Share this page!

Lea Kissner Profile picture
Twitter logo
1 Feb, 17 tweets, 4 min read
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION SECURITY"

usenix.org/conference/eni…
Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?
Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!
Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton
One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
The voting process
* significant advances in recent years (e.g. paper ballots, risk-limiting audits, end-to-end verifiability)
* research needed in integrating these technologies
* expanding to mail-in voting?
But there's also internet voting
* we can't do it securely today [oh no voatz reference]
* we have to combat malware, authentication etc.
* if we could solve them, that would be great. But in the meantime voting has to be successful for everyone
* can improve accessibility through things like getting ballot online, filling it out, then returning through the mail
Election support systems
* less researched. Probably because they look boring
* Voter registration databases aren't working. Russians breached at least 2 states, targeted all 50 states
* little to no public scrutiny of these systems
* election night reporting -- this is a picture of one where there was a bug in reporting. [It was fixed but freaked a lot of people out]
A lot of the trouble with the security of election support systems is not that we don't know how to do it -- it's that we have to do it
Campaign security
* biggest unknown (see Sunny Consolvo's talk!)
* we must view campaign security as non-partisan and increase resources and services available
Public confidence
* major damage from domestic actors
* widespread mis/dis-information
* technical election security measures helps to debunk rumours floating around
Misinformation-fighting supply measures:
* platforms: downranking and deplatforming
* trusted institutions
* debunking & fact checks
Misinformation-fighting demand measures:
* media literacy
* increased civics education

[ Also note that @katestarbird will be giving a talk on misinformation don't miss it: usenix.org/conference/eni…]
Let's fix election support systems!
* Much of this is applying security things we already know
[ Note: a lot of organizations have this problem 😭 ]
* engage in public research. Have a vuln disclosure policy so people can confidently help
Election security is a problem that can only be solved by working together: elections officials, security people, everyone

[end of talk]

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lea Kissner

Lea Kissner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LeaKissner

Lea Kissner Profile picture
3 Feb
Next up at #enigma2021, Alex Gaynor from @LazyFishBarrel (satirical security company) will be talking about "QUANTIFYING MEMORY UNSAFETY AND REACTIONS TO IT"

usenix.org/conference/eni…
Look for places where there are a lot of security issues being handled one-off rather than fixing the underlying issue Image
We tried to fix credential phishing mostly by telling people to be smarter, rather than fixing the root cause: people being able to use phished credential.

2-factor auth just ... fixes the problem. ImageImage
Read 15 tweets
Lea Kissner Profile picture
3 Feb
It's time to talk about @zoom_us security over @zoom_us at #enigma2021 by Merry Ember Mou with the talk "BUILDING E2EE AND USER IDENTITY"

usenix.org/conference/eni…
Zoom's launched end-to-end encryption 5 months after the white paper was published
* prevents eavesdroppers between users who are speaking to each other
* protection against compromised servers Image
[ here's the E2EE whitepaper from Zoom]

github.com/zoom/zoom-e2e-…
Read 20 tweets
Lea Kissner Profile picture
3 Feb
@carmelatroncoso is speaking about "CONTACT TRACING APPS: ENGINEERING PRIVACY IN QUICKSAND" at #enigma2021

usenix.org/conference/eni…
Engineering contact-tracing apps has been a marathon

Why make them?
* manual contact-tracing became totally overwhelmed with covid cases
* can we supplement with technology? Image
Constraints: security and privacy
* protect from misuse: surveillance, target marginalized individuals, etc.
* purpose limitation by default
* hide user's identity, location, behaviour
* preserve system integrity
Read 18 tweets
Lea Kissner Profile picture
3 Feb
In more pandemic talks at #enigma2021, Mark Funk is here to talk about "DESIGNING VERIFIABLE HEALTH SOLUTIONS FOR GLOBAL PANDEMIC"

usenix.org/conference/eni…
This is about work done with a nonprofit to try to find a way to prevent infected people from entering a location in a privacy-preserving way.

(Stopped this work when it became clear that this was being built for a world which wouldn't exist any time soon.) Image
Right now, we ask people to self-diagnose, which requires on diagnosis and truthfulness

There are stronger mechanisms like PCR tests Image
Read 25 tweets
Lea Kissner Profile picture
3 Feb
Last day of #enigma2021 and we're kicking off with @cooperq from @EFF talking about "DETECTING FAKE 4G LTE BASE STATIONS IN REAL TIME"

usenix.org/conference/eni…
Focus on tech which targets at-risk people (e.g. activists, rights defenders, sex workers) Image
What is a cell site simulator?

*transmitter or receiver which intercepts metadata from cell phones, often by pretending to be a legit cell tower Image
Read 21 tweets
Lea Kissner Profile picture
2 Feb
Last talk at #enigma2021 today is @iMeluny speaking about "DA DA: WHAT SHARK CONSERVATION TEACHES US ABOUT EMOTIONALITY AND EFFECTIVE COMMUNICATION STRATEGIES FOR SECURITY AND PRIVACY"

usenix.org/conference/eni…
I dreamt of being a shark scientist and worked my ass off to get a scholarship to one of the top programs. My career took a loop, but to this day I find lessons from sharks for security and privacy.
Lessons:
Incidents are emotional
* Risks will never be zero
* Public is ill-informed and fear is common
* science-based policy is not the norn Image
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @LeaKissner has new unrolls!

Check out other threads from @LeaKissner!

Read all threads by @LeaKissner