I just read this article on companies that provide voter services for states and it is worse than I thought it would be.

Spoiler Alert: I am going to break this article down bit by bit and explain why things are "bad".
#UnhackTheVote

fivethirtyeight.com/features/russi…
The election system is decentralized. Each state runs their own elections and the federal government can't tell the states how to run their elections. There's no centralized system for someone to break into, no one way to run an election so the diversity can be a strength.
21 states (that's 42%) were hit by the Russian hackers and they were successful in at least one state. The federal government and the states have done almost nothing to prevent this from happening again.This is thanks, in part, to the decentralized nature of the election systems.
Cybersecurity is one area where there must be centralized guidance and protocols.
Minimum protections are needed to ensure what happened in the last election doesn't happen again. Allowing the states to determine their own level of security is not working.
eac.gov/assets/1/6/sta…
The article states that almost all states rely on private companies for election services, but states have very few regulations on cybersecurity. This gives hackers a centralized set of systems for multiple states, doesn't that go against the whole decentralized idea?
One of the companies, VR Systems was mentioned in the #Mueller indictment of the 12 Russians. They provide voter registration systems, & electronic poll books to 8 states. The hackers targeted state election officials via spear phishing.
govtech.com/security/Were-…
ES&S is another company that provides election services. They were also the target of attacks and left a large database that contained names, voter ID, DOB, addresses, phone numbers & in some cases driver's license numbers of 1.8 million Chicago voters.
upguard.com/breaches/cloud…
While this wasn't the result of a hacker breaking into a system it was the result of extremely careless (non-existent in my mind) cybersecurity protocols

Do you feel safe knowing that third party (private) companies are handing your data without any security protocols? I don't.
ES&S is the same company where it was discovered that although they denied installing remote control software on their voting machines, it was later discovered that indeed they remote control software installed.

ES&S needs to appear before congress.
motherboard.vice.com/en_us/article/…
.@FiveThirtyEight reports that a company called Dominion Voting published a "Client Web Portal" that didn't employ SSL.

SSL is a protocol that ensures that the data transferred between the web server & client are encrypted & secure

Not using SSL means all data are exposed.
Not using SSL means that user IDs & passwords are available for the taking. No need for spear phishing.

How many of you use the same password for all your online activities*? How about at work?

Do you see the problem?
*if you do, please consider changing them to be different
The lack of cybersecurity positions at these companies is shocking. If your business is providing election services online, security should be a top priority.

Questions sent to these companies by @RonWyden revealed that they are sorely lacking in the cybersecurity department.
The companies are not concerned about the state of their security, but fall far behind the IT online industry. Because there is no oversight, & there is no accountability.

The US congress cannot hold them accountable because that is the job of the states.

See the problem?
The article states that 33 states use electronic poll books, but only 8 require state officials to certify them. That means that once these companies have the data only 8 states certify the data are correct let alone secure.
There is a way to bridge this gap, the Election Assistance Commission could produce standards for Poll books & electronic voting services like they have for voting machines.

We need to bring our Federal and State governments into a secure and safe computer age.
<end>

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tina: Gone to Mastodon 😷 (Opinion)

Tina: Gone to Mastodon 😷 (Opinion) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @porpentina2017

Aug 30, 2018
I am sure many of you have seen the video from @NowThisNews.

I wanted to break down what is discussed in the video for non-technical people.
The video features hackers at the DEF CON 26 Voter Village.
The voting machines are ES&S & in use in 24 states.
The machines used at DEF CON's voter village were all purchased off of eBay.

The machine highlighted in the video is an ES&S 650 scanner.

The beginning shows hackers gaining access to the scanner via a serial port in the back.

A serial port is a way of connecting two computer devices together. They plugged a laptop into the serial connection and they had access to an operating system prompt.
Read 13 tweets
Jul 28, 2018
Let's revisit some of the "technical stuff" in this article.

This article is bringing a lot of controversy and some are saying it is sensationalist.

theroot.com/evidence-shows…
Let's start with what we know.
21 states were "breached", but what does that mean?

That means that 21 states had information stolen.

This could be information on IP addresses, server names, server types, documents, data about users on the network or confidential information.
Remember, these are usually not single instances, and once they've gained access to the system, the hacker has the opportunity to mosey around
They have the time to find where data are stored, files that may contain passwords, there's no green sign that says "You've been hacked"
Read 13 tweets
Jun 2, 2018
Very important thread!!

We have Nazi’s running for office, we need to call these people out and shine light on their atrocious behavior.
Arthur Jones is running for congress in Illinois on the Republican ticket.

Ol’ Art has been around a while. He was part of the American Nazi party & is running on white supremacist ideas.

This is who the @GOP is running on their ticket in IL-3

slate.com/news-and-polit…
Then there’s this piece of work running for office to try to take @SenFeinstein’s seat
Although the state (R) party has denounced Patrick Little, but this speaks to how they vet candidates
Little‘ s vision for the world? It doesn’t take much guess this one
rightwingwatch.org/post/theres-an…
Read 15 tweets
Mar 24, 2018
Did you know that our country is very close to a Constitutional Convention? Quietly our republican controlled state governments are one by one voting to call a Constitutional Convention.
Back when the country was founded we did try to have a government that was a confederation of states, it failed miserably. The Articles of Confederation were ammended in 1787 and our union was completed.
In 1861 the Southern states tried to succeed because they feared the abolitionists of the North would end slavery & they would lose their power in the consolidation of a federal government
The direct result was a bloody war that pitted Americans against Americans & lasted 5 years
Read 25 tweets
Mar 22, 2018
John Bolton was seen entering the White House (AKA the Kremlin II) today
Donald is supposedly considering him a replacement for National Security Adviser.
This is the same man who made this video for the NRA, for the Russians.

#JohnBolton
Once again, National Security Adviser is the position that Donald is considering for John Bolton.
The same extreme whackadoodle that is a #FauxNews Commentator.
In 2001 he derailed a conference in Geneva on biological weapons.
upi.com/US-names-five-…
2002 he demanded the resignation of the head of the Organization for the Prohibition of Chemical Weapons.
Most recently (late 2016) he suggested that the Russian hacking to help Donald win was a "false flag".
cbsnews.com/news/john-bolt…
Read 6 tweets
Feb 16, 2018
On 9/27/2006 tragedy struck a small mountain town in Baily, CO. A gunman entered the Platte Canyon High School & held seven girls hostage.

He ultimately shot and killed one of the girls, Emily Keyes.
During the time she was being held hostage she sent the following text messages to her parents:
"I love you guys" and "I love u guys. k?"
Emily's parents honored her spirit, joy & kindness & formed the "I Love U Guys" Foundation. This foundation took a terrible situation & with the grace & dignity of her parents Ellen & John-Michael Keyes ,created the Standard Response Protocol and the Standard Reunification Method
Read 24 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(