By Joseph Marks

Democratic National Committee Chairman Tom Perez. (Scott Olson/Getty Images)
The Democratic National Committee’s decision to recommend scrapping phone-in virtual caucuses in Iowa and Nevada is pitting security hawks, who say those systems are ripe for hacking, against Democratic activists who want to increase voter participation.
The DNC announcement on Friday comes after a test of the phone-in systems showed they were vulnerable to hacking, as my colleagues Isaac Stanley-Becker and Michael Scherer reported. That confirmed the suspicions of cybersecurity experts who have long argued there’s no way to ensure the authenticity of votes that aren’t cast in person — including votes cast by email, websites or mobile phones.
But it was a blow to activists who want to make it easier for people to participate in the democratic process — and who say lengthy in-person caucuses exclude people who work long hours or are caring for young children.
Iowa and Nevada developed their phone-in systems after the DNC urged caucus states in 2018 to either switch to primaries — which are speedier — or make it easier for people to participate remotely. The Iowa system would have allowed voters to register for a unique PIN number and use that PIN when they called in to vote for a candidate, my colleagues reported.
The DNC move also sparked the ire of some 2020 presidential hopefuls.
“It’s important if we’re going to win this election against Donald Trump in 2020 that you get people off the sidelines,” Julián Castro said in a video message after the DNC announcement. “And you ain’t going to get them off the sidelines if you promise people that you’re going to have more opportunity to get out and vote and now you go back on your word.”
The DNC should either “figure out a secure virtual caucus process” or set up another option for people to caucus remotely such as mail-in ballots, said Castro, who was housing secretary during the Obama administration.
The DNC has disallowed plans to increase participation in the first-in-the-nation caucus state.— Julián Castro (@JulianCastro) August 30, 2019
I strongly urge the DNC to embrace our party's values and allow absentee voting, either through a virtual caucus, mail-in, or early voting process. pic.twitter.com/V85BIJtq4v
New York City Mayor Bill de Blasio acknowledged that “cybersecurity is a very serious threat to our democracy” but said it’s “imperative that the DNC reconsider its decision and immediately get to work, in partnership with the Iowa Democratic Party, to ensure the caucus is both safe from interference and accessible to all.”
Author and activist Marianne Williamson urged the DNC to reconsider the virtual caucus and “assure it’s a safe and secure process where every vote counts.”
.@marwilliamson says "Iowa’s Virtual Caucuses are an important and innovative step to increase voter participation in Iowa...We need to assure its a safe and secure process where every vote counts." pic.twitter.com/jwaiO8Ax3A— Adam Brewster (@adam_brew) August 30, 2019
Other top polling candidates — Sens. Elizabeth Warren (Mass.), Bernie Sanders (Vt.) and Kamala Harris (Calif.) and South Bend Ind. Mayor Pete Buttigieg — didn't respond to queries I sent out about the DNC decision over the holiday weekend.
Security advocates, however, warn there’s no quick fix that will make phone-based voting systems secure against determined hackers from Russia and elsewhere.
It’s tough enough, they say, to protect the cybersecurity of traditional voting machines, which are designed to be segregated from the Internet and other key avenues for hacking. Mobile phones, by contrast, are online by default, connect frequently to unsecured and hackable wireless networks and are filled with apps that could be compromised by hackers.
Those hackers could either cast phony votes to deliver the caucus to a preferred candidate, they say, or simply cast enough doubt on the caucuses that voters don’t trust the results.
“Expanding caucus participation is a worthy goal, however phone and internet-based caucusing is simply too vulnerable to attack by foreign hackers,” Sen. Ron Wyden (D-Ore.), one of the top cybersecurity hawks in Congress, said in a statement.
Wyden warned that “one of the biggest lessons from 2016,” when Russia launched a hacking and disinformation operation aimed at helping Donald Trump win the presidency, “is that election officials and parties must make cybersecurity a key consideration for every decision in our elections process.”
Nevada Deputy Secretary for Elections Wayne Thorley expressed reservations about the state’s phone-in caucus system during a panel discussion I moderated at the Def Con cybersecurity conference in Las Vegas last month.
“I wouldn’t advocate for voting over telephone right now, but they have gone the route of trying to be as inclusive as possible,” Thorley said of the state Democratic Party’s effort.
“Sometimes security and accessibility are at odds,” Thorley said, adding that the party had “come down on the side of accessibility and I think sacrificed some of the security.”
The DNC recommendation came in a Friday memo from Chairman Tom Perez and the co-chairmen of the DNC’s Rules and Bylaws Committee, which found there was “no tele-caucus system available that meets our standard of security and liability.” That recommendation must still be formally approved by the full Rules and Bylaws Committee, though it’s sure to follow its leaders’ recommendation.
Iowa Democratic Party Chairman Troy Price said in a statement the party would accept the DNC’s decision.
“We are obviously disappointed by this outcome, and we continue to have confidence in the abilities of our vendors, but if the DNC does not believe the virtual caucus can be secure, then we cannot go forward,” Price said.

Secondary students wear face masks during a school strike in Hong Kong on Monday. (Kin Cheung/AP)
PINGED:
The Chinese government may have been behind a digital attack that
temporarily knocked a prominent online organizing service for Hong Kong
protesters offline, Bloomberg's Shelly Banjo reports.
The
forum, LIHKG, stopped working after a surge of traffic from servers
around the world flooded the site with 1.5 billion visitors. The attack,
known as a distributed denial-of-service attack, crashed the website.
Although the group behind the forum did not call out China specifically,
it released a statement saying it suspected a "national level power"
may have been behind the attack.
This is the second
large cyberattack to hit a technology used by protesters in Hong Kong to
organize against Beijing's power. In June, shortly after the protests
began, the popular encrypted messaging app Telegram was also knocked offline. The company's CEO suggested that China may have been behind the attack.

Apple iPhone X (Michael Nagle/Bloomberg News)
PATCHED:
The Chinese government may also be responsible for a nearly
two-year campaign to use phony websites to infect iPhones and
give hackers access to their owners' messages, passwords and even
"near-real time" location data. The wide-reaching attack, which
was first reported by Google researchers last week, was likely launched
by Beijing to increase surveillance of its Uighur Muslim minority,
sources told Tech Crunch's Zack Whittaker.
Thomas Brewster at Forbes also found the Chinese government was likely responsible for the attack
and revealed that it also targeted Android and Windows devices, making
the scope of the attack much wider than the Google report
suggested. Google did not comment on either new report. The initial
Google report didn't reveal a specific target for the attack or name the
malicious websites it relied on, as Dell Cameron at Gizmodo reported.
Apple patched the vulnerabilities in February.

Vice President Pence and Polish Prime Minister Mateusz Morawiecki display an agreement they signed in Warsaw on Monday. The United States and Poland agreed to cooperate on new 5G technology amid growing concerns about Chinese telecommunications giant Huawei. (Petr David Josek/AP)
PWNED:
Poland joined the United States in an agreement to cooperate on
thoroughly vetting suppliers of 5G network equipment to prevent
cybersecurity risks, the AP's Jill Colvin reports.
The joint declaration comes as the Trump administration continues to
pressure foreign allies to exclude the Chinese telecom Huawei from
supplying 5G technology, citing concerns it could be an espionage tool
for Beijing.
Vice President Mike Pence said he
hopes the declaration can set a “vital example for the rest of Europe on
the broader question of 5G.” But European allies, including Great
Britain and Germany, have consistently pushed back against U.S. calls to
ban Huawei from their 5G building process. Unlike those nations, Poland
has a relatively minimal trade relationship with China, as the Wall Street Journal notes. So far only a handful of U.S. allies including Australia and New Zealand have agreed to completely ban Huawei from their 5G networks.
The
Monday declaration doesn't mention Huawei by name, but it seems to be
the obvious target of the Trump administration, whichhas imposed
numerous restrictions on the Chinese telecom.“We recognize 5G networks will only be as strong as their weakest link,” Marc Short, Pence's chief of staff, said, adding, “We must stand together to prevent the Chinese Communist Party from using subsidiaries like Huawei to gather intelligence while supporting China’s military and state security services — with our technology.”
PUBLIC KEY
— Cybersecurity news from the public sector:
The
Roaring Fork School District says hackers breached a database of
special-education students and teachers but didn’t obtain any social
security numbers or financial information.
The Denver Post
The Denver Post
The
Louisiana Cyber Coordination Center will be home to the state National
Guard’s cybersecurity activities and two private-sector firms.
StateScoop
StateScoop
In
a rare feat, French police have hijacked and neutralized a massive
cryptocurrency mining botnet controlling close to a million infected
computers. The notorious Retadup malware infects computers and starts
mining cryptocurrency by sapping power from a computer’s processor.
TechCrunch
TechCrunch
— Cybersecurity news from the private sector:
A
federal grand jury indicted Paige Thompson, the accused Capital One
hacker, in connection with allegations that she accessed data on more
than 30 companies and used that illicit access to generate
cryptocurrency, the Justice Department said Wednesday.
CyberScoop
CyberScoop
— Cybersecurity news from abroad
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.