Month: January 2017

video – An Uninvited Security Audit of the U.S. Presidential Election

Computer security researchers J. Alex Halderman and Matt Bernhard report on US voting computer security and the attempts to conduct comprehensive audits of the 2016 election results (recounts) in Wisconsin, Michigan and Pennsylvania.

Video also available (including for download) at https://media.ccc.de/v/33c3-8074-recount_2016_an_uninvited_security_audit_of_the_u_s_presidential_election#video

Halderman and Bernhard were presenting at the hacker conference Chaos Communication Conference (CCC) on December 28, 2016.

The slides may become available on the presentation page https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8074.html

Matt Bernhard tweets @umbernhard

You can find more about J. Alex Halderman in my list of computer security experts https://papervotecanada2.wordpress.com/2016/11/19/internet-voting-and-computer-security-expertise/#JAlexHalderman

Election Infrastructure declared critical by US Dept of Homeland Security

Election infrastructure is vital to our national interests, and cyber attacks on this country are becoming more sophisticated, and bad cyber actors – ranging from nation states, cyber criminals and hacktivists – are becoming more sophisticated and dangerous.

Statement by [US Department of Homeland Security] Secretary Jeh Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector – January 6, 2017

There was also a joint statement from US intelligence agencies about  Foreign Cyber Threats to the U.S. issued on January 5, 2017

Despite ever-improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years to come from remote hacking to establish persistent covert access, supply chain operations that insert compromised hardware or software, malicious actions by trusted insiders, and mistakes by system users. In short, the cyber threat cannot be eliminated. Rather, cyber risk must be managed in the context of overall business and operational risk. At present, however, the risk calculus some private and public sector entities employ does not adequately account for foreign cyber threats or systemic interdependencies between different critical infrastructure sectors.

(Emphasis mine.)
The report concludes that things are only going to get worse.

Over the next five years, technological change will only accelerate the intersection of cyber and physical devices, creating new risks. Adversaries are likely to further explore cyber-enabled psychological operations and may look to steal or manipulate data to gain strategic advantage or undermine confidence.

Joint Statement for the Record on Foreign Cyber Threats to the U.S. to the Senate Armed Services Committee – January 5, 2017

I am less interested in the details of specific events and specific actors, but nevertheless, on January 6, 2017 the US Office of the Director of National Intelligence released a joint CIA, FBI, NSA report: ICA 2017-01D “Assessing Russian Activities and Intentions in Recent US Elections”

We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes.

(Emphasis mine.)
ICA 2017-01D Assessing Russian Activities and Intentions in Recent US Elections – January 6, 2017

New Brunswick Electoral Reform Commission meeting dates

It looks like the New Brunswick Commission on Electoral Reform will meet with the public in January 2017 only, as they work to producing a report for March 1, 2017.  Announced meeting dates are:

  • Wednesday, Jan. 4
  • Friday, Jan. 6
  • Monday, Jan. 9 (from 10am to noon)
  • Friday, Jan. 13
  • Monday, Jan. 16
  • Friday, Jan. 20
  • Monday, Jan. 23
  • Friday, Jan. 27

i.e. Monday and Friday each week in January, with the exception of the first week where the Monday meeting is moved to January 4.  Times and locations have not yet been announced. Unless there’s a media advisory otherwise, the meeting location is Council Chamber, Legislative Assembly (706 Queen Street, Fredericton).

UPDATE 2017-01-07: The main website is NOT listed under Legislative Assembly / Special Committees.  You have to find it under Consultationshttp://www2.gnb.ca/content/gnb/en/corporate/public_consultations/ElectoralReform.html

The only channel for meeting updates appears to be Media Advisories.  Note that the media advisories expire from the web page quickly (basically once the event has passed the advisory is gone).  I am unable to find any meeting agendas or list of stakeholders being invited.

The January 9, 2017 meeting will be from 10am to noon according to an advisory.

ENDUPDATE

UPDATE 2017-01-05: Time and location for upcoming meetings Jan 6-16 will be 9:30am to 4pm, in Council Chamber, Legislative Assembly (706 Queen Street, Fredericton).  ENDUPDATE

UPDATE 2017-01-03: January 4, 2017 meeting has been postponed.  ENDUPDATE

I have submitted my briefing about online voting to the commission. The deadline was November 30, 2016 but in a CBC News report they say you can still submit in January.

The commission invited the public to share thoughts and concerns on its website up until Nov. 30, but Passaris said that deadline is one that is “movable.”

“As long as the commission will be holding its public sessions, we would like the public to continue to send in their comments,” he said.

You can submit by email to Consultations.ECO-BCE@gnb.ca

Previously:
November 20, 2016  New Brunswick electoral reform consultation including Internet voting