Eric Geller Profile picture
Aug 26, 2019 3 tweets 3 min read Read on X
Scoop: Bipartisan activist coalition (incl. @FreedomWorks @DefendOurVotes @RSI @Public_Citizen @CommonCause @LWV) asks Congress to hold hearings with voting technology vendors — using subpoenas if necessary, given vendors' reticence. subscriber.politicopro.com/article/2019/0…
ES&S and Dominion both ducked last year's SRC hearing that sought "vendor perspectives." Of the big three, only Hart showed up.

The letter cites numerous instances of product vulnerabilities and questionable corporate conduct that Congress could press the vendors to explain.
Among the stories cited in this letter to illustrate the need to hold vendors accountable:

apnews.com/e5e070c31f3c49…
nytimes.com/2018/02/21/mag…
mcclatchydc.com/latest-news/ar…
apnews.com/cbc30e6a059a41…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

Dec 16
In 2021, Congress gave state and local governments $1 billion for cyber improvements.

The program has been transformative, but it expires next year. My new @TheRecord_Media story explores what it's accomplished and what will happen if it isn't renewed: therecord.media/federal-money-…Image
I talked to folks from @NASCIO, @NACoTweets, @CTDEMHS, and @MontanaDES about the grant program.

They all said it's been a vital lifeline for cash-strapped, hack-plagued government agencies.

It "has been a game-changer," said CT emergency management director William Turner. Image
There have been some state-local tensions (most of the money is earmarked for local governments, but states can decide how to provide it), and meeting the federal requirements hasn't been easy, but people who work with the program say the results have been impressive.
Read 11 tweets
Dec 16
New from me: Inside @CISAgov as Trump prepares to take power.

Employees are worried that he'll end key projects, drive away star talent, and generally weaken the agency's role in protecting the government and the nation from hackers.

My @WIRED story: wired.com/story/cisa-cut…Image
CISA staffers expect Trump to spurn efforts to raise the tech industry's security baseline.

"Compliance efforts like secure-by-design may not have the support that they currently benefit from," one employee said.

Also at risk: Election security aid and incident reporting rules. Image
As a U.S. cyber official put it to me of Trump's team, "They do not think it's the role of the US government to make [the] private sector act in a certain way."
Read 11 tweets
Dec 4
The White House just held a press call to discuss the latest on China's "Salt Typhoon" hacking campaign against telecommunications companies.

New detail: "At least eight" U.S. telcos have been hacked, deputy national security adviser for cyber Anne Neuberger said.
The Salt Typhoon activity "has been underway for some time," a senior administration official said -- "likely one to two years." China has hacked telcos in "a couple of dozen" countries during that time.
"At this time, we don't believe any classified communications have been compromised," Neuberger said.
Read 12 tweets
Dec 3
Senior CISA and FBI officials just held a background call to brief reporters on the status of their investigation into Chinese hacking of U.S. and foreign telecom companies.

It sounds like telecoms are a long way from being able to evict the Chinese hackers from their networks.
"The continued investigation into the PRC targeting commercial telecom infrastructure has revealed a broad and significant cyber-espionage campaign," a senior FBI official said.

Investigation began late spring/early summer and has involved meetings with "scores" of U.S. telcos.
Stolen records include:
* Lots of metadata about calls and texts (but no content)
* Call and text content from a targeted group of govt/political figures
* Data (but not intercepts) from the law enforcement wiretap portal
Read 18 tweets
Nov 4
"As we head into tomorrow," @CISAJen says on a press call happening now, "I can say with great confidence that our election infrastructure has never been more secure and that the election community has never been better prepared to deliver safe, secure, free, and fair elections."
Easterly: "From the national level, during the early-voting period, we have observed small-scale incidents resulting in no significant impacts to election infrastructure."
Easterly: "These include low-level distributed denial-of-service activity, criminal destruction of ballot drop boxes, some severe weather in the central United States, and continued threats targeting election officials."
Read 8 tweets
Oct 22
Six years after @CyberSolarium urged Congress to make software vendors legally liable for product failures, very little has been done.

My new story for @TheRecord_Media explores the legal, technical, and political challenges facing software liability: therecord.media/cybersecurity-…Image
Problem #1: Software vendors have been protected from virtually any form of legal accountability for decades, dating back to when policymakers were afraid of stifling the nascent industry.

Licenses disclaim liability.

It's "a golden-child industry," one legal expert told me. Image
Problem #2: There are a lot of complex legal and technological issues to sort out, including what makes a product reasonably secure, what kind of harm is actionable, how to address open-source software and insurance companies, and how to set civil suit burdens. Image
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(