelligence officials against our elections."
I know, let’s vote on the Internet!
The pitch: Convenience, turnout, cost Similar arguments in favor of vote-by-mail Vote from the convenience of your home! We can do banking on the Internet! Why not voting? We’ll just use blockchain, that will solve it!
The pitch: Convenience, turnout, cost Similar arguments in favor of vote-by-mail Vote from the convenience of your home! We can do banking on the Internet! Why not voting? We’ll just use blockchain, that will solve it!
Issue #0: Not everybody has a computer You’re making voting more accessible to some people, but not others Figure 3: Households with Internet Access Households with Internet Access 90 80 70 Source: A Comparative 60 Assessment of Electronic Voting (Feb. 2010), Canada- Percentage 50 40 Europe Transatlantic Dialog 30 http://www.elections.ca/res/ 20 rec/tech/ivote/comp/ 10 ivote_e.pdf 0 2001 2002 2003 2004 2005 2006 2007 Year Canada Switzerland United Kingdom Estonia
Issue #0: Not everybody has a computer You’re making voting more accessible to some people, but not others Figure 3: Households with Internet Access Households with Internet Access 90 80 Case studies of 70 prior Internet / Source: A Comparative 60 phone voting pilot Assessment of Electronic projects. Voting (Feb. 2010), Canada- Percentage 50 40 Europe Transatlantic Dialog 30 http://www.elections.ca/res/ 20 rec/tech/ivote/comp/ 10 ivote_e.pdf 0 2001 2002 2003 2004 2005 2006 2007 Year Canada Switzerland United Kingdom Estonia
SECTIONS NIGHTLY NEWS MEET THE PRESS DATELINE Issue #1: Local coercion INVESTIGATIONS DISCUSS AS: Sign in The real vote-fraud opportunity has arrived: casting your ballot by mail Tuesday Sep 25, 2012 7:13 AM EMAIL From a continuing series of articles, Who Can Vote?, a News21 investigation of voting rights in America. Read the full series. By Sarah Jane Capper and Michael Ciaglo Also an issue with vote-by-mail: you’re not in a News21 In the partisan controversies over changes in voter eligibility and secure polling place voter ID requirements, the growth of mail voting and no-excuse absentee voting have received little attention. While voter- impersonation fraud at the polls No requirement for voter anonymity is nearly unheard of, both sides in the voter fraud debate acknowledge that absentee ballots are susceptible to fraud. Early voting has begun, and more Michael Ciaglo/News21 Allows for bribery, coercion, retribution Americans than ever are Jason Randall, 26, places his mail-in ballot in a drop expected to vote by mail this fall box outside the Lane County Elections Office in in the presidential, state and local Eugene, Ore. Although Oregon conducts all of its elections. A gradual loosening of elections by mail, residents have the option of absentee voting laws in many mailing their ballots or returning them at drop boxes states, especially in the West, and located throughout the county. universal mail voting in Oregon Texas Public Policy Foundation and Washington have contributed to a significant shift in how Americans vote. In 1972, less than 5 percent of American voters used absentee ballots, according to LEGISLATORS’ GUIDE TO census data. By 2010, almost 16 percent of votes cast in the 2010 general election were absentee ballots, and nearly 5 percent more were mail ballots, according to the U.S. Election Assistance Commission's Election Administration and Voting Survey. If in-person early voters are counted, nearly 30 percent of the voters in 2010 did not go to the polls on THE 85th LEGISLATURE Election Day. "By 2016, casting a ballot in a traditional polling place will be a choice rather than a requirement," said Doug Chapin, a University Discuss this series of stories on the of Minnesota researcher and director of the Facebook page for Open Channel, the Program for Excellence in Election NBC News investigative blog. Administration. "There will still be people who go to the polling place because it's familiar, it's convenient, it's traditional. I think S P E C I A L S E S S I O N 2 0 1 7 there will be fewer of those places." More susceptible to fraud Cracking Down on Mail-in Ballot Fraud Election fraud is rare, but it usually involves absentee or mail ballots, said Paul Gronke, a Reed College political scientist, who directs the Early Voting Information Center in Oregon. He cites what he calls a classic example of election fraud, a local official stealing votes by filling out absentee ballots. That was the case in Lincoln County, W.Va., The Issue ended. Election law prohibits a polling place staffed by paid agents where the sheriff and clerk pleaded guilty to distributing absentee ballots to unqualified voters and helping mark them during a 2010 Democratic primary. of one candidate or one political party, yet, ballot harvesters are Mail-in ballot fraud is “‘the tool of choice’ for those who are functionally the same in many key respects as election judges. Curtis Gans, director of the Center for the Study of the American Electorate, said vote- buying and bribery could occur more easily with mail voting and absentee voting. At a engaging in election fraud.” polling place, someone who bribed voters would have no way to verify that the bribe worked. A person who bribes mail voters could watch as they mark ballots or even mark Once rare and only used when voters knew they were going The Facts ballots for them. to be out of town on Election Day, mail-in ballots have become Gans also points to the potential to influence voters in gatherings that some call ballot- • Texas first allowed absentee voting in 1917; voting by mail signing parties. A caregiver could mark a dependent's ballot.
Issue #2: Your computer is insecure 1-2% of U.S. computers have malware on them. Maybe much more.
Issue #2a: Older computers are worse
Issue #2a: Older computers are worse } Obsolete Android versions with dangerous security holes (3.8%). } Android versions which support newer security features (e.g., “hardware attestation”) that would be useful (57.9%).
Issue #3: Unreliable Internet Home Video World US & Canada UK Business Tech Science Stories Ente World Africa Asia Australia Europe Latin America Middle East How a cyber attack transformed Estonia By Damien McGuinness BBC News, Tallinn, Estonia 27 April 2017 Attackers could do “denial of service” attacks against election officials Knock servers offline, unable to receive votes GETTY IMAGES It all began when Estonian authorities decided to move a memorial to the Soviet Red Army to a The Russians (allegedly) did this to Estonia in 2007 position of less prominence in the capital, Tallinn Cyber-attacks, information warfare, fake news - exactly 10 years ago Estonia was one of the first countries to come under attack from this modern form of A 2014 independent study found many more issues hybrid warfare. It is an event that still shapes the country today. https://estoniaevoting.org/ Head bowed, one fist clenched and wearing a World War Two Red Army uniform, the Bronze Soldier stands solemnly in a quiet corner of a cemetery on the edge of the Estonian capital Tallinn. Flowers have been laid recently at his feet. It is a peaceful and dignified scene. But in April 2007 a row over this statue sparked the first known cyber-attack on an entire country. The attack showed how easily a hostile state can exploit potential tensions within another society. But it has also helped make Estonia a cyber security hotshot today. From outrage to outage Unveiled by the Soviet authorities in 1947, the Bronze Soldier was originally called "Monument to the Liberators of Tallinn". For Russian speakers in Estonia he represents the USSR's victory over Nazism. But for ethnic Estonians, Red Army soldiers were not liberators. They are seen as occupiers, and the Bronze Solider is a painful symbol of half a century of Soviet oppression. In 2007 the Estonian government decided to move the Bronze Soldier from the centre of Tallinn to a military cemetery on the outskirts of the city. The decision sparked outrage in Russian-language media and Russian speakers took to the streets. Protests were exacerbated by false Russian news reports
Best practices for HTTPS include supporting the newest version, TLS 1.2, of the protocol which resolves certain vulnerabilities in earlier versions (such as 1.0), prioritizing the use of at least Issue #4: The election server is insecure 128-bit encryption, and disallowing anything less than 128-bits. Servers should mitigate certain attacks that emerge with the use of TLS compression (e.g., the CRIME attack), TLS renegotiation, CBC-mode block ciphers in 1.0 and earlier (e.g., the BEAST attack), and the RC4 stream cipher (we cannot rule out the applicability of these attacks, although we note they do require specific assumptions that may not apply to specific voting systems). Finally, it is advisable to use a key exchange algorithm that provides forward secrecy (i.e., DHE or ECDHE) which will ensure that a future compromise of the election server’s HTTPS key (potentially years after the election) will not reveal how voters voted. Many vendors get even the basics Of the three vendors, Dominion had the best SSL/TLS server configuration: wrong (here, encryption settings) ● Scytl’s grade: B (source: SSL Labs Grade for demo.scytl.com). Scytl’s server gets a mediocre score for its TLS configuration. Issues include: not supporting TLS 1.1 or 1.2;; allowing the use of weak key lengths (via 56-bit DES);; and for not explicitly preferring • Internet Voting for Persons stronger connections over DES. Scytl’s server also supports TLS compression, a known vulnerability. While the server supports cipher modes that provide forward secrecy, it with Disabilities - Security does not explicitly prefer them. Scytl’s use of client-side encryption may moot this point if the client-side encryption uses a semantically secure (randomized) encryption algorithm Assessments of Vendor (though we were not able to confirm it). Proposals (2014) ● Dominion’s grade: A (source: SSL Labs Grade for intvoting.com). Dominion’s server gets a strong score for its TLS configuration. It supports TLS 1.2 and only offers encryption with at least 128 bits. It is not perfect as it prefers RC4, which mitigates BEAST, but has its own vulnerabilities (see the Traffic Analysis section below), and it • Commissioned by the City of does not offer forward secrecy at all. Toronto ● Everyone Counts’ grade: B (source: SSL Labs Grade for elect.everyonecounts.com). Everyone Counts’ server gets a mediocre score for its TLS configuration. It support TLS 1.2, prefers to use strong 256-bit encryption, but does support weak (56 bit) DES https://s3.amazonaws.com/ encryption. It does not explicitly mitigate BEAST server-side. It offers and prefers forward secrecy. s3.documentcloud.org/documents/ We note again that the grading scheme is not our own, and it is designed for general purpose 1310860/toronto-internet-voting-security- HTTPS configurations, however we believe it is a useful benchmark to establishing the degree to which the vendors comply with best practices. report.pdf FOI Request 2014-01542 Page 182
Best practices for HTTPS include supporting the newest version, TLS 1.2, of the protocol which resolves certain vulnerabilities in earlier versions (such as 1.0), prioritizing the use of at least Issue #4: The election server is insecure 128-bit encryption, and disallowing anything less than 128-bits. Servers should mitigate certain attacks that emerge with the use of TLS compression (e.g., the CRIME attack), TLS renegotiation, CBC-mode block ciphers in 1.0 and earlier (e.g., the BEAST attack), and the RC4 stream cipher (we cannot rule out the applicability of these attacks, although we note they do require specific assumptions that may not apply to specific voting systems). Finally, it is advisable to use a key exchange algorithm that provides forward secrecy (i.e., DHE or ECDHE) which will ensure that a future compromise of the election server’s HTTPS key (potentially years after the election) will not reveal how voters voted. Many vendors get even the basics Of the three vendors, Dominion had the best SSL/TLS server configuration: wrong (here, encryption settings) ● Scytl’s grade: B (source: SSL Labs Grade for demo.scytl.com). Scytl’s server gets a mediocre score for its TLS configuration. Issues include: not supporting TLS 1.1 or 1.2;; Of the proposals evaluated in the context of the allowing the use of weak key lengths (via 56-bit DES);; and for not explicitly preferring • Internet Voting for Persons [Toronto, Canada] RFP process, it is our opinion that stronger connections over DES. Scytl’s server also supports TLS compression, a known vulnerability. While the server supports cipher modes that provide forward secrecy, it with Disabilities - Security no proposal provides adequate protection against does not explicitly prefer them. Scytl’s use of client-side encryption may moot this point if the client-side encryption uses a semantically secure (randomized) encryption algorithm the risks inherent in internet voting. It is our Assessments of Vendor (though we were not able to confirm it). recommendation, therefore, that the City not Proposals (2014) ● Dominion’s grade: A (source: SSL Labs Grade for intvoting.com). Dominion’s server proceed with internet voting in the upcoming gets a strong score for its TLS configuration. It supports TLS 1.2 and only offers encryption with at least 128 bits. It is not perfect as it prefers RC4, which mitigates municipal election. If the City, contrary to this BEAST, but has its own vulnerabilities (see the Traffic Analysis section below), and it • Commissioned by the City of does not offer forward secrecy at all. recommendation, remains committed to the use of Toronto ● Everyone Counts’ grade: B (source: SSL Labs Grade for elect.everyonecounts.com). internet voting, we advise that the system be limited Everyone Counts’ server gets a mediocre score for its TLS configuration. It support TLS to voters with disabilities, and not offered to the 1.2, prefers to use strong 256-bit encryption, but does support weak (56 bit) DES https://s3.amazonaws.com/ encryption. It does not explicitly mitigate BEAST server-side. It offers and prefers forward electorate secrecy. at large. s3.documentcloud.org/documents/ We note again that the grading scheme is not our own, and it is designed for general purpose 1310860/toronto-internet-voting-security- HTTPS configurations, however we believe it is a useful benchmark to establishing the degree to which the vendors comply with best practices. report.pdf FOI Request 2014-01542 Page 182
You can also read
