174 stories
·
5 followers

DEA Asks for Help Laundering Money

2 Comments and 3 Shares

As Justin Rohrlich reports this week for the Daily Beast, the Drug Enforcement Administration recently expressed a concern that currency it seizes in drug busts could be covered in deadly chemicals, and has asked potential vendors for information about helping it clean up the dangerous bills.

There is good reason to believe that this is ridiculous.

In a Request for Information posted on June 14, the DEA said it was “interested in learning more about available capability in cleaning and decontaminating currency tainted with drugs and other unknown substances.” Some of these substances, it explained, “may be extremely harmful to human health and potentially result in death,” which can also be extremely harmful to human health. “As such,” the DEA continued, “the currency must be decontaminated to ensure safety.” It invited interested vendors to respond by June 26.

There is a lot wrong with this, even beyond the glaring misuse of the phrase “as such” to mean “therefore” and to refer to “substances” in one sentence but “currency” in the other. I mean, that is certainly appalling and something we need to address, it’s just not the biggest problem here.

Here are two bigger ones.

First, according to multiple sources quoted in the article, while one could not describe currency in circulation as “clean,” and drug residue of some kind is not rare, there seems to be little if any evidence that the levels involved could be harmful in any way, much less deadly. I say this only partly because the “hazardous substances” listed by the DEA for potential “decontamination” include marijuana/THC. (I’m not a doctor, but I haven’t exactly seen any headlines about emergency rooms being choked with cases of marijuana poisoning, and I live in San Francisco.) But what did the actual experts quoted in the article say? Here’s a summary:

  • Former FBI special agent for 22 years: this is all news to me.
  • Forensic toxicologist: “absurd at best,” also “ludicrous.”
  • Med-school professor: “quite odd, given the lack of scientific support.”
  • Former detective: no … but maybe for fentanyl?
  • Forensic toxicologist again: no, not fentanyl either, unless maybe you eat the bills.

The question therefore seems to be: Are DEA agents or administrators eating any of the currency they seize?

And this brings us to the second problem: if they are eating it, how would we know? Because the most interesting thing in the RFI is the DEA’s statement that, because the seized drug money is so dangerous that they will not be able to count it before turning it over to the vendor for cleaning:

Contaminated Currency Packaging Requirements and Delivery. The vendor shall indicate to DEA how contaminated currency should be packaged. DEA will not count the contaminated currency (due to inherent safety issues) prior to packaging the contaminated currency, but will have a general indication of the amount that has been packaged for the vendor. The vendor shall also indicate whether they provide pick up services for DEA, if DEA should deliver the contaminated currency, or both. It is preferred that DEA have a service where the contaminated currency can be double-bagged and provided directly to the vendor….

Emphasis added.

***

“Hi, guys, Steve over at DEA again. Hey, so we got another truckload or so of contaminated currency here that we need to ship over for you to laun— to decontaminate.”

“Whoops! You almost said it, Steve!”

“No, I said ‘decontaminate.’ Like in the proposal. Anyway, we’ve got, like, a truckload of hundreds here. What do you think?”

“Will Friday work?”

“Yes. Oh, and don’t forget—we need to get a truckload back, too.”

“Oh, absolutely. You will get a truckload back.” <is making air quotes with fingers>

“Okay … You’re not making air quotes, are you?”

“No.”

“Okay. Because we talked about that.”

“Absolutely. Oh, and Steve?”

“What?”

“Don’t forget to double-bag the cash. You know, so some of the bags don’t break and spill the money out all over the road, never to be seen again.”

“Very funny. You guys are a real hoot.”

“Hey, it’s a good joke.” <is making air quotes again> “Okay, we’ll try to make some room in the hundreds bin.”

“Okay, thanks.”

***

The phrase you’re looking for, I think, is “what could go wrong?” We have a federal agency pursuing a “war on drugs” that is basically pointless to begin with; an agency that (like many others) has a record of seizing assets before any conviction has taken place and without any discernible connection to law enforcement (see Report: Many DEA Cash Seizures Have ‘No Discernible Connection’ to Law Enforcement” (Apr. 6, 2017); and here it is saying it’s going to ship money back and forth for “decontamination,” on a questionable basis, without even counting it.

What could go wrong?

See also DEA Agent: If You Legalize Pot, Rabbits Will Get High” (May 4, 2015) (discussing another really stupid argument a DEA agent made once).

Read the whole story
aranth
29 days ago
reply
🤔
Share this story
Delete
1 public comment
acdha
28 days ago
reply
The better question is which administration buddy this contract will be steered to. The Trump Org is too obvious but has anyone checked Erik Prince’s business filings recently?
Washington, DC

When I asked about Rage 2’s worst character, I got an unexpected response

1 Share

Collector’s Edition celebrates Rage’s most regrettable tendencies

If I had to name a favorite game of E3 2018 — I’m fickle and bad with favorites — I’d probably say Rage 2. I wrote yesterday that it plays like a mixtape of Bethesda’s portfolio, grafting some of the best bits from Doom, Quake, Wolfenstein and Elder Scrolls onto an open world first-person shooter. Unfortunately, Rage 2 retains the one thing I despised about its predecessor, something I worried would prevent me from really enjoying the sequel.

In 2018, the only thing I remember with any clarity about the original Rage is its tone-deaf depiction of heroes and villains. The good guys were blessed with impossibly perfect skin and preternatural good looks. The villainous foot soldiers were mutants, many with facial wounds that looked an awful lot like my own birth defect: a full cleft lip and palate.

Cleft lips and palates (among other birth defects) have a history of representing villainy, one I’ve had to navigate my entire life. But I hadn’t appreciated the anxiety it caused me until I spent a couple dozen hours shooting ghouls who looked as if they’d been traced off my baby photos — pictures of me before I had the dozen-plus surgeries that pieced my mouth and nose together into what’s culturally established to be a “normal” look.

I’d heard rumors about Rage 2 a couple months ago, that it was being made in collaboration with one of my favorite developers, Avalanche Studios. And I was disappointed, though not surprised, when the trailer revealed that the project, while being something largely new, would retain the same imagery with regard to its mutants and heroes. I was downright crushed when Bethesda revealed the Collector’s Edition statue: a bust of Ruckus the Crusher, a mutated goon with an absent upper lip and deformed nose.

As a journalist, you don’t want to make yourself part of the story. But with a little extra time left in my interview with id Software studio director Tim Willits, I asked why the cleft lip and palate imagery made the cut from Rage to Rage 2. To his credit, he didn’t spin his response. Here’s the transcript.


Chris Plante: I have one other thing. I enjoyed Rage 1, but one thing ended up turning me off to it. I was born with a cleft lip and cleft palate, and one of the frustrating things about that game is that many of the enemies have that imagery — and there’s still a little of that in Rage 2. And I’m curious —

Tim Willits: So you feel that it’s a little insensitive?

Plante: Yeah. It makes me a little uncomfortable when it’s always the bad guys that have the upper lip and nose removed, effectively.

Willits: You know, I never really thought of that. I mean, you know, we try to make — you know, Kenneth Scott was our art director on Rage 1, and yeah, I mean I kind of feel bad now. Sometimes it’s hard when you — you don’t live in that world, so you’re like, ‘Oh, these guys …’ So I apologize. And you know, yeah, I’ll talk to the guys.

Plante: Sure. Are mutations normal for the heroes, too, in this version of the game?

Willits: It’s mostly the bad guys. But we do have some — the heroes in Rage 2 are not as pretty as the heroes in Rage 1. Someone did, like, “the girls of Rage” posters and stuff, so we are trying to be a little more balanced. And the Avalanche guys have been very good about being a little more sensitive. So I do think we have a better balance.


Is it a disappointment to hear that some of Rage 2’s villains will be modeled to share my birth defect? Yes, absolutely. Is it a relief to hear someone simply say sorry? More than I could have imagined, to be frank.

I can’t remember a time somebody did this in an interview: just recognized the error and apologized. It made me emotional, tapping into some psychological payload I won’t detonate in this piece. But it also felt like I suddenly could be excited about this thing I liked, some of its baggage left on the side of the road.

I recognize I have the rare opportunity to actually speak to creators in person, that there isn’t a better means for other people outside my position to have this experience. And I recognize that people of other backgrounds have for decades had to play games that treat them as targets — and that they still do. But for a moment, I felt a surge of optimism. If developers can be open, if they can make efforts to find other voices rather than wait for those voices to come to them, then everyone could feel welcome to play the hero, rather than be forced to spot themselves as the villain.

After all, this is a game set in an apocalyptic wasteland. I don’t expect the villains to be pristine beauty models. I know they’ll be grotesque, deformed and mutated. I just hope that in the future the heroes can look like me, too. Maybe that can be a new feature in Rage 3.

Read the whole story
aranth
36 days ago
reply
Share this story
Delete

Today in Uber Autonomous Murderbot News

jwz
1 Comment and 3 Shares
The Uber executives who put this software on the public roadways need to be in jail. They disabled safety features because they made testing harder. They disabled safety features because they made the ride rougher.

NTSB: Uber's sensors worked; its software utterly failed in fatal crash:

The National Transportation Safety Board has released its preliminary report on the fatal March crash of an Uber self-driving car in Tempe, Arizona. It paints a damning picture of Uber's self-driving technology.

The report confirms that the sensors on the vehicle worked as expected, spotting pedestrian Elaine Herzberg about six seconds prior to impact, which should have given it enough time to stop given the car's 43mph speed.

The problem was that Uber's software became confused, according to the NTSB. "As the vehicle and pedestrian paths converged, the self-driving system software classified the pedestrian as an unknown object, as a vehicle, and then as a bicycle with varying expectations of future travel path," the report says.

Things got worse from there.

At 1.3 seconds before impact, the self-driving system determined that an emergency braking maneuver was needed to mitigate a collision. According to Uber, emergency braking maneuvers are not enabled while the vehicle is under computer control, to reduce the potential for erratic vehicle behavior. The vehicle operator is relied on to intervene and take action. The system is not designed to alert the operator.

Deadly Accident Likely Caused By Software Set to Ignore Objects On Road:

The car's sensors detected the pedestrian, who was crossing the street with a bicycle, but Uber's software decided it didn't need to react right away. That's a result of how the software was tuned. Like other autonomous vehicle systems, Uber's software has the ability to ignore "false positives," or objects in its path that wouldn't actually be a problem for the vehicle, such as a plastic bag floating over a road. In this case, Uber executives believe the company's system was tuned so that it reacted less to such objects. But the tuning went too far, and the car didn't react fast enough, one of these people said.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Read the whole story
aranth
57 days ago
reply
Share this story
Delete
1 public comment
satadru
54 days ago
reply
And this is why Uber shut down its autonomous vehicle project in AZ.
New York, NY

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site

1 Comment

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.

On May 10, The New York Times broke the news that a different cell phone location tracking company called Securus Technologies had been selling or giving away location data on customers of virtually any major mobile network provider to a sheriff’s office in Mississippi County, Mo.

On May 15, ZDnet.com ran a piece saying that Securus was getting its data through an intermediary — Carlsbad, CA-based LocationSmart.

Wednesday afternoon Motherboard published another bombshell: A hacker had broken into the servers of Securus and stolen 2,800 usernames, email addresses, phone numbers and hashed passwords of authorized Securus users. Most of the stolen credentials reportedly belonged to law enforcement officers across the country — stretching from 2011 up to this year.

Several hours before the Motherboard story went live, KrebsOnSecurity heard from Robert Xiao, a security researcher at Carnegie Mellon University who’d read the coverage of Securus and LocationSmart and had been poking around a demo tool that LocationSmart makes available on its Web site for potential customers to try out its mobile location technology.

LocationSmart’s demo is a free service that allows anyone to see the approximate location of their own mobile phone, just by entering their name, email address and phone number into a form on the site. LocationSmart then texts the phone number supplied by the user and requests permission to ping that device’s nearest cellular network tower.

Once that consent is obtained, LocationSmart texts the subscriber their approximate longitude and latitude, plotting the coordinates on a Google Street View map. [It also potentially collects and stores a great deal of technical data about your mobile device. For example, according to their privacy policy that information “may include, but is not limited to, device latitude/longitude, accuracy, heading, speed, and altitude, cell tower, Wi-Fi access point, or IP address information”].

But according to Xiao, a PhD candidate at CMU’s Human-Computer Interaction Institute, this same service failed to perform basic checks to prevent anonymous and unauthorized queries. Translation: Anyone with a modicum of knowledge about how Web sites work could abuse the LocationSmart demo site to figure out how to conduct mobile number location lookups at will, all without ever having to supply a password or other credentials.

“I stumbled upon this almost by accident, and it wasn’t terribly hard to do,” Xiao said. “This is something anyone could discover with minimal effort. And the gist of it is I can track most peoples’ cell phone without their consent.”

Xiao said his tests showed he could reliably query LocationSmart’s service to ping the cell phone tower closest to a subscriber’s mobile device. Xiao said he checked the mobile number of a friend several times over a few minutes while that friend was moving. By pinging the friend’s mobile network multiple times over several minutes, he was then able to plug the coordinates into Google Maps and track the friend’s directional movement.

“This is really creepy stuff,” Xiao said, adding that he’d also successfully tested the vulnerable service against one Telus Mobility mobile customer in Canada who volunteered to be found.

Before LocationSmart’s demo was taken offline today, KrebsOnSecurity pinged five different trusted sources, all of whom gave consent to have Xiao determine the whereabouts of their cell phones. Xiao was able to determine within a few seconds of querying the public LocationSmart service the near-exact location of the mobile phone belonging to all five of my sources.

LocationSmart’s demo page.

One of those sources said the longitude and latitude returned by Xiao’s queries came within 100 yards of their then-current location. Another source said the location found by the researcher was 1.5 miles away from his current location. The remaining three sources said the location returned for their phones was between approximately 1/5 to 1/3 of a mile at the time.

Reached for comment via phone, LocationSmart Founder and CEO Mario Proietti said the company was investigating.

“We don’t give away data,” Proietti said. “We make it available for legitimate and authorized purposes. It’s based on legitimate and authorized use of location data that only takes place on consent. We take privacy seriously and we’ll review all facts and look into them.”

LocationSmart’s home page features the corporate logos of all four the major wireless providers, as well as companies like Google, Neustar, ThreatMetrix, and U.S. Cellular. The company says its technologies help businesses keep track of remote employees and corporate assets, and that it helps mobile advertisers and marketers serve consumers with “geo-relevant promotions.”

LocationSmart’s home page lists many partners.

It’s not clear exactly how long LocationSmart has offered its demo service or for how long the service has been so permissive; this link from archive.org suggests it dates back to at least January 2017. This link from The Internet Archive suggests the service may have existed under a different company name — loc-aid.com — since mid-2011, but it’s unclear if that service used the same code. Loc-aid.com is one of four other sites hosted on the same server as locationsmart.com, according to Domaintools.com.

LocationSmart’s privacy policy says the company has security measures in place…”to protect our site from the loss or misuse of information that we have collected. Our servers are protected by firewalls and are physically located in secure data facilities to further increase security. While no computer is 100% safe from outside attacks, we believe that the steps we have taken to protect your personal information drastically reduce the likelihood of security problems to a level appropriate to the type of information involved.”

But these assurances may ring hollow to anyone with a cell phone who’s concerned about having their physical location revealed at any time. The component of LocationSmart’s Web site that can be abused to look up mobile location data at will is an insecure “application programming interface” or API — an interactive feature designed to display data in response to specific queries by Web site visitors.

Although the LocationSmart’s demo page required users to consent to having their phone located by the service, LocationSmart apparently did nothing to prevent or authenticate direct interaction with the API itself.

API authentication weaknesses are not uncommon, but they can lead to the exposure of sensitive data on a great many people in a short period of time. In April 2018, KrebsOnSecurity broke the story of an API at the Web site of fast-casual bakery chain PaneraBread.com that exposed the names, email and physical addresses, birthdays and last four digits of credit cards on file for tens of millions of customers who’d signed up for an account at PaneraBread to order food online.

In a May 9 letter sent to the top four wireless carriers and to the U.S. Federal Communications Commission in the wake of revelations about Securus’ alleged practices, Sen. Ron Wyden (D-Ore.) urged all parties to take “proactive steps to prevent the unrestricted disclosure and potential abuse of private customer data.”

“Securus informed my office that it purchases real-time location information on AT&T’s customers — through a third party location aggregator that has a commercial relationship with the major wireless carriers — and routinely shares that information with its government clients,” Wyden wrote. “This practice skirts wireless carrier’s legal obligation to be the sole conduit by which the government may conduct surveillance of Americans’ phone records, and needlessly exposes millions of Americans to potential abuse and unchecked surveillance by the government.”

Securus, which reportedly gets its cell phone location data from LocationSmart, told The New York Times that it requires customers to upload a legal document — such as a warrant or affidavit — and to certify that the activity was authorized. But in his letter, Wyden said “senior officials from Securus have confirmed to my office that it never checks the legitimacy of those uploaded documents to determine whether they are in fact court orders and has dismissed suggestions that it is obligated to do so.”

Securus did not respond to requests for comment.

THE CARRIERS RESPOND

It remains unclear what, if anything, AT&T, Sprint, T-Mobile and Verizon plan to do about any of this. A third-party firm leaking customer location information not only would almost certainly violate each mobile providers own stated privacy policies, but the real-time exposure of this data poses serious privacy and security risks for virtually all U.S. mobile customers (and perhaps beyond, although all my willing subjects were inside the United States).

None of the major carriers would confirm or deny a formal business relationship with LocationSmart, despite LocationSmart listing them each by corporate logo on its Web site.

AT&T spokesperson Jim Greer said AT&T does not permit the sharing of location information without customer consent or a demand from law enforcement.

“If we learn that a vendor does not adhere to our policy we will take appropriate action,” Greer said.

T-Mobile referred me to their privacy policy, which says T-Mobile follows the “best practices” document (PDF) for subscriber location data as laid out by the CTIA, the international association for the wireless telecommunications industry.

A T-Mobile spokesperson said that after receiving Sen. Wyden’s letter, the company quickly shut down any transaction of customer location data to Securus.

“We are continuing to investigate this matter,” a T-Mobile spokesperson wrote via email. T-Mobile has not yet responded to requests specifically about LocationSmart.

Verizon also referred me to their privacy policy.

Sprint officials shared the following statement:

“Protecting our customers’ privacy and security is a top priority, and we are transparent about our Privacy Policy. To be clear, we do not share or sell consumers’ sensitive information to third parties. We share personally identifiable geo-location information only with customer consent or in response to a lawful request such as a validated court order from law enforcement.”

“We will answer the questions raised in Sen. Wyden’s letter directly through appropriate channels. However, it is important to note that Sprint’s relationship with Securus does not include data sharing, and is limited to supporting efforts to curb unlawful use of contraband cellphones in correctional facilities.”

WHAT NOW?

Stephanie Lacambra, a staff attorney with the the nonprofit Electronic Frontier Foundation, said that wireless customers in the United States cannot opt out of location tracking by their own mobile providers. For starters, carriers constantly use this information to provide more reliable service to the customers. Also, by law wireless companies need to be able to ascertain at any time the approximate location of a customer’s phone in order to comply with emergency 911 regulations.

But unless and until Congress and federal regulators make it more clear how and whether customer location information can be shared with third-parties, mobile device customers may continue to have their location information potentially exposed by a host of third-party companies, Lacambra said.

“This is precisely why we have lobbied so hard for robust privacy protections for location information,” she said. “It really should be only that law enforcement is required to get a warrant for this stuff, and that’s the rule we’ve been trying to push for.”

Chris Calabrese is vice president of the Center for Democracy & Technology, a policy think tank in Washington, D.C. Calabrese said the current rules about mobile subscriber location information are governed by the Electronic Communications Privacy Act (ECPA), a law passed in 1986 that hasn’t been substantially updated since.

“The law here is really out of date,” Calabrese said. “But I think any processes that involve going to third parties who don’t verify that it’s a lawful or law enforcement request — and that don’t make sure the evidence behind that request is legitimate — are hugely problematic and they’re major privacy violations.”

“I would be very surprised if any mobile carrier doesn’t think location information should be treated sensitively, and I’m sure none of them want this information to be made public,” Calabrese continued. “My guess is the carriers are going to come down hard on this, because it’s sort of their worst nightmare come true. We all know that cell phones are portable tracking devices. There’s a sort of an implicit deal where we’re okay with it because we get lots of benefits from it, but we all also assume this information should be protected. But when it isn’t, that presents a major problem and I think these examples would be a spur for some sort of legislative intervention if they weren’t fixed very quickly.”

For his part, Xiao says we’re likely to see more leaks from location tracking companies like Securus and LocationSmart as long as the mobile carriers are providing third party companies any access to customer location information.

“We’re going to continue to see breaches like this happen until access to this data can be much more tightly controlled,” he said.

Read the whole story
aranth
63 days ago
reply
I'm sure the lowest bidding contractor that administers government backdoors would never be this lax on security.
Share this story
Delete

Virginia Beach Police Want Encrypted Radios

1 Comment and 3 Shares

This article says that the Virginia Beach police are looking to buy encrypted radios.

Virginia Beach police believe encryption will prevent criminals from listening to police communications. They said officer safety would increase and citizens would be better protected.

Someone should ask them if they want those radios to have a backdoor.

Read the whole story
aranth
70 days ago
reply
Share this story
Delete
1 public comment
Sjon
66 days ago
reply
"Someone should ask them if they want those radios to have a backdoor."

Securing Elections

3 Shares

Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them.

Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper.

Recently, there have been two graphic demonstrations of how bad our computerized voting system is. In 2007, the states of California and Ohio conducted audits of their electronic voting machines. Expert review teams found exploitable vulnerabilities in almost every component they examined. The researchers were able to undetectably alter vote tallies, erase audit logs, and load malware on to the systems. Some of their attacks could be implemented by a single individual with no greater access than a normal poll worker; others could be done remotely.

Last year, the Defcon hackers' conference sponsored a Voting Village. Organizers collected 25 pieces of voting equipment, including voting machines and electronic poll books. By the end of the weekend, conference attendees had found ways to compromise every piece of test equipment: to load malicious software, compromise vote tallies and audit logs, or cause equipment to fail.

It's important to understand that these were not well-funded nation-state attackers. These were not even academics who had been studying the problem for weeks. These were bored hackers, with no experience with voting machines, playing around between parties one weekend.

It shouldn't be any surprise that voting equipment, including voting machines, voter registration databases, and vote tabulation systems, are that hackable. They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. If anything, they're less secure than the computers we generally use, because their manufacturers hide any flaws behind the proprietary nature of their equipment.

We're not just worried about altering the vote. Sometimes causing widespread failures, or even just sowing mistrust in the system, is enough. And an election whose results are not trusted or believed is a failed election.

Voting systems have another requirement that makes security even harder to achieve: the requirement for a secret ballot. Because we have to securely separate the election-roll system that determines who can vote from the system that collects and tabulates the votes, we can't use the security systems available to banking and other high-value applications.

We can securely bank online, but can't securely vote online. If we could do away with anonymity -- if everyone could check that their vote was counted correctly -- then it would be easy to secure the vote. But that would lead to other problems. Before the US had the secret ballot, voter coercion and vote-buying were widespread.

We can't, so we need to accept that our voting systems are insecure. We need an election system that is resilient to the threats. And for many parts of the system, that means paper.

Let's start with the voter rolls. We know they've already been targeted. In 2016, someone changed the party affiliation of hundreds of voters before the Republican primary. That's just one possibility. A well-executed attack that deletes, for example, one in five voters at random -- or changes their addresses -- would cause chaos on election day.

Yes, we need to shore up the security of these systems. We need better computer, network, and database security for the various state voter organizations. We also need to better secure the voter registration websites, with better design and better internet security. We need better security for the companies that build and sell all this equipment.

Multiple, unchangeable backups are essential. A record of every addition, deletion, and change needs to be stored on a separate system, on write-only media like a DVD. Copies of that DVD, or -- even better -- a paper printout of the voter rolls, should be available at every polling place on election day. We need to be ready for anything.

Next, the voting machines themselves. Security researchers agree that the gold standard is a voter-verified paper ballot. The easiest (and cheapest) way to achieve this is through optical-scan voting. Voters mark paper ballots by hand; they are fed into a machine and counted automatically. That paper ballot is saved, and serves as a final true record in a recount in case of problems. Touch-screen machines that print a paper ballot to drop in a ballot box can also work for voters with disabilities, as long as the ballot can be easily read and verified by the voter.

Finally, the tabulation and reporting systems. Here again we need more security in the process, but we must always use those paper ballots as checks on the computers. A manual, post-election, risk-limiting audit varies the number of ballots examined according to the margin of victory. Conducting this audit after every election, before the results are certified, gives us confidence that the election outcome is correct, even if the voting machines and tabulation computers have been tampered with. Additionally, we need better coordination and communications when incidents occur.

It's vital to agree on these procedures and policies before an election. Before the fact, when anyone can win and no one knows whose votes might be changed, it's easy to agree on strong security. But after the vote, someone is the presumptive winner -- and then everything changes. Half of the country wants the result to stand, and half wants it reversed. At that point, it's too late to agree on anything.

The politicians running in the election shouldn't have to argue their challenges in court. Getting elections right is in the interest of all citizens. Many countries have independent election commissions that are charged with conducting elections and ensuring their security. We don't do that in the US.

Instead, we have representatives from each of our two parties in the room, keeping an eye on each other. That provided acceptable security against 20th-century threats, but is totally inadequate to secure our elections in the 21st century. And the belief that the diversity of voting systems in the US provides a measure of security is a dangerous myth, because few districts can be decisive and there are so few voting-machine vendors.

We can do better. In 2017, the Department of Homeland Security declared elections to be critical infrastructure, allowing the department to focus on securing them. On 23 March, Congress allocated $380m to states to upgrade election security.

These are good starts, but don't go nearly far enough. The constitution delegates elections to the states but allows Congress to "make or alter such Regulations". In 1845, Congress set a nationwide election day. Today, we need it to set uniform and strict election standards.

This essay originally appeared in the Guardian.

Read the whole story
aranth
91 days ago
reply
Share this story
Delete
Next Page of Stories