Profile picture
Porpentina (Tina) @porpentina2017
, 15 tweets, 6 min read Read on Twitter
I just read this article on companies that provide voter services for states and it is worse than I thought it would be.

Spoiler Alert: I am going to break this article down bit by bit and explain why things are "bad".
#UnhackTheVote

fivethirtyeight.com/features/russi…
The election system is decentralized. Each state runs their own elections and the federal government can't tell the states how to run their elections. There's no centralized system for someone to break into, no one way to run an election so the diversity can be a strength.
21 states (that's 42%) were hit by the Russian hackers and they were successful in at least one state. The federal government and the states have done almost nothing to prevent this from happening again.This is thanks, in part, to the decentralized nature of the election systems.
Cybersecurity is one area where there must be centralized guidance and protocols.
Minimum protections are needed to ensure what happened in the last election doesn't happen again. Allowing the states to determine their own level of security is not working.
eac.gov/assets/1/6/sta…
The article states that almost all states rely on private companies for election services, but states have very few regulations on cybersecurity. This gives hackers a centralized set of systems for multiple states, doesn't that go against the whole decentralized idea?
One of the companies, VR Systems was mentioned in the #Mueller indictment of the 12 Russians. They provide voter registration systems, & electronic poll books to 8 states. The hackers targeted state election officials via spear phishing.
govtech.com/security/Were-…
ES&S is another company that provides election services. They were also the target of attacks and left a large database that contained names, voter ID, DOB, addresses, phone numbers & in some cases driver's license numbers of 1.8 million Chicago voters.
upguard.com/breaches/cloud…
While this wasn't the result of a hacker breaking into a system it was the result of extremely careless (non-existent in my mind) cybersecurity protocols

Do you feel safe knowing that third party (private) companies are handing your data without any security protocols? I don't.
ES&S is the same company where it was discovered that although they denied installing remote control software on their voting machines, it was later discovered that indeed they remote control software installed.

ES&S needs to appear before congress.
motherboard.vice.com/en_us/article/…
.@FiveThirtyEight reports that a company called Dominion Voting published a "Client Web Portal" that didn't employ SSL.

SSL is a protocol that ensures that the data transferred between the web server & client are encrypted & secure

Not using SSL means all data are exposed.
Not using SSL means that user IDs & passwords are available for the taking. No need for spear phishing.

How many of you use the same password for all your online activities*? How about at work?

Do you see the problem?
*if you do, please consider changing them to be different
The lack of cybersecurity positions at these companies is shocking. If your business is providing election services online, security should be a top priority.

Questions sent to these companies by @RonWyden revealed that they are sorely lacking in the cybersecurity department.
The companies are not concerned about the state of their security, but fall far behind the IT online industry. Because there is no oversight, & there is no accountability.

The US congress cannot hold them accountable because that is the job of the states.

See the problem?
The article states that 33 states use electronic poll books, but only 8 require state officials to certify them. That means that once these companies have the data only 8 states certify the data are correct let alone secure.
There is a way to bridge this gap, the Election Assistance Commission could produce standards for Poll books & electronic voting services like they have for voting machines.

We need to bring our Federal and State governments into a secure and safe computer age.
<end>
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Porpentina (Tina)
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!