老澳门开奖结果

Elections belong to the public. Just as we have the right to understand our overall election process, we have a right to understand the underlying hardware and software involved in electronic voting. We have a right to understand where our votes and voter registrations go, who checks them, and which institutions have access to that information.

The allegedly leaked by and recently published by suggests that the government is no longer confident about that critical information. The report details a Russian spear-phishing campaign that introduced malware into election contractors鈥� and officials鈥� machines, causing them to run 鈥渁n unknown payload from malicious infrastructure.鈥� According to the report, 鈥淚t is unknown...what potential data could have been accessed鈥� by Russian hackers. The malicious code was implanted into instructions for EViD, a piece of software that allows poll workers to verify voters鈥� sensitive personal information, including name, address, registration status, and voting history. The verification is done entirely over the Internet, and all data is communicated to and from EViD鈥檚 鈥渟ecure website.鈥�

After reading the report, I wanted to see for myself how EViD鈥檚 creators address information security. Enter the only EViD documentation I could find: an from EViD鈥檚 parent company, . Here is VR Systems鈥� explanation: 鈥淚s the EViD system secure? During design and development of the EViD system, VR Systems implemented extensive security measures to protect the EViD system from electronic attack.鈥�

If you鈥檙e wondering where the rest is, you鈥檙e not alone. Those are the only mentions of security. What are 鈥渆xtensive security measures鈥�? Your guess is as good as mine. Great for their secure design and development, but what about maintenance? Ongoing updates and patches are just as important as the initial product. What kinds of attacks did they account for, specifically? 鈥淓lectronic attack鈥� is about as meaningless as 鈥減hysical attack.鈥� OK, maybe you have a bullet-proof vest, but what if somebody drops a piano on your head? In the same way it鈥檚 possible to prevent a malicious piece of code from being written into the system, but that doesn鈥檛 mean they鈥檝e accounted for vulnerabilities that would allow an attacker to read data, for example. And physical attacks apply here, too鈥攁fter all, the software is being run on a machine made of wires, boards, and sensors.

So how does the government vet such vital critical infrastructure? Did a security expert look at VR Systems鈥� hardware and software, and if so, where are the results of the audit?

A researcher named Emily Gorcenski recently compiled an of and , as well as a . The physical hardware of voting machines is subject to well-established engineering quality standards, while software is largely evaluated by automated code-checkers for style rather than substance. These surface evaluations do not account for subtle vulnerabilities like memory handling or algorithmic errors that can only be caught by expert evaluation and extensive testing. There is no mention of voter registration systems like EViD (the only state to even mention voter registration in the state-by-state breakdown is Oklahoma).

Moreover, federal regulations are voluntary鈥攁nd 20 states have chosen not to adopt any of them. The decentralized nature of a patchwork system could work in our favor if each state had its own individually secured infrastructure, but most election infrastructure companies work across state borders and the flaws carry over. Centralized voter registration systems like EViD that are seemingly not subject to any regulation at the state or federal level are especially vulnerable targets. Bloomberg that the Russian hackers were able to penetrate poll workers鈥� systems in 39 states.

And even with extensive testing and review, no one鈥攏ot even a team of experts鈥攃an be aware of all of the flaws in a piece of code. Developers are constantly pushing updates and it鈥檚 difficult for security teams to keep pace. Bugs can be hydras鈥攑atch one, create three more. Laws and regulations can only go so far in that respect. The software standards, NSA report, and general behavior surrounding the cyberattacks illustrates a catastrophic lack of understanding, testing, and oversight on the government鈥檚 part. This is not to say government contractors or officials are incompetent鈥攕oftware security is one of the trickiest beasts around. Good software security relies on transparency and frequent testing. Hiding the code under fluffy language and hoping that nothing goes wrong is the absolute least effective way to achieve security. It would be like a safe salesman telling you to put your life鈥檚 savings into a box made of unknown material with a hidden locking mechanism. Nobody really knows how it works and plenty of them have been broken into, but trust him, he took 鈥渆xtensive security measures.鈥�

Voting systems are the same鈥攏o government at any level should be relying on proprietary, closed-source software for vital critical infrastructure, especially software that they do not understand themselves.

And even then, the practice of using electronic voting systems at all is questionable, especially if they are connected to the Internet. While , most security flaws happen at the implementation level鈥攁nd again, there is no way to anticipate every flaw. emphasize the need to by checking them against paper ballots in a statistically meaningful sample of areas across the country (鈥渟tatistically meaningful鈥� just means they take enough samples in enough diverse areas so that the probability of missing suspicious activity is very low). This simple physical check on our vulnerable electronic infrastructure must be an election process requirement.

This attack was not the first. Not only have into in a controlled setting, there have been numerous cases of problems with election infrastructure in the wild:

• The lost in the 2000 presidential election.
• The in California preceding the 2004 presidential election, after Diebold committed fraud.
• This of the 2006 midterm election, in which there were 1,022 reported problems with e-voting equipment in 314 counties across 36 states.

All evidence, both theoretical and empirical, suggests that these electronic voting systems are vulnerable. Ignorance is not an excuse. Federal, state, and local governments know better than to put blind trust in e-voting companies, so why do they continue to do so despite all of their problems? Why do they insist on using proprietary closed-source software instead of open-source software that is vetted by a community of experts? As with most major government contracts, electronic voting has been plagued by a history of and that go against expert recommendation. The Washington Post that in mid-August 2016, the federal government encountered a 鈥渨all of resistance鈥� from state officials in trying to shore up election infrastructure after the Russia hacking story first broke. State officials acted like getting help from the federal government in patching the systems against the well-evidenced threat of election tampering was a political ploy and 鈥渁n assault on state rights.鈥�

Fair elections are the cornerstone of free society, not cause for political squabbling or corporate enterprise. We fight on behalf of whistleblowers because we need people who are willing to stand up and say enough is enough, now more than ever. Reality Leigh Winner didn鈥檛 breach national security, she exposed a breach in national security鈥攐ne that poses a clear and present danger to us all by threatening the very foundation of our democracy.

The threat to national security posed by electronic voting systems is one perpetuated by Congress, federal, state, and local governments and covered up by the NSA. Yet whistleblowers are the ones charged with the . One could bring the same charges against these government institutions for failing to sufficiently vet and maintain the technology used in critical infrastructure, and for allowing our election officials to become sitting ducks for Russian attackers. The only difference is, the government is in control.

Instead of focusing on these real threats to our democracy, legislatures have chased phantom problems like voter impersonation with , which fail to prevent fraud and overwhelmingly impact poor communities and communities of color. In 2013, the Supreme Court a section of the Voting Rights Act that prevented states like Texas from making changes to voting law without permission from the federal government. In 2016, a federal appeals court ruled that the Texas voter ID law鈥攚hich had been in place since 2011鈥�. This is just one example of many that the 老澳门开奖结果 Voting Rights Project fights to address.

It is time we demand with our and that the innards of electronic voting systems and all other obscured facets of our election process become matters of public record, and that statistically significant audits occur as a matter of routine rather than exception. Hiding from expert opinions and throwing whistleblowers in jail is not the way to make our country more secure. There have always been problems with our election process, but Reality check: the flaws are real, they are exploited, and they may significantly undermine our democracy if we continue to ignore them.