0:00:00.000,0:00:18.620
<i>35C3 preroll music</i>

0:00:18.620,0:00:24.779
Herald Angel: Mr. Halderman, professor of[br]computer science at the University of

0:00:24.779,0:00:32.598
Michigan. Famous for inventing things like[br]Let's Encrypt, finding the--

0:00:32.598,0:00:33.620
<i>applause</i>

0:00:33.620,0:00:38.050
Herald Angel: There's more.[br]<i>applause</i>

0:00:38.050,0:00:49.770
Herald: But wait, there's more! Logjam[br]-- I love buzzword bingo -- and zmap.

0:00:49.770,0:00:55.520
And now he's going to talk about [br]American elections. Thank you.

0:00:55.520,0:01:00.760
J. Alex Halderman: All right. Thank you so[br]much. It's fantastic to be back at

0:01:00.760,0:01:07.259
Congress this year. Two years ago I was[br]here with Matt Bernhard one of my Ph.D.

0:01:07.259,0:01:13.000
students and we gave an update about what[br]happened during the 2016 presidential

0:01:13.000,0:01:22.460
election. Today a lot has changed and a[br]lot remains the same. And I'm here to let

0:01:22.460,0:01:27.830
you know what we've learned about what[br]happened in the 2016 election and what we

0:01:27.830,0:01:32.330
still need to do to make sure elections in[br]the U.S. and around the world are well

0:01:32.330,0:01:40.990
protected. So, a quick flashback. On[br]November 8th, 2016 Donald Trump became

0:01:40.990,0:01:46.210
president of the United States by beating[br]some other person. Now history quickly

0:01:46.210,0:01:53.170
forgets the losers in presidential[br]elections. And it really doesn't matter

0:01:53.170,0:02:00.170
who Donald Trump beat, because today, for[br]better or for worse, he is the president.

0:02:00.170,0:02:06.920
But how close was the election? President[br]Trump likes to talk about how he won by a

0:02:06.920,0:02:14.250
landslide, but actually he was the fifth[br]person in American history to win the

0:02:14.250,0:02:20.700
presidency while losing the popular vote.[br]In fact his opponent received 3 million

0:02:20.700,0:02:26.920
more votes in the election than President[br]Trump did. How can that happen? Well we

0:02:26.920,0:02:33.011
have this crazy system called the[br]Electoral College. And in the Electoral

0:02:33.011,0:02:38.349
College each state has a certain number of[br]points, and Donald Trump ended up getting

0:02:38.349,0:02:43.840
more of those points. But if we want to[br]ask "How close was the election,

0:02:43.840,0:02:49.660
really?"... well that depends on the way[br]each state allocates its electoral votes,

0:02:49.660,0:02:58.319
and most are "winner-take-all". So we[br]might ask how many votes would, say, an

0:02:58.319,0:03:03.590
attacker have had to change in the[br]smallest number of states in order to

0:03:03.590,0:03:07.850
change the election result in order to,[br]say, make it a tie instead of a win for

0:03:07.850,0:03:14.310
President Trump. And it turns out that if[br]you look at the three closest states, they

0:03:14.310,0:03:19.580
could be flipped with a very very small[br]number of votes changing, and changing

0:03:19.580,0:03:24.370
just any two of these three states would[br]have been enough to reverse the outcome of

0:03:24.370,0:03:29.750
the presidential election. If we look at[br]the next few closest states they also have

0:03:29.750,0:03:36.220
very small margins, and any three of these[br]six states would have sufficed to change

0:03:36.220,0:03:42.650
the election result. In total just[br]changing twenty seven thousand, five

0:03:42.650,0:03:49.519
hundred votes from Donald Trump to Donald[br]Trump's opponent would have changed the

0:03:49.519,0:03:55.590
outcome of the U.S. presidential election.[br]There were 137 million votes in total.

0:03:55.590,0:04:03.200
That's a change of just 0.02 percent. That[br]is a very close electoral result by even

0:04:03.200,0:04:10.450
contemporary American standards. And[br]that's why the possibilities of computer

0:04:10.450,0:04:17.019
hacking, voting machine manipulation,[br]information warfare that actually did take

0:04:17.019,0:04:24.690
place, some of them in 2016, not only have[br]the possibility to have effected the 2016

0:04:24.690,0:04:29.190
election result but stand to have the[br]possibility to affect future election

0:04:29.190,0:04:37.050
results as well. And that's why election[br]security is so important right now. But if

0:04:37.050,0:04:43.280
we go back to 2016, when I was speaking[br]here two years ago, the main thing I was

0:04:43.280,0:04:48.430
talking about were recounts in three[br]states: Wisconsin, Michigan, and

0:04:48.430,0:04:53.900
Pennsylvania, that I and other election[br]security advocates had a big role in

0:04:53.900,0:04:59.360
orchestrating. Well we realized after 2016[br]that this was a close and unexpected

0:04:59.360,0:05:05.240
election result, but no one was going to[br]go back and check the physical evidence of

0:05:05.240,0:05:11.750
the votes: the actual paper ballots in any[br]states that really mattered to make sure

0:05:11.750,0:05:16.920
that the computer election results we have[br]been told about were right. Well, when I

0:05:16.920,0:05:22.290
and others pointed this out to the public[br]it resulted in an overwhelming show of

0:05:22.290,0:05:27.980
support. And one of the third party[br]presidential candidate Jill Stein stepped

0:05:27.980,0:05:34.040
in and had the legal standing to demand[br]recounts in states where she stood for

0:05:34.040,0:05:38.350
election, even though she had no chance of[br]winning. And she raised through small

0:05:38.350,0:05:43.290
donations from the public more than seven[br]million dollars to fund efforts to go back

0:05:43.290,0:05:49.419
and count and check the votes to make sure[br]things were right. Unfortunately, a

0:05:49.419,0:05:54.840
recount after an American election is a[br]politically fraught process, and in all

0:05:54.840,0:06:02.100
three states we found opposition from the[br]apparent winner of the election, we found

0:06:02.100,0:06:07.229
challenges in the courts, and only one of[br]those states, Wisconsin, ended up

0:06:07.229,0:06:13.039
recounting all of its ballots and found no[br]evidence of fraud. In Michigan the

0:06:13.039,0:06:20.580
recounts were halted after only a few days[br]with less than half of the votes counted

0:06:20.580,0:06:25.830
after a court challenge by the[br]Republicans. Again, no evidence of fraud

0:06:25.830,0:06:31.860
in the votes that were recounted. And in[br]Pennsylvania, unfortunately, like many

0:06:31.860,0:06:36.930
states most of the state had no paper[br]trail at all. There was nothing to

0:06:36.930,0:06:42.389
recount: just digital records and[br]machines. The courts denied the Stein

0:06:42.389,0:06:48.620
campaign the right to have independent[br]experts examine the machines, and in very

0:06:48.620,0:06:52.639
few of the places in the rest of the[br]state, the small amount that did have

0:06:52.639,0:07:00.270
paper actually did complete a recount. But[br]still there was no evidence of fraud. So

0:07:00.270,0:07:05.300
in all there is no evidence that hacking[br]of voting machines -- hacking of actual

0:07:05.300,0:07:11.240
vote counts -- changed the outcome of the[br]2016 election. But there is abundant

0:07:11.240,0:07:17.850
evidence that cyberattacks of other forms[br]had a major influence on the election,

0:07:17.850,0:07:22.639
certainly could have a huge influence on[br]future elections. And that's what I'm

0:07:22.639,0:07:28.940
going to talk about today. So first[br]looking back at 2016 in the two years

0:07:28.940,0:07:33.639
since I was last here we have learned a[br]lot more about what really took place

0:07:33.639,0:07:42.900
during the 2016 election. Starting just[br]January of 2017 when the U.S. intelligence

0:07:42.900,0:07:51.169
community -- the CIA, NSA, and other three[br]letter agencies -- who often in this

0:07:51.169,0:07:57.009
community we don't trust, still came out[br]and released a joint assessment in which

0:07:57.009,0:08:04.490
they rated with very high confidence the[br]conclusion that attackers linked to Russia

0:08:04.490,0:08:10.380
were ordered by Russian President Vladimir[br]Putin to interfere with the American

0:08:10.380,0:08:16.000
election in order to weaken Clinton, boost[br]Donald Trump, and discredit the electoral

0:08:16.000,0:08:21.479
process as a whole. They called it a[br]significant escalation of longstanding

0:08:21.479,0:08:28.860
Russian efforts to undermine the US-led[br]liberal democratic order. So where's the

0:08:28.860,0:08:34.448
evidence that this actually happened? And[br]what actually happened? According to not

0:08:34.448,0:08:39.328
only the intelligence reports but other[br]information from other sources we can use

0:08:39.328,0:08:45.939
to see to see whether it's credible. Well[br]what happened in the U.S. actually looks a

0:08:45.939,0:08:51.190
lot like something that happened in 2014[br]in Ukraine, where, according to other

0:08:51.190,0:08:58.220
published reports, attackers linked to[br]Russia engaged in a multipronged attack to

0:08:58.220,0:09:04.089
try to undermine the presidential election[br]there. They released targeted leaks of

0:09:04.089,0:09:09.740
e-mails linked to the presidential[br]campaign. They attacked the Election

0:09:09.740,0:09:14.269
Commission's servers in order to cause[br]them to initially post the wrong

0:09:14.269,0:09:19.139
presidential winner. And this was[br]apparently detected and narrowly averted

0:09:19.139,0:09:24.319
only hours before the winner was to be[br]announced. And they orchestrated DDoS

0:09:24.319,0:09:30.790
attacks to try to delay the election[br]results. In the U.S. in 2016 we saw a

0:09:30.790,0:09:36.430
similar multipronged attack of targeted[br]political leaks trolling and message

0:09:36.430,0:09:42.550
amplification on social media and attacks[br]against election infrastructure. So the

0:09:42.550,0:09:48.279
targeted political leaks, you've probably[br]heard about some of this. You have e-mails

0:09:48.279,0:09:54.189
stolen from the Democratic National[br]Committee through a hacking campaign that

0:09:54.189,0:10:00.639
involved two different Russian-linked[br]military groups hacking into the DNC

0:10:00.639,0:10:06.779
servers, installing customized malware and[br]exfiltrating thousands of e-mails that

0:10:06.779,0:10:13.149
were then published by WikiLeaks. Later,[br]John Podesta -- Clinton's campaign

0:10:13.149,0:10:20.299
chairman -- also had his personal email[br]compromised, and Podesta's emails were

0:10:20.299,0:10:25.100
similarly published by WikiLeaks. Whatever[br]you think about WikiLeaks -- and

0:10:25.100,0:10:30.230
government transparency, and I myself am a[br]huge fan of transparency -- there's

0:10:30.230,0:10:36.220
clearly something subversive and[br]manipulative about just one side being

0:10:36.220,0:10:41.720
targeted, and being targeted by other[br]foreign nations, and having its dirty

0:10:41.720,0:10:46.630
laundry aired for the world to see. This[br]is subverting the entire notion of

0:10:46.630,0:10:52.730
transparency, turning our need for true[br]information about politicians against us

0:10:52.730,0:10:59.279
and manipulating the entire process. John[br]Podesta, since his e-mails were all leaked

0:10:59.279,0:11:03.540
to the public, well, we can go and see the[br]phishing attack e-mail that got his

0:11:03.540,0:11:09.399
password, and here it is. So this mail[br]sent to John Podesta claims to be from

0:11:09.399,0:11:13.680
Gmail saying that someone has tried to[br]sign in with his password and he urgently

0:11:13.680,0:11:20.939
needs to change it by clicking here. Well[br]he did click there and Russia got his

0:11:20.939,0:11:27.509
password. We also see his staff talking[br]about this e-mail and one of his staffers

0:11:27.509,0:11:32.550
recognized that this was a phishing[br]attempt and emailed urgently telling John

0:11:32.550,0:11:38.810
Podesta to change his password immediately[br]but he typo'd. In dashing out this e-mail

0:11:38.810,0:11:44.019
he wrote that this is a "legitimate[br]e-mail". He has subsequently claimed every

0:11:44.019,0:11:47.759
time he's talked about it that he meant to[br]write "illegitimate" not "legitimate".

0:11:47.759,0:11:55.410
Well, the rest is history. A couple of[br]extra letters might have changed a lot. So

0:11:55.410,0:12:00.199
beyond the e-mail leaks we've seen an[br]orchestrated campaign on social media

0:12:00.199,0:12:06.600
through trolls and false identities to try[br]to manipulate people's opinions, to try to

0:12:06.600,0:12:12.189
create political divisions between people,[br]to try to amplify certain discordant

0:12:12.189,0:12:17.819
messages. That could be a whole talk in[br]itself, and I'm not going to go deep into

0:12:17.819,0:12:23.329
the trolling and message amplification,[br]but it's a subject that is an ongoing form

0:12:23.329,0:12:29.259
of attack that again turns our tools of[br]communication against us. People need to

0:12:29.259,0:12:34.149
know whether the information they're[br]reading is really what other people they

0:12:34.149,0:12:40.079
know and are like them think, or whether[br]it's being generated by bots, by attacks.

0:12:40.079,0:12:44.870
Alright this kind of artificial[br]amplification and manipulation of

0:12:44.870,0:12:51.259
messaging turns us against each other.[br]Finally, and the category of attacks that

0:12:51.259,0:12:55.639
I want to talk about most today because I[br]think they're the most relevant for our

0:12:55.639,0:13:01.509
community, are attacks against election[br]infrastructure itself: the increasingly

0:13:01.509,0:13:06.939
computerized systems that we use to run[br]elections, not just in the US but in

0:13:06.939,0:13:12.459
countries around the world. There were[br]attacks against voter registration systems

0:13:12.459,0:13:18.350
in states across the country, organized by[br]the same Russian groups. There were

0:13:18.350,0:13:24.809
attacks against companies that make[br]technology used in polling places. In all,

0:13:24.809,0:13:29.819
the intelligence assessment is that up to[br]21 states had their voter registration

0:13:29.819,0:13:34.569
systems probed. Now of course how can you[br]go back in time and know for sure that

0:13:34.569,0:13:38.889
others were not probed, were not[br]compromised. That's very difficult, even

0:13:38.889,0:13:44.809
if you are, say, the NSA and are watching[br]everyone's network traffic. However we

0:13:44.809,0:13:49.449
know that in multiple states the attackers[br]got in through SQL injection, through

0:13:49.449,0:13:53.110
other attacks, and were able to steal[br]hundreds of thousands of voters'

0:13:53.110,0:14:06.669
registration records. More information[br]came out later in 2017 through leaked

0:14:06.669,0:14:15.019
information from NSA. So this woman,[br]Reality Winner, an NSA contractor, leaked

0:14:15.019,0:14:20.410
to the Intercept a series of intelligence[br]assessments that showed the Russian

0:14:20.410,0:14:26.129
attacks went even farther, that they[br]executed attempts to break into the

0:14:26.129,0:14:30.929
computer systems of at least one election[br]computer software vendor, and then after

0:14:30.929,0:14:35.660
breaking into their systems started trying[br]to fish their way into the computers of

0:14:35.660,0:14:39.859
local election administrators, the people[br]who actually run the technology on

0:14:39.859,0:14:45.399
Election Day. For sharing this information[br]with us Reality Winner is currently

0:14:45.399,0:14:52.629
serving a five year prison sentence for[br]violating the Espionage Act. But the

0:14:52.629,0:15:01.149
information that she leaked has since been[br]corroborated. In July of this year

0:15:01.149,0:15:06.160
prosecutors in the Special Counsel's[br]office -- this is the Robert Mueller

0:15:06.160,0:15:12.149
investigation of Russian interference and[br]collusion -- indicted a set of GRU

0:15:12.149,0:15:18.329
officers, Russian military officers, in[br]conjunction with the voter registration

0:15:18.329,0:15:23.049
system attacks, the theft of email from[br]the Democrats, and the attempts to indict

0:15:23.049,0:15:28.220
local election officials. If you're[br]interested in this stuff I highly

0:15:28.220,0:15:32.939
recommend you read this indictment. It's[br]about 20 pages of very detailed

0:15:32.939,0:15:40.639
information asserting to apparently[br]detailing exactly who these people were

0:15:40.639,0:15:46.299
where they worked what they did. Step by[br]step.Now it's scary to think that we might

0:15:46.299,0:15:51.460
have such detailed information about[br]crimes that took place in the past. It

0:15:51.460,0:15:58.290
doesn't say how we learned, for instance,[br]that this certain officer, Anatoly

0:15:58.290,0:16:09.379
Kovalev, was working for unit 74455 of the[br]GRU at 22 Kirabo Street Building, the

0:16:09.379,0:16:16.800
tower, and quite how he pulled off each[br]step in the attack that's asserted here.

0:16:16.800,0:16:21.930
But as the Mueller indictments advance, as[br]the special prosecutor's case comes

0:16:21.930,0:16:30.019
together, we're likely to learn a lot more.[br]And what's to come in 2018 as the Mueller

0:16:30.019,0:16:33.540
investigation winds down, I think we're[br]going to learn a lot more about quite who

0:16:33.540,0:16:39.050
ordered what, about who in the United[br]States was involved, and about whether the

0:16:39.050,0:16:50.589
attacks went even further than we have so[br]far discovered. So that's 2016

0:16:50.589,0:16:55.790
and what we've learned about 2016,[br]but I'm here today to give you a

0:16:55.790,0:17:04.480
progress report on 2018. So what happened[br]during the 2018 election? Well we saw

0:17:04.480,0:17:08.859
several things during the November[br]election this year. According to

0:17:08.859,0:17:13.569
intelligence, once again, we have[br]allegations of continued social media

0:17:13.569,0:17:19.888
influence operations, this time allegedly[br]linked to not only Russia, but China and

0:17:19.888,0:17:27.648
Iran. Now I think it's very difficult to[br]independently comment and establish on

0:17:27.648,0:17:31.740
whether these allegations are true or even[br]to understand the full extent of the

0:17:31.740,0:17:35.990
social media involvement, because it's[br]just a small set of large Internet

0:17:35.990,0:17:41.440
companies that have the raw data that we[br]need to analyze. However the best reports

0:17:41.440,0:17:45.559
we have are these assessments from the[br]intelligence community that the social

0:17:45.559,0:17:52.890
media influence is ongoing. We also saw[br]sporadic breakdowns of voting machines.

0:17:52.890,0:17:57.320
Now patterns of breakdowns of voting[br]machines could be the indication of an

0:17:57.320,0:18:02.540
attack. But in 2018 all of them seem to[br]have perfectly natural explanations. In

0:18:02.540,0:18:07.450
New York City for instance many optical[br]scan machines broke down and jammed and

0:18:07.450,0:18:12.799
caused long lines but apparently it was[br]because it was raining and that causes the

0:18:12.799,0:18:18.010
paper to swell a little bit, these[br]machines to mis-feed and so on. So this is

0:18:18.010,0:18:26.740
probably just natural failure. We also had[br]unfortunate human error for not the first

0:18:26.740,0:18:32.960
time. An election in Florida potentially[br]had the result changed because of very bad

0:18:32.960,0:18:40.740
usability design in just the layout of the[br]ballot. So in Broward County, Florida

0:18:40.740,0:18:45.759
3.7 percent fewer voters cast a vote at all[br]in the U.S. Senate race than the race for

0:18:45.759,0:18:50.850
governor. This was potentially enough[br]because of the demographics of Broward to

0:18:50.850,0:18:56.639
change the outcome of the Florida Senate[br]race. Here's why: Here's the ballot. So

0:18:56.639,0:19:03.580
this is the race for governor, which most[br]voters filled out, as you would expect.

0:19:03.580,0:19:08.380
Right down there underneath that long[br]column of instructions is the U.S. senator

0:19:08.380,0:19:13.460
race. So you imagine this ballot. It's[br]much larger than a normal piece of paper.

0:19:13.460,0:19:17.809
At the bottom of that is hanging off your[br]desk as you're filling it in. I can see

0:19:17.809,0:19:22.260
how 3.7 percent of voters might have[br]completely missed that race in the first

0:19:22.260,0:19:29.889
column. Finally we had the old-fashioned[br]political fraud. In North Carolina a race

0:19:29.889,0:19:34.540
for the House of Representatives was[br]decided by only about 900 votes. But it's

0:19:34.540,0:19:40.000
come out since then that operatives[br]working for the Republican candidate

0:19:40.000,0:19:45.070
allegedly stole or manipulated a large[br]number of absentee ballots, and the

0:19:45.070,0:19:51.549
candidate there hasn't been certified yet,[br]it likely won't be seated on time. There's

0:19:51.549,0:19:55.909
multiple investigations going on into[br]exactly what happened, but it goes to show

0:19:55.909,0:20:01.809
you that political fraud is a reality. And[br]even outside the domain of computers it

0:20:01.809,0:20:07.049
continues to this day. Now if you can[br]imagine an election can be changed by just

0:20:07.049,0:20:11.850
a few people working on the ground, going[br]around collecting people's mail in ballots

0:20:11.850,0:20:17.519
and promising to return them for them,[br]well imagine what nation state attackers

0:20:17.519,0:20:23.570
could do to a vulnerable and highly[br]computerized online infrastructure. But on

0:20:23.570,0:20:36.000
the whole 2018 was, well, eerily quiet. But[br]if we go back to 2016... so the U.S. Senate

0:20:36.000,0:20:41.900
Intelligence Committee, a bipartisan group[br]controlled by Republicans in the Senate,

0:20:41.900,0:20:47.179
issued its report earlier this year about[br]2016. They pointed out that they found

0:20:47.179,0:20:52.100
that in a number of the states where[br]Russia attacked the registration systems,

0:20:52.100,0:20:57.559
the Russian hackers were in a position to,[br]at a minimum, alter or destroy the voter

0:20:57.559,0:21:02.029
registration data, which, if undetected,[br]would have caused massive chaos on

0:21:02.029,0:21:06.230
election day when people showed up to vote[br]and were told that they weren't on the

0:21:06.230,0:21:13.309
election rolls. But those attackers chose[br]not to pull the trigger. And I think

0:21:13.309,0:21:18.210
that's exactly what happened in 2018. It[br]was quiet, not because we've adequately

0:21:18.210,0:21:22.890
secured our election systems, but because[br]our adversaries this year chose not to

0:21:22.890,0:21:28.210
pull the trigger. They're waiting for the[br]bigger prize in 2020 when we're likely to

0:21:28.210,0:21:39.080
once again have a close and divisive[br]presidential contest. So what do I worry

0:21:39.080,0:21:45.200
about? What I worry about most is not the[br]last war -- registration systems, all of

0:21:45.200,0:21:49.990
that -- but the bigger prize: the 2020[br]election and the vulnerabilities in the

0:21:49.990,0:21:57.880
way that we cast and count votes in the[br]U.S. Now I testified about this in 2017 to

0:21:57.880,0:22:03.110
the Senate Intelligence Committee and --[br]that's actually not me. that's that's

0:22:03.110,0:22:08.659
former FBI Director Comey-- but two weeks[br]later I was sitting in the same chair with

0:22:08.659,0:22:15.059
far fewer TV cameras and testified that[br]the real lesson of 2016 is that the

0:22:15.059,0:22:20.470
threats are real and that the attackers[br]will be back. And this is the picture I

0:22:20.470,0:22:28.240
painted: so U.S. voting machines have their[br]own extreme set of vulnerabilities. I was

0:22:28.240,0:22:33.080
going to bring one of these machines,[br]AccuVote TSX with me here today. This

0:22:33.080,0:22:40.049
machine is still used in many parts of the[br]U.S., but my machine has been in Germany

0:22:40.049,0:22:46.420
for about a week and FedEx doesn't know[br]where it is. So if it shows up I'll have

0:22:46.420,0:22:51.000
it somewhere for people to play with, but[br]my advice is if you have to ship something

0:22:51.000,0:22:57.720
urgent to Germany don't send it via FedEx.[br]What I would have shown you though is a

0:22:57.720,0:23:01.940
mock election on this machine and the mock[br]election I always like to do to keep it

0:23:01.940,0:23:05.851
from getting too political is between[br]George Washington, the father of the

0:23:05.851,0:23:10.770
country, and Benedict Arnold, the traitor[br]of the American Revolution. And of course

0:23:10.770,0:23:16.620
everyone likes to vote for George[br]Washington. But these machines are so

0:23:16.620,0:23:22.799
vulnerable. So I would have shown you an[br]attack whereby I can compromise this

0:23:22.799,0:23:28.419
machine and cause it to report the wrong[br]election outcome without having any direct

0:23:28.419,0:23:32.929
physical access to the voting machines.[br]Instead all an attacker needs to do is be

0:23:32.929,0:23:37.419
able to infect these memory cards that[br]election officials use before every

0:23:37.419,0:23:42.409
election to program the machine with the[br]design of the ballot -- that is, the

0:23:42.409,0:23:46.220
races, the candidates, the rules for[br]counting. If an attacker can infect the

0:23:46.220,0:23:51.330
memory card there are a whole host of[br]different ways that the attacker can

0:23:51.330,0:23:57.269
compromise the machine and install malware[br]on the voting machine itself. There is an

0:23:57.269,0:24:01.929
unauthenticated software update mechanism[br]that can replace the election software.

0:24:01.929,0:24:06.110
There are buffer overflows in the code[br]that's used to read the ballot design and

0:24:06.110,0:24:10.999
process it. There's even an interpreted[br]programming language that's used to

0:24:10.999,0:24:16.320
generate the reports of who won. So you[br]can just replace the honest counting

0:24:16.320,0:24:21.230
software with dishonest counting software[br]right on the memory card, and that's what

0:24:21.230,0:24:25.590
will get executed and determine the[br]election results. Any of these ways would

0:24:25.590,0:24:31.629
be sufficient. So when the machine counts[br]the votes at the end of the election it

0:24:31.629,0:24:36.030
prints out a little cash register receipt[br]that becomes the official record of the

0:24:36.030,0:24:40.610
result. That's controlled by the[br]interpreted programming language on the

0:24:40.610,0:24:46.000
memory card. And on my machine, no matter[br]who you vote for, Benedict Arnold is going

0:24:46.000,0:24:51.139
to win. And that's because the malware I[br]install via the memory card is in complete

0:24:51.139,0:24:56.899
control of the election results. And there[br]are more problems than that. So these

0:24:56.899,0:25:03.310
voting machines like the AccuVote TSX have[br]been studied by academic researchers, by

0:25:03.310,0:25:08.769
independent researchers, by groups[br]commissioned by secretaries of state in

0:25:08.769,0:25:13.360
various states around the country. And[br]every time the same machine is studied

0:25:13.360,0:25:18.070
again, groups find new vulnerabilities.[br]This is part of the table of contents from

0:25:18.070,0:25:23.340
a report I helped to author ten years ago[br]about the AccuVote TSX, and you can see

0:25:23.340,0:25:28.380
just this one page of several pages of[br]vulnerabilities in this single machine.

0:25:28.380,0:25:33.179
These things are so poorly designed;[br]they're so complex. Each of the voting

0:25:33.179,0:25:38.299
systems has on the order of a million[br]lines of source code. And that's on top

0:25:38.299,0:25:43.920
of, in this case, on top of an old and[br]unsupported version of Windows CE. There's

0:25:43.920,0:25:51.029
no way that these things could possibly be[br]secure. But the AccuVote TSX is still used

0:25:51.029,0:25:57.749
in 18 states. In many of these states it's[br]still used with software that predates

0:25:57.749,0:26:02.130
that 2007 report I just showed you. We've[br]had known buffer overflows and other

0:26:02.130,0:26:06.970
problems in this firmware for more than 10[br]years and some states still have not

0:26:06.970,0:26:14.649
updated the software. That's how bad it[br]is. But it's not just that one machine. So

0:26:14.649,0:26:20.460
in the US every state gets to pick its own[br]election technology. There are no federal

0:26:20.460,0:26:27.140
rules that requires states to do any[br]particular kind of technology or testing,

0:26:27.140,0:26:31.370
and you might ask, especially from the[br]European perspective, why don't we just

0:26:31.370,0:26:38.210
count votes by hand like a civilized[br]country. Well here's part of the answer.

0:26:38.210,0:26:44.799
This is one example of a ballot from one[br]part of the country and it's eight pages

0:26:44.799,0:26:50.009
long. We insist on voting for not only the[br]federal races but the state and local

0:26:50.009,0:26:56.870
races and even city races. The joke is[br]even for dog catcher. And this complexity,

0:26:56.870,0:27:01.889
well, the counting ballots by hand scales[br]linearly with the number of questions and

0:27:01.889,0:27:07.759
our ballots by tradition are just too[br]complicated to efficiently count manually.

0:27:07.759,0:27:13.491
So we turn to computers, and about half[br]the country-- well, really there are two

0:27:13.491,0:27:20.830
different styles of voting machines that[br]we use. Some of them are optical scanners

0:27:20.830,0:27:25.750
where the voter fills in a piece of paper,[br]and it gets scanned in by a computer. The

0:27:25.750,0:27:31.460
rest are touch screen machines and others[br]that we call DREs -- direct recording

0:27:31.460,0:27:36.490
electronic. On these machines voters cast[br]a vote on the screen; it gets recorded in

0:27:36.490,0:27:41.440
electronic memory; some of them will also[br]generate a print out of each vote, but

0:27:41.440,0:27:46.890
that's relatively rare. In many cases the[br]only record of the vote is in a computer

0:27:46.890,0:27:54.940
memory. So in study after study these[br]machines have been examined, and in every

0:27:54.940,0:27:59.510
case, for both the optical scanners and[br]the DREs, where a machine has been tested

0:27:59.510,0:28:04.669
by qualified people, well, it's been found[br]to have vulnerabilities that would allow

0:28:04.669,0:28:10.510
an attacker to install vote stealing[br]malware and change the electronic results.

0:28:10.510,0:28:19.340
Every single case. So how hard would it be[br]to go from hacking these individual

0:28:19.340,0:28:25.360
machines to say changing the results of a[br]presidential election? Unfortunately much

0:28:25.360,0:28:30.610
easier than we might think. There'd be[br]three challenges to doing this in a way

0:28:30.610,0:28:36.960
that would likely be invisible. The first[br]challenge is that the machines are, well,

0:28:36.960,0:28:40.679
many different types. They're diverse;[br]they're decentralized. Each state's system

0:28:40.679,0:28:44.590
is independent, and thank goodness! Because[br]that means that we don't have just a

0:28:44.590,0:28:51.850
single place you can hack into to change[br]results nationwide. Unfortunately, because

0:28:51.850,0:28:58.529
of our electoral college system, this[br]diversity of technology can turn into a

0:28:58.529,0:29:04.049
weakness in very close elections. So[br]remember I said that just any three of six

0:29:04.049,0:29:09.299
states, for instance in 2016, would have[br]been sufficient to flip the outcome of the

0:29:09.299,0:29:14.980
presidential election. Well before an[br]election an attacker can scan all the

0:29:14.980,0:29:19.730
states, figure out which ones are most[br]weakly protected, and, if they can find

0:29:19.730,0:29:24.899
enough weakly protected ones to strike in,[br]that could be sufficient to change the

0:29:24.899,0:29:29.960
national results. So the attacker gets to[br]pick and choose, because our diversity of

0:29:29.960,0:29:36.009
technology also means a diversity of[br]strength and weakness. The second

0:29:36.009,0:29:40.230
challenge is that, as election officials[br]often point out, the voting machines

0:29:40.230,0:29:43.960
aren't connected to the Internet, or at[br]least they're not supposed to be. It turns

0:29:43.960,0:29:48.950
out that some of them are, because they[br]upload their results over a 4G cellular

0:29:48.950,0:29:56.309
modem right after election results are[br]complete. But let's just suppose they're

0:29:56.309,0:30:00.710
not connected to the Internet. All right.[br]It turns out that's still not enough to

0:30:00.710,0:30:05.799
protect us. So as I said before every[br]election every single voting machine in

0:30:05.799,0:30:10.789
the country has to be programmed with the[br]ballot design and that ballot programming

0:30:10.789,0:30:15.640
is created by election officials on a[br]computer workstation somewhere, usually an

0:30:15.640,0:30:21.650
old Windows PC. Those computer[br]workstations can sometimes service an

0:30:21.650,0:30:26.840
entire county, sometimes an entire state.[br]Sometimes they're controlled by

0:30:26.840,0:30:32.649
independent external contractors that can[br]perform work across multiple states. And

0:30:32.649,0:30:37.369
if an attacker can infiltrate one of those[br]systems they can spread vote stealing

0:30:37.369,0:30:44.039
malware on the memory cards to voting[br]machines across the whole region. So how

0:30:44.039,0:30:48.369
hard would it be to break into one of[br]these systems? Well in Michigan, my state,

0:30:48.369,0:30:54.210
in 2016, about three quarters of counties[br]outsourced this programming to just three

0:30:54.210,0:30:59.279
small businesses. These are 10-20 person[br]companies operating in strip malls and so

0:30:59.279,0:31:03.929
forth -- the same companies that the[br]jurisdictions buy their ballot boxes and

0:31:03.929,0:31:07.989
"I voted" stickers from. Here's the[br]website of one of them. You can see it

0:31:07.989,0:31:13.889
doesn't have HTTPS, has lots of nice high[br]resolution photos of their warehouse in

0:31:13.889,0:31:19.039
case you want to burglarize it, and,[br]probably most interestingly to an

0:31:19.039,0:31:22.759
attacker, they have this nice employee[br]directory with everyone's name,

0:31:22.759,0:31:28.799
photograph, job title, and email address.[br]So if I wanted to break into elections in

0:31:28.799,0:31:33.679
Michigan I might start by, say, forging an[br]email from Larry the president there to

0:31:33.679,0:31:39.491
Sue his administrative assistant and say I[br]urgently need you to open this file. After

0:31:39.491,0:31:44.549
she does, of course, it installs my malware[br]on their network, I'm in. I'm one step away

0:31:44.549,0:31:49.690
from the election programming system and[br]spreading malware to machines across a

0:31:49.690,0:31:56.769
quarter of the state. All right, there's[br]one more challenge. And that's that today

0:31:56.769,0:32:01.669
more than 70 percent of US votes are[br]recorded on a piece of paper. And this is

0:32:01.669,0:32:07.249
great! This is much more than ten years[br]ago because officials have been listening

0:32:07.249,0:32:10.769
to computer scientists and security[br]experts who have been warning about the

0:32:10.769,0:32:16.960
dangers of fully electronic voting. And[br]paper might seem like a step backwards,

0:32:16.960,0:32:22.500
but it's actually a pretty high tech way[br]of thinking. In any kind of critical

0:32:22.500,0:32:26.889
system, if we can afford to have a[br]physical failsafe in case of technology

0:32:26.889,0:32:31.649
problems it's a good idea to do that. This[br]is why if you fly on a commercial

0:32:31.649,0:32:36.470
aircraft... well, it has a very fancy[br]satellite-guided navigation system, but

0:32:36.470,0:32:41.539
also, by law, there's a magnetic compas in[br]the cockpit. It's also why in your

0:32:41.539,0:32:47.220
car...well you probably want to have a[br]mechanical linkage between the brake pedal

0:32:47.220,0:32:54.280
and the brakes just in case... well, you[br]know. So paper can be a very sophisticated

0:32:54.280,0:32:59.460
defense. It's relatively slow and[br]expensive to tally, but it's something

0:32:59.460,0:33:05.399
that's verified by the voter and that[br]can't be changed later in a cyberattack.

0:33:05.399,0:33:10.350
Meanwhile we also get an electronic record[br]from systems like optical scanners that's

0:33:10.350,0:33:16.179
fast and cheap to tally, but unverified.[br]As long as we make sure that these records

0:33:16.179,0:33:19.970
agree well then changing the election[br]result would require you to change the

0:33:19.970,0:33:23.990
electronic record through a high tech[br]attack. And the paper records through a

0:33:23.990,0:33:28.340
low tech attack and in a way that[br]agrees, and that would require a truly

0:33:28.340,0:33:33.919
extraordinary conspiracy. And to check[br]that the paper is right... Well we have

0:33:33.919,0:33:38.989
high tech approaches to that too. You[br]don't have to count all of it. In fact

0:33:38.989,0:33:43.860
over the last ten years computer[br]scientists and statisticians have

0:33:43.860,0:33:48.570
developed very sophisticated ways of just[br]spot checking the paper record to make

0:33:48.570,0:33:53.100
sure that it's right and these are called[br]risks limiting audits. A risk limiting

0:33:53.100,0:33:58.249
audit is a statistical process in which[br]you can count randomly selected ballots

0:33:58.249,0:34:01.960
until you establish with high confidence[br]that hand counting all of them would

0:34:01.960,0:34:07.539
determine the same winner. There are many[br]ways to do this but they all turn out to

0:34:07.539,0:34:12.969
be, or many of them turn out to be[br]incredibly efficient. In a typical state

0:34:12.969,0:34:19.809
with a fairly wide margin of victory just[br]spot checking a handful of ballots might

0:34:19.809,0:34:23.570
be enough to establish with high[br]confidence that the winner really did win

0:34:23.570,0:34:29.359
by a landslide. Of course if the election[br]result is a tie, logically you do have to

0:34:29.359,0:34:34.649
look at all the ballots to establish that[br]it is indeed a tie. So the amount of work

0:34:34.649,0:34:39.320
you have to do depends on how close the[br]election was. But in all cases you can

0:34:39.320,0:34:44.340
find an efficient approach to determining,[br]without trusting the computer systems,

0:34:44.340,0:34:50.569
that the paper really does reflect the[br]true winner. Unfortunately, well, most

0:34:50.569,0:34:55.179
states don't do risk limiting audits. In[br]fact most states don't look at enough

0:34:55.179,0:35:02.620
paper at all to determine that the winner[br]of a close election was genuine. So

0:35:02.620,0:35:08.510
hacking a national election would probably[br]be easier than most of us thought. You can

0:35:08.510,0:35:13.041
use pre-election polls and scanning to[br]determine which states to target, hack

0:35:13.041,0:35:17.531
into the election management systems in[br]the most weakly protected ones, then

0:35:17.531,0:35:22.180
infect voting machines with malware to[br]change, say, a few percent of the vote.

0:35:22.180,0:35:26.859
The paper records might catch the fraud,[br]but you can rely on the fact that most

0:35:26.859,0:35:31.060
states will throw it away without looking[br]at enough of it to determine who actually

0:35:31.060,0:35:41.470
won. And that's the sorry situation that[br]unfortunately in 2018 we are still in. So

0:35:41.470,0:35:47.859
since 2016, however, there has been a[br]change in mindset. Increasingly election

0:35:47.859,0:35:52.640
officials have been listening to the[br]scientific community when we say you need

0:35:52.640,0:35:57.549
a paper trail, and they're starting to[br]think that that is correct. Almost all

0:35:57.549,0:36:03.329
states that don't have paper trails today[br]at least have people strongly advocating

0:36:03.329,0:36:09.599
for replacing the equipment that's there.[br]And most other states, well, they at least

0:36:09.599,0:36:13.920
have people starting to look into the[br]security and testing the security of other

0:36:13.920,0:36:18.359
election related computer systems, like[br]their voter registration systems, to make

0:36:18.359,0:36:24.280
sure that they're shored up. Now you don't[br]have to take it from me that paper ballots

0:36:24.280,0:36:29.650
and post election audits are the way to go[br]to secure our election systems. Just this

0:36:29.650,0:36:36.030
fall the National Academies of Science[br]Engineering and Medicine -- the authority

0:36:36.030,0:36:40.410
on scientific advice to government --[br]released a report with their highest level

0:36:40.410,0:36:45.740
of advice -- a consensus report -- urging[br]the adoption of paper and risk limiting

0:36:45.740,0:36:51.270
audits, pointing out that this is a[br]pragmatic, robust, and necessary defense

0:36:51.270,0:36:57.420
for elections. This report was written in[br]conjunction with election officials.

0:36:57.420,0:37:01.869
People with experience administering[br]elections and it just goes to show you

0:37:01.869,0:37:06.606
that at least the election officials who[br]have taken the time to understand the

0:37:06.606,0:37:13.766
threat are waking up and starting to pay[br]attention to the path to a solution. The

0:37:13.766,0:37:19.460
problem is that that solution will take[br]time to implement. And if we look at which

0:37:19.460,0:37:24.890
states still don't have a paper trail, it[br]turns out that there are 14 where some or

0:37:24.890,0:37:31.660
all votes still aren't recorded on paper,[br]and it's going to take between 130 and 420

0:37:31.660,0:37:35.559
million dollars according to credible[br]estimates to replace all the machines

0:37:35.559,0:37:41.410
still in those states. Some of them like[br]Pennsylvania are working to do that now,

0:37:41.410,0:37:46.630
but in other states there still are no[br]plans in effect to get rid of the

0:37:46.630,0:37:52.600
vulnerable machines. If we look at the[br]national map for post-election audits

0:37:52.600,0:37:57.870
though the picture is a lot worse. And[br]this is what concerns me most. Although

0:37:57.870,0:38:04.030
many states in 2018 did small pilots of[br]risk limiting audits, the majority of

0:38:04.030,0:38:11.860
states still do not conduct audits that[br]can rigorously guarantee the electronic

0:38:11.860,0:38:18.799
results of an election. And many still[br]have no plans to do so in time for 2020.

0:38:18.799,0:38:22.369
Because risk limiting audits are so[br]efficient, the cost for auditing

0:38:22.369,0:38:28.130
nationwide is ridiculously small. It would[br]cost according to my estimates less than

0:38:28.130,0:38:33.410
25 million dollars a year to audit every[br]federal race nationally, potentially a lot

0:38:33.410,0:38:38.099
less than that. But it requires[br]organizational on the ground. And

0:38:38.099,0:38:44.660
unfortunately in our system operations on[br]the ground are conducted by about 13.000

0:38:44.660,0:38:51.359
local jurisdictions on Election Day. We[br]need national leadership. We need much

0:38:51.359,0:38:57.380
more dispersed expertise in order to get[br]these protections in place, because if you

0:38:57.380,0:39:03.450
don't actually look at the paper you might[br]as well not have it in the first place. So

0:39:03.450,0:39:09.460
this year did see some movement in[br]Congress. In the spring, as part of the

0:39:09.460,0:39:14.650
omnibus appropriations process, Congress[br]gave the states 380 million dollars in

0:39:14.650,0:39:20.160
emergency election funding in order to[br]start working to secure their registration

0:39:20.160,0:39:24.720
systems and polling places. This was great[br]in that it was money available

0:39:24.720,0:39:29.089
immediately, and if you've been paying[br]attention, getting Congress to do much of

0:39:29.089,0:39:34.810
anything these days is pretty hard. On the[br]other hand the money came with very

0:39:34.810,0:39:41.069
limited oversight, with no standards about[br]how that money should be used, and isn't

0:39:41.069,0:39:46.079
even enough to eliminate all of the[br]paperless machines because of the way it's

0:39:46.079,0:39:52.490
spread out amongst the states. But it's an[br]important first step. We can look at a few

0:39:52.490,0:39:58.040
of the states to see how they're doing,[br]and I pick these as a representative

0:39:58.040,0:40:06.050
sample of the diversity of progress. In[br]Maryland, for instance, which until 2016

0:40:06.050,0:40:09.620
used AccuVote touch-screen machines,[br]vulnerable to all of those problems I

0:40:09.620,0:40:15.859
talked about, finally replaced the[br]machines with paper ballots. That's a huge

0:40:15.859,0:40:22.630
step forward. Unfortunately Maryland,[br]instead of auditing them by having people

0:40:22.630,0:40:27.000
look at the ballots, decided it would be[br]more efficient to audit them by having

0:40:27.000,0:40:33.220
people look at digital scans of the[br]ballots from the voting machines. As I

0:40:33.220,0:40:38.430
think everyone in this room probably[br]realizes, but maybe some in a broader

0:40:38.430,0:40:45.530
audience would not, it's pretty easy to[br]manipulate digital photographs. In fact I

0:40:45.530,0:40:50.690
have work from students in an[br]undergraduate security class I taught this

0:40:50.690,0:40:56.049
term who implemented a machine learning[br]algorithm that can take scans of ballots

0:40:56.049,0:41:00.970
and just automatically change the marked[br]results to produce whatever outcome you

0:41:00.970,0:41:06.720
want, and we'll have more on that in[br]a publication this spring. But

0:41:06.720,0:41:12.270
unfortunately these audits are security[br]theater. They might catch human error, but

0:41:12.270,0:41:16.859
they're not going to catch a sophisticated[br]attacker who has the ability to manipulate

0:41:16.859,0:41:21.900
how the machines are reading the ballots,[br]can be easily fooled by malware. So I give

0:41:21.900,0:41:28.700
Maryland on the whole maybe a "C".[br]Pennsylvania, another state that just two

0:41:28.700,0:41:32.161
years ago during the recounts was[br]practically a laughing stock of the

0:41:32.161,0:41:37.820
country for its lack of paper records of[br]votes and it's byzantine rules about

0:41:37.820,0:41:42.990
recounting them, well, today is making[br]really good progress. The state recently

0:41:42.990,0:41:47.270
committed to replacing all of its[br]paperless machines with paper ballots in

0:41:47.270,0:41:53.819
time for the 2020 election, and it's[br]committed to implementing a robust post

0:41:53.819,0:42:00.930
election audits by 2022. Unfortunately,[br]2022 is going to be too late to secure the

0:42:00.930,0:42:06.599
2020 presidential election, and this just[br]emphasizes the need to get moving more

0:42:06.599,0:42:12.270
quickly. There were also questions about[br]whether the auditing regime they implement

0:42:12.270,0:42:17.240
will be truly statistically rigorous.[br]There are a lot of details to get right,

0:42:17.240,0:42:22.340
but on the whole, Pennsylvania has made so[br]much progress. I think out of sympathy I

0:42:22.340,0:42:28.261
can give them a "B". All right, now let's[br]look at a top performer. This is the state

0:42:28.261,0:42:34.890
of Colorado. Colorado has become a leader[br]in election security, because not only

0:42:34.890,0:42:40.819
does it have paper ballots statewide,[br]largely vote by mail which has its own

0:42:40.819,0:42:45.260
problems, but that's a subject for later.[br]But Colorado also was the first state in

0:42:45.260,0:42:49.090
the country to implement these[br]statistically robust risk limiting audits

0:42:49.090,0:42:53.809
statewide and has been doing it since[br]2017. They've got both of these critical

0:42:53.809,0:42:58.800
protections in place, and yes, they[br]actually do choose the random seed for

0:42:58.800,0:43:02.839
sampling the ballots during the risk[br]limiting audit by rolling a set of

0:43:02.839,0:43:08.140
10-sided dice. So that's a great way to do[br]it in a public ceremony. So Colorado gets

0:43:08.140,0:43:15.731
an "A". They're very well protected by[br]these standards. Then there's Georgia. So

0:43:15.731,0:43:23.260
Georgia in 2018 voted statewide with the[br]AccuVote TSX voting machine, the one that

0:43:23.260,0:43:29.720
FedEx has that I've hacked. They haven't[br]updated this software in their AccuVote

0:43:29.720,0:43:37.130
TSX machines since 2005, and they claim[br]that the machines and their election

0:43:37.130,0:43:43.510
programming systems are air gapped. But[br]during a court hearing about this earlier

0:43:43.510,0:43:47.990
this fall their head of elections[br]described that their system was air

0:43:47.990,0:43:52.119
gapped. Yes it's perfectly secure. It's[br]air gapped. The only way you can get into

0:43:52.119,0:43:58.080
it is through the bank of modems attached[br]to it. It's air gapped except the bank of

0:43:58.080,0:44:03.569
modems. Also it turns out he programs it[br]by moving a USB stick back and forth from

0:44:03.569,0:44:11.700
his personal laptop. <i>Sigh</i> Georgia also[br]of course doesn't have robust audits,

0:44:11.700,0:44:15.770
because, well, meaningful post election[br]audits would require a paper trail, and

0:44:15.770,0:44:21.079
none of those machines have paper. This[br]alone would be enough to give Georgia an

0:44:21.079,0:44:26.859
"F". Except there's one more thing: their[br]voter registration system also was shown

0:44:26.859,0:44:33.839
in 2018 to have some problems. So you're[br]not going to believe this story. One more

0:44:33.839,0:44:41.260
story. So in Georgia they do online voter[br]registrations through a Web site. And in

0:44:41.260,0:44:49.380
2018 just a few days before the election[br]the Georgia Democratic party learned from

0:44:49.380,0:44:54.590
one of it's-- from someone working for[br]them, from a volunteer, about a series of

0:44:54.590,0:44:59.500
vulnerabilities in this voter registration[br]system. While it turned out that you could

0:44:59.500,0:45:03.990
read and manipulate anyone's voter[br]registration records just by changing a

0:45:03.990,0:45:10.750
sequential ID number in a particular URL.[br]There was another URL for viewing a sample

0:45:10.750,0:45:14.170
ballot, that if you just change the path[br]of the file it pointed to you could read

0:45:14.170,0:45:20.721
any file and the server's filesystem. Well[br]these are pretty bad problems, right? Even

0:45:20.721,0:45:24.589
though Georgia apparently had gone through[br]the process of having a security

0:45:24.589,0:45:29.610
assessment of its registration system[br]performed and didn't catch these, well...

0:45:29.610,0:45:33.760
So the Democrats less than five days[br]before the election learned of these

0:45:33.760,0:45:37.910
problems and disclosed them to the[br]Secretary of State's office which is

0:45:37.910,0:45:43.400
responsible for running the election[br]system. There is Secretary of State Brian

0:45:43.400,0:45:49.569
Kemp, who, also, it turned out, was[br]candidate for governor in a very close

0:45:49.569,0:45:54.799
race. So not only was he running the[br]election system, but he was the candidate

0:45:54.799,0:46:00.339
in the most important race in the state[br]where the polls were projecting that the

0:46:00.339,0:46:06.340
election was going to be a dead heat. So[br]an hour after receiving the security

0:46:06.340,0:46:12.190
disclosure, Secretary Kemp's office put[br]out a press release with this headline:

0:46:12.190,0:46:16.440
That after a failed hacking attempt[br]they're launching an investigation into the

0:46:16.440,0:46:24.790
Georgia Democratic Party and they've[br]called the FBI on the Democrats. So...

0:46:24.790,0:46:32.140
Brian Kemp won the election and is now the[br]governor elect of Georgia. So this guy who

0:46:32.140,0:46:36.660
did so well handling the security of the[br]voting system while he was secretary of

0:46:36.660,0:46:42.710
state is now the head political officer of[br]the state of Georgia. I think Georgia's

0:46:42.710,0:46:47.770
"F" just might stick with them through[br]2020. So...

0:46:47.770,0:46:55.510
<i>applause</i>[br]H: Thank you. So there is hope though. I

0:46:55.510,0:47:01.250
want to end on a message of hope, because[br]despite this, with all of these different

0:47:01.250,0:47:07.010
levels of rigor and of readiness across[br]the different states I believe we need

0:47:07.010,0:47:12.020
more national leadership, national[br]standards, and national resources thrown

0:47:12.020,0:47:18.670
into securing elections. And a bill to do[br]just these things made a lot of progress

0:47:18.670,0:47:24.029
in the Senate during the past term. This[br]is a bill called the Secure Elections Act

0:47:24.029,0:47:29.890
that was introduced by Senators Lankford,[br]Republican of Oklahoma, and Klobuchar,

0:47:29.890,0:47:35.290
Democrat of Minnesota. And it ended up[br]gathering a large number of bipartisan

0:47:35.290,0:47:41.400
sponsors, split evenly between Republicans[br]and Democrats. It would have required

0:47:41.400,0:47:46.410
states to adopt paper, to adopt strong[br]audits, and to adopt stronger information

0:47:46.410,0:47:50.710
sharing practices to let each other and[br]the federal government know if they saw

0:47:50.710,0:47:57.869
signs of people trying to break in. This[br]bill made it a long way, but unfortunately

0:47:57.869,0:48:03.400
got stuck in the committee after some[br]opposition from the White House just days

0:48:03.400,0:48:07.520
before it was going to be marked up and[br]hopefully then made it make its way to the

0:48:07.520,0:48:12.760
floor. But this shows that bipartisan[br]cooperation is possible even in this

0:48:12.760,0:48:17.069
Congress, and that there are a lot of[br]serious people who now realize that

0:48:17.069,0:48:22.160
election cybersecurity is a matter of[br]national security and defense. I think in

0:48:22.160,0:48:26.460
the next Congress there's a good[br]possibility that we will see effective

0:48:26.460,0:48:31.970
legislation to provide national standards[br]and leadership for elections. But it's a

0:48:31.970,0:48:39.299
question of threading a political needle[br]and getting Congress to act. So to defend

0:48:39.299,0:48:44.599
our elections we don't need rocket[br]science. We need simple steps like

0:48:44.599,0:48:51.420
applying security best practices and[br]expertise to secure registration servers,

0:48:51.420,0:48:56.430
adopting a paper record of every vote, and[br]applying simple post-election audit

0:48:56.430,0:49:01.860
techniques to make sure the paper record[br]is right. If we do these things well we'll

0:49:01.860,0:49:07.569
have a much more robust and evidence-based[br]election system that can detect and

0:49:07.569,0:49:13.010
recover from attack attempts.[br]Unfortunately today our dialogue about

0:49:13.010,0:49:18.170
elections isn't based on evidence. It's[br]largely based on faith: on faith in the

0:49:18.170,0:49:23.641
democratic process, on faith in the people[br]and the technology that's responsible. But

0:49:23.641,0:49:29.410
I think voters deserve better. Voters[br]deserve, if they're reasonably skeptical,

0:49:29.410,0:49:33.550
to have it proven to them that the[br]election result was right, and that is

0:49:33.550,0:49:38.480
possible with simple and practical[br]technology that we have today. All it's

0:49:38.480,0:49:43.170
going to take is national leadership to[br]make sure that all states, even states like

0:49:43.170,0:49:49.880
Georgia, adopt the necessary protections[br]soon. So what can you do? Well as a hacker

0:49:49.880,0:49:55.250
or a computer scientist you can work with[br]your election officials to help explain

0:49:55.250,0:50:00.420
the technology, the threats, and the[br]defenses. You can work to explain the

0:50:00.420,0:50:05.640
threats to the public, because we all need[br]to understand, just as a matter of modern

0:50:05.640,0:50:10.540
civics, how elections can be attacked and[br]defended. You can work to build better

0:50:10.540,0:50:15.720
ways to use technology to make voting on[br]paper easier and more efficient. While

0:50:15.720,0:50:20.450
technology can help voting in a lot of[br]ways, just... we shouldn't trust it is the

0:50:20.450,0:50:26.369
only way in which votes are counted and[br]results are determined. And as a citizen,

0:50:26.369,0:50:30.559
well, you can demand that election[br]authorities implement paper and risk

0:50:30.559,0:50:34.690
limiting audits. Get involved through[br]activist groups to help campaign for

0:50:34.690,0:50:41.040
protections like this, and especially[br]please urge the U.S. Congress to pass

0:50:41.040,0:50:45.730
legislation like the Secure Elections Act[br]and similar bills to make sure that

0:50:45.730,0:50:51.720
election systems across our country[br]achieve these security properties. You can

0:50:51.720,0:50:56.770
learn more from an online course I have[br]for free on Coursera called Securing

0:50:56.770,0:51:02.230
Digital Democracy that provides several[br]weeks' worth of material about the history

0:51:02.230,0:51:07.589
and the technology of election defenses.[br]But we've got to get going. It's only been

0:51:07.589,0:51:12.089
two years, believe it or not, since Donald[br]Trump became president, and it's only

0:51:12.089,0:51:16.289
about 22 months until the next[br]presidential election. It's time to get

0:51:16.289,0:51:18.480
moving. Thank you.

0:51:18.480,0:51:30.660
<i>applause</i>

0:51:30.660,0:51:39.020
Herald Angel: thank you very much. What I[br]got from this talk is it takes 27,400

0:51:39.020,0:51:46.510
people, so we have to scale up Congress.[br]We're going to do a Q&amp;A. And I think we'll

0:51:46.510,0:51:52.561
just start with Mic number two[br]because I can see that one.

0:51:52.561,0:52:00.410
Question: Thanks for the great talk. What[br]if someone targets the-- <i>Mic problems</i>

0:52:00.410,0:52:06.899
<i>Mumbling</i>[br]Herald: Um, we need mic #2 live.

0:52:08.359,0:52:10.869
Question: Does this work? Hello?[br]<i>silence</i>

0:52:15.519,0:52:18.499
Angel: Try again[br]Question: Hello? Ok great. Thanks for the

0:52:18.499,0:52:23.520
great talk. What if someone targets the[br]randomness in your risk-limiting audit?

0:52:23.520,0:52:27.431
Q: Doesn't that pose a vulnerability?[br]Speaker: Oh yes. Definitely you need to have

0:52:27.431,0:52:31.740
a secure randomness in whatever auditing[br]method you're doing if it's going to be by

0:52:31.740,0:52:37.760
a statistical sampling. That's one reason[br]why the auditing techniques that Colorado

0:52:37.760,0:52:43.289
practices, they actually have a public[br]ceremony in which officials throw dice in

0:52:43.289,0:52:48.520
front of TV cameras in order to pick the[br]random seed. But a lot of thought has to

0:52:48.520,0:52:53.260
go into designing that process well, so[br]that it's not only truly random but also

0:52:53.260,0:52:57.230
something that people can know and believe[br]is truly random. Thank you

0:52:57.230,0:53:06.029
Angel: OK Mic number six[br]Question: Thank you so much for the talk.

0:53:06.029,0:53:10.799
You spoke about how in Georgia the[br]disclosure of vulnerabilities was

0:53:10.799,0:53:18.150
punished, almost. Is there any talk or[br]movement towards having something like bug

0:53:18.150,0:53:23.970
bounties for Election Systems?[br]Speaker: Yes in fact there is another bill

0:53:23.970,0:53:29.390
that was introduced in Congress that would[br]do just that, and establish a kind of bug

0:53:29.390,0:53:36.441
bounty program. I'm not sure that that[br]idea yet has a lot of legs, but I think it

0:53:36.441,0:53:41.819
would help. I think right now though we[br]don't really need all that much more

0:53:41.819,0:53:47.369
incentive for people to want to try to[br]help secure democracy. A lot of people,

0:53:47.369,0:53:51.829
including I'm sure a lot of people in this[br]room, would gladly volunteer to do so. We

0:53:51.829,0:53:55.940
need a way of organizing that effort and[br]making sure that people can discover and

0:53:55.940,0:54:00.980
report problems without fear of having it[br]turn into some political weapon to be used

0:54:00.980,0:54:05.150
against them.[br]Angel: Mic number one

0:54:05.150,0:54:10.930
Question: Hey thanks for the talk. Like[br]the case in Georgia doesn't sound that

0:54:10.930,0:54:14.529
terrible because like in Lithuania a couple[br]of years ago we've had this issue where you

0:54:14.529,0:54:20.510
just didn't need to change the URL you[br]just did have to refresh the page and here

0:54:20.510,0:54:29.230
you go. You have the information about a[br]different citizen. My question is, like,

0:54:29.230,0:54:35.799
what if the paper trail leads to the[br]knowledge that the election was rigged in

0:54:35.799,0:54:41.200
some particular area like two years after[br]the election or like one year after the

0:54:41.200,0:54:43.609
election? What happens then? Does it[br]change anything?

0:54:43.609,0:54:49.480
Speaker: A year or so after an election[br]would be a great catastrophe if we only learned

0:54:49.480,0:54:53.579
then that the political leaders were not[br]legitimately elected. We don't really have

0:54:53.579,0:55:01.630
any precedent for that. That's why the[br]recommendation and what some states like

0:55:01.630,0:55:05.200
Colorado are starting to do is, they're[br]implementing stronger audits, is to make

0:55:05.200,0:55:09.640
sure the audits are completed as soon as[br]possible, ideally before the election

0:55:09.640,0:55:16.769
results is certified. I recently came out[br]with a paper with Phillip Stark and Ron

0:55:16.769,0:55:21.640
Rivest that gives an audit system that you[br]can start doing even the moment polls

0:55:21.640,0:55:27.849
close on election night and perhaps have,[br]in a not so close election, a full complete

0:55:27.849,0:55:33.800
audit by the time results are announced on[br]election night. So it's possible to do it

0:55:33.800,0:55:39.900
quickly with sufficient organization.[br]Angel: OK. Microphone number 8

0:55:40.770,0:55:50.380
Question: Hi I'm curious about the[br]attribution of attacks. Is there possibly

0:55:50.380,0:55:56.730
any instance at which you would be not[br]sure that it was Russia that performed the

0:55:56.730,0:56:03.320
attacks, or maybe it was China. So how do[br]you know that it was exactly Russia, or

0:56:03.320,0:56:10.799
China or India?[br]Speaker: So all we have to go by really is the

0:56:10.799,0:56:16.160
assertions of our intelligence agencies in[br]the U.S. and in some cases like for the

0:56:16.160,0:56:21.000
Democratic National Committee breaches the[br]assertions of private security firms that

0:56:21.000,0:56:26.560
were involved in the investigations. I[br]agree with you, attribution in general is a

0:56:26.560,0:56:32.390
darn hard problem. But if you're willing[br]to accept the credibility of the

0:56:32.390,0:56:37.119
intelligence reports and read between the[br]lines just a little bit it looks like the

0:56:37.119,0:56:43.279
reason, the basis for their attribution, is[br]largely not technical but based on

0:56:43.279,0:56:47.339
intercepted communication of people who[br]were involved in organizing the attacks in

0:56:47.339,0:56:52.590
Russia. And I think more information about[br]that is likely to come out as the Mueller

0:56:52.590,0:56:58.500
investigations proceed. So I mean there's[br]some necessary grain of salt. You can see

0:56:58.500,0:57:04.869
what incentive people might have to try to[br]trump up, so to speak, the involvement

0:57:04.869,0:57:08.900
of Russia. But you can also see in the[br]current political climate why at least the

0:57:08.900,0:57:14.200
executive branch would have a reason to[br]try to tone down allegations of Russia's

0:57:14.200,0:57:20.160
involvement. So you'll have to interpret[br]the weight of the evidence as you will.

0:57:20.160,0:57:24.640
Angel: OK, the last question[br]from the Internet.

0:57:24.640,0:57:28.650
Angel: We're running out of time. Sorry.[br]Question: Has any organization or group

0:57:28.650,0:57:32.079
unveiled a voting machine designed to[br]address all of the security issues that

0:57:32.079,0:57:35.059
you have brought up here? Is there a[br]solution to the problem?

0:57:35.059,0:57:38.730
Speaker: I'm sorry could you repeat the[br]beginning of that question?

0:57:38.730,0:57:43.119
Question: Has any group or organization[br]unveiled a voting machine that is designed

0:57:43.119,0:57:46.470
to address all of those security issues[br]that have grown up?

0:57:46.470,0:57:52.329
Speaker: OK so there are efforts to[br]develop voting machines that are based on open

0:57:52.329,0:58:00.490
source software, that are based on better[br]validated software. Benedita, a researcher

0:58:00.490,0:58:07.089
in this area who has done a lot of great[br]work is one person who's recently launched

0:58:07.089,0:58:13.740
an effort to do that, although there are[br]others. And I think that will help. But at

0:58:13.740,0:58:17.809
the end of the day I think however well-[br]designed the software and our voting

0:58:17.809,0:58:22.160
machines is, that can raise the bar for[br]attacks, but it's never going to be enough

0:58:22.160,0:58:27.160
to also be able to convince skeptical[br]voters that everything is OK, because,

0:58:27.160,0:58:31.109
well, among other things, how do you know[br]that that software is really what's

0:58:31.109,0:58:36.530
running in the machines that are counting[br]your votes? So there's a lot we can do to

0:58:36.530,0:58:41.750
make voting machines better. At the end of[br]the day they're also going to have to have

0:58:41.750,0:58:47.709
that paper trail and those statistical audit[br]so that everyone can believe the results.

0:58:47.709,0:58:52.259
Angel: Thank you very much. [br]That concludes the talk.

0:58:52.259,0:59:00.219
Speaker: Thank you.[br]<i>applause</i>

0:59:00.219,0:59:04.940
Angel: I think you'll be around for a few more[br]answers on the Congress, so everybody who

0:59:04.940,0:59:08.750
is here can ask questions in person.[br]Speaker: I will and hopefully tomorrow

0:59:08.750,0:59:11.799
there'll be a Diebold voting machine[br]somewhere around here for everyone

0:59:11.799,0:59:16.220
to hack themselves. Thank you again.[br]Angel: Let's hack that thing.

0:59:16.220,0:59:20.380
<i>postroll music</i>

0:59:20.380,0:59:39.000
subtitles created by c3subtitles.de[br]in the year 2018. Join, and help us!