Profile picture
David Carroll🦅 @profcarroll
, 17 tweets, 3 min read Read on Twitter
Invited to testify to NY State Assembly committees on Election Law, Election Day Ops and Voter Disenfranchisement this morning. Will be sharing my discoveries related to the data processing of NYS voter files in foreign territories. #CambridgeAnalytica
First up, execs from NYS Board of Elections describing our compliance to #HAVA (Help America Vote Act) and hardening of NYS voting equipment, effects of Kremlin hack attempts. Certified source code is escrowed with board. NY bans wireless, private vendors for machine config.
NYS Board of Elections reports continued probe attempts into our election infrastructure, coordination with federal resources, but targets and techniques by hostile actors not yet being shared with state. Notes problems of private vendor coordination.
NYS Board CIO describing proposed equipment upgrade that hardens machines and voter registration databases while acknowledging increased sophistication of attacks. Calls for ongoing end-to-end risk assessment with means to mitigate issues as they appear in budget requests.
Chair Lavine notes how CA was notified by DHS of "scanning attempts" while NY was notified by FBI and asks about federal coordination. Board reports they've been notified by both agencies since they are both on the federal coordination council.
NYS Board of Elections describing a significant cyber attack that took down 30 servers in one country in the days leading up to the election. What if that occurred in multiple counties simultaneously? Incident response needs work beyond on intrusion detection.
Ranking member Norris asks about moving to electronic pollbooks, risks of moving away from paper pollbooks. Board responds with issues related to data security with 3rd-party vendors. Not all state pollsites are even connected to internet. No bipartisan support for proposed bill.
Member Lifton asks board about doing what other countries moving back to paper ballots. But NYS is already a "paper state" so key is that scanners are safely and accurately counting ballots. We are state-of-the-art except ballot-on-demand capability so voters can use any pollsite
Member Carroll (no relation) asks about the major Schuyler county cyber attack regarding its effects on absentee balloting. Also asks about both official actors and bad-actors purging voter rolls. 120,000 purged from Kings Country rolls before primary.
Board wants to use statistical models to detect abnormal patterns. Member Carroll asks if Board links with Social Security death records to update rolls. Board said SS db was not a good data matching source, wildly inaccurate matching. National Change of Address system is used.
Member Simon asks about hardware upgrade plans. ES&S most common device vendor in NYS, Dominion machines is also used. $200M worth of machines purchased in 2009-2010 with federal money now approaching end-of-life.
Next up: NYC Board of Elections, has FireEye/Mandiant as cyber security vendor moving forward (~$500M contract) thru Oct 2018. No cyber issues of consequence reported from 2016-17 elections in NYC. Acknowledges city in better shape than other state counties needing same resources
NYC Board of Elections describes a social media "cloning" attack where bad actor disseminates false impersonation of official accounts (web, Facebook, Twitter) spreading election day disinformation to confuse voters.
That's a theoretical attack imagined by NYC Board. Shows they are thinking with an escalated understanding of information operations, perhaps echoing from Congressional hearings that highlighted election day disinformation on social media.
Member Carroll asks NYC Board Elex Commissioner Ryan if a hardware failure of ballot scanner occurred in cycle? No. Could a bad actor penetrate ballot scanner to change how it counts? No, physical machine access/custody protocols/re-certifications thwart tampering.
Member Carroll asks about backup protocol for restoring hacked/tampered voter rolls to a clean state. Daily offsite backups gives date-certain restore points. NYC board saw no evidence of voter roll tampering. Commish attributes security to Mandiant contract.
The "Brooklyn Issue" occurred in July where a re-sync caused roll purges so tech was re-engineered to support parallel sync rather than single point of failure. Member Carroll: Any physical copy maintained of voter rolls? Yes.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to David Carroll🦅
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!