[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:18.62,Default,,0000,0000,0000,,{\i1}35C3 preroll music{\i0}
Dialogue: 0,0:00:18.62,0:00:24.78,Default,,0000,0000,0000,,Herald Angel: Mr. Halderman, professor of\Ncomputer science at the University of
Dialogue: 0,0:00:24.78,0:00:32.60,Default,,0000,0000,0000,,Michigan. Famous for inventing things like\NLet's Encrypt, finding the--
Dialogue: 0,0:00:32.60,0:00:33.62,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:00:33.62,0:00:38.05,Default,,0000,0000,0000,,Herald Angel: There's more.\N{\i1}applause{\i0}
Dialogue: 0,0:00:38.05,0:00:49.77,Default,,0000,0000,0000,,Herald: But wait, there's more! Logjam\N-- I love buzzword bingo -- and zmap.
Dialogue: 0,0:00:49.77,0:00:55.52,Default,,0000,0000,0000,,And now he's going to talk about \NAmerican elections. Thank you.
Dialogue: 0,0:00:55.52,0:01:00.76,Default,,0000,0000,0000,,J. Alex Halderman: All right. Thank you so\Nmuch. It's fantastic to be back at
Dialogue: 0,0:01:00.76,0:01:07.26,Default,,0000,0000,0000,,Congress this year. Two years ago I was\Nhere with Matt Bernhard one of my Ph.D.
Dialogue: 0,0:01:07.26,0:01:13.00,Default,,0000,0000,0000,,students and we gave an update about what\Nhappened during the 2016 presidential
Dialogue: 0,0:01:13.00,0:01:22.46,Default,,0000,0000,0000,,election. Today a lot has changed and a\Nlot remains the same. And I'm here to let
Dialogue: 0,0:01:22.46,0:01:27.83,Default,,0000,0000,0000,,you know what we've learned about what\Nhappened in the 2016 election and what we
Dialogue: 0,0:01:27.83,0:01:32.33,Default,,0000,0000,0000,,still need to do to make sure elections in\Nthe U.S. and around the world are well
Dialogue: 0,0:01:32.33,0:01:40.99,Default,,0000,0000,0000,,protected. So, a quick flashback. On\NNovember 8th, 2016 Donald Trump became
Dialogue: 0,0:01:40.99,0:01:46.21,Default,,0000,0000,0000,,president of the United States by beating\Nsome other person. Now history quickly
Dialogue: 0,0:01:46.21,0:01:53.17,Default,,0000,0000,0000,,forgets the losers in presidential\Nelections. And it really doesn't matter
Dialogue: 0,0:01:53.17,0:02:00.17,Default,,0000,0000,0000,,who Donald Trump beat, because today, for\Nbetter or for worse, he is the president.
Dialogue: 0,0:02:00.17,0:02:06.92,Default,,0000,0000,0000,,But how close was the election? President\NTrump likes to talk about how he won by a
Dialogue: 0,0:02:06.92,0:02:14.25,Default,,0000,0000,0000,,landslide, but actually he was the fifth\Nperson in American history to win the
Dialogue: 0,0:02:14.25,0:02:20.70,Default,,0000,0000,0000,,presidency while losing the popular vote.\NIn fact his opponent received 3 million
Dialogue: 0,0:02:20.70,0:02:26.92,Default,,0000,0000,0000,,more votes in the election than President\NTrump did. How can that happen? Well we
Dialogue: 0,0:02:26.92,0:02:33.01,Default,,0000,0000,0000,,have this crazy system called the\NElectoral College. And in the Electoral
Dialogue: 0,0:02:33.01,0:02:38.35,Default,,0000,0000,0000,,College each state has a certain number of\Npoints, and Donald Trump ended up getting
Dialogue: 0,0:02:38.35,0:02:43.84,Default,,0000,0000,0000,,more of those points. But if we want to\Nask "How close was the election,
Dialogue: 0,0:02:43.84,0:02:49.66,Default,,0000,0000,0000,,really?"... well that depends on the way\Neach state allocates its electoral votes,
Dialogue: 0,0:02:49.66,0:02:58.32,Default,,0000,0000,0000,,and most are "winner-take-all". So we\Nmight ask how many votes would, say, an
Dialogue: 0,0:02:58.32,0:03:03.59,Default,,0000,0000,0000,,attacker have had to change in the\Nsmallest number of states in order to
Dialogue: 0,0:03:03.59,0:03:07.85,Default,,0000,0000,0000,,change the election result in order to,\Nsay, make it a tie instead of a win for
Dialogue: 0,0:03:07.85,0:03:14.31,Default,,0000,0000,0000,,President Trump. And it turns out that if\Nyou look at the three closest states, they
Dialogue: 0,0:03:14.31,0:03:19.58,Default,,0000,0000,0000,,could be flipped with a very very small\Nnumber of votes changing, and changing
Dialogue: 0,0:03:19.58,0:03:24.37,Default,,0000,0000,0000,,just any two of these three states would\Nhave been enough to reverse the outcome of
Dialogue: 0,0:03:24.37,0:03:29.75,Default,,0000,0000,0000,,the presidential election. If we look at\Nthe next few closest states they also have
Dialogue: 0,0:03:29.75,0:03:36.22,Default,,0000,0000,0000,,very small margins, and any three of these\Nsix states would have sufficed to change
Dialogue: 0,0:03:36.22,0:03:42.65,Default,,0000,0000,0000,,the election result. In total just\Nchanging twenty seven thousand, five
Dialogue: 0,0:03:42.65,0:03:49.52,Default,,0000,0000,0000,,hundred votes from Donald Trump to Donald\NTrump's opponent would have changed the
Dialogue: 0,0:03:49.52,0:03:55.59,Default,,0000,0000,0000,,outcome of the U.S. presidential election.\NThere were 137 million votes in total.
Dialogue: 0,0:03:55.59,0:04:03.20,Default,,0000,0000,0000,,That's a change of just 0.02 percent. That\Nis a very close electoral result by even
Dialogue: 0,0:04:03.20,0:04:10.45,Default,,0000,0000,0000,,contemporary American standards. And\Nthat's why the possibilities of computer
Dialogue: 0,0:04:10.45,0:04:17.02,Default,,0000,0000,0000,,hacking, voting machine manipulation,\Ninformation warfare that actually did take
Dialogue: 0,0:04:17.02,0:04:24.69,Default,,0000,0000,0000,,place, some of them in 2016, not only have\Nthe possibility to have effected the 2016
Dialogue: 0,0:04:24.69,0:04:29.19,Default,,0000,0000,0000,,election result but stand to have the\Npossibility to affect future election
Dialogue: 0,0:04:29.19,0:04:37.05,Default,,0000,0000,0000,,results as well. And that's why election\Nsecurity is so important right now. But if
Dialogue: 0,0:04:37.05,0:04:43.28,Default,,0000,0000,0000,,we go back to 2016, when I was speaking\Nhere two years ago, the main thing I was
Dialogue: 0,0:04:43.28,0:04:48.43,Default,,0000,0000,0000,,talking about were recounts in three\Nstates: Wisconsin, Michigan, and
Dialogue: 0,0:04:48.43,0:04:53.90,Default,,0000,0000,0000,,Pennsylvania, that I and other election\Nsecurity advocates had a big role in
Dialogue: 0,0:04:53.90,0:04:59.36,Default,,0000,0000,0000,,orchestrating. Well we realized after 2016\Nthat this was a close and unexpected
Dialogue: 0,0:04:59.36,0:05:05.24,Default,,0000,0000,0000,,election result, but no one was going to\Ngo back and check the physical evidence of
Dialogue: 0,0:05:05.24,0:05:11.75,Default,,0000,0000,0000,,the votes: the actual paper ballots in any\Nstates that really mattered to make sure
Dialogue: 0,0:05:11.75,0:05:16.92,Default,,0000,0000,0000,,that the computer election results we have\Nbeen told about were right. Well, when I
Dialogue: 0,0:05:16.92,0:05:22.29,Default,,0000,0000,0000,,and others pointed this out to the public\Nit resulted in an overwhelming show of
Dialogue: 0,0:05:22.29,0:05:27.98,Default,,0000,0000,0000,,support. And one of the third party\Npresidential candidate Jill Stein stepped
Dialogue: 0,0:05:27.98,0:05:34.04,Default,,0000,0000,0000,,in and had the legal standing to demand\Nrecounts in states where she stood for
Dialogue: 0,0:05:34.04,0:05:38.35,Default,,0000,0000,0000,,election, even though she had no chance of\Nwinning. And she raised through small
Dialogue: 0,0:05:38.35,0:05:43.29,Default,,0000,0000,0000,,donations from the public more than seven\Nmillion dollars to fund efforts to go back
Dialogue: 0,0:05:43.29,0:05:49.42,Default,,0000,0000,0000,,and count and check the votes to make sure\Nthings were right. Unfortunately, a
Dialogue: 0,0:05:49.42,0:05:54.84,Default,,0000,0000,0000,,recount after an American election is a\Npolitically fraught process, and in all
Dialogue: 0,0:05:54.84,0:06:02.10,Default,,0000,0000,0000,,three states we found opposition from the\Napparent winner of the election, we found
Dialogue: 0,0:06:02.10,0:06:07.23,Default,,0000,0000,0000,,challenges in the courts, and only one of\Nthose states, Wisconsin, ended up
Dialogue: 0,0:06:07.23,0:06:13.04,Default,,0000,0000,0000,,recounting all of its ballots and found no\Nevidence of fraud. In Michigan the
Dialogue: 0,0:06:13.04,0:06:20.58,Default,,0000,0000,0000,,recounts were halted after only a few days\Nwith less than half of the votes counted
Dialogue: 0,0:06:20.58,0:06:25.83,Default,,0000,0000,0000,,after a court challenge by the\NRepublicans. Again, no evidence of fraud
Dialogue: 0,0:06:25.83,0:06:31.86,Default,,0000,0000,0000,,in the votes that were recounted. And in\NPennsylvania, unfortunately, like many
Dialogue: 0,0:06:31.86,0:06:36.93,Default,,0000,0000,0000,,states most of the state had no paper\Ntrail at all. There was nothing to
Dialogue: 0,0:06:36.93,0:06:42.39,Default,,0000,0000,0000,,recount: just digital records and\Nmachines. The courts denied the Stein
Dialogue: 0,0:06:42.39,0:06:48.62,Default,,0000,0000,0000,,campaign the right to have independent\Nexperts examine the machines, and in very
Dialogue: 0,0:06:48.62,0:06:52.64,Default,,0000,0000,0000,,few of the places in the rest of the\Nstate, the small amount that did have
Dialogue: 0,0:06:52.64,0:07:00.27,Default,,0000,0000,0000,,paper actually did complete a recount. But\Nstill there was no evidence of fraud. So
Dialogue: 0,0:07:00.27,0:07:05.30,Default,,0000,0000,0000,,in all there is no evidence that hacking\Nof voting machines -- hacking of actual
Dialogue: 0,0:07:05.30,0:07:11.24,Default,,0000,0000,0000,,vote counts -- changed the outcome of the\N2016 election. But there is abundant
Dialogue: 0,0:07:11.24,0:07:17.85,Default,,0000,0000,0000,,evidence that cyberattacks of other forms\Nhad a major influence on the election,
Dialogue: 0,0:07:17.85,0:07:22.64,Default,,0000,0000,0000,,certainly could have a huge influence on\Nfuture elections. And that's what I'm
Dialogue: 0,0:07:22.64,0:07:28.94,Default,,0000,0000,0000,,going to talk about today. So first\Nlooking back at 2016 in the two years
Dialogue: 0,0:07:28.94,0:07:33.64,Default,,0000,0000,0000,,since I was last here we have learned a\Nlot more about what really took place
Dialogue: 0,0:07:33.64,0:07:42.90,Default,,0000,0000,0000,,during the 2016 election. Starting just\NJanuary of 2017 when the U.S. intelligence
Dialogue: 0,0:07:42.90,0:07:51.17,Default,,0000,0000,0000,,community -- the CIA, NSA, and other three\Nletter agencies -- who often in this
Dialogue: 0,0:07:51.17,0:07:57.01,Default,,0000,0000,0000,,community we don't trust, still came out\Nand released a joint assessment in which
Dialogue: 0,0:07:57.01,0:08:04.49,Default,,0000,0000,0000,,they rated with very high confidence the\Nconclusion that attackers linked to Russia
Dialogue: 0,0:08:04.49,0:08:10.38,Default,,0000,0000,0000,,were ordered by Russian President Vladimir\NPutin to interfere with the American
Dialogue: 0,0:08:10.38,0:08:16.00,Default,,0000,0000,0000,,election in order to weaken Clinton, boost\NDonald Trump, and discredit the electoral
Dialogue: 0,0:08:16.00,0:08:21.48,Default,,0000,0000,0000,,process as a whole. They called it a\Nsignificant escalation of longstanding
Dialogue: 0,0:08:21.48,0:08:28.86,Default,,0000,0000,0000,,Russian efforts to undermine the US-led\Nliberal democratic order. So where's the
Dialogue: 0,0:08:28.86,0:08:34.45,Default,,0000,0000,0000,,evidence that this actually happened? And\Nwhat actually happened? According to not
Dialogue: 0,0:08:34.45,0:08:39.33,Default,,0000,0000,0000,,only the intelligence reports but other\Ninformation from other sources we can use
Dialogue: 0,0:08:39.33,0:08:45.94,Default,,0000,0000,0000,,to see to see whether it's credible. Well\Nwhat happened in the U.S. actually looks a
Dialogue: 0,0:08:45.94,0:08:51.19,Default,,0000,0000,0000,,lot like something that happened in 2014\Nin Ukraine, where, according to other
Dialogue: 0,0:08:51.19,0:08:58.22,Default,,0000,0000,0000,,published reports, attackers linked to\NRussia engaged in a multipronged attack to
Dialogue: 0,0:08:58.22,0:09:04.09,Default,,0000,0000,0000,,try to undermine the presidential election\Nthere. They released targeted leaks of
Dialogue: 0,0:09:04.09,0:09:09.74,Default,,0000,0000,0000,,e-mails linked to the presidential\Ncampaign. They attacked the Election
Dialogue: 0,0:09:09.74,0:09:14.27,Default,,0000,0000,0000,,Commission's servers in order to cause\Nthem to initially post the wrong
Dialogue: 0,0:09:14.27,0:09:19.14,Default,,0000,0000,0000,,presidential winner. And this was\Napparently detected and narrowly averted
Dialogue: 0,0:09:19.14,0:09:24.32,Default,,0000,0000,0000,,only hours before the winner was to be\Nannounced. And they orchestrated DDoS
Dialogue: 0,0:09:24.32,0:09:30.79,Default,,0000,0000,0000,,attacks to try to delay the election\Nresults. In the U.S. in 2016 we saw a
Dialogue: 0,0:09:30.79,0:09:36.43,Default,,0000,0000,0000,,similar multipronged attack of targeted\Npolitical leaks trolling and message
Dialogue: 0,0:09:36.43,0:09:42.55,Default,,0000,0000,0000,,amplification on social media and attacks\Nagainst election infrastructure. So the
Dialogue: 0,0:09:42.55,0:09:48.28,Default,,0000,0000,0000,,targeted political leaks, you've probably\Nheard about some of this. You have e-mails
Dialogue: 0,0:09:48.28,0:09:54.19,Default,,0000,0000,0000,,stolen from the Democratic National\NCommittee through a hacking campaign that
Dialogue: 0,0:09:54.19,0:10:00.64,Default,,0000,0000,0000,,involved two different Russian-linked\Nmilitary groups hacking into the DNC
Dialogue: 0,0:10:00.64,0:10:06.78,Default,,0000,0000,0000,,servers, installing customized malware and\Nexfiltrating thousands of e-mails that
Dialogue: 0,0:10:06.78,0:10:13.15,Default,,0000,0000,0000,,were then published by WikiLeaks. Later,\NJohn Podesta -- Clinton's campaign
Dialogue: 0,0:10:13.15,0:10:20.30,Default,,0000,0000,0000,,chairman -- also had his personal email\Ncompromised, and Podesta's emails were
Dialogue: 0,0:10:20.30,0:10:25.10,Default,,0000,0000,0000,,similarly published by WikiLeaks. Whatever\Nyou think about WikiLeaks -- and
Dialogue: 0,0:10:25.10,0:10:30.23,Default,,0000,0000,0000,,government transparency, and I myself am a\Nhuge fan of transparency -- there's
Dialogue: 0,0:10:30.23,0:10:36.22,Default,,0000,0000,0000,,clearly something subversive and\Nmanipulative about just one side being
Dialogue: 0,0:10:36.22,0:10:41.72,Default,,0000,0000,0000,,targeted, and being targeted by other\Nforeign nations, and having its dirty
Dialogue: 0,0:10:41.72,0:10:46.63,Default,,0000,0000,0000,,laundry aired for the world to see. This\Nis subverting the entire notion of
Dialogue: 0,0:10:46.63,0:10:52.73,Default,,0000,0000,0000,,transparency, turning our need for true\Ninformation about politicians against us
Dialogue: 0,0:10:52.73,0:10:59.28,Default,,0000,0000,0000,,and manipulating the entire process. John\NPodesta, since his e-mails were all leaked
Dialogue: 0,0:10:59.28,0:11:03.54,Default,,0000,0000,0000,,to the public, well, we can go and see the\Nphishing attack e-mail that got his
Dialogue: 0,0:11:03.54,0:11:09.40,Default,,0000,0000,0000,,password, and here it is. So this mail\Nsent to John Podesta claims to be from
Dialogue: 0,0:11:09.40,0:11:13.68,Default,,0000,0000,0000,,Gmail saying that someone has tried to\Nsign in with his password and he urgently
Dialogue: 0,0:11:13.68,0:11:20.94,Default,,0000,0000,0000,,needs to change it by clicking here. Well\Nhe did click there and Russia got his
Dialogue: 0,0:11:20.94,0:11:27.51,Default,,0000,0000,0000,,password. We also see his staff talking\Nabout this e-mail and one of his staffers
Dialogue: 0,0:11:27.51,0:11:32.55,Default,,0000,0000,0000,,recognized that this was a phishing\Nattempt and emailed urgently telling John
Dialogue: 0,0:11:32.55,0:11:38.81,Default,,0000,0000,0000,,Podesta to change his password immediately\Nbut he typo'd. In dashing out this e-mail
Dialogue: 0,0:11:38.81,0:11:44.02,Default,,0000,0000,0000,,he wrote that this is a "legitimate\Ne-mail". He has subsequently claimed every
Dialogue: 0,0:11:44.02,0:11:47.76,Default,,0000,0000,0000,,time he's talked about it that he meant to\Nwrite "illegitimate" not "legitimate".
Dialogue: 0,0:11:47.76,0:11:55.41,Default,,0000,0000,0000,,Well, the rest is history. A couple of\Nextra letters might have changed a lot. So
Dialogue: 0,0:11:55.41,0:12:00.20,Default,,0000,0000,0000,,beyond the e-mail leaks we've seen an\Norchestrated campaign on social media
Dialogue: 0,0:12:00.20,0:12:06.60,Default,,0000,0000,0000,,through trolls and false identities to try\Nto manipulate people's opinions, to try to
Dialogue: 0,0:12:06.60,0:12:12.19,Default,,0000,0000,0000,,create political divisions between people,\Nto try to amplify certain discordant
Dialogue: 0,0:12:12.19,0:12:17.82,Default,,0000,0000,0000,,messages. That could be a whole talk in\Nitself, and I'm not going to go deep into
Dialogue: 0,0:12:17.82,0:12:23.33,Default,,0000,0000,0000,,the trolling and message amplification,\Nbut it's a subject that is an ongoing form
Dialogue: 0,0:12:23.33,0:12:29.26,Default,,0000,0000,0000,,of attack that again turns our tools of\Ncommunication against us. People need to
Dialogue: 0,0:12:29.26,0:12:34.15,Default,,0000,0000,0000,,know whether the information they're\Nreading is really what other people they
Dialogue: 0,0:12:34.15,0:12:40.08,Default,,0000,0000,0000,,know and are like them think, or whether\Nit's being generated by bots, by attacks.
Dialogue: 0,0:12:40.08,0:12:44.87,Default,,0000,0000,0000,,Alright this kind of artificial\Namplification and manipulation of
Dialogue: 0,0:12:44.87,0:12:51.26,Default,,0000,0000,0000,,messaging turns us against each other.\NFinally, and the category of attacks that
Dialogue: 0,0:12:51.26,0:12:55.64,Default,,0000,0000,0000,,I want to talk about most today because I\Nthink they're the most relevant for our
Dialogue: 0,0:12:55.64,0:13:01.51,Default,,0000,0000,0000,,community, are attacks against election\Ninfrastructure itself: the increasingly
Dialogue: 0,0:13:01.51,0:13:06.94,Default,,0000,0000,0000,,computerized systems that we use to run\Nelections, not just in the US but in
Dialogue: 0,0:13:06.94,0:13:12.46,Default,,0000,0000,0000,,countries around the world. There were\Nattacks against voter registration systems
Dialogue: 0,0:13:12.46,0:13:18.35,Default,,0000,0000,0000,,in states across the country, organized by\Nthe same Russian groups. There were
Dialogue: 0,0:13:18.35,0:13:24.81,Default,,0000,0000,0000,,attacks against companies that make\Ntechnology used in polling places. In all,
Dialogue: 0,0:13:24.81,0:13:29.82,Default,,0000,0000,0000,,the intelligence assessment is that up to\N21 states had their voter registration
Dialogue: 0,0:13:29.82,0:13:34.57,Default,,0000,0000,0000,,systems probed. Now of course how can you\Ngo back in time and know for sure that
Dialogue: 0,0:13:34.57,0:13:38.89,Default,,0000,0000,0000,,others were not probed, were not\Ncompromised. That's very difficult, even
Dialogue: 0,0:13:38.89,0:13:44.81,Default,,0000,0000,0000,,if you are, say, the NSA and are watching\Neveryone's network traffic. However we
Dialogue: 0,0:13:44.81,0:13:49.45,Default,,0000,0000,0000,,know that in multiple states the attackers\Ngot in through SQL injection, through
Dialogue: 0,0:13:49.45,0:13:53.11,Default,,0000,0000,0000,,other attacks, and were able to steal\Nhundreds of thousands of voters'
Dialogue: 0,0:13:53.11,0:14:06.67,Default,,0000,0000,0000,,registration records. More information\Ncame out later in 2017 through leaked
Dialogue: 0,0:14:06.67,0:14:15.02,Default,,0000,0000,0000,,information from NSA. So this woman,\NReality Winner, an NSA contractor, leaked
Dialogue: 0,0:14:15.02,0:14:20.41,Default,,0000,0000,0000,,to the Intercept a series of intelligence\Nassessments that showed the Russian
Dialogue: 0,0:14:20.41,0:14:26.13,Default,,0000,0000,0000,,attacks went even farther, that they\Nexecuted attempts to break into the
Dialogue: 0,0:14:26.13,0:14:30.93,Default,,0000,0000,0000,,computer systems of at least one election\Ncomputer software vendor, and then after
Dialogue: 0,0:14:30.93,0:14:35.66,Default,,0000,0000,0000,,breaking into their systems started trying\Nto fish their way into the computers of
Dialogue: 0,0:14:35.66,0:14:39.86,Default,,0000,0000,0000,,local election administrators, the people\Nwho actually run the technology on
Dialogue: 0,0:14:39.86,0:14:45.40,Default,,0000,0000,0000,,Election Day. For sharing this information\Nwith us Reality Winner is currently
Dialogue: 0,0:14:45.40,0:14:52.63,Default,,0000,0000,0000,,serving a five year prison sentence for\Nviolating the Espionage Act. But the
Dialogue: 0,0:14:52.63,0:15:01.15,Default,,0000,0000,0000,,information that she leaked has since been\Ncorroborated. In July of this year
Dialogue: 0,0:15:01.15,0:15:06.16,Default,,0000,0000,0000,,prosecutors in the Special Counsel's\Noffice -- this is the Robert Mueller
Dialogue: 0,0:15:06.16,0:15:12.15,Default,,0000,0000,0000,,investigation of Russian interference and\Ncollusion -- indicted a set of GRU
Dialogue: 0,0:15:12.15,0:15:18.33,Default,,0000,0000,0000,,officers, Russian military officers, in\Nconjunction with the voter registration
Dialogue: 0,0:15:18.33,0:15:23.05,Default,,0000,0000,0000,,system attacks, the theft of email from\Nthe Democrats, and the attempts to indict
Dialogue: 0,0:15:23.05,0:15:28.22,Default,,0000,0000,0000,,local election officials. If you're\Ninterested in this stuff I highly
Dialogue: 0,0:15:28.22,0:15:32.94,Default,,0000,0000,0000,,recommend you read this indictment. It's\Nabout 20 pages of very detailed
Dialogue: 0,0:15:32.94,0:15:40.64,Default,,0000,0000,0000,,information asserting to apparently\Ndetailing exactly who these people were
Dialogue: 0,0:15:40.64,0:15:46.30,Default,,0000,0000,0000,,where they worked what they did. Step by\Nstep.Now it's scary to think that we might
Dialogue: 0,0:15:46.30,0:15:51.46,Default,,0000,0000,0000,,have such detailed information about\Ncrimes that took place in the past. It
Dialogue: 0,0:15:51.46,0:15:58.29,Default,,0000,0000,0000,,doesn't say how we learned, for instance,\Nthat this certain officer, Anatoly
Dialogue: 0,0:15:58.29,0:16:09.38,Default,,0000,0000,0000,,Kovalev, was working for unit 74455 of the\NGRU at 22 Kirabo Street Building, the
Dialogue: 0,0:16:09.38,0:16:16.80,Default,,0000,0000,0000,,tower, and quite how he pulled off each\Nstep in the attack that's asserted here.
Dialogue: 0,0:16:16.80,0:16:21.93,Default,,0000,0000,0000,,But as the Mueller indictments advance, as\Nthe special prosecutor's case comes
Dialogue: 0,0:16:21.93,0:16:30.02,Default,,0000,0000,0000,,together, we're likely to learn a lot more.\NAnd what's to come in 2018 as the Mueller
Dialogue: 0,0:16:30.02,0:16:33.54,Default,,0000,0000,0000,,investigation winds down, I think we're\Ngoing to learn a lot more about quite who
Dialogue: 0,0:16:33.54,0:16:39.05,Default,,0000,0000,0000,,ordered what, about who in the United\NStates was involved, and about whether the
Dialogue: 0,0:16:39.05,0:16:50.59,Default,,0000,0000,0000,,attacks went even further than we have so\Nfar discovered. So that's 2016
Dialogue: 0,0:16:50.59,0:16:55.79,Default,,0000,0000,0000,,and what we've learned about 2016,\Nbut I'm here today to give you a
Dialogue: 0,0:16:55.79,0:17:04.48,Default,,0000,0000,0000,,progress report on 2018. So what happened\Nduring the 2018 election? Well we saw
Dialogue: 0,0:17:04.48,0:17:08.86,Default,,0000,0000,0000,,several things during the November\Nelection this year. According to
Dialogue: 0,0:17:08.86,0:17:13.57,Default,,0000,0000,0000,,intelligence, once again, we have\Nallegations of continued social media
Dialogue: 0,0:17:13.57,0:17:19.89,Default,,0000,0000,0000,,influence operations, this time allegedly\Nlinked to not only Russia, but China and
Dialogue: 0,0:17:19.89,0:17:27.65,Default,,0000,0000,0000,,Iran. Now I think it's very difficult to\Nindependently comment and establish on
Dialogue: 0,0:17:27.65,0:17:31.74,Default,,0000,0000,0000,,whether these allegations are true or even\Nto understand the full extent of the
Dialogue: 0,0:17:31.74,0:17:35.99,Default,,0000,0000,0000,,social media involvement, because it's\Njust a small set of large Internet
Dialogue: 0,0:17:35.99,0:17:41.44,Default,,0000,0000,0000,,companies that have the raw data that we\Nneed to analyze. However the best reports
Dialogue: 0,0:17:41.44,0:17:45.56,Default,,0000,0000,0000,,we have are these assessments from the\Nintelligence community that the social
Dialogue: 0,0:17:45.56,0:17:52.89,Default,,0000,0000,0000,,media influence is ongoing. We also saw\Nsporadic breakdowns of voting machines.
Dialogue: 0,0:17:52.89,0:17:57.32,Default,,0000,0000,0000,,Now patterns of breakdowns of voting\Nmachines could be the indication of an
Dialogue: 0,0:17:57.32,0:18:02.54,Default,,0000,0000,0000,,attack. But in 2018 all of them seem to\Nhave perfectly natural explanations. In
Dialogue: 0,0:18:02.54,0:18:07.45,Default,,0000,0000,0000,,New York City for instance many optical\Nscan machines broke down and jammed and
Dialogue: 0,0:18:07.45,0:18:12.80,Default,,0000,0000,0000,,caused long lines but apparently it was\Nbecause it was raining and that causes the
Dialogue: 0,0:18:12.80,0:18:18.01,Default,,0000,0000,0000,,paper to swell a little bit, these\Nmachines to mis-feed and so on. So this is
Dialogue: 0,0:18:18.01,0:18:26.74,Default,,0000,0000,0000,,probably just natural failure. We also had\Nunfortunate human error for not the first
Dialogue: 0,0:18:26.74,0:18:32.96,Default,,0000,0000,0000,,time. An election in Florida potentially\Nhad the result changed because of very bad
Dialogue: 0,0:18:32.96,0:18:40.74,Default,,0000,0000,0000,,usability design in just the layout of the\Nballot. So in Broward County, Florida
Dialogue: 0,0:18:40.74,0:18:45.76,Default,,0000,0000,0000,,3.7 percent fewer voters cast a vote at all\Nin the U.S. Senate race than the race for
Dialogue: 0,0:18:45.76,0:18:50.85,Default,,0000,0000,0000,,governor. This was potentially enough\Nbecause of the demographics of Broward to
Dialogue: 0,0:18:50.85,0:18:56.64,Default,,0000,0000,0000,,change the outcome of the Florida Senate\Nrace. Here's why: Here's the ballot. So
Dialogue: 0,0:18:56.64,0:19:03.58,Default,,0000,0000,0000,,this is the race for governor, which most\Nvoters filled out, as you would expect.
Dialogue: 0,0:19:03.58,0:19:08.38,Default,,0000,0000,0000,,Right down there underneath that long\Ncolumn of instructions is the U.S. senator
Dialogue: 0,0:19:08.38,0:19:13.46,Default,,0000,0000,0000,,race. So you imagine this ballot. It's\Nmuch larger than a normal piece of paper.
Dialogue: 0,0:19:13.46,0:19:17.81,Default,,0000,0000,0000,,At the bottom of that is hanging off your\Ndesk as you're filling it in. I can see
Dialogue: 0,0:19:17.81,0:19:22.26,Default,,0000,0000,0000,,how 3.7 percent of voters might have\Ncompletely missed that race in the first
Dialogue: 0,0:19:22.26,0:19:29.89,Default,,0000,0000,0000,,column. Finally we had the old-fashioned\Npolitical fraud. In North Carolina a race
Dialogue: 0,0:19:29.89,0:19:34.54,Default,,0000,0000,0000,,for the House of Representatives was\Ndecided by only about 900 votes. But it's
Dialogue: 0,0:19:34.54,0:19:40.00,Default,,0000,0000,0000,,come out since then that operatives\Nworking for the Republican candidate
Dialogue: 0,0:19:40.00,0:19:45.07,Default,,0000,0000,0000,,allegedly stole or manipulated a large\Nnumber of absentee ballots, and the
Dialogue: 0,0:19:45.07,0:19:51.55,Default,,0000,0000,0000,,candidate there hasn't been certified yet,\Nit likely won't be seated on time. There's
Dialogue: 0,0:19:51.55,0:19:55.91,Default,,0000,0000,0000,,multiple investigations going on into\Nexactly what happened, but it goes to show
Dialogue: 0,0:19:55.91,0:20:01.81,Default,,0000,0000,0000,,you that political fraud is a reality. And\Neven outside the domain of computers it
Dialogue: 0,0:20:01.81,0:20:07.05,Default,,0000,0000,0000,,continues to this day. Now if you can\Nimagine an election can be changed by just
Dialogue: 0,0:20:07.05,0:20:11.85,Default,,0000,0000,0000,,a few people working on the ground, going\Naround collecting people's mail in ballots
Dialogue: 0,0:20:11.85,0:20:17.52,Default,,0000,0000,0000,,and promising to return them for them,\Nwell imagine what nation state attackers
Dialogue: 0,0:20:17.52,0:20:23.57,Default,,0000,0000,0000,,could do to a vulnerable and highly\Ncomputerized online infrastructure. But on
Dialogue: 0,0:20:23.57,0:20:36.00,Default,,0000,0000,0000,,the whole 2018 was, well, eerily quiet. But\Nif we go back to 2016... so the U.S. Senate
Dialogue: 0,0:20:36.00,0:20:41.90,Default,,0000,0000,0000,,Intelligence Committee, a bipartisan group\Ncontrolled by Republicans in the Senate,
Dialogue: 0,0:20:41.90,0:20:47.18,Default,,0000,0000,0000,,issued its report earlier this year about\N2016. They pointed out that they found
Dialogue: 0,0:20:47.18,0:20:52.10,Default,,0000,0000,0000,,that in a number of the states where\NRussia attacked the registration systems,
Dialogue: 0,0:20:52.10,0:20:57.56,Default,,0000,0000,0000,,the Russian hackers were in a position to,\Nat a minimum, alter or destroy the voter
Dialogue: 0,0:20:57.56,0:21:02.03,Default,,0000,0000,0000,,registration data, which, if undetected,\Nwould have caused massive chaos on
Dialogue: 0,0:21:02.03,0:21:06.23,Default,,0000,0000,0000,,election day when people showed up to vote\Nand were told that they weren't on the
Dialogue: 0,0:21:06.23,0:21:13.31,Default,,0000,0000,0000,,election rolls. But those attackers chose\Nnot to pull the trigger. And I think
Dialogue: 0,0:21:13.31,0:21:18.21,Default,,0000,0000,0000,,that's exactly what happened in 2018. It\Nwas quiet, not because we've adequately
Dialogue: 0,0:21:18.21,0:21:22.89,Default,,0000,0000,0000,,secured our election systems, but because\Nour adversaries this year chose not to
Dialogue: 0,0:21:22.89,0:21:28.21,Default,,0000,0000,0000,,pull the trigger. They're waiting for the\Nbigger prize in 2020 when we're likely to
Dialogue: 0,0:21:28.21,0:21:39.08,Default,,0000,0000,0000,,once again have a close and divisive\Npresidential contest. So what do I worry
Dialogue: 0,0:21:39.08,0:21:45.20,Default,,0000,0000,0000,,about? What I worry about most is not the\Nlast war -- registration systems, all of
Dialogue: 0,0:21:45.20,0:21:49.99,Default,,0000,0000,0000,,that -- but the bigger prize: the 2020\Nelection and the vulnerabilities in the
Dialogue: 0,0:21:49.99,0:21:57.88,Default,,0000,0000,0000,,way that we cast and count votes in the\NU.S. Now I testified about this in 2017 to
Dialogue: 0,0:21:57.88,0:22:03.11,Default,,0000,0000,0000,,the Senate Intelligence Committee and --\Nthat's actually not me. that's that's
Dialogue: 0,0:22:03.11,0:22:08.66,Default,,0000,0000,0000,,former FBI Director Comey-- but two weeks\Nlater I was sitting in the same chair with
Dialogue: 0,0:22:08.66,0:22:15.06,Default,,0000,0000,0000,,far fewer TV cameras and testified that\Nthe real lesson of 2016 is that the
Dialogue: 0,0:22:15.06,0:22:20.47,Default,,0000,0000,0000,,threats are real and that the attackers\Nwill be back. And this is the picture I
Dialogue: 0,0:22:20.47,0:22:28.24,Default,,0000,0000,0000,,painted: so U.S. voting machines have their\Nown extreme set of vulnerabilities. I was
Dialogue: 0,0:22:28.24,0:22:33.08,Default,,0000,0000,0000,,going to bring one of these machines,\NAccuVote TSX with me here today. This
Dialogue: 0,0:22:33.08,0:22:40.05,Default,,0000,0000,0000,,machine is still used in many parts of the\NU.S., but my machine has been in Germany
Dialogue: 0,0:22:40.05,0:22:46.42,Default,,0000,0000,0000,,for about a week and FedEx doesn't know\Nwhere it is. So if it shows up I'll have
Dialogue: 0,0:22:46.42,0:22:51.00,Default,,0000,0000,0000,,it somewhere for people to play with, but\Nmy advice is if you have to ship something
Dialogue: 0,0:22:51.00,0:22:57.72,Default,,0000,0000,0000,,urgent to Germany don't send it via FedEx.\NWhat I would have shown you though is a
Dialogue: 0,0:22:57.72,0:23:01.94,Default,,0000,0000,0000,,mock election on this machine and the mock\Nelection I always like to do to keep it
Dialogue: 0,0:23:01.94,0:23:05.85,Default,,0000,0000,0000,,from getting too political is between\NGeorge Washington, the father of the
Dialogue: 0,0:23:05.85,0:23:10.77,Default,,0000,0000,0000,,country, and Benedict Arnold, the traitor\Nof the American Revolution. And of course
Dialogue: 0,0:23:10.77,0:23:16.62,Default,,0000,0000,0000,,everyone likes to vote for George\NWashington. But these machines are so
Dialogue: 0,0:23:16.62,0:23:22.80,Default,,0000,0000,0000,,vulnerable. So I would have shown you an\Nattack whereby I can compromise this
Dialogue: 0,0:23:22.80,0:23:28.42,Default,,0000,0000,0000,,machine and cause it to report the wrong\Nelection outcome without having any direct
Dialogue: 0,0:23:28.42,0:23:32.93,Default,,0000,0000,0000,,physical access to the voting machines.\NInstead all an attacker needs to do is be
Dialogue: 0,0:23:32.93,0:23:37.42,Default,,0000,0000,0000,,able to infect these memory cards that\Nelection officials use before every
Dialogue: 0,0:23:37.42,0:23:42.41,Default,,0000,0000,0000,,election to program the machine with the\Ndesign of the ballot -- that is, the
Dialogue: 0,0:23:42.41,0:23:46.22,Default,,0000,0000,0000,,races, the candidates, the rules for\Ncounting. If an attacker can infect the
Dialogue: 0,0:23:46.22,0:23:51.33,Default,,0000,0000,0000,,memory card there are a whole host of\Ndifferent ways that the attacker can
Dialogue: 0,0:23:51.33,0:23:57.27,Default,,0000,0000,0000,,compromise the machine and install malware\Non the voting machine itself. There is an
Dialogue: 0,0:23:57.27,0:24:01.93,Default,,0000,0000,0000,,unauthenticated software update mechanism\Nthat can replace the election software.
Dialogue: 0,0:24:01.93,0:24:06.11,Default,,0000,0000,0000,,There are buffer overflows in the code\Nthat's used to read the ballot design and
Dialogue: 0,0:24:06.11,0:24:10.100,Default,,0000,0000,0000,,process it. There's even an interpreted\Nprogramming language that's used to
Dialogue: 0,0:24:10.100,0:24:16.32,Default,,0000,0000,0000,,generate the reports of who won. So you\Ncan just replace the honest counting
Dialogue: 0,0:24:16.32,0:24:21.23,Default,,0000,0000,0000,,software with dishonest counting software\Nright on the memory card, and that's what
Dialogue: 0,0:24:21.23,0:24:25.59,Default,,0000,0000,0000,,will get executed and determine the\Nelection results. Any of these ways would
Dialogue: 0,0:24:25.59,0:24:31.63,Default,,0000,0000,0000,,be sufficient. So when the machine counts\Nthe votes at the end of the election it
Dialogue: 0,0:24:31.63,0:24:36.03,Default,,0000,0000,0000,,prints out a little cash register receipt\Nthat becomes the official record of the
Dialogue: 0,0:24:36.03,0:24:40.61,Default,,0000,0000,0000,,result. That's controlled by the\Ninterpreted programming language on the
Dialogue: 0,0:24:40.61,0:24:46.00,Default,,0000,0000,0000,,memory card. And on my machine, no matter\Nwho you vote for, Benedict Arnold is going
Dialogue: 0,0:24:46.00,0:24:51.14,Default,,0000,0000,0000,,to win. And that's because the malware I\Ninstall via the memory card is in complete
Dialogue: 0,0:24:51.14,0:24:56.90,Default,,0000,0000,0000,,control of the election results. And there\Nare more problems than that. So these
Dialogue: 0,0:24:56.90,0:25:03.31,Default,,0000,0000,0000,,voting machines like the AccuVote TSX have\Nbeen studied by academic researchers, by
Dialogue: 0,0:25:03.31,0:25:08.77,Default,,0000,0000,0000,,independent researchers, by groups\Ncommissioned by secretaries of state in
Dialogue: 0,0:25:08.77,0:25:13.36,Default,,0000,0000,0000,,various states around the country. And\Nevery time the same machine is studied
Dialogue: 0,0:25:13.36,0:25:18.07,Default,,0000,0000,0000,,again, groups find new vulnerabilities.\NThis is part of the table of contents from
Dialogue: 0,0:25:18.07,0:25:23.34,Default,,0000,0000,0000,,a report I helped to author ten years ago\Nabout the AccuVote TSX, and you can see
Dialogue: 0,0:25:23.34,0:25:28.38,Default,,0000,0000,0000,,just this one page of several pages of\Nvulnerabilities in this single machine.
Dialogue: 0,0:25:28.38,0:25:33.18,Default,,0000,0000,0000,,These things are so poorly designed;\Nthey're so complex. Each of the voting
Dialogue: 0,0:25:33.18,0:25:38.30,Default,,0000,0000,0000,,systems has on the order of a million\Nlines of source code. And that's on top
Dialogue: 0,0:25:38.30,0:25:43.92,Default,,0000,0000,0000,,of, in this case, on top of an old and\Nunsupported version of Windows CE. There's
Dialogue: 0,0:25:43.92,0:25:51.03,Default,,0000,0000,0000,,no way that these things could possibly be\Nsecure. But the AccuVote TSX is still used
Dialogue: 0,0:25:51.03,0:25:57.75,Default,,0000,0000,0000,,in 18 states. In many of these states it's\Nstill used with software that predates
Dialogue: 0,0:25:57.75,0:26:02.13,Default,,0000,0000,0000,,that 2007 report I just showed you. We've\Nhad known buffer overflows and other
Dialogue: 0,0:26:02.13,0:26:06.97,Default,,0000,0000,0000,,problems in this firmware for more than 10\Nyears and some states still have not
Dialogue: 0,0:26:06.97,0:26:14.65,Default,,0000,0000,0000,,updated the software. That's how bad it\Nis. But it's not just that one machine. So
Dialogue: 0,0:26:14.65,0:26:20.46,Default,,0000,0000,0000,,in the US every state gets to pick its own\Nelection technology. There are no federal
Dialogue: 0,0:26:20.46,0:26:27.14,Default,,0000,0000,0000,,rules that requires states to do any\Nparticular kind of technology or testing,
Dialogue: 0,0:26:27.14,0:26:31.37,Default,,0000,0000,0000,,and you might ask, especially from the\NEuropean perspective, why don't we just
Dialogue: 0,0:26:31.37,0:26:38.21,Default,,0000,0000,0000,,count votes by hand like a civilized\Ncountry. Well here's part of the answer.
Dialogue: 0,0:26:38.21,0:26:44.80,Default,,0000,0000,0000,,This is one example of a ballot from one\Npart of the country and it's eight pages
Dialogue: 0,0:26:44.80,0:26:50.01,Default,,0000,0000,0000,,long. We insist on voting for not only the\Nfederal races but the state and local
Dialogue: 0,0:26:50.01,0:26:56.87,Default,,0000,0000,0000,,races and even city races. The joke is\Neven for dog catcher. And this complexity,
Dialogue: 0,0:26:56.87,0:27:01.89,Default,,0000,0000,0000,,well, the counting ballots by hand scales\Nlinearly with the number of questions and
Dialogue: 0,0:27:01.89,0:27:07.76,Default,,0000,0000,0000,,our ballots by tradition are just too\Ncomplicated to efficiently count manually.
Dialogue: 0,0:27:07.76,0:27:13.49,Default,,0000,0000,0000,,So we turn to computers, and about half\Nthe country-- well, really there are two
Dialogue: 0,0:27:13.49,0:27:20.83,Default,,0000,0000,0000,,different styles of voting machines that\Nwe use. Some of them are optical scanners
Dialogue: 0,0:27:20.83,0:27:25.75,Default,,0000,0000,0000,,where the voter fills in a piece of paper,\Nand it gets scanned in by a computer. The
Dialogue: 0,0:27:25.75,0:27:31.46,Default,,0000,0000,0000,,rest are touch screen machines and others\Nthat we call DREs -- direct recording
Dialogue: 0,0:27:31.46,0:27:36.49,Default,,0000,0000,0000,,electronic. On these machines voters cast\Na vote on the screen; it gets recorded in
Dialogue: 0,0:27:36.49,0:27:41.44,Default,,0000,0000,0000,,electronic memory; some of them will also\Ngenerate a print out of each vote, but
Dialogue: 0,0:27:41.44,0:27:46.89,Default,,0000,0000,0000,,that's relatively rare. In many cases the\Nonly record of the vote is in a computer
Dialogue: 0,0:27:46.89,0:27:54.94,Default,,0000,0000,0000,,memory. So in study after study these\Nmachines have been examined, and in every
Dialogue: 0,0:27:54.94,0:27:59.51,Default,,0000,0000,0000,,case, for both the optical scanners and\Nthe DREs, where a machine has been tested
Dialogue: 0,0:27:59.51,0:28:04.67,Default,,0000,0000,0000,,by qualified people, well, it's been found\Nto have vulnerabilities that would allow
Dialogue: 0,0:28:04.67,0:28:10.51,Default,,0000,0000,0000,,an attacker to install vote stealing\Nmalware and change the electronic results.
Dialogue: 0,0:28:10.51,0:28:19.34,Default,,0000,0000,0000,,Every single case. So how hard would it be\Nto go from hacking these individual
Dialogue: 0,0:28:19.34,0:28:25.36,Default,,0000,0000,0000,,machines to say changing the results of a\Npresidential election? Unfortunately much
Dialogue: 0,0:28:25.36,0:28:30.61,Default,,0000,0000,0000,,easier than we might think. There'd be\Nthree challenges to doing this in a way
Dialogue: 0,0:28:30.61,0:28:36.96,Default,,0000,0000,0000,,that would likely be invisible. The first\Nchallenge is that the machines are, well,
Dialogue: 0,0:28:36.96,0:28:40.68,Default,,0000,0000,0000,,many different types. They're diverse;\Nthey're decentralized. Each state's system
Dialogue: 0,0:28:40.68,0:28:44.59,Default,,0000,0000,0000,,is independent, and thank goodness! Because\Nthat means that we don't have just a
Dialogue: 0,0:28:44.59,0:28:51.85,Default,,0000,0000,0000,,single place you can hack into to change\Nresults nationwide. Unfortunately, because
Dialogue: 0,0:28:51.85,0:28:58.53,Default,,0000,0000,0000,,of our electoral college system, this\Ndiversity of technology can turn into a
Dialogue: 0,0:28:58.53,0:29:04.05,Default,,0000,0000,0000,,weakness in very close elections. So\Nremember I said that just any three of six
Dialogue: 0,0:29:04.05,0:29:09.30,Default,,0000,0000,0000,,states, for instance in 2016, would have\Nbeen sufficient to flip the outcome of the
Dialogue: 0,0:29:09.30,0:29:14.98,Default,,0000,0000,0000,,presidential election. Well before an\Nelection an attacker can scan all the
Dialogue: 0,0:29:14.98,0:29:19.73,Default,,0000,0000,0000,,states, figure out which ones are most\Nweakly protected, and, if they can find
Dialogue: 0,0:29:19.73,0:29:24.90,Default,,0000,0000,0000,,enough weakly protected ones to strike in,\Nthat could be sufficient to change the
Dialogue: 0,0:29:24.90,0:29:29.96,Default,,0000,0000,0000,,national results. So the attacker gets to\Npick and choose, because our diversity of
Dialogue: 0,0:29:29.96,0:29:36.01,Default,,0000,0000,0000,,technology also means a diversity of\Nstrength and weakness. The second
Dialogue: 0,0:29:36.01,0:29:40.23,Default,,0000,0000,0000,,challenge is that, as election officials\Noften point out, the voting machines
Dialogue: 0,0:29:40.23,0:29:43.96,Default,,0000,0000,0000,,aren't connected to the Internet, or at\Nleast they're not supposed to be. It turns
Dialogue: 0,0:29:43.96,0:29:48.95,Default,,0000,0000,0000,,out that some of them are, because they\Nupload their results over a 4G cellular
Dialogue: 0,0:29:48.95,0:29:56.31,Default,,0000,0000,0000,,modem right after election results are\Ncomplete. But let's just suppose they're
Dialogue: 0,0:29:56.31,0:30:00.71,Default,,0000,0000,0000,,not connected to the Internet. All right.\NIt turns out that's still not enough to
Dialogue: 0,0:30:00.71,0:30:05.80,Default,,0000,0000,0000,,protect us. So as I said before every\Nelection every single voting machine in
Dialogue: 0,0:30:05.80,0:30:10.79,Default,,0000,0000,0000,,the country has to be programmed with the\Nballot design and that ballot programming
Dialogue: 0,0:30:10.79,0:30:15.64,Default,,0000,0000,0000,,is created by election officials on a\Ncomputer workstation somewhere, usually an
Dialogue: 0,0:30:15.64,0:30:21.65,Default,,0000,0000,0000,,old Windows PC. Those computer\Nworkstations can sometimes service an
Dialogue: 0,0:30:21.65,0:30:26.84,Default,,0000,0000,0000,,entire county, sometimes an entire state.\NSometimes they're controlled by
Dialogue: 0,0:30:26.84,0:30:32.65,Default,,0000,0000,0000,,independent external contractors that can\Nperform work across multiple states. And
Dialogue: 0,0:30:32.65,0:30:37.37,Default,,0000,0000,0000,,if an attacker can infiltrate one of those\Nsystems they can spread vote stealing
Dialogue: 0,0:30:37.37,0:30:44.04,Default,,0000,0000,0000,,malware on the memory cards to voting\Nmachines across the whole region. So how
Dialogue: 0,0:30:44.04,0:30:48.37,Default,,0000,0000,0000,,hard would it be to break into one of\Nthese systems? Well in Michigan, my state,
Dialogue: 0,0:30:48.37,0:30:54.21,Default,,0000,0000,0000,,in 2016, about three quarters of counties\Noutsourced this programming to just three
Dialogue: 0,0:30:54.21,0:30:59.28,Default,,0000,0000,0000,,small businesses. These are 10-20 person\Ncompanies operating in strip malls and so
Dialogue: 0,0:30:59.28,0:31:03.93,Default,,0000,0000,0000,,forth -- the same companies that the\Njurisdictions buy their ballot boxes and
Dialogue: 0,0:31:03.93,0:31:07.99,Default,,0000,0000,0000,,"I voted" stickers from. Here's the\Nwebsite of one of them. You can see it
Dialogue: 0,0:31:07.99,0:31:13.89,Default,,0000,0000,0000,,doesn't have HTTPS, has lots of nice high\Nresolution photos of their warehouse in
Dialogue: 0,0:31:13.89,0:31:19.04,Default,,0000,0000,0000,,case you want to burglarize it, and,\Nprobably most interestingly to an
Dialogue: 0,0:31:19.04,0:31:22.76,Default,,0000,0000,0000,,attacker, they have this nice employee\Ndirectory with everyone's name,
Dialogue: 0,0:31:22.76,0:31:28.80,Default,,0000,0000,0000,,photograph, job title, and email address.\NSo if I wanted to break into elections in
Dialogue: 0,0:31:28.80,0:31:33.68,Default,,0000,0000,0000,,Michigan I might start by, say, forging an\Nemail from Larry the president there to
Dialogue: 0,0:31:33.68,0:31:39.49,Default,,0000,0000,0000,,Sue his administrative assistant and say I\Nurgently need you to open this file. After
Dialogue: 0,0:31:39.49,0:31:44.55,Default,,0000,0000,0000,,she does, of course, it installs my malware\Non their network, I'm in. I'm one step away
Dialogue: 0,0:31:44.55,0:31:49.69,Default,,0000,0000,0000,,from the election programming system and\Nspreading malware to machines across a
Dialogue: 0,0:31:49.69,0:31:56.77,Default,,0000,0000,0000,,quarter of the state. All right, there's\None more challenge. And that's that today
Dialogue: 0,0:31:56.77,0:32:01.67,Default,,0000,0000,0000,,more than 70 percent of US votes are\Nrecorded on a piece of paper. And this is
Dialogue: 0,0:32:01.67,0:32:07.25,Default,,0000,0000,0000,,great! This is much more than ten years\Nago because officials have been listening
Dialogue: 0,0:32:07.25,0:32:10.77,Default,,0000,0000,0000,,to computer scientists and security\Nexperts who have been warning about the
Dialogue: 0,0:32:10.77,0:32:16.96,Default,,0000,0000,0000,,dangers of fully electronic voting. And\Npaper might seem like a step backwards,
Dialogue: 0,0:32:16.96,0:32:22.50,Default,,0000,0000,0000,,but it's actually a pretty high tech way\Nof thinking. In any kind of critical
Dialogue: 0,0:32:22.50,0:32:26.89,Default,,0000,0000,0000,,system, if we can afford to have a\Nphysical failsafe in case of technology
Dialogue: 0,0:32:26.89,0:32:31.65,Default,,0000,0000,0000,,problems it's a good idea to do that. This\Nis why if you fly on a commercial
Dialogue: 0,0:32:31.65,0:32:36.47,Default,,0000,0000,0000,,aircraft... well, it has a very fancy\Nsatellite-guided navigation system, but
Dialogue: 0,0:32:36.47,0:32:41.54,Default,,0000,0000,0000,,also, by law, there's a magnetic compas in\Nthe cockpit. It's also why in your
Dialogue: 0,0:32:41.54,0:32:47.22,Default,,0000,0000,0000,,car...well you probably want to have a\Nmechanical linkage between the brake pedal
Dialogue: 0,0:32:47.22,0:32:54.28,Default,,0000,0000,0000,,and the brakes just in case... well, you\Nknow. So paper can be a very sophisticated
Dialogue: 0,0:32:54.28,0:32:59.46,Default,,0000,0000,0000,,defense. It's relatively slow and\Nexpensive to tally, but it's something
Dialogue: 0,0:32:59.46,0:33:05.40,Default,,0000,0000,0000,,that's verified by the voter and that\Ncan't be changed later in a cyberattack.
Dialogue: 0,0:33:05.40,0:33:10.35,Default,,0000,0000,0000,,Meanwhile we also get an electronic record\Nfrom systems like optical scanners that's
Dialogue: 0,0:33:10.35,0:33:16.18,Default,,0000,0000,0000,,fast and cheap to tally, but unverified.\NAs long as we make sure that these records
Dialogue: 0,0:33:16.18,0:33:19.97,Default,,0000,0000,0000,,agree well then changing the election\Nresult would require you to change the
Dialogue: 0,0:33:19.97,0:33:23.99,Default,,0000,0000,0000,,electronic record through a high tech\Nattack. And the paper records through a
Dialogue: 0,0:33:23.99,0:33:28.34,Default,,0000,0000,0000,,low tech attack and in a way that\Nagrees, and that would require a truly
Dialogue: 0,0:33:28.34,0:33:33.92,Default,,0000,0000,0000,,extraordinary conspiracy. And to check\Nthat the paper is right... Well we have
Dialogue: 0,0:33:33.92,0:33:38.99,Default,,0000,0000,0000,,high tech approaches to that too. You\Ndon't have to count all of it. In fact
Dialogue: 0,0:33:38.99,0:33:43.86,Default,,0000,0000,0000,,over the last ten years computer\Nscientists and statisticians have
Dialogue: 0,0:33:43.86,0:33:48.57,Default,,0000,0000,0000,,developed very sophisticated ways of just\Nspot checking the paper record to make
Dialogue: 0,0:33:48.57,0:33:53.10,Default,,0000,0000,0000,,sure that it's right and these are called\Nrisks limiting audits. A risk limiting
Dialogue: 0,0:33:53.10,0:33:58.25,Default,,0000,0000,0000,,audit is a statistical process in which\Nyou can count randomly selected ballots
Dialogue: 0,0:33:58.25,0:34:01.96,Default,,0000,0000,0000,,until you establish with high confidence\Nthat hand counting all of them would
Dialogue: 0,0:34:01.96,0:34:07.54,Default,,0000,0000,0000,,determine the same winner. There are many\Nways to do this but they all turn out to
Dialogue: 0,0:34:07.54,0:34:12.97,Default,,0000,0000,0000,,be, or many of them turn out to be\Nincredibly efficient. In a typical state
Dialogue: 0,0:34:12.97,0:34:19.81,Default,,0000,0000,0000,,with a fairly wide margin of victory just\Nspot checking a handful of ballots might
Dialogue: 0,0:34:19.81,0:34:23.57,Default,,0000,0000,0000,,be enough to establish with high\Nconfidence that the winner really did win
Dialogue: 0,0:34:23.57,0:34:29.36,Default,,0000,0000,0000,,by a landslide. Of course if the election\Nresult is a tie, logically you do have to
Dialogue: 0,0:34:29.36,0:34:34.65,Default,,0000,0000,0000,,look at all the ballots to establish that\Nit is indeed a tie. So the amount of work
Dialogue: 0,0:34:34.65,0:34:39.32,Default,,0000,0000,0000,,you have to do depends on how close the\Nelection was. But in all cases you can
Dialogue: 0,0:34:39.32,0:34:44.34,Default,,0000,0000,0000,,find an efficient approach to determining,\Nwithout trusting the computer systems,
Dialogue: 0,0:34:44.34,0:34:50.57,Default,,0000,0000,0000,,that the paper really does reflect the\Ntrue winner. Unfortunately, well, most
Dialogue: 0,0:34:50.57,0:34:55.18,Default,,0000,0000,0000,,states don't do risk limiting audits. In\Nfact most states don't look at enough
Dialogue: 0,0:34:55.18,0:35:02.62,Default,,0000,0000,0000,,paper at all to determine that the winner\Nof a close election was genuine. So
Dialogue: 0,0:35:02.62,0:35:08.51,Default,,0000,0000,0000,,hacking a national election would probably\Nbe easier than most of us thought. You can
Dialogue: 0,0:35:08.51,0:35:13.04,Default,,0000,0000,0000,,use pre-election polls and scanning to\Ndetermine which states to target, hack
Dialogue: 0,0:35:13.04,0:35:17.53,Default,,0000,0000,0000,,into the election management systems in\Nthe most weakly protected ones, then
Dialogue: 0,0:35:17.53,0:35:22.18,Default,,0000,0000,0000,,infect voting machines with malware to\Nchange, say, a few percent of the vote.
Dialogue: 0,0:35:22.18,0:35:26.86,Default,,0000,0000,0000,,The paper records might catch the fraud,\Nbut you can rely on the fact that most
Dialogue: 0,0:35:26.86,0:35:31.06,Default,,0000,0000,0000,,states will throw it away without looking\Nat enough of it to determine who actually
Dialogue: 0,0:35:31.06,0:35:41.47,Default,,0000,0000,0000,,won. And that's the sorry situation that\Nunfortunately in 2018 we are still in. So
Dialogue: 0,0:35:41.47,0:35:47.86,Default,,0000,0000,0000,,since 2016, however, there has been a\Nchange in mindset. Increasingly election
Dialogue: 0,0:35:47.86,0:35:52.64,Default,,0000,0000,0000,,officials have been listening to the\Nscientific community when we say you need
Dialogue: 0,0:35:52.64,0:35:57.55,Default,,0000,0000,0000,,a paper trail, and they're starting to\Nthink that that is correct. Almost all
Dialogue: 0,0:35:57.55,0:36:03.33,Default,,0000,0000,0000,,states that don't have paper trails today\Nat least have people strongly advocating
Dialogue: 0,0:36:03.33,0:36:09.60,Default,,0000,0000,0000,,for replacing the equipment that's there.\NAnd most other states, well, they at least
Dialogue: 0,0:36:09.60,0:36:13.92,Default,,0000,0000,0000,,have people starting to look into the\Nsecurity and testing the security of other
Dialogue: 0,0:36:13.92,0:36:18.36,Default,,0000,0000,0000,,election related computer systems, like\Ntheir voter registration systems, to make
Dialogue: 0,0:36:18.36,0:36:24.28,Default,,0000,0000,0000,,sure that they're shored up. Now you don't\Nhave to take it from me that paper ballots
Dialogue: 0,0:36:24.28,0:36:29.65,Default,,0000,0000,0000,,and post election audits are the way to go\Nto secure our election systems. Just this
Dialogue: 0,0:36:29.65,0:36:36.03,Default,,0000,0000,0000,,fall the National Academies of Science\NEngineering and Medicine -- the authority
Dialogue: 0,0:36:36.03,0:36:40.41,Default,,0000,0000,0000,,on scientific advice to government --\Nreleased a report with their highest level
Dialogue: 0,0:36:40.41,0:36:45.74,Default,,0000,0000,0000,,of advice -- a consensus report -- urging\Nthe adoption of paper and risk limiting
Dialogue: 0,0:36:45.74,0:36:51.27,Default,,0000,0000,0000,,audits, pointing out that this is a\Npragmatic, robust, and necessary defense
Dialogue: 0,0:36:51.27,0:36:57.42,Default,,0000,0000,0000,,for elections. This report was written in\Nconjunction with election officials.
Dialogue: 0,0:36:57.42,0:37:01.87,Default,,0000,0000,0000,,People with experience administering\Nelections and it just goes to show you
Dialogue: 0,0:37:01.87,0:37:06.61,Default,,0000,0000,0000,,that at least the election officials who\Nhave taken the time to understand the
Dialogue: 0,0:37:06.61,0:37:13.77,Default,,0000,0000,0000,,threat are waking up and starting to pay\Nattention to the path to a solution. The
Dialogue: 0,0:37:13.77,0:37:19.46,Default,,0000,0000,0000,,problem is that that solution will take\Ntime to implement. And if we look at which
Dialogue: 0,0:37:19.46,0:37:24.89,Default,,0000,0000,0000,,states still don't have a paper trail, it\Nturns out that there are 14 where some or
Dialogue: 0,0:37:24.89,0:37:31.66,Default,,0000,0000,0000,,all votes still aren't recorded on paper,\Nand it's going to take between 130 and 420
Dialogue: 0,0:37:31.66,0:37:35.56,Default,,0000,0000,0000,,million dollars according to credible\Nestimates to replace all the machines
Dialogue: 0,0:37:35.56,0:37:41.41,Default,,0000,0000,0000,,still in those states. Some of them like\NPennsylvania are working to do that now,
Dialogue: 0,0:37:41.41,0:37:46.63,Default,,0000,0000,0000,,but in other states there still are no\Nplans in effect to get rid of the
Dialogue: 0,0:37:46.63,0:37:52.60,Default,,0000,0000,0000,,vulnerable machines. If we look at the\Nnational map for post-election audits
Dialogue: 0,0:37:52.60,0:37:57.87,Default,,0000,0000,0000,,though the picture is a lot worse. And\Nthis is what concerns me most. Although
Dialogue: 0,0:37:57.87,0:38:04.03,Default,,0000,0000,0000,,many states in 2018 did small pilots of\Nrisk limiting audits, the majority of
Dialogue: 0,0:38:04.03,0:38:11.86,Default,,0000,0000,0000,,states still do not conduct audits that\Ncan rigorously guarantee the electronic
Dialogue: 0,0:38:11.86,0:38:18.80,Default,,0000,0000,0000,,results of an election. And many still\Nhave no plans to do so in time for 2020.
Dialogue: 0,0:38:18.80,0:38:22.37,Default,,0000,0000,0000,,Because risk limiting audits are so\Nefficient, the cost for auditing
Dialogue: 0,0:38:22.37,0:38:28.13,Default,,0000,0000,0000,,nationwide is ridiculously small. It would\Ncost according to my estimates less than
Dialogue: 0,0:38:28.13,0:38:33.41,Default,,0000,0000,0000,,25 million dollars a year to audit every\Nfederal race nationally, potentially a lot
Dialogue: 0,0:38:33.41,0:38:38.10,Default,,0000,0000,0000,,less than that. But it requires\Norganizational on the ground. And
Dialogue: 0,0:38:38.10,0:38:44.66,Default,,0000,0000,0000,,unfortunately in our system operations on\Nthe ground are conducted by about 13.000
Dialogue: 0,0:38:44.66,0:38:51.36,Default,,0000,0000,0000,,local jurisdictions on Election Day. We\Nneed national leadership. We need much
Dialogue: 0,0:38:51.36,0:38:57.38,Default,,0000,0000,0000,,more dispersed expertise in order to get\Nthese protections in place, because if you
Dialogue: 0,0:38:57.38,0:39:03.45,Default,,0000,0000,0000,,don't actually look at the paper you might\Nas well not have it in the first place. So
Dialogue: 0,0:39:03.45,0:39:09.46,Default,,0000,0000,0000,,this year did see some movement in\NCongress. In the spring, as part of the
Dialogue: 0,0:39:09.46,0:39:14.65,Default,,0000,0000,0000,,omnibus appropriations process, Congress\Ngave the states 380 million dollars in
Dialogue: 0,0:39:14.65,0:39:20.16,Default,,0000,0000,0000,,emergency election funding in order to\Nstart working to secure their registration
Dialogue: 0,0:39:20.16,0:39:24.72,Default,,0000,0000,0000,,systems and polling places. This was great\Nin that it was money available
Dialogue: 0,0:39:24.72,0:39:29.09,Default,,0000,0000,0000,,immediately, and if you've been paying\Nattention, getting Congress to do much of
Dialogue: 0,0:39:29.09,0:39:34.81,Default,,0000,0000,0000,,anything these days is pretty hard. On the\Nother hand the money came with very
Dialogue: 0,0:39:34.81,0:39:41.07,Default,,0000,0000,0000,,limited oversight, with no standards about\Nhow that money should be used, and isn't
Dialogue: 0,0:39:41.07,0:39:46.08,Default,,0000,0000,0000,,even enough to eliminate all of the\Npaperless machines because of the way it's
Dialogue: 0,0:39:46.08,0:39:52.49,Default,,0000,0000,0000,,spread out amongst the states. But it's an\Nimportant first step. We can look at a few
Dialogue: 0,0:39:52.49,0:39:58.04,Default,,0000,0000,0000,,of the states to see how they're doing,\Nand I pick these as a representative
Dialogue: 0,0:39:58.04,0:40:06.05,Default,,0000,0000,0000,,sample of the diversity of progress. In\NMaryland, for instance, which until 2016
Dialogue: 0,0:40:06.05,0:40:09.62,Default,,0000,0000,0000,,used AccuVote touch-screen machines,\Nvulnerable to all of those problems I
Dialogue: 0,0:40:09.62,0:40:15.86,Default,,0000,0000,0000,,talked about, finally replaced the\Nmachines with paper ballots. That's a huge
Dialogue: 0,0:40:15.86,0:40:22.63,Default,,0000,0000,0000,,step forward. Unfortunately Maryland,\Ninstead of auditing them by having people
Dialogue: 0,0:40:22.63,0:40:27.00,Default,,0000,0000,0000,,look at the ballots, decided it would be\Nmore efficient to audit them by having
Dialogue: 0,0:40:27.00,0:40:33.22,Default,,0000,0000,0000,,people look at digital scans of the\Nballots from the voting machines. As I
Dialogue: 0,0:40:33.22,0:40:38.43,Default,,0000,0000,0000,,think everyone in this room probably\Nrealizes, but maybe some in a broader
Dialogue: 0,0:40:38.43,0:40:45.53,Default,,0000,0000,0000,,audience would not, it's pretty easy to\Nmanipulate digital photographs. In fact I
Dialogue: 0,0:40:45.53,0:40:50.69,Default,,0000,0000,0000,,have work from students in an\Nundergraduate security class I taught this
Dialogue: 0,0:40:50.69,0:40:56.05,Default,,0000,0000,0000,,term who implemented a machine learning\Nalgorithm that can take scans of ballots
Dialogue: 0,0:40:56.05,0:41:00.97,Default,,0000,0000,0000,,and just automatically change the marked\Nresults to produce whatever outcome you
Dialogue: 0,0:41:00.97,0:41:06.72,Default,,0000,0000,0000,,want, and we'll have more on that in\Na publication this spring. But
Dialogue: 0,0:41:06.72,0:41:12.27,Default,,0000,0000,0000,,unfortunately these audits are security\Ntheater. They might catch human error, but
Dialogue: 0,0:41:12.27,0:41:16.86,Default,,0000,0000,0000,,they're not going to catch a sophisticated\Nattacker who has the ability to manipulate
Dialogue: 0,0:41:16.86,0:41:21.90,Default,,0000,0000,0000,,how the machines are reading the ballots,\Ncan be easily fooled by malware. So I give
Dialogue: 0,0:41:21.90,0:41:28.70,Default,,0000,0000,0000,,Maryland on the whole maybe a "C".\NPennsylvania, another state that just two
Dialogue: 0,0:41:28.70,0:41:32.16,Default,,0000,0000,0000,,years ago during the recounts was\Npractically a laughing stock of the
Dialogue: 0,0:41:32.16,0:41:37.82,Default,,0000,0000,0000,,country for its lack of paper records of\Nvotes and it's byzantine rules about
Dialogue: 0,0:41:37.82,0:41:42.99,Default,,0000,0000,0000,,recounting them, well, today is making\Nreally good progress. The state recently
Dialogue: 0,0:41:42.99,0:41:47.27,Default,,0000,0000,0000,,committed to replacing all of its\Npaperless machines with paper ballots in
Dialogue: 0,0:41:47.27,0:41:53.82,Default,,0000,0000,0000,,time for the 2020 election, and it's\Ncommitted to implementing a robust post
Dialogue: 0,0:41:53.82,0:42:00.93,Default,,0000,0000,0000,,election audits by 2022. Unfortunately,\N2022 is going to be too late to secure the
Dialogue: 0,0:42:00.93,0:42:06.60,Default,,0000,0000,0000,,2020 presidential election, and this just\Nemphasizes the need to get moving more
Dialogue: 0,0:42:06.60,0:42:12.27,Default,,0000,0000,0000,,quickly. There were also questions about\Nwhether the auditing regime they implement
Dialogue: 0,0:42:12.27,0:42:17.24,Default,,0000,0000,0000,,will be truly statistically rigorous.\NThere are a lot of details to get right,
Dialogue: 0,0:42:17.24,0:42:22.34,Default,,0000,0000,0000,,but on the whole, Pennsylvania has made so\Nmuch progress. I think out of sympathy I
Dialogue: 0,0:42:22.34,0:42:28.26,Default,,0000,0000,0000,,can give them a "B". All right, now let's\Nlook at a top performer. This is the state
Dialogue: 0,0:42:28.26,0:42:34.89,Default,,0000,0000,0000,,of Colorado. Colorado has become a leader\Nin election security, because not only
Dialogue: 0,0:42:34.89,0:42:40.82,Default,,0000,0000,0000,,does it have paper ballots statewide,\Nlargely vote by mail which has its own
Dialogue: 0,0:42:40.82,0:42:45.26,Default,,0000,0000,0000,,problems, but that's a subject for later.\NBut Colorado also was the first state in
Dialogue: 0,0:42:45.26,0:42:49.09,Default,,0000,0000,0000,,the country to implement these\Nstatistically robust risk limiting audits
Dialogue: 0,0:42:49.09,0:42:53.81,Default,,0000,0000,0000,,statewide and has been doing it since\N2017. They've got both of these critical
Dialogue: 0,0:42:53.81,0:42:58.80,Default,,0000,0000,0000,,protections in place, and yes, they\Nactually do choose the random seed for
Dialogue: 0,0:42:58.80,0:43:02.84,Default,,0000,0000,0000,,sampling the ballots during the risk\Nlimiting audit by rolling a set of
Dialogue: 0,0:43:02.84,0:43:08.14,Default,,0000,0000,0000,,10-sided dice. So that's a great way to do\Nit in a public ceremony. So Colorado gets
Dialogue: 0,0:43:08.14,0:43:15.73,Default,,0000,0000,0000,,an "A". They're very well protected by\Nthese standards. Then there's Georgia. So
Dialogue: 0,0:43:15.73,0:43:23.26,Default,,0000,0000,0000,,Georgia in 2018 voted statewide with the\NAccuVote TSX voting machine, the one that
Dialogue: 0,0:43:23.26,0:43:29.72,Default,,0000,0000,0000,,FedEx has that I've hacked. They haven't\Nupdated this software in their AccuVote
Dialogue: 0,0:43:29.72,0:43:37.13,Default,,0000,0000,0000,,TSX machines since 2005, and they claim\Nthat the machines and their election
Dialogue: 0,0:43:37.13,0:43:43.51,Default,,0000,0000,0000,,programming systems are air gapped. But\Nduring a court hearing about this earlier
Dialogue: 0,0:43:43.51,0:43:47.99,Default,,0000,0000,0000,,this fall their head of elections\Ndescribed that their system was air
Dialogue: 0,0:43:47.99,0:43:52.12,Default,,0000,0000,0000,,gapped. Yes it's perfectly secure. It's\Nair gapped. The only way you can get into
Dialogue: 0,0:43:52.12,0:43:58.08,Default,,0000,0000,0000,,it is through the bank of modems attached\Nto it. It's air gapped except the bank of
Dialogue: 0,0:43:58.08,0:44:03.57,Default,,0000,0000,0000,,modems. Also it turns out he programs it\Nby moving a USB stick back and forth from
Dialogue: 0,0:44:03.57,0:44:11.70,Default,,0000,0000,0000,,his personal laptop. {\i1}Sigh{\i0} Georgia also\Nof course doesn't have robust audits,
Dialogue: 0,0:44:11.70,0:44:15.77,Default,,0000,0000,0000,,because, well, meaningful post election\Naudits would require a paper trail, and
Dialogue: 0,0:44:15.77,0:44:21.08,Default,,0000,0000,0000,,none of those machines have paper. This\Nalone would be enough to give Georgia an
Dialogue: 0,0:44:21.08,0:44:26.86,Default,,0000,0000,0000,,"F". Except there's one more thing: their\Nvoter registration system also was shown
Dialogue: 0,0:44:26.86,0:44:33.84,Default,,0000,0000,0000,,in 2018 to have some problems. So you're\Nnot going to believe this story. One more
Dialogue: 0,0:44:33.84,0:44:41.26,Default,,0000,0000,0000,,story. So in Georgia they do online voter\Nregistrations through a Web site. And in
Dialogue: 0,0:44:41.26,0:44:49.38,Default,,0000,0000,0000,,2018 just a few days before the election\Nthe Georgia Democratic party learned from
Dialogue: 0,0:44:49.38,0:44:54.59,Default,,0000,0000,0000,,one of it's-- from someone working for\Nthem, from a volunteer, about a series of
Dialogue: 0,0:44:54.59,0:44:59.50,Default,,0000,0000,0000,,vulnerabilities in this voter registration\Nsystem. While it turned out that you could
Dialogue: 0,0:44:59.50,0:45:03.99,Default,,0000,0000,0000,,read and manipulate anyone's voter\Nregistration records just by changing a
Dialogue: 0,0:45:03.99,0:45:10.75,Default,,0000,0000,0000,,sequential ID number in a particular URL.\NThere was another URL for viewing a sample
Dialogue: 0,0:45:10.75,0:45:14.17,Default,,0000,0000,0000,,ballot, that if you just change the path\Nof the file it pointed to you could read
Dialogue: 0,0:45:14.17,0:45:20.72,Default,,0000,0000,0000,,any file and the server's filesystem. Well\Nthese are pretty bad problems, right? Even
Dialogue: 0,0:45:20.72,0:45:24.59,Default,,0000,0000,0000,,though Georgia apparently had gone through\Nthe process of having a security
Dialogue: 0,0:45:24.59,0:45:29.61,Default,,0000,0000,0000,,assessment of its registration system\Nperformed and didn't catch these, well...
Dialogue: 0,0:45:29.61,0:45:33.76,Default,,0000,0000,0000,,So the Democrats less than five days\Nbefore the election learned of these
Dialogue: 0,0:45:33.76,0:45:37.91,Default,,0000,0000,0000,,problems and disclosed them to the\NSecretary of State's office which is
Dialogue: 0,0:45:37.91,0:45:43.40,Default,,0000,0000,0000,,responsible for running the election\Nsystem. There is Secretary of State Brian
Dialogue: 0,0:45:43.40,0:45:49.57,Default,,0000,0000,0000,,Kemp, who, also, it turned out, was\Ncandidate for governor in a very close
Dialogue: 0,0:45:49.57,0:45:54.80,Default,,0000,0000,0000,,race. So not only was he running the\Nelection system, but he was the candidate
Dialogue: 0,0:45:54.80,0:46:00.34,Default,,0000,0000,0000,,in the most important race in the state\Nwhere the polls were projecting that the
Dialogue: 0,0:46:00.34,0:46:06.34,Default,,0000,0000,0000,,election was going to be a dead heat. So\Nan hour after receiving the security
Dialogue: 0,0:46:06.34,0:46:12.19,Default,,0000,0000,0000,,disclosure, Secretary Kemp's office put\Nout a press release with this headline:
Dialogue: 0,0:46:12.19,0:46:16.44,Default,,0000,0000,0000,,That after a failed hacking attempt\Nthey're launching an investigation into the
Dialogue: 0,0:46:16.44,0:46:24.79,Default,,0000,0000,0000,,Georgia Democratic Party and they've\Ncalled the FBI on the Democrats. So...
Dialogue: 0,0:46:24.79,0:46:32.14,Default,,0000,0000,0000,,Brian Kemp won the election and is now the\Ngovernor elect of Georgia. So this guy who
Dialogue: 0,0:46:32.14,0:46:36.66,Default,,0000,0000,0000,,did so well handling the security of the\Nvoting system while he was secretary of
Dialogue: 0,0:46:36.66,0:46:42.71,Default,,0000,0000,0000,,state is now the head political officer of\Nthe state of Georgia. I think Georgia's
Dialogue: 0,0:46:42.71,0:46:47.77,Default,,0000,0000,0000,,"F" just might stick with them through\N2020. So...
Dialogue: 0,0:46:47.77,0:46:55.51,Default,,0000,0000,0000,,{\i1}applause{\i0}\NH: Thank you. So there is hope though. I
Dialogue: 0,0:46:55.51,0:47:01.25,Default,,0000,0000,0000,,want to end on a message of hope, because\Ndespite this, with all of these different
Dialogue: 0,0:47:01.25,0:47:07.01,Default,,0000,0000,0000,,levels of rigor and of readiness across\Nthe different states I believe we need
Dialogue: 0,0:47:07.01,0:47:12.02,Default,,0000,0000,0000,,more national leadership, national\Nstandards, and national resources thrown
Dialogue: 0,0:47:12.02,0:47:18.67,Default,,0000,0000,0000,,into securing elections. And a bill to do\Njust these things made a lot of progress
Dialogue: 0,0:47:18.67,0:47:24.03,Default,,0000,0000,0000,,in the Senate during the past term. This\Nis a bill called the Secure Elections Act
Dialogue: 0,0:47:24.03,0:47:29.89,Default,,0000,0000,0000,,that was introduced by Senators Lankford,\NRepublican of Oklahoma, and Klobuchar,
Dialogue: 0,0:47:29.89,0:47:35.29,Default,,0000,0000,0000,,Democrat of Minnesota. And it ended up\Ngathering a large number of bipartisan
Dialogue: 0,0:47:35.29,0:47:41.40,Default,,0000,0000,0000,,sponsors, split evenly between Republicans\Nand Democrats. It would have required
Dialogue: 0,0:47:41.40,0:47:46.41,Default,,0000,0000,0000,,states to adopt paper, to adopt strong\Naudits, and to adopt stronger information
Dialogue: 0,0:47:46.41,0:47:50.71,Default,,0000,0000,0000,,sharing practices to let each other and\Nthe federal government know if they saw
Dialogue: 0,0:47:50.71,0:47:57.87,Default,,0000,0000,0000,,signs of people trying to break in. This\Nbill made it a long way, but unfortunately
Dialogue: 0,0:47:57.87,0:48:03.40,Default,,0000,0000,0000,,got stuck in the committee after some\Nopposition from the White House just days
Dialogue: 0,0:48:03.40,0:48:07.52,Default,,0000,0000,0000,,before it was going to be marked up and\Nhopefully then made it make its way to the
Dialogue: 0,0:48:07.52,0:48:12.76,Default,,0000,0000,0000,,floor. But this shows that bipartisan\Ncooperation is possible even in this
Dialogue: 0,0:48:12.76,0:48:17.07,Default,,0000,0000,0000,,Congress, and that there are a lot of\Nserious people who now realize that
Dialogue: 0,0:48:17.07,0:48:22.16,Default,,0000,0000,0000,,election cybersecurity is a matter of\Nnational security and defense. I think in
Dialogue: 0,0:48:22.16,0:48:26.46,Default,,0000,0000,0000,,the next Congress there's a good\Npossibility that we will see effective
Dialogue: 0,0:48:26.46,0:48:31.97,Default,,0000,0000,0000,,legislation to provide national standards\Nand leadership for elections. But it's a
Dialogue: 0,0:48:31.97,0:48:39.30,Default,,0000,0000,0000,,question of threading a political needle\Nand getting Congress to act. So to defend
Dialogue: 0,0:48:39.30,0:48:44.60,Default,,0000,0000,0000,,our elections we don't need rocket\Nscience. We need simple steps like
Dialogue: 0,0:48:44.60,0:48:51.42,Default,,0000,0000,0000,,applying security best practices and\Nexpertise to secure registration servers,
Dialogue: 0,0:48:51.42,0:48:56.43,Default,,0000,0000,0000,,adopting a paper record of every vote, and\Napplying simple post-election audit
Dialogue: 0,0:48:56.43,0:49:01.86,Default,,0000,0000,0000,,techniques to make sure the paper record\Nis right. If we do these things well we'll
Dialogue: 0,0:49:01.86,0:49:07.57,Default,,0000,0000,0000,,have a much more robust and evidence-based\Nelection system that can detect and
Dialogue: 0,0:49:07.57,0:49:13.01,Default,,0000,0000,0000,,recover from attack attempts.\NUnfortunately today our dialogue about
Dialogue: 0,0:49:13.01,0:49:18.17,Default,,0000,0000,0000,,elections isn't based on evidence. It's\Nlargely based on faith: on faith in the
Dialogue: 0,0:49:18.17,0:49:23.64,Default,,0000,0000,0000,,democratic process, on faith in the people\Nand the technology that's responsible. But
Dialogue: 0,0:49:23.64,0:49:29.41,Default,,0000,0000,0000,,I think voters deserve better. Voters\Ndeserve, if they're reasonably skeptical,
Dialogue: 0,0:49:29.41,0:49:33.55,Default,,0000,0000,0000,,to have it proven to them that the\Nelection result was right, and that is
Dialogue: 0,0:49:33.55,0:49:38.48,Default,,0000,0000,0000,,possible with simple and practical\Ntechnology that we have today. All it's
Dialogue: 0,0:49:38.48,0:49:43.17,Default,,0000,0000,0000,,going to take is national leadership to\Nmake sure that all states, even states like
Dialogue: 0,0:49:43.17,0:49:49.88,Default,,0000,0000,0000,,Georgia, adopt the necessary protections\Nsoon. So what can you do? Well as a hacker
Dialogue: 0,0:49:49.88,0:49:55.25,Default,,0000,0000,0000,,or a computer scientist you can work with\Nyour election officials to help explain
Dialogue: 0,0:49:55.25,0:50:00.42,Default,,0000,0000,0000,,the technology, the threats, and the\Ndefenses. You can work to explain the
Dialogue: 0,0:50:00.42,0:50:05.64,Default,,0000,0000,0000,,threats to the public, because we all need\Nto understand, just as a matter of modern
Dialogue: 0,0:50:05.64,0:50:10.54,Default,,0000,0000,0000,,civics, how elections can be attacked and\Ndefended. You can work to build better
Dialogue: 0,0:50:10.54,0:50:15.72,Default,,0000,0000,0000,,ways to use technology to make voting on\Npaper easier and more efficient. While
Dialogue: 0,0:50:15.72,0:50:20.45,Default,,0000,0000,0000,,technology can help voting in a lot of\Nways, just... we shouldn't trust it is the
Dialogue: 0,0:50:20.45,0:50:26.37,Default,,0000,0000,0000,,only way in which votes are counted and\Nresults are determined. And as a citizen,
Dialogue: 0,0:50:26.37,0:50:30.56,Default,,0000,0000,0000,,well, you can demand that election\Nauthorities implement paper and risk
Dialogue: 0,0:50:30.56,0:50:34.69,Default,,0000,0000,0000,,limiting audits. Get involved through\Nactivist groups to help campaign for
Dialogue: 0,0:50:34.69,0:50:41.04,Default,,0000,0000,0000,,protections like this, and especially\Nplease urge the U.S. Congress to pass
Dialogue: 0,0:50:41.04,0:50:45.73,Default,,0000,0000,0000,,legislation like the Secure Elections Act\Nand similar bills to make sure that
Dialogue: 0,0:50:45.73,0:50:51.72,Default,,0000,0000,0000,,election systems across our country\Nachieve these security properties. You can
Dialogue: 0,0:50:51.72,0:50:56.77,Default,,0000,0000,0000,,learn more from an online course I have\Nfor free on Coursera called Securing
Dialogue: 0,0:50:56.77,0:51:02.23,Default,,0000,0000,0000,,Digital Democracy that provides several\Nweeks' worth of material about the history
Dialogue: 0,0:51:02.23,0:51:07.59,Default,,0000,0000,0000,,and the technology of election defenses.\NBut we've got to get going. It's only been
Dialogue: 0,0:51:07.59,0:51:12.09,Default,,0000,0000,0000,,two years, believe it or not, since Donald\NTrump became president, and it's only
Dialogue: 0,0:51:12.09,0:51:16.29,Default,,0000,0000,0000,,about 22 months until the next\Npresidential election. It's time to get
Dialogue: 0,0:51:16.29,0:51:18.48,Default,,0000,0000,0000,,moving. Thank you.
Dialogue: 0,0:51:18.48,0:51:30.66,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:51:30.66,0:51:39.02,Default,,0000,0000,0000,,Herald Angel: thank you very much. What I\Ngot from this talk is it takes 27,400
Dialogue: 0,0:51:39.02,0:51:46.51,Default,,0000,0000,0000,,people, so we have to scale up Congress.\NWe're going to do a Q&A. And I think we'll
Dialogue: 0,0:51:46.51,0:51:52.56,Default,,0000,0000,0000,,just start with Mic number two\Nbecause I can see that one.
Dialogue: 0,0:51:52.56,0:52:00.41,Default,,0000,0000,0000,,Question: Thanks for the great talk. What\Nif someone targets the-- {\i1}Mic problems{\i0}
Dialogue: 0,0:52:00.41,0:52:06.90,Default,,0000,0000,0000,,{\i1}Mumbling{\i0}\NHerald: Um, we need mic #2 live.
Dialogue: 0,0:52:08.36,0:52:10.87,Default,,0000,0000,0000,,Question: Does this work? Hello?\N{\i1}silence{\i0}
Dialogue: 0,0:52:15.52,0:52:18.50,Default,,0000,0000,0000,,Angel: Try again\NQuestion: Hello? Ok great. Thanks for the
Dialogue: 0,0:52:18.50,0:52:23.52,Default,,0000,0000,0000,,great talk. What if someone targets the\Nrandomness in your risk-limiting audit?
Dialogue: 0,0:52:23.52,0:52:27.43,Default,,0000,0000,0000,,Q: Doesn't that pose a vulnerability?\NSpeaker: Oh yes. Definitely you need to have
Dialogue: 0,0:52:27.43,0:52:31.74,Default,,0000,0000,0000,,a secure randomness in whatever auditing\Nmethod you're doing if it's going to be by
Dialogue: 0,0:52:31.74,0:52:37.76,Default,,0000,0000,0000,,a statistical sampling. That's one reason\Nwhy the auditing techniques that Colorado
Dialogue: 0,0:52:37.76,0:52:43.29,Default,,0000,0000,0000,,practices, they actually have a public\Nceremony in which officials throw dice in
Dialogue: 0,0:52:43.29,0:52:48.52,Default,,0000,0000,0000,,front of TV cameras in order to pick the\Nrandom seed. But a lot of thought has to
Dialogue: 0,0:52:48.52,0:52:53.26,Default,,0000,0000,0000,,go into designing that process well, so\Nthat it's not only truly random but also
Dialogue: 0,0:52:53.26,0:52:57.23,Default,,0000,0000,0000,,something that people can know and believe\Nis truly random. Thank you
Dialogue: 0,0:52:57.23,0:53:06.03,Default,,0000,0000,0000,,Angel: OK Mic number six\NQuestion: Thank you so much for the talk.
Dialogue: 0,0:53:06.03,0:53:10.80,Default,,0000,0000,0000,,You spoke about how in Georgia the\Ndisclosure of vulnerabilities was
Dialogue: 0,0:53:10.80,0:53:18.15,Default,,0000,0000,0000,,punished, almost. Is there any talk or\Nmovement towards having something like bug
Dialogue: 0,0:53:18.15,0:53:23.97,Default,,0000,0000,0000,,bounties for Election Systems?\NSpeaker: Yes in fact there is another bill
Dialogue: 0,0:53:23.97,0:53:29.39,Default,,0000,0000,0000,,that was introduced in Congress that would\Ndo just that, and establish a kind of bug
Dialogue: 0,0:53:29.39,0:53:36.44,Default,,0000,0000,0000,,bounty program. I'm not sure that that\Nidea yet has a lot of legs, but I think it
Dialogue: 0,0:53:36.44,0:53:41.82,Default,,0000,0000,0000,,would help. I think right now though we\Ndon't really need all that much more
Dialogue: 0,0:53:41.82,0:53:47.37,Default,,0000,0000,0000,,incentive for people to want to try to\Nhelp secure democracy. A lot of people,
Dialogue: 0,0:53:47.37,0:53:51.83,Default,,0000,0000,0000,,including I'm sure a lot of people in this\Nroom, would gladly volunteer to do so. We
Dialogue: 0,0:53:51.83,0:53:55.94,Default,,0000,0000,0000,,need a way of organizing that effort and\Nmaking sure that people can discover and
Dialogue: 0,0:53:55.94,0:54:00.98,Default,,0000,0000,0000,,report problems without fear of having it\Nturn into some political weapon to be used
Dialogue: 0,0:54:00.98,0:54:05.15,Default,,0000,0000,0000,,against them.\NAngel: Mic number one
Dialogue: 0,0:54:05.15,0:54:10.93,Default,,0000,0000,0000,,Question: Hey thanks for the talk. Like\Nthe case in Georgia doesn't sound that
Dialogue: 0,0:54:10.93,0:54:14.53,Default,,0000,0000,0000,,terrible because like in Lithuania a couple\Nof years ago we've had this issue where you
Dialogue: 0,0:54:14.53,0:54:20.51,Default,,0000,0000,0000,,just didn't need to change the URL you\Njust did have to refresh the page and here
Dialogue: 0,0:54:20.51,0:54:29.23,Default,,0000,0000,0000,,you go. You have the information about a\Ndifferent citizen. My question is, like,
Dialogue: 0,0:54:29.23,0:54:35.80,Default,,0000,0000,0000,,what if the paper trail leads to the\Nknowledge that the election was rigged in
Dialogue: 0,0:54:35.80,0:54:41.20,Default,,0000,0000,0000,,some particular area like two years after\Nthe election or like one year after the
Dialogue: 0,0:54:41.20,0:54:43.61,Default,,0000,0000,0000,,election? What happens then? Does it\Nchange anything?
Dialogue: 0,0:54:43.61,0:54:49.48,Default,,0000,0000,0000,,Speaker: A year or so after an election\Nwould be a great catastrophe if we only learned
Dialogue: 0,0:54:49.48,0:54:53.58,Default,,0000,0000,0000,,then that the political leaders were not\Nlegitimately elected. We don't really have
Dialogue: 0,0:54:53.58,0:55:01.63,Default,,0000,0000,0000,,any precedent for that. That's why the\Nrecommendation and what some states like
Dialogue: 0,0:55:01.63,0:55:05.20,Default,,0000,0000,0000,,Colorado are starting to do is, they're\Nimplementing stronger audits, is to make
Dialogue: 0,0:55:05.20,0:55:09.64,Default,,0000,0000,0000,,sure the audits are completed as soon as\Npossible, ideally before the election
Dialogue: 0,0:55:09.64,0:55:16.77,Default,,0000,0000,0000,,results is certified. I recently came out\Nwith a paper with Phillip Stark and Ron
Dialogue: 0,0:55:16.77,0:55:21.64,Default,,0000,0000,0000,,Rivest that gives an audit system that you\Ncan start doing even the moment polls
Dialogue: 0,0:55:21.64,0:55:27.85,Default,,0000,0000,0000,,close on election night and perhaps have,\Nin a not so close election, a full complete
Dialogue: 0,0:55:27.85,0:55:33.80,Default,,0000,0000,0000,,audit by the time results are announced on\Nelection night. So it's possible to do it
Dialogue: 0,0:55:33.80,0:55:39.90,Default,,0000,0000,0000,,quickly with sufficient organization.\NAngel: OK. Microphone number 8
Dialogue: 0,0:55:40.77,0:55:50.38,Default,,0000,0000,0000,,Question: Hi I'm curious about the\Nattribution of attacks. Is there possibly
Dialogue: 0,0:55:50.38,0:55:56.73,Default,,0000,0000,0000,,any instance at which you would be not\Nsure that it was Russia that performed the
Dialogue: 0,0:55:56.73,0:56:03.32,Default,,0000,0000,0000,,attacks, or maybe it was China. So how do\Nyou know that it was exactly Russia, or
Dialogue: 0,0:56:03.32,0:56:10.80,Default,,0000,0000,0000,,China or India?\NSpeaker: So all we have to go by really is the
Dialogue: 0,0:56:10.80,0:56:16.16,Default,,0000,0000,0000,,assertions of our intelligence agencies in\Nthe U.S. and in some cases like for the
Dialogue: 0,0:56:16.16,0:56:21.00,Default,,0000,0000,0000,,Democratic National Committee breaches the\Nassertions of private security firms that
Dialogue: 0,0:56:21.00,0:56:26.56,Default,,0000,0000,0000,,were involved in the investigations. I\Nagree with you, attribution in general is a
Dialogue: 0,0:56:26.56,0:56:32.39,Default,,0000,0000,0000,,darn hard problem. But if you're willing\Nto accept the credibility of the
Dialogue: 0,0:56:32.39,0:56:37.12,Default,,0000,0000,0000,,intelligence reports and read between the\Nlines just a little bit it looks like the
Dialogue: 0,0:56:37.12,0:56:43.28,Default,,0000,0000,0000,,reason, the basis for their attribution, is\Nlargely not technical but based on
Dialogue: 0,0:56:43.28,0:56:47.34,Default,,0000,0000,0000,,intercepted communication of people who\Nwere involved in organizing the attacks in
Dialogue: 0,0:56:47.34,0:56:52.59,Default,,0000,0000,0000,,Russia. And I think more information about\Nthat is likely to come out as the Mueller
Dialogue: 0,0:56:52.59,0:56:58.50,Default,,0000,0000,0000,,investigations proceed. So I mean there's\Nsome necessary grain of salt. You can see
Dialogue: 0,0:56:58.50,0:57:04.87,Default,,0000,0000,0000,,what incentive people might have to try to\Ntrump up, so to speak, the involvement
Dialogue: 0,0:57:04.87,0:57:08.90,Default,,0000,0000,0000,,of Russia. But you can also see in the\Ncurrent political climate why at least the
Dialogue: 0,0:57:08.90,0:57:14.20,Default,,0000,0000,0000,,executive branch would have a reason to\Ntry to tone down allegations of Russia's
Dialogue: 0,0:57:14.20,0:57:20.16,Default,,0000,0000,0000,,involvement. So you'll have to interpret\Nthe weight of the evidence as you will.
Dialogue: 0,0:57:20.16,0:57:24.64,Default,,0000,0000,0000,,Angel: OK, the last question\Nfrom the Internet.
Dialogue: 0,0:57:24.64,0:57:28.65,Default,,0000,0000,0000,,Angel: We're running out of time. Sorry.\NQuestion: Has any organization or group
Dialogue: 0,0:57:28.65,0:57:32.08,Default,,0000,0000,0000,,unveiled a voting machine designed to\Naddress all of the security issues that
Dialogue: 0,0:57:32.08,0:57:35.06,Default,,0000,0000,0000,,you have brought up here? Is there a\Nsolution to the problem?
Dialogue: 0,0:57:35.06,0:57:38.73,Default,,0000,0000,0000,,Speaker: I'm sorry could you repeat the\Nbeginning of that question?
Dialogue: 0,0:57:38.73,0:57:43.12,Default,,0000,0000,0000,,Question: Has any group or organization\Nunveiled a voting machine that is designed
Dialogue: 0,0:57:43.12,0:57:46.47,Default,,0000,0000,0000,,to address all of those security issues\Nthat have grown up?
Dialogue: 0,0:57:46.47,0:57:52.33,Default,,0000,0000,0000,,Speaker: OK so there are efforts to\Ndevelop voting machines that are based on open
Dialogue: 0,0:57:52.33,0:58:00.49,Default,,0000,0000,0000,,source software, that are based on better\Nvalidated software. Benedita, a researcher
Dialogue: 0,0:58:00.49,0:58:07.09,Default,,0000,0000,0000,,in this area who has done a lot of great\Nwork is one person who's recently launched
Dialogue: 0,0:58:07.09,0:58:13.74,Default,,0000,0000,0000,,an effort to do that, although there are\Nothers. And I think that will help. But at
Dialogue: 0,0:58:13.74,0:58:17.81,Default,,0000,0000,0000,,the end of the day I think however well-\Ndesigned the software and our voting
Dialogue: 0,0:58:17.81,0:58:22.16,Default,,0000,0000,0000,,machines is, that can raise the bar for\Nattacks, but it's never going to be enough
Dialogue: 0,0:58:22.16,0:58:27.16,Default,,0000,0000,0000,,to also be able to convince skeptical\Nvoters that everything is OK, because,
Dialogue: 0,0:58:27.16,0:58:31.11,Default,,0000,0000,0000,,well, among other things, how do you know\Nthat that software is really what's
Dialogue: 0,0:58:31.11,0:58:36.53,Default,,0000,0000,0000,,running in the machines that are counting\Nyour votes? So there's a lot we can do to
Dialogue: 0,0:58:36.53,0:58:41.75,Default,,0000,0000,0000,,make voting machines better. At the end of\Nthe day they're also going to have to have
Dialogue: 0,0:58:41.75,0:58:47.71,Default,,0000,0000,0000,,that paper trail and those statistical audit\Nso that everyone can believe the results.
Dialogue: 0,0:58:47.71,0:58:52.26,Default,,0000,0000,0000,,Angel: Thank you very much. \NThat concludes the talk.
Dialogue: 0,0:58:52.26,0:59:00.22,Default,,0000,0000,0000,,Speaker: Thank you.\N{\i1}applause{\i0}
Dialogue: 0,0:59:00.22,0:59:04.94,Default,,0000,0000,0000,,Angel: I think you'll be around for a few more\Nanswers on the Congress, so everybody who
Dialogue: 0,0:59:04.94,0:59:08.75,Default,,0000,0000,0000,,is here can ask questions in person.\NSpeaker: I will and hopefully tomorrow
Dialogue: 0,0:59:08.75,0:59:11.80,Default,,0000,0000,0000,,there'll be a Diebold voting machine\Nsomewhere around here for everyone
Dialogue: 0,0:59:11.80,0:59:16.22,Default,,0000,0000,0000,,to hack themselves. Thank you again.\NAngel: Let's hack that thing.
Dialogue: 0,0:59:16.22,0:59:20.38,Default,,0000,0000,0000,,{\i1}postroll music{\i0}
Dialogue: 0,0:59:20.38,0:59:39.00,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\Nin the year 2018. Join, and help us!