The EAC is about to vote on the Voluntary Voting System Guidelines 2.0.
The most contentious point in VVSG is that it says wireless technology should be disabled and not completely removed from voting machines.
I'll try to live-tweet anything interesting, but am also expecting a call for work. So this thread may cut short at any time.
It could be very dramatic.
Disabling wifi rather than not purchasing machines that have wifi allows for more maneuverability in commercial, off the shelf purchases.
Disabling wifi, the EAC notes in documents, is more than turning on airplane mode. It requires removing hardware or software drivers that allow wifi to run.
Hicks calls VVSG 2.0 a "reasonable compromise."
A brief lull as EAC Director Mona Harrington sets up a PowerPoint presentation over Zoom.
Here's the background of the process. It gives a good sense of how long this has been in the works -- the first meeting was before the 2016 election.
Background cont.
The main issues that received comments were the wireless issue and accessibility issues, where disability advocates asked for a uniform ballot interface for all voters.
Harrington explains the security requirements:
Software independence (voting outcomes can be confirmed even if software goes awry)
Nixing wireless
Unused ports can be disabled
Harrington notes requirements for interoperability of machines (no lock-in to vendors) and audibility.
Manuals now describe a pen testing process
Harrington addresses the voting issue, particularly social media claims that they made a sudden change to allow wireless tech.
Forgive me for any mistakes - it's a quick transcript.
Harrington - delay in standards not just a matter of not having quorum, also a matter of not being fully funded.
My phone call is now half an hour late.
Harrington: "We now require registered manufacturers to notify all voting system and anomalies the EAC, not just those experienced by EAC certified systems."
This allows EAC to determine and test for common problems
The previous VVSG, 1.1, didn't have widespread industry buy-in. Harrington says, in talking to election officials and manufacturers, this was largely because they were repeatedly told the 2.0 would be coming soon, and they were waiting for that standard.
VVSG passes unanimously.
Manuals pass unanimously
Hovland: "today's vote on the VVSG 2.0 is the most important action the EAC has taken 15 years."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
There's a ton of stuff we don't know about Bloomberg Supermicro 1 and 2 that I'm not sure we're going to know. Here's what I do know about Supermicro 1, the original story:
I know a ton of national security and cybersecurity reporters and contractors who tried to substantiate the first story without success.
I tried to substantiate the first story without success.
People who I spoke to on Capitol Hill said they *wished* it was true to confirm what we generally know about China's industrial espionage.
People I spoke to in industry launched expensive investigations to see if they had been hit. They hadn't.
The natsec/infosec implications of the coup attempt are staggering - not just in Pelosi's office.
They'll need to assume all systems and physical files were compromised, and catalog what of each was stolen, altered or destroyed
In the long run, they need an evacuation failsafe for computer systems.
I wasn't really referring to classified files. But it's worth noting that Mieke Eoyang disagrees both in terms of classified files and in general (down conversation).
By the end of the first season, over the course of several investigations, the FBI had hacked into Boston's transportation system, an online casino that was cooperating with the investigation and the camera on a teenage girl's home computer.
Where will they CSI:CYBER next?
Interesting notes from the intro to episode 1:
-Peter McNichol (Ghostbusters 2) has been replaced by Ted Danson.
-They've taken out the part where someone whispers "It can happen to you."