The fight for fair, transparent and secure elections

0
389

If Russian citizens can take to the streets to demand fair and transparent elections, at risk of imprisonment and their very life for doing so from Vladimir Putin’s totalitarian regime, The pro-democracy protests rocking Moscow, explained, then surely Americans who do not live under such a threat of violence can take to the streets and demand fair and transparent – and secure – elections in America.

Last weekend there was a “hackers” convention in Las Vegas, Nevada. On their list of things to hack: voting equipment. It was all too easy-peasy. The Washington Post reports,  ‘Please break things’: Hackers lay siege to voting systems to spot weaknesses in security:

As Sen. Ron Wyden (D-Ore.) toured the Voting Village on Friday at Def Con, the world’s hacker conference extraordinaire, a roomful of hackers applied their skills to voting equipment in an enthusiastic effort to comply with the instructions they had been given: “Please break things.”

Armed with lock-pick kits to crack into locked hardware, Ethernet cables and inquiring minds, they had come for a rare chance to interrogate the machines that conduct U.S. democracy. By laying siege to electronic poll books and ballot printers, the friendly hackers aimed to expose weaknesses that could be exploited by less friendly hands looking to interfere in elections.

Wyden nodded along as Harri Hursti, the founder of Nordic Innovation Labs and one of the event’s organizers, explained that the almost all of the machines in the room were still used in elections across the United States, despite having well-known vulnerabilities that have been more or less ignored by the companies that sell them. Many had Internet connections, Hursti said, a weakness savvy attackers could abuse in several ways.

Wyden shook his head in disbelief.

We need paper ballots, guys,” Wyden said.

* * *

In three years since its inception, Def Con’s Voting Village — and the conference at large — has become a destination not only for hackers but also for lawmakers and members of the intelligence community trying to understand the flaws in the election system that allowed Russian hackers to intervene in the 2016 election and that could be exploited again in 2020.

This year’s programming involved hacking voting equipment as well as panels with election officials and security experts, a demonstration of an $10 million experimental voting system from the Pentagon’s Defense Advanced Research Projects Agency, and a “part speed-dating, part group therapy” session where state and local election officials gathered with hackers to hash out challenges of securing elections.

Congregants spoke often of the need for thorough auditing of election results, increased funding and improved transparency from vendors. The call for paper ballots was a common refrain. At the time of the 2018 midterm elections, Delaware, Georgia, Louisiana, New Jersey and South Carolina had no auditable paper trails.

“Election officials across the country as we speak are buying election systems that will be out of date the moment they open the box,” Wyden said in the Voting Village’s keynote speech. “It’s the election security equivalent of putting our military out there to go up against superpowers with a peashooter.”

House Democrats have introduced two bills that would require paper records to back up voting machines, mandate post-election audits and set security standards for election technology vendors. But Senate Majority Leader “Moscow Mitch” McConnell (R-Ky.) has repeatedly blocked votes on the bills, saying election security is the province of the states.

National security is the province of the federal government, you Russian collaborator. “Moscow Mitch” is leaving American elections vulnerable to cyber attacks from hostile foreign powers because he believes it benefits Republicans. Traitor.

Last month, the Senate Intelligence Committee released a report detailing how Russian hackers probably targeted all 50 states between 2014 and 2017. Although the report did not find evidence that Russian actors tampered with vote tallies on Election Day, the committee said that hackers “exploited the seams” between federal and state authorities and that states weren’t sufficiently prepared to handle such an attack.“

In 2016, cybersecurity for electoral infrastructure at the state and local level was sorely lacking,” the report reads. “Voter registration databases were not as secure as they could have been. Aging voting equipment, particularly voting machines that had no paper record of votes, were vulnerable to exploitation by a committed adversary. Despite the focus on this issue since 2016, some of these vulnerabilities remain.”

* * *

At the Voting Village, nestled in a ballroom in the sprawling Planet Hollywood convention center, hackers put the machines’ weaknesses on display with playful flourishes, overtaking one electronic poll book to play the first-person shooter game Doom on it, or leaving Nyan Cat, a Japanese meme, sailing across the screen of another made by VR Systems. Ahead of the 2016 election, Russian hackers installed malware on VR Systems’ company network, The Washington Post reported.

Screen Shot 2019-08-14 at 1.58.25 PMScreen Shot 2019-08-14 at 1.58.44 PM

The Voting Village has faced extreme pushback from voting equipment companies and government officials in the past, who have argued that the free-for-all environment at Def Con doesn’t replicate the realities of security on Election Day. The National Association of Secretaries of State condemned the exercise as “unrealistic” last year, and Election Systems & Software, one of the major voting machine vendors, sent a letter to its customers making the same argument.

There’s the fatal flaw in this argument: it is not a one-off event on election day. The Russians have been hacking our elections systems since at least 2014. Does anyone believe that Russian intelligence is not at work on this project every single day? The Russians likely know the system far better than the poorly trained employees who get hired (often on a temporary basis) to run county election systems on election day all over America. County election employees are no line of defense for election security against Russian intelligence.

Hursti said vendors have used legal threats to “create a chilling effect” on research of their equipment, and that they were “actively trying to shoot the messengers” rather than reckon with the weaknesses in their products.

“One rebuttal is to say we give a lot of access to the machines, but in reality, that’s how research works. Whether or not you can show me how to attack this machine in x or y setting is beside the point,” Hursti said. “This is about discovering vulnerability and stopping it before weaponization.”

“Everyone claiming we can fix this by 2020 is giving a false sense of security,” Hursti said. “The aim should be, can we do something by 2022 or 2024?”

Hours after the Voting Village opened, it was packed with hackers sporting T-shirts with slogans such as, “If I’m not on the government watchlist, someone isn’t doing their job” and “Come to the Dork side” — all eager to test their skills as an act of civic service. By the end of the weekend, they would uncover a litany of new vulnerabilities in the voting equipment, ranging from gallingly obvious passwords to hardware issues and exposure to remote attacks.

On Friday afternoon, one conference attendee meandered through the labyrinth of tables covered in dusty voting equipment and Pabst Blue Ribbon cans, explaining the enterprise to his less-well-versed companion.

“So, this is how the Russians did it,” he said, as a hacker near him crowed about how easy it was to pick the lock on a machine. “The fate of our whole country rests on these machines.”

He shuddered.

The Russians are still committed to their social media “dezinformatsiya” campaign from 2016 to sow disinformation and discord among American voters, and they have American collaborators who have adopted their tactics in support of the “Kremlin candidate,” Donald Trump.

Mother Jones reports, Michael Flynn and George Papadopoulos Are Scheduled to Speak at a Conference Organized by a QAnon Supporter to prepare “social media warriors” for a coming “digital war”:

Michael Flynn and George Papadopoulos, two former Trump foreign policy aides who both agreed in late 2017 to cooperate with special counsel Robert Mueller’s investig
ation, appear to have found some new allies: QAnon conspiracy theorists.

Flynn and Papadopoulos are listed as speakers at the upcoming “Digital Soldiers Conference,” a one-day event scheduled for September 14 in Atlanta that promises to ready “[p]atriotic social media warriors” for a coming “digital civil war” against “censorship and suppression.”

Other featured speakers include Bill Mitchell, an online broadcaster and conspiracy theorist; singer and Trump backer Joy Villa; and a “mystery guest.” The event is being organized by Rich Granville, the CEO of Yippy, Inc, who has a Twitter feed littered with references to QAnon, a conspiracy theory centered around the notion that Trump is secretly taking down an international ring of pedophiles that includes high-ranking Democrats. QAnon supporters believe that an anonymous person known as Q is dropping online clues about this supposed clandestine operation. The web page for Granville’s conference prominently features an American flag festooned with a Q.

* * *

[Granville] acknowledged that he personally espouses QAnon views. “Do I think it’s good for America? Absolutely,” he said. “Do I think it’s a conspiracy theory? I doubt that.”

“I am with anybody who is with the United States of America, any digital soldier, any patriot, any average American who is doing their part to support the president of the United States,” Granville said.

A Reminder: An FBI intelligence bulletin from the bureau’s Phoenix field office, dated May 30, 2019, described “conspiracy theory-driven domestic extremists,” as a growing threat, and notes that it is the first such report to do so. Exclusive: FBI document warns conspiracy theories are a new domestic terrorism threat. The document specifically mentions QAnon, the shadowy network that believes in a deep state conspiracy against President Trump, and Pizzagate[.] Give Senator Martha McSally a call.

Stacey Abrams, former minority leader of the Georgia House and Democratic nominee for governor last year, who narrowly lost an election marred by voter suppression from her opponent, Secretary of State Brian Kemp, announced on Tuesday a 20-state voter protection initiative, using her experience challenging voting laws during her gubernatorial campaign last year in Georgia, which included widespread irregularities. Stacey Abrams chooses building a national voter protection program:

“We’re going to have a fair fight in 2020 because my mission is to make certain that no one has to go through in 2020 what we went through in 2018,” Abrams said.

The initiative, called Fair Fight 2020, takes its name from the organization that the Georgia Democrat founded last year after narrowly losing her bid to become the nation’s first black female governor.

The effort, expected to cost between $4 million and $5 million, will target 20 states, most of them battlegrounds in the Midwest and Southeast, and three states with gubernatorial elections this year: Kentucky, Louisiana and Mississippi.

* * *

At one point during her speech in Las Vegas, Abrams led the union members in a cheer: “Say it with me — fair fight! Fair fight! Fair fight!”

“I’m going to use energies and my very, very loud voice to raise the money we need to train [people] across the country in our 20 battleground states to make sure that Donald Trump and the Senate take a hike and we put people in place who know what we need,” Abrams said.

During her speech, she criticized states for enacting strict voter ID laws and for aggressively purging their voter rolls. She noted that Tennessee recently passed a law that makes it harder for churches and other community groups to conduct voter registration drives.

In a telephone interview after her speech, Abrams said party leaders had welcomed Fair Fight. “Without exception I have received nothing but the highest degree of excitement and offers of support,” she said.

Lauren Groh-Wargo, chief executive of Fair Fight and Abrams’s former campaign manager, said Abrams wants to help Democrats be more prepared to respond to the kinds of widespread irregularities that characterized the Georgia gubernatorial race, including inaccurate voter rolls, shortages of voting machines and provisional ballots, and a lack of uniform rules for counting absentee ballots.

“Stacey Abrams and Fair Fight are uniquely situated to bring together the disparate parts of the Democratic Party around ensuring that we have the most robust, thoughtful voter protection operation in battleground states for 2020 — and that work has to start this year,” Groh-Wargo said.

* * *

In past election cycles, campaigns and state parties tended to wait until the start of general election campaigning to put together voter protection programs, which were often dismantled after elections. But with ongoing efforts by Republican state lawmakers to pass more restrictive voting laws, Groh-Wargo said, it was important that Democrats start working now to be ready to help voters navigate potential hurdles. Similarly, some states, such as Michigan and Nevada, have recently passed laws to expand access to voting, and party leaders and activists in those states need to make sure voters can take advantage of the changes.

The majority of the program will be run by Fair Fight PAC. Depending on the campaign finance laws of individual states, Fair Fight will make direct cash donations or will help groups raise money to hire staff, set up voter hotlines and develop public information campaigns.

In addition to the political action committee, Fair Fight also has an operation focused on voter education and advocacy, as well as Fair Count, which will work to make sure people of color and those living in rural communities take part in next year’s census.

Next year is shaping up to be a fierce battle for the presidency, and Democrats should take nothing for granted, Groh-Wargo said. She recalled President Trump’s rhetoric during the 2016 election, in which he warned that “illegal voters” would try to “steal” it. She also noted that the 2020 election will be the first since the Republican National Committee was released from a federal consent decree that for more than three decades had limited its “ballot security” activities, including monitoring polling places to prevent voter fraud.

“I think we could see a new level of intimidation and intentional confusion,” she said. “The Democratic Party and those who care about free and fair elections need to be prepared. It’s really important that officials at all levels and that candidates and lawyers and volunteers are ready to help insure voters have good information so they can cast their votes and not be harassed or intimidated away from their constitutional right to vote.”

You can join Fair Fight’s fight for free, fair and secure elections at fairfight.com.