Re: Our Caucus Reporting is Secure.. Trust Us!

CraginS · ‎01-14-2020

Election 2020 Tech Report

The Democrat Party in Iowa will be using a new smartphone app at each caucus location for their primary decision meetings in February to report results back to a central point for compilation and reporting.

They have promised that the app is secure; security is very important to them!

Only, they will not say who designed it, how it was tested, or why it is to be installed on personal cell phones instead of enterprise units that would be under full configuration control.

Nice article on NPR delves into the details:

Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App

January 14, 2020

Transparency? Who needs transparency? Trust us, you know you cnm.

Craig

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

AppDefects · ‎01-14-2020

@CraginS wrote:
Election 2020 Tech Report
The Democrat Party in Iowa will be using a new smartphone app at each caucus location for their primary decision meetings in February to report results back to a central point for compilation and reporting.
They have promised that the app is secure; security is very important to them!

Security by obscurity is alive and well in 2020!

"Security is a priority"

"There is virtually no risk that a cyberattack on the app could change the results of the caucus and go undetected.

denbesten · ‎01-14-2020

@AppDefects wrote:
"There is virtually no risk that a cyberattack on the app could change the results of the caucus and go undetected.

A little more context makes it clear that they are depending on a feedback loop as the final step in detecting data corruption, rather than relying solely on the immutability of communications.

Because caucusing is an in-person process, verified by witnesses, there is virtually no risk that a cyberattack on the app could change the results of the caucus and go undetected. If the wrong results were reported because of a hack, there would be people from each precinct who could correct it, and paper records.

CraginS · ‎01-15-2020

@denbesten wrote:
@AppDefects wrote:
"There is virtually no risk that a cyberattack on the app could change the results of the caucus and go undetected.
A little more context makes it clear that they are depending on a feedback loop as the final step in detecting data corruption, rather than relying solely on the immutability of communications.

Because caucusing is an in-person process, verified by witnesses, there is virtually no risk that a cyberattack on the app could change the results of the caucus and go undetected. If the wrong results were reported because of a hack, there would be people from each precinct who could correct it, and paper records.

That is probably true for individual caucuses reports. However, what if it is the accumulator for statewide results is where shenanigans take place? How many caucuses take place, and how are they accumulated? Is there some weighting factor formula based on number of voters at each caucus?

have they built a manual cross check into the process?

Craig

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

CISOScott · ‎01-15-2020

What happens if certain counties/districts with "undesireable" results get "accidentally" omitted or "favorable" ones get submitted twice in order to disquise the omitted counties?

Reminds me of a vote for Homecoming Queen and King back in high school. We were all given slips of paper to vote for them and a group of "popular" kids went around and collected them and were supposed to turn them into the principals office for tallying. Well the hallway leading to the principals office was a "secret" shortcut that saved time getting to classes in a separate part of the building. It was known to only a few individuals, with me being one of them. It meant you could avoid crowded halls and save time. Well I took the shortcut that day only to find this group of "popular" kids stopped short of the principals office and out of sight of the principals office. They were furiously erasing votes and selecting the more popular kids to win. And of course the popular kids "won" the election.

I have never looked at elections the same way again.

rslade · ‎01-15-2020

> CraginS (Community Champion) posted a new topic in Tech Talk on 01-14-2020 05:19

> Election 2020 Tech Report The Democrat Party in Iowa will be using a new
> smartphone app at each caucus location for their primary decision meetings in
> February to report results back to a central point for compilation and
> reporting. They have promised that the app is secure

Trust the Machines!
(bumper sticker from the 2004(?) election in Florida ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Moriarty: How are you at Mathematics?
Harry Secombe: I speak it like a native.
- Spike Milligan (1918-), British comic actor and author
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Caute_cautim · ‎01-16-2020

@rslade"Trust the machines" but who developed and programmed them - human beings with inbuilt bias, and probably a lot of them they are totally unaware that they have them at all.

Regards

Caute_cautim