I just read this article on companies that provide voter services for states and it is worse than I thought it would be.

Spoiler Alert: I am going to break this article down bit by bit and explain why things are "bad".
#UnhackTheVote

fivethirtyeight.com/features/russi…

The election system is decentralized. Each state runs their own elections and the federal government can't tell the states how to run their elections. There's no centralized system for someone to break into, no one way to run an election so the diversity can be a strength.

21 states (that's 42%) were hit by the Russian hackers and they were successful in at least one state. The federal government and the states have done almost nothing to prevent this from happening again.This is thanks, in part, to the decentralized nature of the election systems.

Cybersecurity is one area where there must be centralized guidance and protocols.
Minimum protections are needed to ensure what happened in the last election doesn't happen again. Allowing the states to determine their own level of security is not working.
eac.gov/assets/1/6/sta…

The article states that almost all states rely on private companies for election services, but states have very few regulations on cybersecurity. This gives hackers a centralized set of systems for multiple states, doesn't that go against the whole decentralized idea?

One of the companies, VR Systems was mentioned in the #Mueller indictment of the 12 Russians. They provide voter registration systems, & electronic poll books to 8 states. The hackers targeted state election officials via spear phishing.
govtech.com/security/Were-…

ES&S is another company that provides election services. They were also the target of attacks and left a large database that contained names, voter ID, DOB, addresses, phone numbers & in some cases driver's license numbers of 1.8 million Chicago voters.
upguard.com/breaches/cloud…

While this wasn't the result of a hacker breaking into a system it was the result of extremely careless (non-existent in my mind) cybersecurity protocols

Do you feel safe knowing that third party (private) companies are handing your data without any security protocols? I don't.

ES&S is the same company where it was discovered that although they denied installing remote control software on their voting machines, it was later discovered that indeed they remote control software installed.

ES&S needs to appear before congress.
motherboard.vice.com/en_us/article/…

Not using SSL means that user IDs & passwords are available for the taking. No need for spear phishing.

How many of you use the same password for all your online activities*? How about at work?

Do you see the problem?
*if you do, please consider changing them to be different

The lack of cybersecurity positions at these companies is shocking. If your business is providing election services online, security should be a top priority.

Questions sent to these companies by @RonWyden revealed that they are sorely lacking in the cybersecurity department.

The companies are not concerned about the state of their security, but fall far behind the IT online industry. Because there is no oversight, & there is no accountability.

The US congress cannot hold them accountable because that is the job of the states.

See the problem?

The article states that 33 states use electronic poll books, but only 8 require state officials to certify them. That means that once these companies have the data only 8 states certify the data are correct let alone secure.

There is a way to bridge this gap, the Election Assistance Commission could produce standards for Poll books & electronic voting services like they have for voting machines.

We need to bring our Federal and State governments into a secure and safe computer age.
<end>