WEBVTT

00:00:00.000 --> 00:00:18.620
<i>35C3 preroll music</i>

00:00:18.620 --> 00:00:24.779
Herald Angel: Mr. Halderman, professor of
computer science at the University of

00:00:24.779 --> 00:00:32.598
Michigan. Famous for inventing things like
Let's Encrypt, finding the--

00:00:32.598 --> 00:00:33.620
<i>applause</i>

00:00:33.620 --> 00:00:38.050
Herald Angel: There's more.
<i>applause</i>

00:00:38.050 --> 00:00:49.770
Herald: But wait, there's more! Logjam
-- I love buzzword bingo -- and zmap.

00:00:49.770 --> 00:00:55.520
And now he's going to talk about 
American elections. Thank you.

00:00:55.520 --> 00:01:00.760
J. Alex Halderman: All right. Thank you so
much. It's fantastic to be back at

00:01:00.760 --> 00:01:07.259
Congress this year. Two years ago I was
here with Matt Bernhard one of my Ph.D.

00:01:07.259 --> 00:01:13.000
students and we gave an update about what
happened during the 2016 presidential

00:01:13.000 --> 00:01:22.460
election. Today a lot has changed and a
lot remains the same. And I'm here to let

00:01:22.460 --> 00:01:27.830
you know what we've learned about what
happened in the 2016 election and what we

00:01:27.830 --> 00:01:32.330
still need to do to make sure elections in
the U.S. and around the world are well

00:01:32.330 --> 00:01:40.990
protected. So, a quick flashback. On
November 8th, 2016 Donald Trump became

00:01:40.990 --> 00:01:46.210
president of the United States by beating
some other person. Now history quickly

00:01:46.210 --> 00:01:53.170
forgets the losers in presidential
elections. And it really doesn't matter

00:01:53.170 --> 00:02:00.170
who Donald Trump beat, because today, for
better or for worse, he is the president.

00:02:00.170 --> 00:02:06.920
But how close was the election? President
Trump likes to talk about how he won by a

00:02:06.920 --> 00:02:14.250
landslide, but actually he was the fifth
person in American history to win the

00:02:14.250 --> 00:02:20.700
presidency while losing the popular vote.
In fact his opponent received 3 million

00:02:20.700 --> 00:02:26.920
more votes in the election than President
Trump did. How can that happen? Well we

00:02:26.920 --> 00:02:33.011
have this crazy system called the
Electoral College. And in the Electoral

00:02:33.011 --> 00:02:38.349
College each state has a certain number of
points, and Donald Trump ended up getting

00:02:38.349 --> 00:02:43.840
more of those points. But if we want to
ask "How close was the election,

00:02:43.840 --> 00:02:49.660
really?"... well that depends on the way
each state allocates its electoral votes,

00:02:49.660 --> 00:02:58.319
and most are "winner-take-all". So we
might ask how many votes would, say, an

00:02:58.319 --> 00:03:03.590
attacker have had to change in the
smallest number of states in order to

00:03:03.590 --> 00:03:07.850
change the election result in order to,
say, make it a tie instead of a win for

00:03:07.850 --> 00:03:14.310
President Trump. And it turns out that if
you look at the three closest states, they

00:03:14.310 --> 00:03:19.580
could be flipped with a very very small
number of votes changing, and changing

00:03:19.580 --> 00:03:24.370
just any two of these three states would
have been enough to reverse the outcome of

00:03:24.370 --> 00:03:29.750
the presidential election. If we look at
the next few closest states they also have

00:03:29.750 --> 00:03:36.220
very small margins, and any three of these
six states would have sufficed to change

00:03:36.220 --> 00:03:42.650
the election result. In total just
changing twenty seven thousand, five

00:03:42.650 --> 00:03:49.519
hundred votes from Donald Trump to Donald
Trump's opponent would have changed the

00:03:49.519 --> 00:03:55.590
outcome of the U.S. presidential election.
There were 137 million votes in total.

00:03:55.590 --> 00:04:03.200
That's a change of just 0.02 percent. That
is a very close electoral result by even

00:04:03.200 --> 00:04:10.450
contemporary American standards. And
that's why the possibilities of computer

00:04:10.450 --> 00:04:17.019
hacking, voting machine manipulation,
information warfare that actually did take

00:04:17.019 --> 00:04:24.690
place, some of them in 2016, not only have
the possibility to have effected the 2016

00:04:24.690 --> 00:04:29.190
election result but stand to have the
possibility to affect future election

00:04:29.190 --> 00:04:37.050
results as well. And that's why election
security is so important right now. But if

00:04:37.050 --> 00:04:43.280
we go back to 2016, when I was speaking
here two years ago, the main thing I was

00:04:43.280 --> 00:04:48.430
talking about were recounts in three
states: Wisconsin, Michigan, and

00:04:48.430 --> 00:04:53.900
Pennsylvania, that I and other election
security advocates had a big role in

00:04:53.900 --> 00:04:59.360
orchestrating. Well we realized after 2016
that this was a close and unexpected

00:04:59.360 --> 00:05:05.240
election result, but no one was going to
go back and check the physical evidence of

00:05:05.240 --> 00:05:11.750
the votes: the actual paper ballots in any
states that really mattered to make sure

00:05:11.750 --> 00:05:16.920
that the computer election results we have
been told about were right. Well, when I

00:05:16.920 --> 00:05:22.290
and others pointed this out to the public
it resulted in an overwhelming show of

00:05:22.290 --> 00:05:27.980
support. And one of the third party
presidential candidate Jill Stein stepped

00:05:27.980 --> 00:05:34.040
in and had the legal standing to demand
recounts in states where she stood for

00:05:34.040 --> 00:05:38.350
election, even though she had no chance of
winning. And she raised through small

00:05:38.350 --> 00:05:43.290
donations from the public more than seven
million dollars to fund efforts to go back

00:05:43.290 --> 00:05:49.419
and count and check the votes to make sure
things were right. Unfortunately, a

00:05:49.419 --> 00:05:54.840
recount after an American election is a
politically fraught process, and in all

00:05:54.840 --> 00:06:02.100
three states we found opposition from the
apparent winner of the election, we found

00:06:02.100 --> 00:06:07.229
challenges in the courts, and only one of
those states, Wisconsin, ended up

00:06:07.229 --> 00:06:13.039
recounting all of its ballots and found no
evidence of fraud. In Michigan the

00:06:13.039 --> 00:06:20.580
recounts were halted after only a few days
with less than half of the votes counted

00:06:20.580 --> 00:06:25.830
after a court challenge by the
Republicans. Again, no evidence of fraud

00:06:25.830 --> 00:06:31.860
in the votes that were recounted. And in
Pennsylvania, unfortunately, like many

00:06:31.860 --> 00:06:36.930
states most of the state had no paper
trail at all. There was nothing to

00:06:36.930 --> 00:06:42.389
recount: just digital records and
machines. The courts denied the Stein

00:06:42.389 --> 00:06:48.620
campaign the right to have independent
experts examine the machines, and in very

00:06:48.620 --> 00:06:52.639
few of the places in the rest of the
state, the small amount that did have

00:06:52.639 --> 00:07:00.270
paper actually did complete a recount. But
still there was no evidence of fraud. So

00:07:00.270 --> 00:07:05.300
in all there is no evidence that hacking
of voting machines -- hacking of actual

00:07:05.300 --> 00:07:11.240
vote counts -- changed the outcome of the
2016 election. But there is abundant

00:07:11.240 --> 00:07:17.850
evidence that cyberattacks of other forms
had a major influence on the election,

00:07:17.850 --> 00:07:22.639
certainly could have a huge influence on
future elections. And that's what I'm

00:07:22.639 --> 00:07:28.940
going to talk about today. So first
looking back at 2016 in the two years

00:07:28.940 --> 00:07:33.639
since I was last here we have learned a
lot more about what really took place

00:07:33.639 --> 00:07:42.900
during the 2016 election. Starting just
January of 2017 when the U.S. intelligence

00:07:42.900 --> 00:07:51.169
community -- the CIA, NSA, and other three
letter agencies -- who often in this

00:07:51.169 --> 00:07:57.009
community we don't trust, still came out
and released a joint assessment in which

00:07:57.009 --> 00:08:04.490
they rated with very high confidence the
conclusion that attackers linked to Russia

00:08:04.490 --> 00:08:10.380
were ordered by Russian President Vladimir
Putin to interfere with the American

00:08:10.380 --> 00:08:16.000
election in order to weaken Clinton, boost
Donald Trump, and discredit the electoral

00:08:16.000 --> 00:08:21.479
process as a whole. They called it a
significant escalation of longstanding

00:08:21.479 --> 00:08:28.860
Russian efforts to undermine the US-led
liberal democratic order. So where's the

00:08:28.860 --> 00:08:34.448
evidence that this actually happened? And
what actually happened? According to not

00:08:34.448 --> 00:08:39.328
only the intelligence reports but other
information from other sources we can use

00:08:39.328 --> 00:08:45.939
to see to see whether it's credible. Well
what happened in the U.S. actually looks a

00:08:45.939 --> 00:08:51.190
lot like something that happened in 2014
in Ukraine, where, according to other

00:08:51.190 --> 00:08:58.220
published reports, attackers linked to
Russia engaged in a multipronged attack to

00:08:58.220 --> 00:09:04.089
try to undermine the presidential election
there. They released targeted leaks of

00:09:04.089 --> 00:09:09.740
e-mails linked to the presidential
campaign. They attacked the Election

00:09:09.740 --> 00:09:14.269
Commission's servers in order to cause
them to initially post the wrong

00:09:14.269 --> 00:09:19.139
presidential winner. And this was
apparently detected and narrowly averted

00:09:19.139 --> 00:09:24.319
only hours before the winner was to be
announced. And they orchestrated DDoS

00:09:24.319 --> 00:09:30.790
attacks to try to delay the election
results. In the U.S. in 2016 we saw a

00:09:30.790 --> 00:09:36.430
similar multipronged attack of targeted
political leaks trolling and message

00:09:36.430 --> 00:09:42.550
amplification on social media and attacks
against election infrastructure. So the

00:09:42.550 --> 00:09:48.279
targeted political leaks, you've probably
heard about some of this. You have e-mails

00:09:48.279 --> 00:09:54.189
stolen from the Democratic National
Committee through a hacking campaign that

00:09:54.189 --> 00:10:00.639
involved two different Russian-linked
military groups hacking into the DNC

00:10:00.639 --> 00:10:06.779
servers, installing customized malware and
exfiltrating thousands of e-mails that

00:10:06.779 --> 00:10:13.149
were then published by WikiLeaks. Later,
John Podesta -- Clinton's campaign

00:10:13.149 --> 00:10:20.299
chairman -- also had his personal email
compromised, and Podesta's emails were

00:10:20.299 --> 00:10:25.100
similarly published by WikiLeaks. Whatever
you think about WikiLeaks -- and

00:10:25.100 --> 00:10:30.230
government transparency, and I myself am a
huge fan of transparency -- there's

00:10:30.230 --> 00:10:36.220
clearly something subversive and
manipulative about just one side being

00:10:36.220 --> 00:10:41.720
targeted, and being targeted by other
foreign nations, and having its dirty

00:10:41.720 --> 00:10:46.630
laundry aired for the world to see. This
is subverting the entire notion of

00:10:46.630 --> 00:10:52.730
transparency, turning our need for true
information about politicians against us

00:10:52.730 --> 00:10:59.279
and manipulating the entire process. John
Podesta, since his e-mails were all leaked

00:10:59.279 --> 00:11:03.540
to the public, well, we can go and see the
phishing attack e-mail that got his

00:11:03.540 --> 00:11:09.399
password, and here it is. So this mail
sent to John Podesta claims to be from

00:11:09.399 --> 00:11:13.680
Gmail saying that someone has tried to
sign in with his password and he urgently

00:11:13.680 --> 00:11:20.939
needs to change it by clicking here. Well
he did click there and Russia got his

00:11:20.939 --> 00:11:27.509
password. We also see his staff talking
about this e-mail and one of his staffers

00:11:27.509 --> 00:11:32.550
recognized that this was a phishing
attempt and emailed urgently telling John

00:11:32.550 --> 00:11:38.810
Podesta to change his password immediately
but he typo'd. In dashing out this e-mail

00:11:38.810 --> 00:11:44.019
he wrote that this is a "legitimate
e-mail". He has subsequently claimed every

00:11:44.019 --> 00:11:47.759
time he's talked about it that he meant to
write "illegitimate" not "legitimate".

00:11:47.759 --> 00:11:55.410
Well, the rest is history. A couple of
extra letters might have changed a lot. So

00:11:55.410 --> 00:12:00.199
beyond the e-mail leaks we've seen an
orchestrated campaign on social media

00:12:00.199 --> 00:12:06.600
through trolls and false identities to try
to manipulate people's opinions, to try to

00:12:06.600 --> 00:12:12.189
create political divisions between people,
to try to amplify certain discordant

00:12:12.189 --> 00:12:17.819
messages. That could be a whole talk in
itself, and I'm not going to go deep into

00:12:17.819 --> 00:12:23.329
the trolling and message amplification,
but it's a subject that is an ongoing form

00:12:23.329 --> 00:12:29.259
of attack that again turns our tools of
communication against us. People need to

00:12:29.259 --> 00:12:34.149
know whether the information they're
reading is really what other people they

00:12:34.149 --> 00:12:40.079
know and are like them think, or whether
it's being generated by bots, by attacks.

00:12:40.079 --> 00:12:44.870
Alright this kind of artificial
amplification and manipulation of

00:12:44.870 --> 00:12:51.259
messaging turns us against each other.
Finally, and the category of attacks that

00:12:51.259 --> 00:12:55.639
I want to talk about most today because I
think they're the most relevant for our

00:12:55.639 --> 00:13:01.509
community, are attacks against election
infrastructure itself: the increasingly

00:13:01.509 --> 00:13:06.939
computerized systems that we use to run
elections, not just in the US but in

00:13:06.939 --> 00:13:12.459
countries around the world. There were
attacks against voter registration systems

00:13:12.459 --> 00:13:18.350
in states across the country, organized by
the same Russian groups. There were

00:13:18.350 --> 00:13:24.809
attacks against companies that make
technology used in polling places. In all,

00:13:24.809 --> 00:13:29.819
the intelligence assessment is that up to
21 states had their voter registration

00:13:29.819 --> 00:13:34.569
systems probed. Now of course how can you
go back in time and know for sure that

00:13:34.569 --> 00:13:38.889
others were not probed, were not
compromised. That's very difficult, even

00:13:38.889 --> 00:13:44.809
if you are, say, the NSA and are watching
everyone's network traffic. However we

00:13:44.809 --> 00:13:49.449
know that in multiple states the attackers
got in through SQL injection, through

00:13:49.449 --> 00:13:53.110
other attacks, and were able to steal
hundreds of thousands of voters'

NOTE Paragraph

00:13:53.110 --> 00:14:06.669
registration records. More information
came out later in 2017 through leaked

00:14:06.669 --> 00:14:15.019
information from NSA. So this woman,
Reality Winner, an NSA contractor, leaked

00:14:15.019 --> 00:14:20.410
to the Intercept a series of intelligence
assessments that showed the Russian

00:14:20.410 --> 00:14:26.129
attacks went even farther, that they
executed attempts to break into the

00:14:26.129 --> 00:14:30.929
computer systems of at least one election
computer software vendor, and then after

00:14:30.929 --> 00:14:35.660
breaking into their systems started trying
to fish their way into the computers of

00:14:35.660 --> 00:14:39.859
local election administrators, the people
who actually run the technology on

00:14:39.859 --> 00:14:45.399
Election Day. For sharing this information
with us Reality Winner is currently

00:14:45.399 --> 00:14:52.629
serving a five year prison sentence for
violating the Espionage Act. But the

00:14:52.629 --> 00:15:01.149
information that she leaked has since been
corroborated. In July of this year

00:15:01.149 --> 00:15:06.160
prosecutors in the Special Counsel's
office -- this is the Robert Mueller

00:15:06.160 --> 00:15:12.149
investigation of Russian interference and
collusion -- indicted a set of GRU

00:15:12.149 --> 00:15:18.329
officers, Russian military officers, in
conjunction with the voter registration

00:15:18.329 --> 00:15:23.049
system attacks, the theft of email from
the Democrats, and the attempts to indict

00:15:23.049 --> 00:15:28.220
local election officials. If you're
interested in this stuff I highly

00:15:28.220 --> 00:15:32.939
recommend you read this indictment. It's
about 20 pages of very detailed

00:15:32.939 --> 00:15:40.639
information asserting to apparently
detailing exactly who these people were

00:15:40.639 --> 00:15:46.299
where they worked what they did. Step by
step.Now it's scary to think that we might

00:15:46.299 --> 00:15:51.460
have such detailed information about
crimes that took place in the past. It

00:15:51.460 --> 00:15:58.290
doesn't say how we learned, for instance,
that this certain officer, Anatoly

00:15:58.290 --> 00:16:09.379
Kovalev, was working for unit 74455 of the
GRU at 22 Kirabo Street Building, the

00:16:09.379 --> 00:16:16.800
tower, and quite how he pulled off each
step in the attack that's asserted here.

00:16:16.800 --> 00:16:21.930
But as the Mueller indictments advance, as
the special prosecutor's case comes

00:16:21.930 --> 00:16:30.019
together, we're likely to learn a lot more.
And what's to come in 2018 as the Mueller

00:16:30.019 --> 00:16:33.540
investigation winds down, I think we're
going to learn a lot more about quite who

00:16:33.540 --> 00:16:39.050
ordered what, about who in the United
States was involved, and about whether the

00:16:39.050 --> 00:16:50.589
attacks went even further than we have so
far discovered. So that's 2016

00:16:50.589 --> 00:16:55.790
and what we've learned about 2016,
but I'm here today to give you a

00:16:55.790 --> 00:17:04.480
progress report on 2018. So what happened
during the 2018 election? Well we saw

00:17:04.480 --> 00:17:08.859
several things during the November
election this year. According to

00:17:08.859 --> 00:17:13.569
intelligence, once again, we have
allegations of continued social media

00:17:13.569 --> 00:17:19.888
influence operations, this time allegedly
linked to not only Russia, but China and

00:17:19.888 --> 00:17:27.648
Iran. Now I think it's very difficult to
independently comment and establish on

00:17:27.648 --> 00:17:31.740
whether these allegations are true or even
to understand the full extent of the

00:17:31.740 --> 00:17:35.990
social media involvement, because it's
just a small set of large Internet

00:17:35.990 --> 00:17:41.440
companies that have the raw data that we
need to analyze. However the best reports

00:17:41.440 --> 00:17:45.559
we have are these assessments from the
intelligence community that the social

00:17:45.559 --> 00:17:52.890
media influence is ongoing. We also saw
sporadic breakdowns of voting machines.

00:17:52.890 --> 00:17:57.320
Now patterns of breakdowns of voting
machines could be the indication of an

00:17:57.320 --> 00:18:02.540
attack. But in 2018 all of them seem to
have perfectly natural explanations. In

00:18:02.540 --> 00:18:07.450
New York City for instance many optical
scan machines broke down and jammed and

00:18:07.450 --> 00:18:12.799
caused long lines but apparently it was
because it was raining and that causes the

00:18:12.799 --> 00:18:18.010
paper to swell a little bit, these
machines to mis-feed and so on. So this is

00:18:18.010 --> 00:18:26.740
probably just natural failure. We also had
unfortunate human error for not the first

00:18:26.740 --> 00:18:32.960
time. An election in Florida potentially
had the result changed because of very bad

00:18:32.960 --> 00:18:40.740
usability design in just the layout of the
ballot. So in Broward County, Florida

00:18:40.740 --> 00:18:45.759
3.7 percent fewer voters cast a vote at all
in the U.S. Senate race than the race for

00:18:45.759 --> 00:18:50.850
governor. This was potentially enough
because of the demographics of Broward to

00:18:50.850 --> 00:18:56.639
change the outcome of the Florida Senate
race. Here's why: Here's the ballot. So

00:18:56.639 --> 00:19:03.580
this is the race for governor, which most
voters filled out, as you would expect.

00:19:03.580 --> 00:19:08.380
Right down there underneath that long
column of instructions is the U.S. senator

00:19:08.380 --> 00:19:13.460
race. So you imagine this ballot. It's
much larger than a normal piece of paper.

00:19:13.460 --> 00:19:17.809
At the bottom of that is hanging off your
desk as you're filling it in. I can see

00:19:17.809 --> 00:19:22.260
how 3.7 percent of voters might have
completely missed that race in the first

00:19:22.260 --> 00:19:29.889
column. Finally we had the old-fashioned
political fraud. In North Carolina a race

00:19:29.889 --> 00:19:34.540
for the House of Representatives was
decided by only about 900 votes. But it's

00:19:34.540 --> 00:19:40.000
come out since then that operatives
working for the Republican candidate

00:19:40.000 --> 00:19:45.070
allegedly stole or manipulated a large
number of absentee ballots, and the

00:19:45.070 --> 00:19:51.549
candidate there hasn't been certified yet,
it likely won't be seated on time. There's

00:19:51.549 --> 00:19:55.909
multiple investigations going on into
exactly what happened, but it goes to show

00:19:55.909 --> 00:20:01.809
you that political fraud is a reality. And
even outside the domain of computers it

00:20:01.809 --> 00:20:07.049
continues to this day. Now if you can
imagine an election can be changed by just

00:20:07.049 --> 00:20:11.850
a few people working on the ground, going
around collecting people's mail in ballots

00:20:11.850 --> 00:20:17.519
and promising to return them for them,
well imagine what nation state attackers

00:20:17.519 --> 00:20:23.570
could do to a vulnerable and highly
computerized online infrastructure. But on

00:20:23.570 --> 00:20:36.000
the whole 2018 was, well, eerily quiet. But
if we go back to 2016... so the U.S. Senate

00:20:36.000 --> 00:20:41.900
Intelligence Committee, a bipartisan group
controlled by Republicans in the Senate,

00:20:41.900 --> 00:20:47.179
issued its report earlier this year about
2016. They pointed out that they found

00:20:47.179 --> 00:20:52.100
that in a number of the states where
Russia attacked the registration systems,

00:20:52.100 --> 00:20:57.559
the Russian hackers were in a position to,
at a minimum, alter or destroy the voter

00:20:57.559 --> 00:21:02.029
registration data, which, if undetected,
would have caused massive chaos on

00:21:02.029 --> 00:21:06.230
election day when people showed up to vote
and were told that they weren't on the

00:21:06.230 --> 00:21:13.309
election rolls. But those attackers chose
not to pull the trigger. And I think

00:21:13.309 --> 00:21:18.210
that's exactly what happened in 2018. It
was quiet, not because we've adequately

00:21:18.210 --> 00:21:22.890
secured our election systems, but because
our adversaries this year chose not to

00:21:22.890 --> 00:21:28.210
pull the trigger. They're waiting for the
bigger prize in 2020 when we're likely to

00:21:28.210 --> 00:21:39.080
once again have a close and divisive
presidential contest. So what do I worry

00:21:39.080 --> 00:21:45.200
about? What I worry about most is not the
last war -- registration systems, all of

00:21:45.200 --> 00:21:49.990
that -- but the bigger prize: the 2020
election and the vulnerabilities in the

00:21:49.990 --> 00:21:57.880
way that we cast and count votes in the
U.S. Now I testified about this in 2017 to

00:21:57.880 --> 00:22:03.110
the Senate Intelligence Committee and --
that's actually not me. that's that's

00:22:03.110 --> 00:22:08.659
former FBI Director Comey-- but two weeks
later I was sitting in the same chair with

00:22:08.659 --> 00:22:15.059
far fewer TV cameras and testified that
the real lesson of 2016 is that the

00:22:15.059 --> 00:22:20.470
threats are real and that the attackers
will be back. And this is the picture I

00:22:20.470 --> 00:22:28.240
painted: so U.S. voting machines have their
own extreme set of vulnerabilities. I was

00:22:28.240 --> 00:22:33.080
going to bring one of these machines,
AccuVote TSX with me here today. This

00:22:33.080 --> 00:22:40.049
machine is still used in many parts of the
U.S., but my machine has been in Germany

00:22:40.049 --> 00:22:46.420
for about a week and FedEx doesn't know
where it is. So if it shows up I'll have

00:22:46.420 --> 00:22:51.000
it somewhere for people to play with, but
my advice is if you have to ship something

00:22:51.000 --> 00:22:57.720
urgent to Germany don't send it via FedEx.
What I would have shown you though is a

00:22:57.720 --> 00:23:01.940
mock election on this machine and the mock
election I always like to do to keep it

00:23:01.940 --> 00:23:05.851
from getting too political is between
George Washington, the father of the

00:23:05.851 --> 00:23:10.770
country, and Benedict Arnold, the traitor
of the American Revolution. And of course

00:23:10.770 --> 00:23:16.620
everyone likes to vote for George
Washington. But these machines are so

00:23:16.620 --> 00:23:22.799
vulnerable. So I would have shown you an
attack whereby I can compromise this

00:23:22.799 --> 00:23:28.419
machine and cause it to report the wrong
election outcome without having any direct

00:23:28.419 --> 00:23:32.929
physical access to the voting machines.
Instead all an attacker needs to do is be

00:23:32.929 --> 00:23:37.419
able to infect these memory cards that
election officials use before every

00:23:37.419 --> 00:23:42.409
election to program the machine with the
design of the ballot -- that is, the

00:23:42.409 --> 00:23:46.220
races, the candidates, the rules for
counting. If an attacker can infect the

00:23:46.220 --> 00:23:51.330
memory card there are a whole host of
different ways that the attacker can

00:23:51.330 --> 00:23:57.269
compromise the machine and install malware
on the voting machine itself. There is an

00:23:57.269 --> 00:24:01.929
unauthenticated software update mechanism
that can replace the election software.

00:24:01.929 --> 00:24:06.110
There are buffer overflows in the code
that's used to read the ballot design and

00:24:06.110 --> 00:24:10.999
process it. There's even an interpreted
programming language that's used to

00:24:10.999 --> 00:24:16.320
generate the reports of who won. So you
can just replace the honest counting

00:24:16.320 --> 00:24:21.230
software with dishonest counting software
right on the memory card, and that's what

00:24:21.230 --> 00:24:25.590
will get executed and determine the
election results. Any of these ways would

00:24:25.590 --> 00:24:31.629
be sufficient. So when the machine counts
the votes at the end of the election it

00:24:31.629 --> 00:24:36.030
prints out a little cash register receipt
that becomes the official record of the

00:24:36.030 --> 00:24:40.610
result. That's controlled by the
interpreted programming language on the

00:24:40.610 --> 00:24:46.000
memory card. And on my machine, no matter
who you vote for, Benedict Arnold is going

00:24:46.000 --> 00:24:51.139
to win. And that's because the malware I
install via the memory card is in complete

00:24:51.139 --> 00:24:56.899
control of the election results. And there
are more problems than that. So these

00:24:56.899 --> 00:25:03.310
voting machines like the AccuVote TSX have
been studied by academic researchers, by

00:25:03.310 --> 00:25:08.769
independent researchers, by groups
commissioned by secretaries of state in

00:25:08.769 --> 00:25:13.360
various states around the country. And
every time the same machine is studied

00:25:13.360 --> 00:25:18.070
again, groups find new vulnerabilities.
This is part of the table of contents from

00:25:18.070 --> 00:25:23.340
a report I helped to author ten years ago
about the AccuVote TSX, and you can see

00:25:23.340 --> 00:25:28.380
just this one page of several pages of
vulnerabilities in this single machine.

00:25:28.380 --> 00:25:33.179
These things are so poorly designed;
they're so complex. Each of the voting

00:25:33.179 --> 00:25:38.299
systems has on the order of a million
lines of source code. And that's on top

00:25:38.299 --> 00:25:43.920
of, in this case, on top of an old and
unsupported version of Windows CE. There's

00:25:43.920 --> 00:25:51.029
no way that these things could possibly be
secure. But the AccuVote TSX is still used

00:25:51.029 --> 00:25:57.749
in 18 states. In many of these states it's
still used with software that predates

00:25:57.749 --> 00:26:02.130
that 2007 report I just showed you. We've
had known buffer overflows and other

00:26:02.130 --> 00:26:06.970
problems in this firmware for more than 10
years and some states still have not

00:26:06.970 --> 00:26:14.649
updated the software. That's how bad it
is. But it's not just that one machine. So

00:26:14.649 --> 00:26:20.460
in the US every state gets to pick its own
election technology. There are no federal

00:26:20.460 --> 00:26:27.140
rules that requires states to do any
particular kind of technology or testing,

00:26:27.140 --> 00:26:31.370
and you might ask, especially from the
European perspective, why don't we just

00:26:31.370 --> 00:26:38.210
count votes by hand like a civilized
country. Well here's part of the answer.

00:26:38.210 --> 00:26:44.799
This is one example of a ballot from one
part of the country and it's eight pages

00:26:44.799 --> 00:26:50.009
long. We insist on voting for not only the
federal races but the state and local

00:26:50.009 --> 00:26:56.870
races and even city races. The joke is
even for dog catcher. And this complexity,

00:26:56.870 --> 00:27:01.889
well, the counting ballots by hand scales
linearly with the number of questions and

00:27:01.889 --> 00:27:07.759
our ballots by tradition are just too
complicated to efficiently count manually.

00:27:07.759 --> 00:27:13.491
So we turn to computers, and about half
the country-- well, really there are two

00:27:13.491 --> 00:27:20.830
different styles of voting machines that
we use. Some of them are optical scanners

00:27:20.830 --> 00:27:25.750
where the voter fills in a piece of paper,
and it gets scanned in by a computer. The

00:27:25.750 --> 00:27:31.460
rest are touch screen machines and others
that we call DREs -- direct recording

00:27:31.460 --> 00:27:36.490
electronic. On these machines voters cast
a vote on the screen; it gets recorded in

00:27:36.490 --> 00:27:41.440
electronic memory; some of them will also
generate a print out of each vote, but

00:27:41.440 --> 00:27:46.890
that's relatively rare. In many cases the
only record of the vote is in a computer

00:27:46.890 --> 00:27:54.940
memory. So in study after study these
machines have been examined, and in every

00:27:54.940 --> 00:27:59.510
case, for both the optical scanners and
the DREs, where a machine has been tested

00:27:59.510 --> 00:28:04.669
by qualified people, well, it's been found
to have vulnerabilities that would allow

00:28:04.669 --> 00:28:10.510
an attacker to install vote stealing
malware and change the electronic results.

00:28:10.510 --> 00:28:19.340
Every single case. So how hard would it be
to go from hacking these individual

00:28:19.340 --> 00:28:25.360
machines to say changing the results of a
presidential election? Unfortunately much

00:28:25.360 --> 00:28:30.610
easier than we might think. There'd be
three challenges to doing this in a way

00:28:30.610 --> 00:28:36.960
that would likely be invisible. The first
challenge is that the machines are, well,

00:28:36.960 --> 00:28:40.679
many different types. They're diverse;
they're decentralized. Each state's system

00:28:40.679 --> 00:28:44.590
is independent, and thank goodness! Because
that means that we don't have just a

00:28:44.590 --> 00:28:51.850
single place you can hack into to change
results nationwide. Unfortunately, because

00:28:51.850 --> 00:28:58.529
of our electoral college system, this
diversity of technology can turn into a

00:28:58.529 --> 00:29:04.049
weakness in very close elections. So
remember I said that just any three of six

00:29:04.049 --> 00:29:09.299
states, for instance in 2016, would have
been sufficient to flip the outcome of the

00:29:09.299 --> 00:29:14.980
presidential election. Well before an
election an attacker can scan all the

00:29:14.980 --> 00:29:19.730
states, figure out which ones are most
weakly protected, and, if they can find

00:29:19.730 --> 00:29:24.899
enough weakly protected ones to strike in,
that could be sufficient to change the

00:29:24.899 --> 00:29:29.960
national results. So the attacker gets to
pick and choose, because our diversity of

00:29:29.960 --> 00:29:36.009
technology also means a diversity of
strength and weakness. The second

00:29:36.009 --> 00:29:40.230
challenge is that, as election officials
often point out, the voting machines

00:29:40.230 --> 00:29:43.960
aren't connected to the Internet, or at
least they're not supposed to be. It turns

00:29:43.960 --> 00:29:48.950
out that some of them are, because they
upload their results over a 4G cellular

00:29:48.950 --> 00:29:56.309
modem right after election results are
complete. But let's just suppose they're

00:29:56.309 --> 00:30:00.710
not connected to the Internet. All right.
It turns out that's still not enough to

00:30:00.710 --> 00:30:05.799
protect us. So as I said before every
election every single voting machine in

00:30:05.799 --> 00:30:10.789
the country has to be programmed with the
ballot design and that ballot programming

00:30:10.789 --> 00:30:15.640
is created by election officials on a
computer workstation somewhere, usually an

00:30:15.640 --> 00:30:21.650
old Windows PC. Those computer
workstations can sometimes service an

00:30:21.650 --> 00:30:26.840
entire county, sometimes an entire state.
Sometimes they're controlled by

00:30:26.840 --> 00:30:32.649
independent external contractors that can
perform work across multiple states. And

00:30:32.649 --> 00:30:37.369
if an attacker can infiltrate one of those
systems they can spread vote stealing

00:30:37.369 --> 00:30:44.039
malware on the memory cards to voting
machines across the whole region. So how

00:30:44.039 --> 00:30:48.369
hard would it be to break into one of
these systems? Well in Michigan, my state,

00:30:48.369 --> 00:30:54.210
in 2016, about three quarters of counties
outsourced this programming to just three

00:30:54.210 --> 00:30:59.279
small businesses. These are 10-20 person
companies operating in strip malls and so

00:30:59.279 --> 00:31:03.929
forth -- the same companies that the
jurisdictions buy their ballot boxes and

00:31:03.929 --> 00:31:07.989
"I voted" stickers from. Here's the
website of one of them. You can see it

00:31:07.989 --> 00:31:13.889
doesn't have HTTPS, has lots of nice high
resolution photos of their warehouse in

00:31:13.889 --> 00:31:19.039
case you want to burglarize it, and,
probably most interestingly to an

00:31:19.039 --> 00:31:22.759
attacker, they have this nice employee
directory with everyone's name,

00:31:22.759 --> 00:31:28.799
photograph, job title, and email address.
So if I wanted to break into elections in

00:31:28.799 --> 00:31:33.679
Michigan I might start by, say, forging an
email from Larry the president there to

00:31:33.679 --> 00:31:39.491
Sue his administrative assistant and say I
urgently need you to open this file. After

00:31:39.491 --> 00:31:44.549
she does, of course, it installs my malware
on their network, I'm in. I'm one step away

00:31:44.549 --> 00:31:49.690
from the election programming system and
spreading malware to machines across a

00:31:49.690 --> 00:31:56.769
quarter of the state. All right, there's
one more challenge. And that's that today

00:31:56.769 --> 00:32:01.669
more than 70 percent of US votes are
recorded on a piece of paper. And this is

00:32:01.669 --> 00:32:07.249
great! This is much more than ten years
ago because officials have been listening

00:32:07.249 --> 00:32:10.769
to computer scientists and security
experts who have been warning about the

00:32:10.769 --> 00:32:16.960
dangers of fully electronic voting. And
paper might seem like a step backwards,

00:32:16.960 --> 00:32:22.500
but it's actually a pretty high tech way
of thinking. In any kind of critical

00:32:22.500 --> 00:32:26.889
system, if we can afford to have a
physical failsafe in case of technology

00:32:26.889 --> 00:32:31.649
problems it's a good idea to do that. This
is why if you fly on a commercial

00:32:31.649 --> 00:32:36.470
aircraft... well, it has a very fancy
satellite-guided navigation system, but

00:32:36.470 --> 00:32:41.539
also, by law, there's a magnetic compas in
the cockpit. It's also why in your

00:32:41.539 --> 00:32:47.220
car...well you probably want to have a
mechanical linkage between the brake pedal

00:32:47.220 --> 00:32:54.280
and the brakes just in case... well, you
know. So paper can be a very sophisticated

00:32:54.280 --> 00:32:59.460
defense. It's relatively slow and
expensive to tally, but it's something

00:32:59.460 --> 00:33:05.399
that's verified by the voter and that
can't be changed later in a cyberattack.

00:33:05.399 --> 00:33:10.350
Meanwhile we also get an electronic record
from systems like optical scanners that's

00:33:10.350 --> 00:33:16.179
fast and cheap to tally, but unverified.
As long as we make sure that these records

00:33:16.179 --> 00:33:19.970
agree well then changing the election
result would require you to change the

00:33:19.970 --> 00:33:23.990
electronic record through a high tech
attack. And the paper records through a

00:33:23.990 --> 00:33:28.340
low tech attack and in a way that
agrees, and that would require a truly

00:33:28.340 --> 00:33:33.919
extraordinary conspiracy. And to check
that the paper is right... Well we have

00:33:33.919 --> 00:33:38.989
high tech approaches to that too. You
don't have to count all of it. In fact

00:33:38.989 --> 00:33:43.860
over the last ten years computer
scientists and statisticians have

00:33:43.860 --> 00:33:48.570
developed very sophisticated ways of just
spot checking the paper record to make

00:33:48.570 --> 00:33:53.100
sure that it's right and these are called
risks limiting audits. A risk limiting

00:33:53.100 --> 00:33:58.249
audit is a statistical process in which
you can count randomly selected ballots

00:33:58.249 --> 00:34:01.960
until you establish with high confidence
that hand counting all of them would

00:34:01.960 --> 00:34:07.539
determine the same winner. There are many
ways to do this but they all turn out to

00:34:07.539 --> 00:34:12.969
be, or many of them turn out to be
incredibly efficient. In a typical state

00:34:12.969 --> 00:34:19.809
with a fairly wide margin of victory just
spot checking a handful of ballots might

00:34:19.809 --> 00:34:23.570
be enough to establish with high
confidence that the winner really did win

00:34:23.570 --> 00:34:29.359
by a landslide. Of course if the election
result is a tie, logically you do have to

00:34:29.359 --> 00:34:34.649
look at all the ballots to establish that
it is indeed a tie. So the amount of work

00:34:34.649 --> 00:34:39.320
you have to do depends on how close the
election was. But in all cases you can

00:34:39.320 --> 00:34:44.340
find an efficient approach to determining,
without trusting the computer systems,

00:34:44.340 --> 00:34:50.569
that the paper really does reflect the
true winner. Unfortunately, well, most

00:34:50.569 --> 00:34:55.179
states don't do risk limiting audits. In
fact most states don't look at enough

00:34:55.179 --> 00:35:02.620
paper at all to determine that the winner
of a close election was genuine. So

00:35:02.620 --> 00:35:08.510
hacking a national election would probably
be easier than most of us thought. You can

00:35:08.510 --> 00:35:13.041
use pre-election polls and scanning to
determine which states to target, hack

00:35:13.041 --> 00:35:17.531
into the election management systems in
the most weakly protected ones, then

00:35:17.531 --> 00:35:22.180
infect voting machines with malware to
change, say, a few percent of the vote.

00:35:22.180 --> 00:35:26.859
The paper records might catch the fraud,
but you can rely on the fact that most

00:35:26.859 --> 00:35:31.060
states will throw it away without looking
at enough of it to determine who actually

00:35:31.060 --> 00:35:41.470
won. And that's the sorry situation that
unfortunately in 2018 we are still in. So

00:35:41.470 --> 00:35:47.859
since 2016, however, there has been a
change in mindset. Increasingly election

00:35:47.859 --> 00:35:52.640
officials have been listening to the
scientific community when we say you need

00:35:52.640 --> 00:35:57.549
a paper trail, and they're starting to
think that that is correct. Almost all

00:35:57.549 --> 00:36:03.329
states that don't have paper trails today
at least have people strongly advocating

00:36:03.329 --> 00:36:09.599
for replacing the equipment that's there.
And most other states, well, they at least

00:36:09.599 --> 00:36:13.920
have people starting to look into the
security and testing the security of other

00:36:13.920 --> 00:36:18.359
election related computer systems, like
their voter registration systems, to make

00:36:18.359 --> 00:36:24.280
sure that they're shored up. Now you don't
have to take it from me that paper ballots

00:36:24.280 --> 00:36:29.650
and post election audits are the way to go
to secure our election systems. Just this

00:36:29.650 --> 00:36:36.030
fall the National Academies of Science
Engineering and Medicine -- the authority

00:36:36.030 --> 00:36:40.410
on scientific advice to government --
released a report with their highest level

00:36:40.410 --> 00:36:45.740
of advice -- a consensus report -- urging
the adoption of paper and risk limiting

00:36:45.740 --> 00:36:51.270
audits, pointing out that this is a
pragmatic, robust, and necessary defense

00:36:51.270 --> 00:36:57.420
for elections. This report was written in
conjunction with election officials.

00:36:57.420 --> 00:37:01.869
People with experience administering
elections and it just goes to show you

00:37:01.869 --> 00:37:06.606
that at least the election officials who
have taken the time to understand the

00:37:06.606 --> 00:37:13.766
threat are waking up and starting to pay
attention to the path to a solution. The

00:37:13.766 --> 00:37:19.460
problem is that that solution will take
time to implement. And if we look at which

00:37:19.460 --> 00:37:24.890
states still don't have a paper trail, it
turns out that there are 14 where some or

00:37:24.890 --> 00:37:31.660
all votes still aren't recorded on paper,
and it's going to take between 130 and 420

00:37:31.660 --> 00:37:35.559
million dollars according to credible
estimates to replace all the machines

00:37:35.559 --> 00:37:41.410
still in those states. Some of them like
Pennsylvania are working to do that now,

00:37:41.410 --> 00:37:46.630
but in other states there still are no
plans in effect to get rid of the

00:37:46.630 --> 00:37:52.600
vulnerable machines. If we look at the
national map for post-election audits

00:37:52.600 --> 00:37:57.870
though the picture is a lot worse. And
this is what concerns me most. Although

00:37:57.870 --> 00:38:04.030
many states in 2018 did small pilots of
risk limiting audits, the majority of

00:38:04.030 --> 00:38:11.860
states still do not conduct audits that
can rigorously guarantee the electronic

00:38:11.860 --> 00:38:18.799
results of an election. And many still
have no plans to do so in time for 2020.

00:38:18.799 --> 00:38:22.369
Because risk limiting audits are so
efficient, the cost for auditing

00:38:22.369 --> 00:38:28.130
nationwide is ridiculously small. It would
cost according to my estimates less than

00:38:28.130 --> 00:38:33.410
25 million dollars a year to audit every
federal race nationally, potentially a lot

00:38:33.410 --> 00:38:38.099
less than that. But it requires
organizational on the ground. And

00:38:38.099 --> 00:38:44.660
unfortunately in our system operations on
the ground are conducted by about 13.000

00:38:44.660 --> 00:38:51.359
local jurisdictions on Election Day. We
need national leadership. We need much

00:38:51.359 --> 00:38:57.380
more dispersed expertise in order to get
these protections in place, because if you

00:38:57.380 --> 00:39:03.450
don't actually look at the paper you might
as well not have it in the first place. So

00:39:03.450 --> 00:39:09.460
this year did see some movement in
Congress. In the spring, as part of the

00:39:09.460 --> 00:39:14.650
omnibus appropriations process, Congress
gave the states 380 million dollars in

00:39:14.650 --> 00:39:20.160
emergency election funding in order to
start working to secure their registration

00:39:20.160 --> 00:39:24.720
systems and polling places. This was great
in that it was money available

00:39:24.720 --> 00:39:29.089
immediately, and if you've been paying
attention, getting Congress to do much of

00:39:29.089 --> 00:39:34.810
anything these days is pretty hard. On the
other hand the money came with very

00:39:34.810 --> 00:39:41.069
limited oversight, with no standards about
how that money should be used, and isn't

00:39:41.069 --> 00:39:46.079
even enough to eliminate all of the
paperless machines because of the way it's

00:39:46.079 --> 00:39:52.490
spread out amongst the states. But it's an
important first step. We can look at a few

00:39:52.490 --> 00:39:58.040
of the states to see how they're doing,
and I pick these as a representative

00:39:58.040 --> 00:40:06.050
sample of the diversity of progress. In
Maryland, for instance, which until 2016

00:40:06.050 --> 00:40:09.620
used AccuVote touch-screen machines,
vulnerable to all of those problems I

00:40:09.620 --> 00:40:15.859
talked about, finally replaced the
machines with paper ballots. That's a huge

00:40:15.859 --> 00:40:22.630
step forward. Unfortunately Maryland,
instead of auditing them by having people

00:40:22.630 --> 00:40:27.000
look at the ballots, decided it would be
more efficient to audit them by having

00:40:27.000 --> 00:40:33.220
people look at digital scans of the
ballots from the voting machines. As I

00:40:33.220 --> 00:40:38.430
think everyone in this room probably
realizes, but maybe some in a broader

00:40:38.430 --> 00:40:45.530
audience would not, it's pretty easy to
manipulate digital photographs. In fact I

00:40:45.530 --> 00:40:50.690
have work from students in an
undergraduate security class I taught this

00:40:50.690 --> 00:40:56.049
term who implemented a machine learning
algorithm that can take scans of ballots

00:40:56.049 --> 00:41:00.970
and just automatically change the marked
results to produce whatever outcome you

00:41:00.970 --> 00:41:06.720
want, and we'll have more on that in
a publication this spring. But

00:41:06.720 --> 00:41:12.270
unfortunately these audits are security
theater. They might catch human error, but

00:41:12.270 --> 00:41:16.859
they're not going to catch a sophisticated
attacker who has the ability to manipulate

00:41:16.859 --> 00:41:21.900
how the machines are reading the ballots,
can be easily fooled by malware. So I give

00:41:21.900 --> 00:41:28.700
Maryland on the whole maybe a "C".
Pennsylvania, another state that just two

00:41:28.700 --> 00:41:32.161
years ago during the recounts was
practically a laughing stock of the

00:41:32.161 --> 00:41:37.820
country for its lack of paper records of
votes and it's byzantine rules about

00:41:37.820 --> 00:41:42.990
recounting them, well, today is making
really good progress. The state recently

00:41:42.990 --> 00:41:47.270
committed to replacing all of its
paperless machines with paper ballots in

00:41:47.270 --> 00:41:53.819
time for the 2020 election, and it's
committed to implementing a robust post

00:41:53.819 --> 00:42:00.930
election audits by 2022. Unfortunately,
2022 is going to be too late to secure the

00:42:00.930 --> 00:42:06.599
2020 presidential election, and this just
emphasizes the need to get moving more

00:42:06.599 --> 00:42:12.270
quickly. There were also questions about
whether the auditing regime they implement

00:42:12.270 --> 00:42:17.240
will be truly statistically rigorous.
There are a lot of details to get right,

00:42:17.240 --> 00:42:22.340
but on the whole, Pennsylvania has made so
much progress. I think out of sympathy I

00:42:22.340 --> 00:42:28.261
can give them a "B". All right, now let's
look at a top performer. This is the state

00:42:28.261 --> 00:42:34.890
of Colorado. Colorado has become a leader
in election security, because not only

00:42:34.890 --> 00:42:40.819
does it have paper ballots statewide,
largely vote by mail which has its own

00:42:40.819 --> 00:42:45.260
problems, but that's a subject for later.
But Colorado also was the first state in

00:42:45.260 --> 00:42:49.090
the country to implement these
statistically robust risk limiting audits

00:42:49.090 --> 00:42:53.809
statewide and has been doing it since
2017. They've got both of these critical

00:42:53.809 --> 00:42:58.800
protections in place, and yes, they
actually do choose the random seed for

00:42:58.800 --> 00:43:02.839
sampling the ballots during the risk
limiting audit by rolling a set of

00:43:02.839 --> 00:43:08.140
10-sided dice. So that's a great way to do
it in a public ceremony. So Colorado gets

00:43:08.140 --> 00:43:15.731
an "A". They're very well protected by
these standards. Then there's Georgia. So

00:43:15.731 --> 00:43:23.260
Georgia in 2018 voted statewide with the
AccuVote TSX voting machine, the one that

00:43:23.260 --> 00:43:29.720
FedEx has that I've hacked. They haven't
updated this software in their AccuVote

00:43:29.720 --> 00:43:37.130
TSX machines since 2005, and they claim
that the machines and their election

00:43:37.130 --> 00:43:43.510
programming systems are air gapped. But
during a court hearing about this earlier

00:43:43.510 --> 00:43:47.990
this fall their head of elections
described that their system was air

00:43:47.990 --> 00:43:52.119
gapped. Yes it's perfectly secure. It's
air gapped. The only way you can get into

00:43:52.119 --> 00:43:58.080
it is through the bank of modems attached
to it. It's air gapped except the bank of

00:43:58.080 --> 00:44:03.569
modems. Also it turns out he programs it
by moving a USB stick back and forth from

00:44:03.569 --> 00:44:11.700
his personal laptop. <i>Sigh</i> Georgia also
of course doesn't have robust audits,

00:44:11.700 --> 00:44:15.770
because, well, meaningful post election
audits would require a paper trail, and

00:44:15.770 --> 00:44:21.079
none of those machines have paper. This
alone would be enough to give Georgia an

00:44:21.079 --> 00:44:26.859
"F". Except there's one more thing: their
voter registration system also was shown

00:44:26.859 --> 00:44:33.839
in 2018 to have some problems. So you're
not going to believe this story. One more

00:44:33.839 --> 00:44:41.260
story. So in Georgia they do online voter
registrations through a Web site. And in

00:44:41.260 --> 00:44:49.380
2018 just a few days before the election
the Georgia Democratic party learned from

00:44:49.380 --> 00:44:54.590
one of it's-- from someone working for
them, from a volunteer, about a series of

00:44:54.590 --> 00:44:59.500
vulnerabilities in this voter registration
system. While it turned out that you could

00:44:59.500 --> 00:45:03.990
read and manipulate anyone's voter
registration records just by changing a

00:45:03.990 --> 00:45:10.750
sequential ID number in a particular URL.
There was another URL for viewing a sample

00:45:10.750 --> 00:45:14.170
ballot, that if you just change the path
of the file it pointed to you could read

00:45:14.170 --> 00:45:20.721
any file and the server's filesystem. Well
these are pretty bad problems, right? Even

00:45:20.721 --> 00:45:24.589
though Georgia apparently had gone through
the process of having a security

00:45:24.589 --> 00:45:29.610
assessment of its registration system
performed and didn't catch these, well...

00:45:29.610 --> 00:45:33.760
So the Democrats less than five days
before the election learned of these

00:45:33.760 --> 00:45:37.910
problems and disclosed them to the
Secretary of State's office which is

00:45:37.910 --> 00:45:43.400
responsible for running the election
system. There is Secretary of State Brian

00:45:43.400 --> 00:45:49.569
Kemp, who, also, it turned out, was
candidate for governor in a very close

00:45:49.569 --> 00:45:54.799
race. So not only was he running the
election system, but he was the candidate

00:45:54.799 --> 00:46:00.339
in the most important race in the state
where the polls were projecting that the

00:46:00.339 --> 00:46:06.340
election was going to be a dead heat. So
an hour after receiving the security

00:46:06.340 --> 00:46:12.190
disclosure, Secretary Kemp's office put
out a press release with this headline:

00:46:12.190 --> 00:46:16.440
That after a failed hacking attempt
they're launching an investigation into the

00:46:16.440 --> 00:46:24.790
Georgia Democratic Party and they've
called the FBI on the Democrats. So...

00:46:24.790 --> 00:46:32.140
Brian Kemp won the election and is now the
governor elect of Georgia. So this guy who

00:46:32.140 --> 00:46:36.660
did so well handling the security of the
voting system while he was secretary of

00:46:36.660 --> 00:46:42.710
state is now the head political officer of
the state of Georgia. I think Georgia's

00:46:42.710 --> 00:46:47.770
"F" just might stick with them through
2020. So...

00:46:47.770 --> 00:46:55.510
<i>applause</i>
H: Thank you. So there is hope though. I

00:46:55.510 --> 00:47:01.250
want to end on a message of hope, because
despite this, with all of these different

00:47:01.250 --> 00:47:07.010
levels of rigor and of readiness across
the different states I believe we need

00:47:07.010 --> 00:47:12.020
more national leadership, national
standards, and national resources thrown

00:47:12.020 --> 00:47:18.670
into securing elections. And a bill to do
just these things made a lot of progress

00:47:18.670 --> 00:47:24.029
in the Senate during the past term. This
is a bill called the Secure Elections Act

00:47:24.029 --> 00:47:29.890
that was introduced by Senators Lankford,
Republican of Oklahoma, and Klobuchar,

00:47:29.890 --> 00:47:35.290
Democrat of Minnesota. And it ended up
gathering a large number of bipartisan

00:47:35.290 --> 00:47:41.400
sponsors, split evenly between Republicans
and Democrats. It would have required

00:47:41.400 --> 00:47:46.410
states to adopt paper, to adopt strong
audits, and to adopt stronger information

00:47:46.410 --> 00:47:50.710
sharing practices to let each other and
the federal government know if they saw

00:47:50.710 --> 00:47:57.869
signs of people trying to break in. This
bill made it a long way, but unfortunately

00:47:57.869 --> 00:48:03.400
got stuck in the committee after some
opposition from the White House just days

00:48:03.400 --> 00:48:07.520
before it was going to be marked up and
hopefully then made it make its way to the

00:48:07.520 --> 00:48:12.760
floor. But this shows that bipartisan
cooperation is possible even in this

00:48:12.760 --> 00:48:17.069
Congress, and that there are a lot of
serious people who now realize that

00:48:17.069 --> 00:48:22.160
election cybersecurity is a matter of
national security and defense. I think in

00:48:22.160 --> 00:48:26.460
the next Congress there's a good
possibility that we will see effective

00:48:26.460 --> 00:48:31.970
legislation to provide national standards
and leadership for elections. But it's a

00:48:31.970 --> 00:48:39.299
question of threading a political needle
and getting Congress to act. So to defend

00:48:39.299 --> 00:48:44.599
our elections we don't need rocket
science. We need simple steps like

00:48:44.599 --> 00:48:51.420
applying security best practices and
expertise to secure registration servers,

00:48:51.420 --> 00:48:56.430
adopting a paper record of every vote, and
applying simple post-election audit

00:48:56.430 --> 00:49:01.860
techniques to make sure the paper record
is right. If we do these things well we'll

00:49:01.860 --> 00:49:07.569
have a much more robust and evidence-based
election system that can detect and

00:49:07.569 --> 00:49:13.010
recover from attack attempts.
Unfortunately today our dialogue about

00:49:13.010 --> 00:49:18.170
elections isn't based on evidence. It's
largely based on faith: on faith in the

00:49:18.170 --> 00:49:23.641
democratic process, on faith in the people
and the technology that's responsible. But

00:49:23.641 --> 00:49:29.410
I think voters deserve better. Voters
deserve, if they're reasonably skeptical,

00:49:29.410 --> 00:49:33.550
to have it proven to them that the
election result was right, and that is

00:49:33.550 --> 00:49:38.480
possible with simple and practical
technology that we have today. All it's

00:49:38.480 --> 00:49:43.170
going to take is national leadership to
make sure that all states, even states like

00:49:43.170 --> 00:49:49.880
Georgia, adopt the necessary protections
soon. So what can you do? Well as a hacker

00:49:49.880 --> 00:49:55.250
or a computer scientist you can work with
your election officials to help explain

00:49:55.250 --> 00:50:00.420
the technology, the threats, and the
defenses. You can work to explain the

00:50:00.420 --> 00:50:05.640
threats to the public, because we all need
to understand, just as a matter of modern

00:50:05.640 --> 00:50:10.540
civics, how elections can be attacked and
defended. You can work to build better

00:50:10.540 --> 00:50:15.720
ways to use technology to make voting on
paper easier and more efficient. While

00:50:15.720 --> 00:50:20.450
technology can help voting in a lot of
ways, just... we shouldn't trust it is the

00:50:20.450 --> 00:50:26.369
only way in which votes are counted and
results are determined. And as a citizen,

00:50:26.369 --> 00:50:30.559
well, you can demand that election
authorities implement paper and risk

00:50:30.559 --> 00:50:34.690
limiting audits. Get involved through
activist groups to help campaign for

00:50:34.690 --> 00:50:41.040
protections like this, and especially
please urge the U.S. Congress to pass

00:50:41.040 --> 00:50:45.730
legislation like the Secure Elections Act
and similar bills to make sure that

00:50:45.730 --> 00:50:51.720
election systems across our country
achieve these security properties. You can

00:50:51.720 --> 00:50:56.770
learn more from an online course I have
for free on Coursera called Securing

00:50:56.770 --> 00:51:02.230
Digital Democracy that provides several
weeks' worth of material about the history

00:51:02.230 --> 00:51:07.589
and the technology of election defenses.
But we've got to get going. It's only been

00:51:07.589 --> 00:51:12.089
two years, believe it or not, since Donald
Trump became president, and it's only

00:51:12.089 --> 00:51:16.289
about 22 months until the next
presidential election. It's time to get

00:51:16.289 --> 00:51:18.480
moving. Thank you.

00:51:18.480 --> 00:51:30.660
<i>applause</i>

00:51:30.660 --> 00:51:39.020
Herald Angel: thank you very much. What I
got from this talk is it takes 27,400

00:51:39.020 --> 00:51:46.510
people, so we have to scale up Congress.
We're going to do a Q&amp;A. And I think we'll

00:51:46.510 --> 00:51:52.561
just start with Mic number two
because I can see that one.

00:51:52.561 --> 00:52:00.410
Question: Thanks for the great talk. What
if someone targets the-- <i>Mic problems</i>

00:52:00.410 --> 00:52:06.899
<i>Mumbling</i>
Herald: Um, we need mic #2 live.

00:52:08.359 --> 00:52:10.869
Question: Does this work? Hello?
<i>silence</i>

00:52:15.519 --> 00:52:18.499
Angel: Try again
Question: Hello? Ok great. Thanks for the

00:52:18.499 --> 00:52:23.520
great talk. What if someone targets the
randomness in your risk-limiting audit?

00:52:23.520 --> 00:52:27.431
Q: Doesn't that pose a vulnerability?
Speaker: Oh yes. Definitely you need to have

00:52:27.431 --> 00:52:31.740
a secure randomness in whatever auditing
method you're doing if it's going to be by

00:52:31.740 --> 00:52:37.760
a statistical sampling. That's one reason
why the auditing techniques that Colorado

00:52:37.760 --> 00:52:43.289
practices, they actually have a public
ceremony in which officials throw dice in

00:52:43.289 --> 00:52:48.520
front of TV cameras in order to pick the
random seed. But a lot of thought has to

00:52:48.520 --> 00:52:53.260
go into designing that process well, so
that it's not only truly random but also

00:52:53.260 --> 00:52:57.230
something that people can know and believe
is truly random. Thank you

00:52:57.230 --> 00:53:06.029
Angel: OK Mic number six
Question: Thank you so much for the talk.

00:53:06.029 --> 00:53:10.799
You spoke about how in Georgia the
disclosure of vulnerabilities was

00:53:10.799 --> 00:53:18.150
punished, almost. Is there any talk or
movement towards having something like bug

00:53:18.150 --> 00:53:23.970
bounties for Election Systems?
Speaker: Yes in fact there is another bill

00:53:23.970 --> 00:53:29.390
that was introduced in Congress that would
do just that, and establish a kind of bug

00:53:29.390 --> 00:53:36.441
bounty program. I'm not sure that that
idea yet has a lot of legs, but I think it

00:53:36.441 --> 00:53:41.819
would help. I think right now though we
don't really need all that much more

00:53:41.819 --> 00:53:47.369
incentive for people to want to try to
help secure democracy. A lot of people,

00:53:47.369 --> 00:53:51.829
including I'm sure a lot of people in this
room, would gladly volunteer to do so. We

00:53:51.829 --> 00:53:55.940
need a way of organizing that effort and
making sure that people can discover and

00:53:55.940 --> 00:54:00.980
report problems without fear of having it
turn into some political weapon to be used

00:54:00.980 --> 00:54:05.150
against them.
Angel: Mic number one

00:54:05.150 --> 00:54:10.930
Question: Hey thanks for the talk. Like
the case in Georgia doesn't sound that

00:54:10.930 --> 00:54:14.529
terrible because like in Lithuania a couple
of years ago we've had this issue where you

00:54:14.529 --> 00:54:20.510
just didn't need to change the URL you
just did have to refresh the page and here

00:54:20.510 --> 00:54:29.230
you go. You have the information about a
different citizen. My question is, like,

00:54:29.230 --> 00:54:35.799
what if the paper trail leads to the
knowledge that the election was rigged in

00:54:35.799 --> 00:54:41.200
some particular area like two years after
the election or like one year after the

00:54:41.200 --> 00:54:43.609
election? What happens then? Does it
change anything?

00:54:43.609 --> 00:54:49.480
Speaker: A year or so after an election
would be a great catastrophe if we only learned

00:54:49.480 --> 00:54:53.579
then that the political leaders were not
legitimately elected. We don't really have

00:54:53.579 --> 00:55:01.630
any precedent for that. That's why the
recommendation and what some states like

00:55:01.630 --> 00:55:05.200
Colorado are starting to do is, they're
implementing stronger audits, is to make

00:55:05.200 --> 00:55:09.640
sure the audits are completed as soon as
possible, ideally before the election

00:55:09.640 --> 00:55:16.769
results is certified. I recently came out
with a paper with Phillip Stark and Ron

00:55:16.769 --> 00:55:21.640
Rivest that gives an audit system that you
can start doing even the moment polls

00:55:21.640 --> 00:55:27.849
close on election night and perhaps have,
in a not so close election, a full complete

00:55:27.849 --> 00:55:33.800
audit by the time results are announced on
election night. So it's possible to do it

00:55:33.800 --> 00:55:39.900
quickly with sufficient organization.
Angel: OK. Microphone number 8

00:55:40.770 --> 00:55:50.380
Question: Hi I'm curious about the
attribution of attacks. Is there possibly

00:55:50.380 --> 00:55:56.730
any instance at which you would be not
sure that it was Russia that performed the

00:55:56.730 --> 00:56:03.320
attacks, or maybe it was China. So how do
you know that it was exactly Russia, or

00:56:03.320 --> 00:56:10.799
China or India?
Speaker: So all we have to go by really is the

00:56:10.799 --> 00:56:16.160
assertions of our intelligence agencies in
the U.S. and in some cases like for the

00:56:16.160 --> 00:56:21.000
Democratic National Committee breaches the
assertions of private security firms that

00:56:21.000 --> 00:56:26.560
were involved in the investigations. I
agree with you, attribution in general is a

00:56:26.560 --> 00:56:32.390
darn hard problem. But if you're willing
to accept the credibility of the

00:56:32.390 --> 00:56:37.119
intelligence reports and read between the
lines just a little bit it looks like the

00:56:37.119 --> 00:56:43.279
reason, the basis for their attribution, is
largely not technical but based on

00:56:43.279 --> 00:56:47.339
intercepted communication of people who
were involved in organizing the attacks in

00:56:47.339 --> 00:56:52.590
Russia. And I think more information about
that is likely to come out as the Mueller

00:56:52.590 --> 00:56:58.500
investigations proceed. So I mean there's
some necessary grain of salt. You can see

00:56:58.500 --> 00:57:04.869
what incentive people might have to try to
trump up, so to speak, the involvement

00:57:04.869 --> 00:57:08.900
of Russia. But you can also see in the
current political climate why at least the

00:57:08.900 --> 00:57:14.200
executive branch would have a reason to
try to tone down allegations of Russia's

00:57:14.200 --> 00:57:20.160
involvement. So you'll have to interpret
the weight of the evidence as you will.

00:57:20.160 --> 00:57:24.640
Angel: OK, the last question
from the Internet.

00:57:24.640 --> 00:57:28.650
Angel: We're running out of time. Sorry.
Question: Has any organization or group

00:57:28.650 --> 00:57:32.079
unveiled a voting machine designed to
address all of the security issues that

00:57:32.079 --> 00:57:35.059
you have brought up here? Is there a
solution to the problem?

00:57:35.059 --> 00:57:38.730
Speaker: I'm sorry could you repeat the
beginning of that question?

00:57:38.730 --> 00:57:43.119
Question: Has any group or organization
unveiled a voting machine that is designed

00:57:43.119 --> 00:57:46.470
to address all of those security issues
that have grown up?

00:57:46.470 --> 00:57:52.329
Speaker: OK so there are efforts to
develop voting machines that are based on open

00:57:52.329 --> 00:58:00.490
source software, that are based on better
validated software. Benedita, a researcher

00:58:00.490 --> 00:58:07.089
in this area who has done a lot of great
work is one person who's recently launched

00:58:07.089 --> 00:58:13.740
an effort to do that, although there are
others. And I think that will help. But at

00:58:13.740 --> 00:58:17.809
the end of the day I think however well-
designed the software and our voting

00:58:17.809 --> 00:58:22.160
machines is, that can raise the bar for
attacks, but it's never going to be enough

00:58:22.160 --> 00:58:27.160
to also be able to convince skeptical
voters that everything is OK, because,

00:58:27.160 --> 00:58:31.109
well, among other things, how do you know
that that software is really what's

00:58:31.109 --> 00:58:36.530
running in the machines that are counting
your votes? So there's a lot we can do to

00:58:36.530 --> 00:58:41.750
make voting machines better. At the end of
the day they're also going to have to have

00:58:41.750 --> 00:58:47.709
that paper trail and those statistical audit
so that everyone can believe the results.

00:58:47.709 --> 00:58:52.259
Angel: Thank you very much. 
That concludes the talk.

00:58:52.259 --> 00:59:00.219
Speaker: Thank you.
<i>applause</i>

00:59:00.219 --> 00:59:04.940
Angel: I think you'll be around for a few more
answers on the Congress, so everybody who

00:59:04.940 --> 00:59:08.750
is here can ask questions in person.
Speaker: I will and hopefully tomorrow

00:59:08.750 --> 00:59:11.799
there'll be a Diebold voting machine
somewhere around here for everyone

00:59:11.799 --> 00:59:16.220
to hack themselves. Thank you again.
Angel: Let's hack that thing.

00:59:16.220 --> 00:59:20.380
<i>postroll music</i>

00:59:20.380 --> 00:59:39.000
subtitles created by c3subtitles.de
in the year 2018. Join, and help us!