Rosario Gennaro Profile picture
Sep 15, 2020 13 tweets 4 min read Read on X
Voter suppression threats using @Google @Apple Exposure Notification #GAEN have been dismissed as unrealistic: an adversary could achieve the same effect much more easily using fake news campaigns (e.g. @ronrivest in Forbes). This thread attempts to analyze these arguments (1/12)
2. So ask yourself: what would make you more likely to stay home? A social media post of dubious origin that your polling station is contaminated or a personalized state-sanctioned notification of exposure to #COVID19 ?
3. While disinformation campaigns may be easier to mount, isn't it reasonable to assume that the return (as in the ability to affect a person behavior) is much higher if the attacker messes up with #GAEN ?
4. But, wait, my twitter followers are by no means representative of the population at large. They check their sources and are more likely to believe a #GAEN notification, while the population at large can be more easily fooled. True, maybe
5. But, then, think of this as advertising: we have just given the adversary a strategy to reach a segment of the population that was not so easily reachable by disinformation campaigns. Why wouldn’t the adversary leverage both routes?
6. It might even be reasonable to assume an adoption and compliance bias to #GAEN notifications that would disproportionately affect populations of a particular political leaning (see e.g. the mask wearing adoption bias aligned mostly with personal politics)
7. Given the US electoral system where a small perturbation in voter turnout in specific geographic areas can affect the result, the return on the attack does not even have to be too high to achieve the desired goal
8. See e.g. Gomez et al. [Journal of Politics, 69(3), 2007] where it is argued that lower turnout due to rain in select districts may have had a critical impact on the outcome of at least two U.S. presidential elections
9. Wouldn’t a state sanctioned exposure notification have a similar effect to a rain forecast? Are we giving the adversary the ability to “figuratively” rain on select districts?
10. Additionally, the goal of the adversary may be to simply cast doubt on the electoral process. In a democratic system, public trust in the integrity of the election is as important as whether or not the election's results were changed by some attack
11. Tampering with state-sanctioned public health notification systems has a much larger destabilizing value than launching a fake news campaign on social media, in terms of the potential for compromising citizens' faith in the democratic process
12. Finally for those who think this is still an unrealistic threat: pre-2016 we didn't expect foreign nations to use social media to affect voter turnout. Maybe we should be a bit more proactive now, and prepare for the unexpected side effects of deploying a new technology.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rosario Gennaro

Rosario Gennaro Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @rgennaro67

Sep 2, 2020
Given yesterday's news that Exposure Notification is getting enabled on all our phones, it is a good time to analyze the countermeasures to voter suppression threats claimed by @Google and @Apple.
Only infected people can upload keys. Inadequate. Attackers may be willing to get infected. A black market for auth codes could develop. Lab technicians can be bribed. Bugs in the app may allow uploads by non-infected people (this happened in the first version of Swiss Covid)
Monitor for decrease in test positivity rates. Useless. Too slow. Voter suppression attack can be carried out before the decrease in positivity rate becomes noticeable. Ineffective for USPS attack as the number of fake exposures can be small for an effective attack.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(