#Elections, #Government, #Headlines, #politics, #Security, #TheNewz

West Virginia’s voting experiment stirs security fears


West Virginia is about to take a leap of faith in voting technology — but it could put people’s ballots at risk.

Next month, it will become the first state to deploy a smartphone app in a general election, allowing hundreds of overseas residents and members of the military stationed abroad to cast their ballots remotely. And the app will rely on blockchain, the same buzzy technology that underpins Bitcoin, in yet another Election Day first.

“Especially for people who are serving the country, I think we should find ways to make it easier for them to vote without compromising on the security,” said Nimit Sawhney, co-founder of Voatz, the company that created the app of the same name that West Virginia is using. “Right now, they send their ballots by email and fax, and — whatever you may think of our security — that’s totally not a secure way to send back a ballot.”

But cybersecurity and election integrity advocates say West Virginia is setting an example of all the things states shouldn’t do when it comes to securing their elections, an already fraught topic given fears that Russian operatives are trying again to tamper with U.S. democracy.

“This is a crazy time to be pulling a stunt like this. I don’t know what they’re thinking,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratories who is on the board of Verified Voting, an election security advocacy group. “All internet voting systems, including this one, have a host of cyber vulnerabilities which make it extremely dangerous.”

Voting integrity advocates are in overall agreement about the best way to secure elections, and they have pressed states to stick with technology that includes auditable paper trails — even suing Georgia over that issue. They’ve urged the Department of Homeland Security to advise states against having modems in voting machines. And they have pressed the government to warn state election officials against any kind of online voting.

So the security experts are not thrilled to see blockchain entering the picture.

“Why is blockchain voting a dumb idea?” University of Pennsylvania cybersecurity expert Matt Blaze tweeted in August. “Glad you asked. For starters: – It doesn’t solve any problems civil elections actually have. – It’s basically incompatible with ‘software independence’, considered an essential property – It can make ballot secrecy difficult or impossible.”

Blockchain is essentially a decentralized digital ledger that uses information stored on multiple computers to track any type of transaction — including payments, in the case of Bitcoin and other cryptocurrencies. It also appends the information into a “block” of encrypted data that is designed to be tamper-proof, and it provides anonymity so that it’s difficult to trace a transaction to any particular person.

The Voatz app restricts access to registered voters who have successfully applied through the Uniformed and Overseas Citizens Absentee Voting Act, which sets the legal basis that allows members of the military and U.S. citizens to vote while outside the U.S.

The move to mobile was largely due to West Virginia Secretary of State Mac Warner, who says he could not vote while stationed in Afghanistan during the 2012 and 2014 elections because of the lack of reliable access to a fax machine or postal services.

“Not providing a means by which military men and women who are fighting for our democracy can participate in our democracy themselves, just doesn’t sit well with not only Secretary Warner but our county clerks here,” Mike Queen, the secretary’s deputy chief of staff and director of communications, told POLITICO.

“Mainstream mobile voting presents a much higher risk than this particular application does for military and overseas voters,” Queen said, adding that the state would stop the program immediately if any information came out showing Voatz was compromised.

Here’s how the app works: A voter first uses it to scan the bar code on his or her government-issued ID, then uses its facial recognition and fingerprint scanning to double-check that the ID is accurate. After the person selects the candidates and submits the vote, the app sends the voter an email verifying that the vote is correct. For added security, Voatz once again scans the voter’s fingerprint and face before sending the ballot to the West Virginia secretary of state’s office.

In addition to sending mobile votes, Voatz will send a printable duplicate. It will email those ballots to county clerks who can verify them if any results are disputed.

West Virginia tested the app in two counties during this year’s primaries. After declaring that run of only 16 total votes successful, the state decided to broaden the test. Twenty-four counties will allow mobile voting in the general election, when the state hopes 300 to 400 people will use the app to cast their votes.

If this run is deemed successful, the secretary of state’s office may include all 55 counties — with an estimated 8,000 voters — in upcoming elections.

But critics say voting with this sort of technology makes it difficult to determine if anyone has manipulated the vote. If a voter’s phone or tablet is infected with malware, for instance, it can record or change the person’s votes, or even infect an entire state’s election infrastructure, the security experts say.

“This is a fundamental fact of computer science: There is no foolproof way of determining if a machine has malware,” Jefferson said.

And blockchain is not a method of securing mobile apps before or while the vote is cast, election integrity advocates say. It’s only a way to offer tamper-proof records after the record is added to the blockchain. In a recent study by the National Academies of Sciences, Engineering and Medicine, researchers said a vote can be compromised a number of ways before it reaches the ledger.

“If malware on a voter’s device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration,” the report says.

Sawhney and West Virginia officials acknowledge that risks exist but say the small chance that a voter’s phone could be compromised is worth taking to make voting easier and more seamless for people who can’t get to the polls. And if this works on Election Day in West Virginia, expect Sawhney to be shopping the app to other states ahead of 2020.

“Nothing is 100 percent safe, and so that’s true of paper ballots or any other system as well, and so that’s why we have a process of having an audit before and after the election,” he said. “Once this election is over, we definitely hope that we’ll be able to replicate this in many more states.”

Source: https://www.politico.com/story/2018/10/13/west-virginia-voting-app-security-846130

#DataBreach, #Google, #Headlines, #Internet, #ScienceTech, #Security, #TechNews, #TheNewz

Google is shutting down Google+ following massive data exposure

dims?crop=4368%2C2912%2C0%2C0&quality=85Following a massive data breach first reported on by The Wall Street Journal, Google announced today that it is shutting down its social network Google+ for consumers. The company finally admitted that Google+ never received the broad adoption or eng…

Source: https://www.engadget.com/2018/10/08/google-shutting-down-google-plus/

#DataBreach, #Headlines, #Internet, #pch3lp, #ScienceTech, #Security, #TechNews, #TheNewz

California bans default passwords on any internet-connected device

dims?crop=4129%2C2317%2C0%2C0&quality=85In less than two years, anything that can connect to the internet will come with a unique password — that is, if it’s produced or sold in California. The “Information Privacy: Connected Devices” bill that comes into effect on January 1, 2020, e…

Source: https://www.engadget.com/2018/10/05/california-default-password-ban-information-privacy-connected-devices-bill/

#Elections, #Headlines, #ScienceTech, #Security, #TheNewz

This is what Americans think about the state of election security right now


A wide-ranging new poll yields some useful insight into how worried the average American feels about election threats as the country barrels toward midterms.

The survey, conducted by NPR and researchers with Marist College, polled 949 adult U.S. residents in early September across regions of the country, contacting participants through both landlines and mobile devices. The results are a significant glimpse into current attitudes around the likelihood of foreign election interference, election security measures and how well social media companies have rebounded in the public eye.

Attitudes toward Facebook and Twitter

As the most recent dust settles around revelations that Russia ran influence campaigns targeting Americans on social media platforms, just how much do U.S. voters trust that Facebook and Twitter have cleaned up their acts? Well, they’re not convinced yet.

In response to a question asking about how much those companies had done since 2016 “to make sure there is no interference from a foreign country” in the U.S. midterm elections, 24 percent of respondents believed that Facebook had done either “a great deal” or “a good amount,” while 62 percent believed the company had done “not very much” or “nothing at all.”

When asked the same question about Twitter, only 19 percent thought that the company had made significant efforts, while 57 percent didn’t think the company had done much. Unlike nearly every other question in the broad-ranging survey, answers to this set of questions didn’t show a divide between Republicans and Democrats, making it clear that in 2018, disdain for social media companies is a rare bipartisan position.

When it comes to believing what they read on Facebook, only 12 percent of voters had “a great deal” or “quite a lot” of confidence that content on the platform is true, while 79 percent expressed “not very much confidence” or none at all. Still, those numbers have perked up slightly from polling in 2018 that saw only 4 percent of those polled stating that they were confident in the veracity of content they encountered on Facebook.

Midterm perspectives

In response to the question “Do you think the U.S. is very prepared, prepared, not very prepared or not prepared at all to keep this fall’s midterm elections safe and secure?,” 53 percent of respondents felt that the U.S. is prepared while 39 percent believed that it is “not very prepared” or not prepared at all. Predictably, this question broke down along party lines, with 36 percent of Democrats and 74 percent of Republicans falling into the “prepared” camp (51 percent of independents felt the U.S. is prepared).

An impressive 69 percent of voters believed that it was either very likely or likely that Russia would continue to “use social media to spread false information about candidates running for office” during the midterm elections, suggested that voters are moving into election season with a very skeptical eye turned toward the platforms they once trusted.

When it came to hacking proper, 41 percent of respondents believed that it was very likely or likely that “a foreign country will hack into voter lists to cause confusion” over who can vote during midterm elections, while 55 percent of respondents said that hacked voter lists would be not very likely or not at all likely. A smaller but still quite significant 30 percent of those polled believed that it was likely or very likely that a foreign country would “tamper with the votes cast to change the results” of midterm elections.

Election security pop-quiz

Political divides were surprisingly absent from some other questions around specific election security practices. Democrats, Republicans and independent voters all indicated that they had greater confidence in state and local officials to “protect the actual results” of the elections and trusted federal officials less, even as the Department of Homeland Security takes a more active role in providing resources to protect state and local elections.

A few of the questions had a right answer, and happily most respondents did get a big one right. Overall, 55 percent of voters polled said that electronic voting systems made U.S. elections less safe from “interference or fraud” — a position largely backed by election security experts who advocate for low-tech options and paper trails over vulnerable digital systems. Only 31 percent of Democrats wrongly believed that electronic systems were safer, though 49 percent of Republicans trusted electronic systems more.

When the question was framed a different (and clearer) way, the results were overwhelmingly in favor of paper ballots — a solution that experts widely agree would significantly secure elections. Indeed, 68 percent of voters thought that paper ballots would make elections “more safe” — an attitude that both Republican and Democratic Americans could get behind. Unfortunately, legislation urging states nationwide to adopt paper ballots has continued to face political obstacles in contrast to the wide support observed in the present poll.

On one last election security competence question, respondents again weighed in with the right answer. A whopping 89 percent of those polled correctly believed that online voting would be a death knell for U.S. election security — only 8 percent said, incorrectly, that connecting elections to the internet would make them more safe.

For a much more granular look at these attitudes and many others, you can peruse the poll’s full results here. For one, there’s more interesting stuff in there. For another, confidence — or the lack thereof — in U.S. voting systems could have a massive impact on voter turnout in one of the most consequential non-presidential elections the nation has ever faced.

        <p><strong><a href="https://blockads.fivefilters.org/">Let's block ads!</a></strong> <a href="https://blockads.fivefilters.org/acceptable.html">(Why?)</a>

Source: http://feedproxy.google.com/~r/Techcrunch/~3/AWuKoQ-IASM/

#BusinessNews, #Headlines, #Privacy, #ScienceTech, #Security, #TheNewz, #Travel

Great, Now an Airline Is Normalizing Casual Fingerprinting

khe6cwhtoza5yd8bhvdy.pngDelta Airlines announced Monday that it’s rolling out biometric entry at its line of airport lounges. With the press of two fingers, Delta members will be able to enter any of Delta’s 50 exclusive lounges for drinks, comfortably unaware of the encroaching dystopian biometric surveillance structure closing around…

Read more…

Source: https://gizmodo.com/great-now-an-airline-is-normalizing-casual-fingerprint-1824092844

#DataBreach, #Headlines, #pch3lp, #ScienceTech, #Security, #TechNews, #TheNewz

Orbitz data breach exposes 880,000 customer credit cards

Travel company Orbitz has revealed a huge security breach that exposed about 880,000 customer credit cards. According to the company, the breach — which was discovered on March 1 — could have spanned from October 1, 2017, until December 22, 2017, during which time the hacker may have had access to certain data. The data itself was submitted between January … Continue reading

Source: https://www.slashgear.com/orbitz-data-breach-exposes-880000-customer-credit-cards-21523971/

#Hacked, #Headlines, #pch3lp, #Security, #TheNewz

U.S. busts ‘massive’ Iranian hacking scheme


The Justice Department on Friday revealed charges against an Iranian hacking ring that prosecutors say spent years pilfering research and documents from over 100 American universities and government agencies.

Geoffrey Berman, the U.S. attorney for the Southern District of New York, called it a “massive and brazen cyber-assault” and “one of the largest state-sponsored hacking campaigns ever prosecuted” by U.S. officials.

The case is the second time federal prosecutors have charged Iranian government-linked hackers, coming almost exactly two years after DOJ indicted seven Iranians for a series of coordinated cyberattacks against the U.S. financial sector and for infiltrating a New York dam in 2013.

But Friday’s charges represent the takedown of a broader — and more purposeful — digital theft campaign.

DOJ specifically targeted the Iran-based Mabna Institute, which it says was founded in 2013 “to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.”

Over the course of four years, prosecutors say, hackers working for the Mabna Institute stole at least 31 terabytes of data from 144 American universities, totaling $3.4 billion in intellectual property. The group also cracked into 176 foreign universities, DOJ said.

Beyond universities, the Iranians hit five U.S. government agencies, including the state governments in Hawaii and Indiana, as well as the Federal Energy Regulatory Commission, which oversees the energy industry, and the Department of Labor.

The group also infiltrated the United Nations and the United Nations Children’s Fund, DOJ said.

In total, prosecutors indicted nine Iranians for participating in the scheme, which continued until at least December 2017, according to a release.

Over those years, the indicted Mabna hackers breached the email accounts of roughly 8,000 professors.

The hackers conducted “many” of the intrusions “on behalf of” Iran’s Islamic Revolutionary Guard Corps, “as well as other Iranian government and university clients,” according to DOJ.

“The hackers targeted innovations and intellectual property from our country’s greatest minds,” Berman said.

The Treasury Department also slapped sanctions on the Mabna Institute and the nine charged individuals.

While none of the charged hackers have been detained, Berman said the indictments would restrict their lives.

“The only way they will see the outside world is through their computer screens, but stripped of their greatest asset — anonymity,” he said.

Source: https://www.politico.com/story/2018/03/23/iran-hackers-us-482183