Profile picture
Eric Geller @ericgeller
, 8 tweets, 3 min read Read on Twitter
Today we published a story I've been working on for weeks. It's an examination of the most overlooked aspect of election security: the voting technology vendors.

Here it is, for @POLITICOPro subscribers: politico.pro/2EGl1Nq
Voting vendors, fiercely protective of their profits in a difficult market, have spent more than a decade shunning independent testing of their products, throwing up hurdle after hurdle for cybersecurity experts.

When tests occur, they reveal systems riddled with flaws.
The agency that works most closely with vendors, the @EACgov, has little power to rein in vendors, experts told me.

Local election officials — the vendors' customers — have the most power to require better cyber practices (through contracts) but often don't know enough to do so.
Cyber experts want vendors to learn the lessons that computer makers learned in the early 2000s: that researchers are your friends, not your enemies.

Instead, vendors work hard to avoid scrutiny. None of the major firms agreed to interviews. Only a few small ones did.
After I made separate requests to talk to them, the major firms banded together to send me a statement promising that they took security seriously. The statement addressed none of my questions and those vendors ignored follow-up requests for interviews.
Interestingly, the smaller firms who spoke to me said they expected the feds to start scrutinizing vendors more closely, like other providers of critical infrastructure.

Elections are easily the least regulated of the sectors that DHS has designated as critical infrastructure.
Some of the researchers I spoke to were pessimistic about vendors improving their practices. Others were cautiously optimistic that things would change.

But as @mattblaze put it: “How catastrophic a failure are we going to need before that happens?”
Last year, @RonWyden asked the major vendors about their cybersecurity practices. He got few answers.

As Wyden told me for this story, "This industry is basically laying out a path to trouble."

politico.pro/2EGl1Nq
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Eric Geller
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ericgeller see all

Profile picture
Georgia's voting security commission is meeting right now before issuing recommendations for the state's new voting equipment.

But in today's @MorningCybersec, experts told me that the vendor proposals GA has received are full of problems.

politico.com/newsletters/mo…
The vast majority of public comments at this commission meeting have been passionate pleas for paper-based voting systems.

One county election official argued for electronic voting, but cited only minor logistical problems with paper that can be solved. No mention of security.
Meanwhile, Brian Kemp, who's moving from secretary of state (top election official) to governor, has named the former top lobbyist for giant voting vendor ES&S as his new deputy chief of staff.

But surely that won't affect how the state treats ES&S.

ajc.com/blog/politics/…
Read 16 tweets
Profile picture
The Justice Department is about to announce charges against Chinese government (APT10) hackers for a long-running economic espionage campaign against U.S. and other Western businesses.

Watch live: justice.gov/live
Deputy AG Rod Rosenstein: "Today, the Department of Justice is announcing a criminal indictment of two hackers associated with the Chinese government" for attacks on "dozens of companies in the United States and around the world."
Rosenstein: The charges are for attacks on "managed service providers" that provide IT services to other companies.
Read 34 tweets
Profile picture
Deputy AG Rod Rosenstein is about to deliver remarks at a Georgetown Law/DOJ cybercrime conference.
Rosenstein talking about the risks of new technology.

“We need to place security on the same footing as novelty and convenience, and design technology accordingly.”

Offers cars as an example.
Rosenstein: “We cannot accept a culture in which technology companies considers it part of their responsibility to defeat legitimate law enforcement” activities.
Read 20 tweets

Related threads

Profile picture
Today @Reuters published my story on a tiny library straddling the U.S.-Canada border, which has become the unlikely site of bittersweet reunions for families separated by Trump's travel ban reuters.com/article/us-usa… 1/11
The Haskell Free Library and Opera House sits in both Quebec and Vermont, so it's in a sort of geopolitical gray zone, accessible to people entering from both the U.S. and Canada 2/11
Shirin Estahbanati, an Iranian studying in the US, hadn't seen her father for nearly 3 years, during which time he had suffered a heart attack in Iran, where he lives. She was able to see her parents in August at the library. Here she is describing the moment they embraced 3/11
Read 11 tweets
Profile picture
Today @nytimes published this story about our client, including police body cam footage, which shows how a cop planted weed in his car. Our client spent 2 weeks on Rikers Island, the cop lied on the stand, was never disciplined & still works for the NYPD. nyti.ms/2zguYwe
This case is not extraordinary in any way, except that the body cam footage provides compelling evidence against the police officer.
First, police use smelling the "odor of marijuana" as a pretext for vehicle stops & searches all the time. They can still do this now, even when they don't (or claim not to) prosecute marijuana offenses. This is why it is vitally important that marijuana is legalized.
Read 18 tweets
Profile picture
Grateful for the right to participate in democracy & for all who’ve fought, and sometimes died, so that all Americans can exercise the right to vote. Grateful for voting rights advocates holding election officials accountable & making sure democracy works in precincts everywhere.
Grateful to computer security researchers, government officials, journalists, and other continuing to identify and educate all of us about threats to our election. Looking forward to national dialogue and progress on improving election security and voting processes in the future.
And grateful to election judges at my local polling place for their service and diligence. If you're eligible to vote, and haven't yet: Please do. Voting rights are how we, the people, express our voice; it's the heartbeat of democracy. May we never take these rights for granted.
Read 3 tweets
Profile picture
DHS, FBI Hold Joint Briefing for Election Officials with Facebook and Microsoft

@drawandstrike @ThomasWictor @HNIJohnMiller @catesduane @rising_serpent @_ImperatorRex_ @Debradelai @LarrySchweikart @GodlessNZ @almostjingo

dhs.gov/news/2018/08/2…
DHS, FBI, Facebook, and Microsoft Update State and Local Election Officials on Recent Actions Taken to Counter Foreign Threats
Washington, D.C. – Today, the Department of Homeland Security (DHS) was joined by the Federal Bureau of Investigation (FBI), Facebook, and Microsoft to host a briefing for the National Association of Secretaries of State (NASS)...
Read 23 tweets
Profile picture
There's been a lot of talk about #electionsecurity since we know #Russia will try to hack the #2018Midterms.

This thread will give brief overviews of #votingmachines, #opensource software & #handmarked #paperballots. THREAD 1/10 #MondayMotivaton
Jurisdictions don't have 💰 or staff to buy new machines frequently or keep the ones they have up to date with security updates. There's no voting machine that can't be hacked. 2/10 nytimes.com/2018/02/21/mag…
Manufacturers & election officials say since the machines aren't connected to the internet, they can't be hacked. But that's not accurate. Polling places transmit voting results using modems. 3/10 #technology #hack #telecommunications
Read 11 tweets
Profile picture
1. Thread. Mueller may indict, but if we want Congress to IMPEACH, we must VOTE in 2017 while trying 2 deter hacking!
2. Contact your local Indivisible to arrange for observers at each precinct when polls close to write down and (if possible) photograph ..
3. Printouts from all voting systems (poll tapes) at the precincts. These numbers can then be compared to the official results & would...
Read 29 tweets

Trending hashtags

#Norway #IndigenousRights #Election #voting #treaty8 #SpaceForce #CyberCommand #DOOM #halfway #ElectionCommission #Change #Economy #MondayMotivaton #Denmark #Afghanistan #bcpoil #Tijuana #America #FinalSayForAll #Cryptography #wiunion #Democrats #law #EndFamilySeparation #Dems

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!