[VVSG-post-election] Call for participation in a new

[Wack, John (Fed)]

Hello everyone,
This is a call for participation in a new subgroup of the interoperability working group, to create a specification for a cast vote records (CVR) common data format (CDF). This specification is intended for devices that capture and/or store a voter's cast vote record (an electronic representation of the voter's voted ballot), e.g., a DRE, a scanner, or some other type of voting device. The CDF would contain necessary attributes and elements to capture information about the device and then each cast vote record stored on the device. Additionally, the CDF may include summary information, such as a summary of ballots cast or rejected, or a summary of votes cast in the various contests - whatever summaries are appropriate and useful.
Some work has already been started on this CDF - an strawman use case has been created along with a UML model/XML schema, thus the subgroup would NOT need to start from scratch. However, the use case and model need to be reviewed as they are likely to be incomplete or contain some false assumptions.
Anyone/everyone is encouraged to join this group, and it needs membership from the following groups:

* Election officials who understand various use cases for cast vote records, how they are used currently in voting devices, and how they may be used in the future

* Manufacturers of voting devices who have familiarity with cast vote records

* Those familiar with security attributes that are/may be needed to protect cast vote record confidentiality/integrity
Will this CDF be included in the next VVSG? This will shake out as more time goes by. However, there is a decent amount of likelihood that it will be included and thus, it would be important to finish this CDF without too much delay. I may be tempting the devil here by saying that I don't think this should be too complicated of a CDF :-). One of the reasons I say this is that the CDF we created for election results reporting was used to build this initial strawman model, thus many things should be familiar to those who participated in that effort. The election results reporting model actually contains the capability to report on cast vote records for various different devices, but at a more general level that is appropriate for results reporting and not some of the other uses of this CDF, which could include reporting but also auditing.
If you are interested and feel you can contribute to this group, please send mail to me, John Wack, at the following address, and I will add you to a mailing list:
john.wack at nist.gov<mailto:john.wack at nist.gov>
I will, within the next week or so, schedule an initial meeting, where I'll go over the use case and model, and see whether you like it or not. In some of the other subgroups, we've had a number of very enjoyable discussions involving election officials and manufacturers and developers, oriented around increasing our understanding of the subject matter and the use case that the CDF will be designed to meet. The initial use case and a picture of the UML model are attached. If you have any questions, please let me know.
Cheers, John

[Arthur Keller]

What should the election community do about this threat?

Best regards,
Arthur

https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/ <https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/>

By November, Russian hackers could target voting machines

If Russia really is responsible, there's no reason political interference would end with the DNC emails.

By Bruce Schneier July 27 at 3:10 PM <mailto:schneier at schneier.com?subject=Reader%20feedback%20for%20%27By%20November,%20Russian%20hackers%20could%20target%20voting%20machines%27> <https://twitter.com/schneierblog>
Bruce Schneier <https://www.schneier.com/> is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World <https://www.schneier.com/book-dg.html>.
Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly <http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html> concluded.

The FBI is investigating. WikiLeaks promises <http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there is more data to come. The political nature <http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/> of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is <http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/> essential <https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If foreign governments learn that they can influence our elections with impunity, this opens the door for future?manipulations <http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help?Trump win <http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.? <https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>
Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are <http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/> insecure <https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us> and <https://www.salon.com/2011/09/27/votinghack/> vulnerable <https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security> to <http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/> attack <http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>.

[Your iPhone just got less secure. Blame the FBI. <https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]

But while computer security experts like?me <https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html> have sounded <https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962> the <http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm <https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html> for <https://citp.princeton.edu/research/voting/> many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.

We no?longer <https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92> have time <https://xkcd.com/463/> for that. We must ignore the machine manufacturers? spurious?claims <https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.

Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified?paper audit trails <http://votingmachines.procon.org/view.answers.php?questionID=000291>, and no <http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/> Internet <https://www.verifiedvoting.org/resources/internet-voting/vote-online/> voting <http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.

There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting?voter records <http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political?doxing <https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.

Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly?done <https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin?America <http://www.bloomberg.com/features/2016-how-to-hack-an-election/>. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

[Why would Russia try to hack the U.S. election? Because it might work. <https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]

Last April, the Obama administration issued <https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know> an <https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats> executive <https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi> order <https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

Election security is now a national security issue; federal officials need to take the lead, and they need to do it quickly.

[Deutsch, Herb]

Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.

From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
Sent: Thursday, July 28, 2016 12:30 AM
To: John Wack
Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines

What should the election community do about this threat?

Best regards,
Arthur

https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/

By November, Russian hackers could target voting machines

If Russia really is responsible, there's no reason political interference would end with the DNC emails.

[https://img.washingtonpost.com/wp-apps/imrs.php?src=http://wp-eng-static.washingtonpost.com/author_images/bschneier.jpg?ts=1428956090094&w=80&h=80]

By Bruce Schneier July 27 at 3:10 PM

Bruce Schneier<https://www.schneier.com> is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World<https://www.schneier.com/book-dg.html>.

Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly<http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html> concluded.
The FBI is investigating. WikiLeaks promises<http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there is more data to come. The political nature<http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/> of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is<http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/> essential<https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations<http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win<http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?<https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>

Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are<http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/> insecure<https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us> and<https://www.salon.com/2011/09/27/votinghack/> vulnerable<https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security> to<http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/> attack<http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>.

[Your iPhone just got less secure. Blame the FBI.<https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]

But while computer security experts like me<https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html> have sounded<https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962> the<http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm<https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html> for<https://citp.princeton.edu/research/voting/> many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
We no longer<https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92> have time<https://xkcd.com/463/> for that. We must ignore the machine manufacturers? spurious claims<https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails<http://votingmachines.procon.org/view.answers.php?questionID=000291>, and no<http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/> Internet<https://www.verifiedvoting.org/resources/internet-voting/vote-online/> voting<http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records<http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing<https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done<https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America<http://www.bloomberg.com/features/2016-how-to-hack-an-election/>. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

[Arthur Keller]

But vote tabulation and especially roll up is often connected to the Internet. And with the lack of effective audits in more jurisdictions, hacking the Internet-connected vote tabulation systems would do the trick.

In particular, if the vote tabulation system is connected to the web reporting system, then that's an avenue for attack.

There's a difference between auditable and actually audited. If the results are sufficiently skewed on election night, post election audits may not matter anyway. They didn't even matter in Florida in 2000 where the election was close.

Could the programming of electronic voting machines be hacked in a Stuxnet type attack while they are loaded with the election data file?

If China can hack Google, do we really believe there's no way Russia can't hack enough counties or states to change the outcome of the presidential election?

Best regards,
Arthur

> On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>
> Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.
>
> From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
> Sent: Thursday, July 28, 2016 12:30 AM
> To: John Wack
> Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
> Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines
>
> What should the election community do about this threat?
>
> Best regards,
> Arthur
>
> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>
> By November, Russian hackers could target voting machines
>
> If Russia really is responsible, there's no reason political interference would end with the DNC emails.
>
>

> By Bruce Schneier July 27 at 3:10 PM

> Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
> Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly concluded.
> The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
> If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

> Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

> Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?
> Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.
> [Your iPhone just got less secure. Blame the FBI.]
>
> But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
> We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
> Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
> There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
> Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.
> [Why would Russia try to hack the U.S. election? Because it might work.]
>
> Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

[Susan Eustis]

Arthur, I agree, I concur. My new book lays this scenario out in detail
and provides suggestions for preventing the hacks, ways to protect the
integrity of the election results, there needs to be safe guards and
automatic recounts the very next day with observers representing all
candidates, no matter whether the election was close or not. There needs
to be an audit trail and a way to protect the integrity of the balloting
that occurs before election day. There needs to be a way for the observers
to make a duplicate of the original ballots as the recount goes on and to
run those through their own counting scanner to determine the validity of
the election. There needs to be a way to interrupt the recount at any time
if someone has to go to the bathroom or falls asleep so that the recount
process has continuity and integrity. Things like this.
Susan

On Thu, Jul 28, 2016 at 9:22 AM, Arthur Keller <ark at soe.ucsc.edu> wrote:

> But vote tabulation and especially roll up is often connected to the
> Internet. And with the lack of effective audits in more jurisdictions,
> hacking the Internet-connected vote tabulation systems would do the trick.
>
> In particular, if the vote tabulation system is connected to the web
> reporting system, then that's an avenue for attack.
>
> There's a difference between auditable and actually audited. If the
> results are sufficiently skewed on election night, post election audits may
> not matter anyway. They didn't even matter in Florida in 2000 where the
> election was close.
>
> Could the programming of electronic voting machines be hacked in a Stuxnet
> type attack while they are loaded with the election data file?
>
> If China can hack Google, do we really believe there's no way Russia can't
> hack enough counties or states to change the outcome of the presidential
> election?
>
> Best regards,
> Arthur
>
> On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>
> Voting machines are not attached to the internet. You can?t hack them
> without physical control and that is auditable.
>
>
>

> *From:* vvsg-interoperability-bounces at nist.gov [
> mailto:vvsg-interoperability-bounces at nist.gov
> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Arthur Keller
> *Sent:* Thursday, July 28, 2016 12:30 AM
> *To:* John Wack
> *Cc:* vvsg-election; vvsg-pre-election; vvsg-post-election;
> vvsg-interoperability
> *Subject:* [VVSG-interoperability] By November, Russian hackers could

> target voting machines
>
>
>
> What should the election community do about this threat?
>
>
>
> Best regards,
>
> Arthur
>
>
>
>
> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>
>
> By November, Russian hackers could target voting machines
> If Russia really is responsible, there's no reason political interference
> would end with the DNC emails.
>
> By Bruce Schneier July 27 at 3:10 PM
>

> Bruce Schneier <https://www.schneier.com> is a security technologist and

> a lecturer at the Kennedy School of Government at Harvard University. His

> latest book is *Data and Goliath: The Hidden Battles to Collect Your Data
> and Control Your World* <https://www.schneier.com/book-dg.html>.

>
> Russia was behind the hacks into the Democratic National Committee?s
> computer network that led to the release of thousands of internal emails
> just before the party?s convention began, U.S. intelligence agencies have
> reportedly

> <http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html>

> concluded.
>
> The FBI is investigating. WikiLeaks promises

> <http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there

> is more data to come. The political nature

> <http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/>

> of this cyberattack means that Democrats and Republicans are trying to spin
> this as much as possible. Even so, we have to accept that someone is
> attacking our nation?s computer systems in an apparent attempt to influence
> a presidential election. This kind of cyberattack targets the very core of
> our democratic process. And it points to the possibility of an even worse
> problem in November ? that our election systems and our voting machines
> could be vulnerable to a similar attack.
>
> If the intelligence community has indeed ascertained that Russia is to
> blame, our government needs to decide what to do in response. This is
> difficult because the attacks are politically partisan, but it is

> <http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/>
> essential
> <https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If

> foreign governments learn that they can influence our elections with
> impunity, this opens the door for future manipulations

> <http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>,

> both document thefts and dumps like this one that we see and more subtle
> manipulations that we don?t see.
>
> Retaliation is politically fraught and could have serious consequences,
> but this is an attack against our democracy. We need to confront Russian
> President Vladimir Putin in some way ? politically, economically or in
> cyberspace ? and make it clear that we will not tolerate this kind of
> interference by any government. Regardless of your political leanings this
> time, there?s no guarantee the next country that tries to manipulate our
> elections will share your preferred candidates.
>
> Even more important, we need to secure our election systems before autumn.
> If Putin?s government has already used a cyberattack to attempt to help Trump
> win

> <http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>,

> there?s no reason to believe he won?t do it again ? especially now that Trump
> is inviting the ?help.?

> <https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>

>
> Over the years, more and more states have moved to electronic voting
> machines and have flirted with Internet voting. These systems are

> <http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/>
> insecure
> <https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us>
> and <https://www.salon.com/2011/09/27/votinghack/> vulnerable
> <https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security>
> to
> <http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/>
> attack
> <http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>
> .
>

> *[Your iPhone just got less secure. Blame the FBI.
> <https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
> *

>
> But while computer security experts like me

> <https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html>
> have sounded
> <https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962>
> the <http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm
> <https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html>

> for <https://citp.princeton.edu/research/voting/> many years, states

> have largely ignored the threat, and the machine manufacturers have thrown
> up enough obfuscating babble that election officials are largely mollified.
>
> We no longer

> <https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92>
> have time <https://xkcd.com/463/> for that. We must ignore the machine
> manufacturers? spurious claims
> <https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger

> teams to test the machines? and systems? resistance to attack, drastically
> increase their cyber-defenses and take them offline if we can?t guarantee
> their security online.
>
> Longer term, we need to return to election systems that are secure from
> manipulation. This means voting machines with voter-verified paper audit

> trails
> <http://votingmachines.procon.org/view.answers.php?questionID=000291>,
> and no
> <http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/>
> Internet
> <https://www.verifiedvoting.org/resources/internet-voting/vote-online/>
> voting

> <http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I

> know it?s slower and less convenient to stick to the old-fashioned way, but
> the security risks are simply too great.
>
> There are other ways to attack our election system on the Internet besides
> hacking voting machines or changing vote tallies: deleting voter records

> <http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>,

> hijacking candidate or party websites, targeting and intimidating campaign
> workers or donors. There have already been multiple instances of
> political doxing

> <https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ?

> publishing personal information and documents about a person or
> organization ? and we could easily see more of it in this election cycle.
> We need to take these risks much more seriously than before.
>
> Government interference with foreign elections isn?t new, and in fact,
> that?s something the United States itself has repeatedly done

> <https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in

> recent history. Using cyberattacks to influence elections is newer but has
> been done before, too ? most notably in Latin America

> <http://www.bloomberg.com/features/2016-how-to-hack-an-election/>.

> Hacking of voting machines isn?t new, either. But what is new is a foreign
> government interfering with a U.S. national election on a large scale. Our
> democracy cannot tolerate it, and we as citizens cannot accept it.
>

> *[Why would Russia try to hack the U.S. election? Because it might work.
> <https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]
> *

>
> Last April, the Obama administration issued

> <https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know>
> an
> <https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats>
> executive
> <https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi>
> order

> <https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining

> how we as a nation respond to cyberattacks against our critical
> infrastructure. While our election technology was not explicitly mentioned,
> our political process is certainly critical. And while they?re a hodgepodge
> of separate state-run systems, together their security affects every one of
> us. After everyone has voted, it is essential that both sides believe the
> election was fair and the results accurate. Otherwise, the election has no
> legitimacy.
>
> Election security is now a national security issue; federal officials need
> to take the lead, and they need to do it quickly.
>
>
>
>
>
>

--
--

Susan Eustis
President
WinterGreen Research
6 Raymond Street
Lexington, Massachusetts
phone 781 863 5078
cell 617 852 7876

[Duncan Buell]

Well, not necessarily. Voting machines get ballot images downloaded from devices that are configured at county headquarters on machines that may well be connected to the net. Voter registration systems that allow online registration or online lookup are connected to the net. I suspect few counties set up entirely air-gapped systems for security and integrity purposes, because that would cost money and would require expertise that government salaries probably won?t pay for.

I think the answer to Arthur?s question is: Of course this is a threat. The stakes are very high, because we are the dominant country on the planet, so we are clearly a fat target both for corruption and for simple disruption. And we know that the capability exists among adversaries to do damage. It would be naive and foolish not to assume that it won?t be attempted, and it is irresponsible for technical people to be saying that it can?t be done.

Duncan Buell
Professor
Computer Science and E
NCR Chair in Computer Science and Engineering
College of E and Computing
University of South Carolina
Columbia SC 29208
803.777.7848
buell at acm.org
www.cse.sc.edu/duncanbuell
www.criticalinteractives.org

> On Jul 28, 2016, at 9:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>
> Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.
>
> From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
> Sent: Thursday, July 28, 2016 12:30 AM
> To: John Wack
> Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
> Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines
>
> What should the election community do about this threat?
>
> Best regards,
> Arthur
>
> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>
> By November, Russian hackers could target voting machines
>
> If Russia really is responsible, there's no reason political interference would end with the DNC emails.
>
>

> By Bruce Schneier July 27 at 3:10 PM

> Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
> Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly concluded.
> The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
> If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

> Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

> Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?
> Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.
> [Your iPhone just got less secure. Blame the FBI.]
>
> But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
> We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.

> Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
> There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
> Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.
> [Why would Russia try to hack the U.S. election? Because it might work.]
>
> Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

[Arthur Keller]

But that's made harder with vote by mail ballots that aren't counted until later if received on Election Day. And California now has a law allowing ballots to be received on Friday if postmarked on Election Day. Fortunately, California is not a swing state!

And with HAVA requiring a provisional vote process, audits don't occur until after the tabulation is complete. Yet it's election night results that make the difference in the press and in the public's mind. Practically No one pays attention to the detailed results weeks later when the results are certified.

Best regards,
Arthur

> On Jul 28, 2016, at 6:30 AM, Susan Eustis <susan at wintergreenresearch.com> wrote:
>
> Arthur, I agree, I concur. My new book lays this scenario out in detail and provides suggestions for preventing the hacks, ways to protect the integrity of the election results, there needs to be safe guards and automatic recounts the very next day with observers representing all candidates, no matter whether the election was close or not. There needs to be an audit trail and a way to protect the integrity of the balloting that occurs before election day. There needs to be a way for the observers to make a duplicate of the original ballots as the recount goes on and to run those through their own counting scanner to determine the validity of the election. There needs to be a way to interrupt the recount at any time if someone has to go to the bathroom or falls asleep so that the recount process has continuity and integrity. Things like this.
> Susan
>
>> On Thu, Jul 28, 2016 at 9:22 AM, Arthur Keller <ark at soe.ucsc.edu> wrote:
>> But vote tabulation and especially roll up is often connected to the Internet. And with the lack of effective audits in more jurisdictions, hacking the Internet-connected vote tabulation systems would do the trick.
>>
>> In particular, if the vote tabulation system is connected to the web reporting system, then that's an avenue for attack.
>>
>> There's a difference between auditable and actually audited. If the results are sufficiently skewed on election night, post election audits may not matter anyway. They didn't even matter in Florida in 2000 where the election was close.
>>
>> Could the programming of electronic voting machines be hacked in a Stuxnet type attack while they are loaded with the election data file?
>>
>> If China can hack Google, do we really believe there's no way Russia can't hack enough counties or states to change the outcome of the presidential election?
>>
>> Best regards,
>> Arthur
>>
>>> On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>>>
>>> Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.
>>>
>>>
>>>

>>> From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
>>> Sent: Thursday, July 28, 2016 12:30 AM
>>> To: John Wack
>>> Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability

>>> Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines
>>>
>>>
>>>
>>> What should the election community do about this threat?
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Arthur
>>>
>>>
>>>
>>> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>>>
>>>
>>>
>>> By November, Russian hackers could target voting machines
>>>
>>> If Russia really is responsible, there's no reason political interference would end with the DNC emails.
>>>
>>>
>>>
>>> By Bruce Schneier July 27 at 3:10 PM
>>>

>>> Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
>>>
>>> Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly concluded.
>>>
>>> The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
>>>
>>> If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

>>>
>>> Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.
>>>

>>> Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?
>>>
>>> Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.
>>>
>>> [Your iPhone just got less secure. Blame the FBI.]
>>>
>>> But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
>>>
>>> We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
>>>

>>> Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
>>>
>>> There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
>>>
>>> Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.
>>>
>>> [Why would Russia try to hack the U.S. election? Because it might work.]
>>>
>>> Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

[Paul Lux]

Florida ?fixed? this by requiring an air-gap (sneakernet) between tabulation systems and election reporting system. All voting is by marksense ballot, with the rare exception of those in the disability community who must vote using a touch screen machine (and then only in jurisdictions that aren?t using AutoMARKs).

Not 100% foolproof, but certainly a better-mitigated solution than many all-electroninc voting jurisdictions.

Paul Lux, CERA
Supervisor of Elections
[logoR1slantstar.jpg]
Okaloosa County Supervisor of Elections
Election Headquarters (Crestview): 850.689.5600
Branch Office (Fort Walton Beach): 850.651.7272
Email: plux at co.okaloosa.fl.us
Visit us online at www.govote-okaloosa.com

From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
Sent: Thursday, July 28, 2016 8:23 AM
To: Deutsch, Herb
Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
Subject: Re: [VVSG-interoperability] By November, Russian hackers could target voting machines

But vote tabulation and especially roll up is often connected to the Internet. And with the lack of effective audits in more jurisdictions, hacking the Internet-connected vote tabulation systems would do the trick.

In particular, if the vote tabulation system is connected to the web reporting system, then that's an avenue for attack.

There's a difference between auditable and actually audited. If the results are sufficiently skewed on election night, post election audits may not matter anyway. They didn't even matter in Florida in 2000 where the election was close.

Could the programming of electronic voting machines be hacked in a Stuxnet type attack while they are loaded with the election data file?

If China can hack Google, do we really believe there's no way Russia can't hack enough counties or states to change the outcome of the presidential election?

Best regards,
Arthur

On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com<mailto:hdeutsch at essvote.com>> wrote:
Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.

From: vvsg-interoperability-bounces at nist.gov<mailto:vvsg-interoperability-bounces at nist.gov> [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
Sent: Thursday, July 28, 2016 12:30 AM
To: John Wack
Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines

What should the election community do about this threat?

Best regards,
Arthur

https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/

By November, Russian hackers could target voting machines
If Russia really is responsible, there's no reason political interference would end with the DNC emails.

[Image removed by sender.]

By Bruce Schneier July 27 at 3:10 PM

Bruce Schneier<https://www.schneier.com> is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World<https://www.schneier.com/book-dg.html>.
Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly<http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html> concluded.
The FBI is investigating. WikiLeaks promises<http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there is more data to come. The political nature<http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/> of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is<http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/> essential<https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations<http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win<http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?<https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>
Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are<http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/> insecure<https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us> and<https://www.salon.com/2011/09/27/votinghack/> vulnerable<https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security> to<http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/> attack<http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>.

[Your iPhone just got less secure. Blame the FBI.<https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
But while computer security experts like me<https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html> have sounded<https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962> the<http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm<https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html> for<https://citp.princeton.edu/research/voting/> many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
We no longer<https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92> have time<https://xkcd.com/463/> for that. We must ignore the machine manufacturers? spurious claims<https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails<http://votingmachines.procon.org/view.answers.php?questionID=000291>, and no<http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/> Internet<https://www.verifiedvoting.org/resources/internet-voting/vote-online/> voting<http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records<http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing<https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done<https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America<http://www.bloomberg.com/features/2016-how-to-hack-an-election/>. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

[Why would Russia try to hack the U.S. election? Because it might work.<https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]
Last April, the Obama administration issued<https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know> an<https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats> executive<https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi> order<https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

[Kurt Hyde]

I beg to differ in the opinion that electronic voting machines must be
attached to the Internet in order to be hacked and that such hacks would
necessarily captured in logs. The Princeton style hack could be done by a
voter and I know of no log that would capture this.

https://www.youtube.com/watch?v=aZws98jw67g

The Univ of Michigan white-hat hack was not detected until the hackers
slapped the Washington, DC election officials (One of whom was an Ohio
State alumnus) in the face by playing the U of Michigan fight song to the
voters.

http://www.annarbor.com/business-review/university-of-michigan-student-hacks-into-washington-dc-online-voting-system/

I also beg to differ to the opinion expressed in this newspaper article
that the states are fault. Internet voting was forced on the states by the
federal government in a series of baby steps, such as a rider to the
National Defense Authorization Act for 2010, HR 2647 in the 11th Congress.

*Kurt *

Nor yet, O Freedom! close thy lids in slumber for thine enemy never sleeps.
-- The Antiquity of Freedom By William Cullen Bryant

On Thu, Jul 28, 2016 at 8:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:

> Voting machines are not attached to the internet. You can?t hack them
> without physical control and that is auditable.
>
>
>

> *From:* vvsg-interoperability-bounces at nist.gov [mailto:
> vvsg-interoperability-bounces at nist.gov] *On Behalf Of *Arthur Keller

> *Sent:* Thursday, July 28, 2016 12:30 AM
> *To:* John Wack
> *Cc:* vvsg-election; vvsg-pre-election; vvsg-post-election;
> vvsg-interoperability

> *Subject:* [VVSG-interoperability] By November, Russian hackers could

> target voting machines
>
>
>
> What should the election community do about this threat?
>
>
>
> Best regards,
>
> Arthur
>
>
>
>
> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>
>
> By November, Russian hackers could target voting machines
> If Russia really is responsible, there's no reason political interference
> would end with the DNC emails.
>

> By Bruce Schneier July 27 at 3:10 PM
>
> Bruce Schneier <https://www.schneier.com> is a security technologist and
> a lecturer at the Kennedy School of Government at Harvard University. His

> latest book is *Data and Goliath: The Hidden Battles to Collect Your Data
> and Control Your World* <https://www.schneier.com/book-dg.html>.

> *[Your iPhone just got less secure. Blame the FBI.
> <https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
> *

> *[Why would Russia try to hack the U.S. election? Because it might work.
> <https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]
> *

[Arthur Keller]

Thanks, Paul. Stuxnet crossed air gaps. Blank CDs burned each time with fresh data that goes one way is better but not foolproof. Hacks can be planted earlier and be programmed to erase their trace after Election Day.

Best regards,
Arthur

> On Jul 28, 2016, at 6:51 AM, Paul Lux <plux at co.okaloosa.fl.us> wrote:
>
> Florida ?fixed? this by requiring an air-gap (sneakernet) between tabulation systems and election reporting system. All voting is by marksense ballot, with the rare exception of those in the disability community who must vote using a touch screen machine (and then only in jurisdictions that aren?t using AutoMARKs).
>
> Not 100% foolproof, but certainly a better-mitigated solution than many all-electroninc voting jurisdictions.
>
> Paul Lux, CERA
> Supervisor of Elections

> <image001.jpg>

> Okaloosa County Supervisor of Elections
> Election Headquarters (Crestview): 850.689.5600
> Branch Office (Fort Walton Beach): 850.651.7272
> Email: plux at co.okaloosa.fl.us
> Visit us online at www.govote-okaloosa.com
>
> From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
> Sent: Thursday, July 28, 2016 8:23 AM
> To: Deutsch, Herb
> Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
> Subject: Re: [VVSG-interoperability] By November, Russian hackers could target voting machines
>
> But vote tabulation and especially roll up is often connected to the Internet. And with the lack of effective audits in more jurisdictions, hacking the Internet-connected vote tabulation systems would do the trick.
>
> In particular, if the vote tabulation system is connected to the web reporting system, then that's an avenue for attack.
>
> There's a difference between auditable and actually audited. If the results are sufficiently skewed on election night, post election audits may not matter anyway. They didn't even matter in Florida in 2000 where the election was close.
>
> Could the programming of electronic voting machines be hacked in a Stuxnet type attack while they are loaded with the election data file?
>
> If China can hack Google, do we really believe there's no way Russia can't hack enough counties or states to change the outcome of the presidential election?
>
> Best regards,
> Arthur
>

> On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com> wrote:
>
> Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.
>

> From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
> Sent: Thursday, July 28, 2016 12:30 AM
> To: John Wack
> Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
> Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines
>
> What should the election community do about this threat?
>
> Best regards,
> Arthur
>
> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>
> By November, Russian hackers could target voting machines
>
> If Russia really is responsible, there's no reason political interference would end with the DNC emails.
>

> <~WRD000.jpg>

> By Bruce Schneier July 27 at 3:10 PM

> Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
> Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly concluded.
> The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
> If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

> Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

> Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?
> Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.
> [Your iPhone just got less secure. Blame the FBI.]
>
> But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
> We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.

> Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
> There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
> Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.
> [Why would Russia try to hack the U.S. election? Because it might work.]
>
> Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

[Paul Lux]

Kurt,

Just as an FYI . . . .

The only two projects funded and ran under the DAA were the 2000 VOI project (which served less than 200 voters nationwide) and the 2004 SERVE Project which was cancelled. No other internet-based initiative ever came from the Federal Government; to wit, the terms of the 2011 and 2012 EASE grants specifically forbid using those Federal funds to in any way facilitate electronic ballot return.

No State has had their arm twisted by the Feds when it comes to electronic ballot return.

Paul Lux, CERA
Supervisor of Elections

[logoR1slantstar.jpg]

Okaloosa County Supervisor of Elections
Election Headquarters (Crestview): 850.689.5600
Branch Office (Fort Walton Beach): 850.651.7272
Email: plux at co.okaloosa.fl.us
Visit us online at www.govote-okaloosa.com

From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Kurt Hyde
Sent: Thursday, July 28, 2016 8:58 AM
To: Deutsch, Herb

Cc: vvsg-pre-election; vvsg-election; vvsg-post-election; vvsg-interoperability
Subject: Re: [VVSG-interoperability] By November, Russian hackers could target voting machines

I beg to differ in the opinion that electronic voting machines must be attached to the Internet in order to be hacked and that such hacks would necessarily captured in logs. The Princeton style hack could be done by a voter and I know of no log that would capture this.

https://www.youtube.com/watch?v=aZws98jw67g

The Univ of Michigan white-hat hack was not detected until the hackers slapped the Washington, DC election officials (One of whom was an Ohio State alumnus) in the face by playing the U of Michigan fight song to the voters.

http://www.annarbor.com/business-review/university-of-michigan-student-hacks-into-washington-dc-online-voting-system/

I also beg to differ to the opinion expressed in this newspaper article that the states are fault. Internet voting was forced on the states by the federal government in a series of baby steps, such as a rider to the National Defense Authorization Act for 2010, HR 2647 in the 11th Congress.

Kurt

Nor yet, O Freedom! close thy lids in slumber for thine enemy never sleeps. -- The Antiquity of Freedom By William Cullen Bryant

On Thu, Jul 28, 2016 at 8:07 AM, Deutsch, Herb <hdeutsch at essvote.com<mailto:hdeutsch at essvote.com>> wrote:
Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.

From: vvsg-interoperability-bounces at nist.gov<mailto:vvsg-interoperability-bounces at nist.gov> [mailto:vvsg-interoperability-bounces at nist.gov<mailto:vvsg-interoperability-bounces at nist.gov>] On Behalf Of Arthur Keller
Sent: Thursday, July 28, 2016 12:30 AM
To: John Wack
Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability

Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines

What should the election community do about this threat?

Best regards,
Arthur

https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/

By November, Russian hackers could target voting machines
If Russia really is responsible, there's no reason political interference would end with the DNC emails.

[Image removed by sender.]

By Bruce Schneier July 27 at 3:10 PM

Bruce Schneier<https://www.schneier.com> is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World<https://www.schneier.com/book-dg.html>.

Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly<http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html> concluded.
The FBI is investigating. WikiLeaks promises<http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there is more data to come. The political nature<http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/> of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is<http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/> essential<https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations<http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.
Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.
Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win<http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?<https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>
Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are<http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/> insecure<https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us> and<https://www.salon.com/2011/09/27/votinghack/> vulnerable<https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security> to<http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/> attack<http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>.

[Your iPhone just got less secure. Blame the FBI.<https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]

But while computer security experts like me<https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html> have sounded<https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962> the<http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm<https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html> for<https://citp.princeton.edu/research/voting/> many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
We no longer<https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92> have time<https://xkcd.com/463/> for that. We must ignore the machine manufacturers? spurious claims<https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails<http://votingmachines.procon.org/view.answers.php?questionID=000291>, and no<http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/> Internet<https://www.verifiedvoting.org/resources/internet-voting/vote-online/> voting<http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records<http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing<https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done<https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America<http://www.bloomberg.com/features/2016-how-to-hack-an-election/>. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

[Why would Russia try to hack the U.S. election? Because it might work.<https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]

[Young, Jill]

The world watched for weeks in 2000 before the US Supreme Court announced who will become President!

This article might give us an opportunity to collect current information on how each state administers its election. I know there are studies on this. However, many of us are involved in administering elections and can provide current information. For example, in Missouri, after the election closes, each county electronically tabulates their precinct results then phones in their election data. Large counties (i.e., St. Louis County) uses a secure intranet to tabulate votes recorded at the precincts.

I saw the FL comment, too.

Jill Young, Ph.D.
Donald L. Harrison College of Business
Dempster Hall 212, Mail Stop 5815
Southeast Missouri State University
Cape Girardeau, MO 63701
573-986-6093
________________________________
From: vvsg-post-election-bounces at nist.gov [vvsg-post-election-bounces at nist.gov] on behalf of Arthur Keller [ark at soe.ucsc.edu]
Sent: Thursday, July 28, 2016 8:43 AM
To: Susan Eustis

Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability

Subject: Re: [VVSG-post-election] [VVSG-interoperability] By November, Russian hackers could target voting machines

But that's made harder with vote by mail ballots that aren't counted until later if received on Election Day. And California now has a law allowing ballots to be received on Friday if postmarked on Election Day. Fortunately, California is not a swing state!

And with HAVA requiring a provisional vote process, audits don't occur until after the tabulation is complete. Yet it's election night results that make the difference in the press and in the public's mind. Practically No one pays attention to the detailed results weeks later when the results are certified.

Best regards,
Arthur

On Jul 28, 2016, at 6:30 AM, Susan Eustis <susan at wintergreenresearch.com<mailto:susan at wintergreenresearch.com>> wrote:

Arthur, I agree, I concur. My new book lays this scenario out in detail and provides suggestions for preventing the hacks, ways to protect the integrity of the election results, there needs to be safe guards and automatic recounts the very next day with observers representing all candidates, no matter whether the election was close or not. There needs to be an audit trail and a way to protect the integrity of the balloting that occurs before election day. There needs to be a way for the observers to make a duplicate of the original ballots as the recount goes on and to run those through their own counting scanner to determine the validity of the election. There needs to be a way to interrupt the recount at any time if someone has to go to the bathroom or falls asleep so that the recount process has continuity and integrity. Things like this.
Susan

On Thu, Jul 28, 2016 at 9:22 AM, Arthur Keller <ark at soe.ucsc.edu<mailto:ark at soe.ucsc.edu>> wrote:
But vote tabulation and especially roll up is often connected to the Internet. And with the lack of effective audits in more jurisdictions, hacking the Internet-connected vote tabulation systems would do the trick.

In particular, if the vote tabulation system is connected to the web reporting system, then that's an avenue for attack.

There's a difference between auditable and actually audited. If the results are sufficiently skewed on election night, post election audits may not matter anyway. They didn't even matter in Florida in 2000 where the election was close.

Could the programming of electronic voting machines be hacked in a Stuxnet type attack while they are loaded with the election data file?

If China can hack Google, do we really believe there's no way Russia can't hack enough counties or states to change the outcome of the presidential election?

Best regards,
Arthur

On Jul 28, 2016, at 6:07 AM, Deutsch, Herb <hdeutsch at essvote.com<mailto:hdeutsch at essvote.com>> wrote:

Voting machines are not attached to the internet. You can?t hack them without physical control and that is auditable.

From: vvsg-interoperability-bounces at nist.gov<mailto:vvsg-interoperability-bounces at nist.gov> [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
Sent: Thursday, July 28, 2016 12:30 AM
To: John Wack
Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability
Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines

What should the election community do about this threat?

Best regards,
Arthur

https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/

By November, Russian hackers could target voting machines
If Russia really is responsible, there's no reason political interference would end with the DNC emails.

[https://img.washingtonpost.com/wp-apps/imrs.php?src=http://wp-eng-static.washingtonpost.com/author_images/bschneier.jpg?ts=1428956090094&w=80&h=80]

By Bruce Schneier July 27 at 3:10 PM

Bruce Schneier<https://www.schneier.com> is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World<https://www.schneier.com/book-dg.html>.
Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly<http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html> concluded.
The FBI is investigating. WikiLeaks promises<http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there is more data to come. The political nature<http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/> of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is<http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/> essential<https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations<http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win<http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?<https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>
Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are<http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/> insecure<https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us> and<https://www.salon.com/2011/09/27/votinghack/> vulnerable<https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security> to<http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/> attack<http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>.

[Your iPhone just got less secure. Blame the FBI.<https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
But while computer security experts like me<https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html> have sounded<https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962> the<http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm<https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html> for<https://citp.princeton.edu/research/voting/> many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
We no longer<https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92> have time<https://xkcd.com/463/> for that. We must ignore the machine manufacturers? spurious claims<https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails<http://votingmachines.procon.org/view.answers.php?questionID=000291>, and no<http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/> Internet<https://www.verifiedvoting.org/resources/internet-voting/vote-online/> voting<http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records<http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing<https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done<https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America<http://www.bloomberg.com/features/2016-how-to-hack-an-election/>. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

[Why would Russia try to hack the U.S. election? Because it might work.<https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]

Last April, the Obama administration issued<https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know> an<https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats> executive<https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi> order<https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

[Brent Turner]

The key is to facilitate smooth transitions of power is to ensure voter
confidence and that relates directly to a secure " first count" rather than
audit procedures. I endorse audits.. but history shows us that is when
the village becomes restless.. and audits are no substitute for a
confidence inspiring - transparent initial count. Currently the " secret
software " systems coupled with VVPAT's are condemned as insecure by
government study, so we don't have to consider the internet to sound those
alarms. Ed Felton from OSTP confirms.

Over-focus on audits seem to be an affectation of the fund raising groups
with motivations unclear. Though the open source election reform advocates
100 % immediate audit at the precinct level.. we recognize the key is to
capture a precise and secure count previous to transportation of the
ballots. The media must stand down until the task is completed.

If technology like smart phone voting is available ( with short codes /
block chain etc ) at least the voter will be able to verify their vote was
counted as cast.

Best-

Brent Turner
California Association of Voting Officials
www.cavo-us.org

>> *From:* vvsg-interoperability-bounces at nist.gov [
>> mailto:vvsg-interoperability-bounces at nist.gov

>> <vvsg-interoperability-bounces at nist.gov>] *On Behalf Of *Arthur Keller
>> *Sent:* Thursday, July 28, 2016 12:30 AM
>> *To:* John Wack
>> *Cc:* vvsg-election; vvsg-pre-election; vvsg-post-election;
>> vvsg-interoperability

>> *Subject:* [VVSG-interoperability] By November, Russian hackers could

>> target voting machines
>>
>>
>>
>> What should the election community do about this threat?
>>
>>
>>
>> Best regards,
>>
>> Arthur
>>
>>
>>
>>
>> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>>
>>
>> By November, Russian hackers could target voting machines
>> If Russia really is responsible, there's no reason political interference
>> would end with the DNC emails.
>>
>> By Bruce Schneier July 27 at 3:10 PM
>>

>> Bruce Schneier <https://www.schneier.com> is a security technologist and

>> a lecturer at the Kennedy School of Government at Harvard University. His

>> latest book is *Data and Goliath: The Hidden Battles to Collect Your
>> Data and Control Your World* <https://www.schneier.com/book-dg.html>.

>>
>> Russia was behind the hacks into the Democratic National Committee?s
>> computer network that led to the release of thousands of internal emails
>> just before the party?s convention began, U.S. intelligence agencies have
>> reportedly

>> <http://www.nytimes.com/2016/07/27/world/europe/russia-dnc-hack-emails.html>

>> concluded.
>>
>> The FBI is investigating. WikiLeaks promises

>> <http://www.cnn.com/2016/07/26/politics/julian-assange-dnc-email-leak-hack/> there

>> is more data to come. The political nature

>> <http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/>

>> of this cyberattack means that Democrats and Republicans are trying to spin
>> this as much as possible. Even so, we have to accept that someone is
>> attacking our nation?s computer systems in an apparent attempt to influence
>> a presidential election. This kind of cyberattack targets the very core of
>> our democratic process. And it points to the possibility of an even worse
>> problem in November ? that our election systems and our voting machines
>> could be vulnerable to a similar attack.
>>
>> If the intelligence community has indeed ascertained that Russia is to
>> blame, our government needs to decide what to do in response. This is
>> difficult because the attacks are politically partisan, but it is

>> <http://arstechnica.com/security/2016/06/guest-editorial-the-dnc-hack-and-dump-is-what-cyberwar-looks-like/>
>> essential
>> <https://www.balloon-juice.com/2016/07/26/we-are-at-cyber-war-so-what-exactly-do-we-do-about-it/>. If

>> foreign governments learn that they can influence our elections with
>> impunity, this opens the door for future manipulations

>> <http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html>,

>> both document thefts and dumps like this one that we see and more subtle
>> manipulations that we don?t see.
>>
>> Retaliation is politically fraught and could have serious consequences,
>> but this is an attack against our democracy. We need to confront Russian
>> President Vladimir Putin in some way ? politically, economically or in
>> cyberspace ? and make it clear that we will not tolerate this kind of
>> interference by any government. Regardless of your political leanings this
>> time, there?s no guarantee the next country that tries to manipulate our
>> elections will share your preferred candidates.
>>
>> Even more important, we need to secure our election systems before
>> autumn. If Putin?s government has already used a cyberattack to attempt to help Trump
>> win

>> <http://talkingpointsmemo.com/edblog/trump-putin-yes-it-s-really-a-thing>,

>> there?s no reason to believe he won?t do it again ? especially now that Trump
>> is inviting the ?help.?

>> <https://www.washingtonpost.com/politics/democratic-national-convention-obama-biden-kaine-set-to-tout-clinton-as-commander-in-chief/2016/07/27/afc57884-53e8-11e6-bbf5-957ad17b4385_story.html?hpid=hp_hp-top-table-main_trump-1230pm%3Ahomepage%2Fstory>

>>
>> Over the years, more and more states have moved to electronic voting
>> machines and have flirted with Internet voting. These systems are

>> <http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-easy-to-hack-it-will-take-your-breath-away/>
>> insecure
>> <https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us>
>> and <https://www.salon.com/2011/09/27/votinghack/> vulnerable
>> <https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security>
>> to
>> <http://whowhatwhy.org/2015/08/31/foreigners-could-hack-us-elections-experts-say/>
>> attack
>> <http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>
>> .
>>

>> *[Your iPhone just got less secure. Blame the FBI.
>> <https://www.washingtonpost.com/posteverything/wp/2016/03/29/your-iphone-just-got-a-lot-less-secure-and-the-fbi-is-to-blame/>]
>> *

>>
>> But while computer security experts like me

>> <https://www.schneier.com/blog/archives/2004/11/the_problem_wit.html>
>> have sounded
>> <https://www.giac.org/paper/gsec/3687/inherent-problems-electronic-voting-systems/105962>
>> the <http://homepage.cs.uiowa.edu/%7Ejones/voting/congress.html> alarm
>> <https://cs.stanford.edu/people/eroberts/cs181/projects/2006-07/electronic-voting/index_files/page0004.html>

>> for <https://citp.princeton.edu/research/voting/> many years, states

>> have largely ignored the threat, and the machine manufacturers have thrown
>> up enough obfuscating babble that election officials are largely mollified.
>>
>> We no longer

>> <https://scontent.xx.fbcdn.net/hphotos-xlp1/v/t1.0-9/12115815_699872940152206_2266030088084252627_n.png?oh=2a4e5e944a5feadb7e133dd8c57be376&oe=57AD8C92>
>> have time <https://xkcd.com/463/> for that. We must ignore the machine
>> manufacturers? spurious claims
>> <https://www.salon.com/2006/09/13/diebold_3/> of security, create tiger

>> teams to test the machines? and systems? resistance to attack, drastically
>> increase their cyber-defenses and take them offline if we can?t guarantee
>> their security online.
>>
>> Longer term, we need to return to election systems that are secure from
>> manipulation. This means voting machines with voter-verified paper audit

>> trails
>> <http://votingmachines.procon.org/view.answers.php?questionID=000291>,
>> and no
>> <http://engineering.jhu.edu/magazine/2016/06/internet-voting-nonstarter/>
>> Internet
>> <https://www.verifiedvoting.org/resources/internet-voting/vote-online/>
>> voting

>> <http://www.scientificamerican.com/article.cfm?id=2012-presidential-election-electronic-voting>. I

>> know it?s slower and less convenient to stick to the old-fashioned way, but
>> the security risks are simply too great.
>>
>> There are other ways to attack our election system on the Internet
>> besides hacking voting machines or changing vote tallies: deleting voter
>> records

>> <http://thehill.com/policy/cybersecurity/278231-election-fraud-feared-as-hackers-target-voter-records>,

>> hijacking candidate or party websites, targeting and intimidating campaign
>> workers or donors. There have already been multiple instances of
>> political doxing

>> <https://www.schneier.com/blog/archives/2015/11/the_rise_of_pol.html> ?

>> publishing personal information and documents about a person or
>> organization ? and we could easily see more of it in this election cycle.
>> We need to take these risks much more seriously than before.
>>
>> Government interference with foreign elections isn?t new, and in fact,
>> that?s something the United States itself has repeatedly done

>> <https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack> in

>> recent history. Using cyberattacks to influence elections is newer but has
>> been done before, too ? most notably in Latin America

>> <http://www.bloomberg.com/features/2016-how-to-hack-an-election/>.

>> Hacking of voting machines isn?t new, either. But what is new is a foreign
>> government interfering with a U.S. national election on a large scale. Our
>> democracy cannot tolerate it, and we as citizens cannot accept it.
>>

>> *[Why would Russia try to hack the U.S. election? Because it might work.
>> <https://www.washingtonpost.com/posteverything/wp/2016/07/26/why-would-russia-interfere-in-the-u-s-election-because-it-usually-works/>]
>> *

>>
>> Last April, the Obama administration issued

>> <https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know>
>> an
>> <https://www.whitehouse.gov/blog/2015/04/01/expanding-our-ability-combat-cyber-threats>
>> executive
>> <https://medium.com/the-white-house/a-new-tool-against-cyber-threats-1a30c188bc4#.jgbalohyi>
>> order

>> <https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m> outlining

[Arthur Keller]

Smart phone voting doesn't solve the anonymity and authentication problems of voting. And is not immune from software means of affecting the choices. Most voters don't even check the audit trail of a VVPAT. It's not clear if enough of them do, though.

Election officials have limited budgets compared to Google. They have especially limited budgets for election security. Russia has an essentially unlimited budget to hack if it chooses to.

Vote tabulation and roll up is perhaps an easier attack vector that might be detected in an audit. Delete-after-election day virus could potentially undetectably hack a DRE without a paper trail. And there are plenty of those in use. Could Russia develop and deploy those attacks in enough swing states? I wouldn't bet against it. Would they is another matter. Why not?

Best regards,
Arthur

>>>>> From: vvsg-interoperability-bounces at nist.gov [mailto:vvsg-interoperability-bounces at nist.gov] On Behalf Of Arthur Keller
>>>>> Sent: Thursday, July 28, 2016 12:30 AM
>>>>> To: John Wack
>>>>> Cc: vvsg-election; vvsg-pre-election; vvsg-post-election; vvsg-interoperability

>>>>> Subject: [VVSG-interoperability] By November, Russian hackers could target voting machines
>>>>>
>>>>>
>>>>>
>>>>> What should the election community do about this threat?
>>>>>
>>>>>
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Arthur
>>>>>
>>>>>
>>>>>
>>>>> https://www.washingtonpost.com/posteverything/wp/2016/07/27/by-november-russian-hackers-could-target-voting-machines/
>>>>>
>>>>>
>>>>>
>>>>> By November, Russian hackers could target voting machines
>>>>>
>>>>> If Russia really is responsible, there's no reason political interference would end with the DNC emails.
>>>>>
>>>>>
>>>>>
>>>>> By Bruce Schneier July 27 at 3:10 PM
>>>>>

>>>>> Bruce Schneier is a security technologist and a lecturer at the Kennedy School of Government at Harvard University. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
>>>>>
>>>>> Russia was behind the hacks into the Democratic National Committee?s computer network that led to the release of thousands of internal emails just before the party?s convention began, U.S. intelligence agencies have reportedly concluded.
>>>>>
>>>>> The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation?s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ? that our election systems and our voting machines could be vulnerable to a similar attack.
>>>>>
>>>>> If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don?t see.

>>>>>
>>>>> Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ? politically, economically or in cyberspace ? and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there?s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.
>>>>>

>>>>> Even more important, we need to secure our election systems before autumn. If Putin?s government has already used a cyberattack to attempt to help Trump win, there?s no reason to believe he won?t do it again ? especially now that Trump is inviting the ?help.?
>>>>>
>>>>> Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.
>>>>>
>>>>> [Your iPhone just got less secure. Blame the FBI.]
>>>>>
>>>>> But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.
>>>>>
>>>>> We no longer have time for that. We must ignore the machine manufacturers? spurious claims of security, create tiger teams to test the machines? and systems? resistance to attack, drastically increase their cyber-defenses and take them offline if we can?t guarantee their security online.
>>>>>

>>>>> Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it?s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.
>>>>>
>>>>> There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing ? publishing personal information and documents about a person or organization ? and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.
>>>>>
>>>>> Government interference with foreign elections isn?t new, and in fact, that?s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too ? most notably in Latin America. Hacking of voting machines isn?t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.
>>>>>
>>>>> [Why would Russia try to hack the U.S. election? Because it might work.]
>>>>>
>>>>> Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they?re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.