, 24 tweets, 4 min read Read on Twitter
“U.S. election integrity depends on security-challenged firms - Chicago Tribune” 1/ chicagotribune.com/business/ct-bi…
2/ “In 2017, a private contractor [voting machine vendor ES&S] left data on Chicago's 1.8 million registered voters — including addresses, birth dates and partial Social Security numbers — publicly exposed for months on an Amazon cloud server.”
3/ “A trio of companies — ES&S of Omaha, Neb.; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas — sell and service more than 90 percent of the machinery on which votes are cast and results tabulated.”
4/ Experts say these voting-machine vendors “have long skimped on security in favor of convenience, making it more difficult to detect intrusions such as occurred in Russia's 2016 election meddling.”
5/ “The businesses also face no significant federal oversight and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.”
6/ “In much of the nation, especially where tech expertise and budgets are thin, the companies effectively run elections either directly or through subcontractors.”
7/ "They cobble things together as well as they can," University of Connecticut election-technology expert Alexander Schwartzman said of the industry leaders. Building truly secure systems would likely make them unprofitable, he said.
8/ “Election vendors have long resisted open-ended vulnerability testing by independent, ethical hackers — a process that aims to identify weaknesses an adversary could exploit. Such testing is now standard for the Pentagon and major banks.”
9/ “ES&S told The Associated Press that it allows independent, open-ended testing of its corporate systems as well as its products. But the company would not name the testers and declined to provide documentation of the testing or its results.”
10/ “Dominion's VP of government affairs, Kay Stimson, said her company has also had independent third parties probe its systems but would not name them or share details.”
11/ ”Hart InterCivic, the No. 3 vendor, said it has done the same using the Canadian cybersecurity firm Bulletproof, but would not discuss the results.”
12/ “During this year's primary elections, ES&S technology failed on several fronts.

In Los Angeles County, more than 118,000 names were left off printed voter rolls. A subsequent outside audit blamed sloppy system integration by an ES&S subsidiary during a database merge.”
13/ “No such audit was done in Kansas' most populous county after a different sort of error in newly installed ES&S systems delayed the vote count by 13 hours as data uploading from thumb drives crawled.”
14/ “University of Iowa computer scientist Douglas Jones said both incidents reveal mediocre programming and insufficient pre-election testing. And voting equipment vendors have never seemed security conscious ‘in any phase of their design,’ he said.”
15/ “ES&S sells vote-tabulation systems equipped w/ CELLULAR MODEMS, a feature that experts say sophisticated hackers cld exploit to tamper w/ vote counts. A few states ban such wireless connections; in Alabama, the state had 2 force ES&S 2 remove them from machines in January.”
16/ "’It seemed like there was a lot more emphasis about how cool the machines could be than there was actual evidence that they were secure,’ said John Bennett, the Alabama secretary of state's deputy chief of staff.”
17/ “Last year, a [California] state security contractor found multiple vulnerabilities in ES&S's Electionware system that could, for instance, allow an intruder to erase all recorded votes at the close of voting.”
18/ “In 2014, the same contractor, Jacob Stauffer of the security firm Coherent Cyber, found ‘multiple critical vulnerabilities’ in Dominion's Democracy Suite that could allow skilled hackers to compromise an election's outcome.”
19/ “Elections are run by the states, whose oversight of suppliers varies. California, New York and Colorado are among states that keep a close eye on the vendors, but many others have cozier relationships with them.”
20/ “And the vendors can be recalcitrant. In 2017, for instance, Hart InterCivic refused to provide Virginia with a paperless e-Slate touchscreen voting machine for testing, said Edgardo Cortes, then the state election commissioner” who proceeded to decertify paperless machines.
21/ “At the federal level, NO AUTHORITY accredits election vendors or VETS them or their subcontractors. No federal law requires them to report security breaches or to perform background checks on employees or subcontractors.”
22/ “Federal oversight is limited to the little-known Election Assistance Commission, a 30-employee agency that certifies voting equipment but whose recommendations are strictly VOLUNTARY. It has NO OVERSIGHT power and cannot sanction manufacturers for any shortcomings.”
23/ "’We can't regulate,’ EAC chairman Thomas Hicks said during a July 11 congressional hearing when the question came up. Neither can DHS, even though it designated the nation's election systems ‘critical infrastructure’ in early 2017.”
24/ Kudos to @fbajak for writing this highly informative and honest election-security piece. #ProtectOurVotes
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Jennifer Cohn
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!