Auditing Elections for Signs of Hacking

https://www.schneier.com/blog/archives/2016/12/auditing_electi.html

Excellent essay pointing out that election security is a national security issue, and that we need to perform random ballot audits on every future election:

The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results to machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003, an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures. This campaign has had significant, but slow, success. As of now, about three quarters of U.S. voters vote on paper ballots. Twenty-six states do some type of manual audit, but none of their procedures are adequate. Auditing methods have recently been devised that are much more efficient than those used in any state. It is important that audits be performed on every contest in every election, so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected whether perpetrated by another country or a political party.

Another essay along similar lines.

Related: there is some information about Russian political hacking this election cycle that is classified. My guess is that it has nothing to do with hacking the voting machines -- the NSA was on high alert for anything, and I have it on good authority that they found nothing -- but something related to either the political-organization hacking, the propaganda machines, or something else before Election Day.

Analyzing WeChat

https://www.schneier.com/blog/archives/2016/12/analyzing_wecha.html

Citizen Lab has analyzed how censorship works in the Chinese chat app WeChat:

Key Findings:

  • Keyword filtering on WeChat is only enabled for users with accounts registered to mainland China phone numbers, and persists even if these users later link the account to an International number.

  • Keyword censorship is no longer transparent. In the past, users received notification when their message was blocked; now censorship of chat messages happens without any user notice.

  • More keywords are blocked on group chat, where messages can reach a larger audience, than one-to-one chat.

  • Keyword censorship is dynamic. Some keywords that triggered censorship in our original tests were later found to be permissible in later tests. Some newfound censored keywords appear to have been added in response to current news events.

  • WeChat's internal browser blocks China-based accounts from accessing a range of websites including gambling, Falun Gong, and media that report critically on China. Websites that are blocked for China accounts were fully accessible for International accounts, but there is intermittent blocking of gambling and pornography websites on International accounts.

Lots more details in the paper.

Hacking and the 2016 Presidential Election

https://www.schneier.com/blog/archives/2016/11/hacking_and_the.html

Was the 2016 presidential election hacked? It's hard to tell. There were no obvious hacks on Election Day, but new reports have raised the question of whether voting machines were tampered with in three states that Donald Trump won this month: Wisconsin, Michigan and Pennsylvania.

The researchers behind these reports include voting rights lawyer John Bonifaz and J. Alex Halderman, the director of the University of Michigan Center for Computer Security and Society, both respected in the community. They have been talking with Hillary Clinton's campaign, but their analysis is not yet public.

According to a report in New York magazine, the share of votes received by Clinton was significantly lower in precincts that used a particular type of voting machine: The magazine story suggested that Clinton had received 7 percent fewer votes in Wisconsin counties that used electronic machines, which could be hacked, than in counties that used paper ballots. That is exactly the sort of result we would expect to see if there had been some sort of voting machine hack. There are many different types of voting machines, and attacks against one type would not work against the others. So a voting anomaly correlated to machine type could be a red flag, although Trump did better across the entire Midwest than pre-election polls expected, and there are also some correlations between voting machine type and the demographics of the various precincts. Even Halderman wrote early Wednesday morning that "the most likely explanation is that the polls were systematically wrong, rather than that the election was hacked."

What the allegations, and the ripples they're causing on social media, really show is how fundamentally untrustworthy our hodgepodge election system is.

Accountability is a major problem for U.S. elections. The candidates are the ones required to petition for recounts, and we throw the matter into the courts when we can't figure it out. This all happens after an election, and because the battle lines have already been drawn, the process is intensely political. Unlike many other countries, we don't have an independent body empowered to investigate these matters. There is no government agency empowered to verify these researchers' claims, even if it would be merely to reassure voters that the election count was accurate.

Instead, we have a patchwork of voting systems: different rules, different machines, different standards. I've seen arguments that there is security in this setup ­ an attacker can't broadly attack the entire country ­ but the downsides of this system are much more critical. National standards would significantly improve our voting process.

Further investigation of the claims raised by the researchers would help settle this particular question. Unfortunately, time is of the essence ­ underscoring another problem with how we conduct elections. For anything to happen, Clinton has to call for a recount and investigation. She has until Friday to do it in Wisconsin, until Monday in Pennsylvania and until next Wednesday in Michigan. I don't expect the research team to have any better data before then. Without changes to the system, we're telling future hackers that they can be successful as long as they're able to hide their attacks for a few weeks until after the recount deadlines pass.

Computer forensics investigations are not easy, and they're not quick. They require access to the machines. They involve analysis of Internet traffic. If we suspect a foreign country like Russia, the National Security Agency will analyze what they've intercepted from that country. This could easily take weeks, perhaps even months. And in the end, we might not even get a definitive answer. And even if we do end up with evidence that the voting machines were hacked, we don't have rules about what to do next.

Although winning those three states would flip the election, I predict Clinton will do nothing (her campaign, after all, has reportedly been aware of the researchers' work for nearly a week). Not because she does not believe the researchers ­- although she might not -­ but because she doesn't want to throw the post-election process into turmoil by starting a highly politicized process whose eventual outcome will have little to do with computer forensics and a lot to do with which party has more power in the three states.

But we only have two years until the next national elections, and it's time to start fixing things if we don't want to be wondering the same things about hackers in 2018. The risks are real: Electronic voting machines that don't use a paper ballot are vulnerable to hacking.

Clinton supporters are seizing on this story as their last lifeline of hope. I sympathize with them. When I wrote about vote-hacking the day after the election, I said: "Elections serve two purposes. First, and most obvious, they are how we choose a winner. But second, and equally important, they convince the loser ­- and all the supporters ­- that he or she lost." If the election system fails to do the second, we risk undermining the legitimacy of our democratic process. Clinton's supporters deserve to know whether this apparent statistical anomaly is the result of a hack against our election system or a spurious correlation. They deserve an election that is demonstrably fair and accurate. Our patchwork, ad hoc system means they may never feel confident in the outcome. And that will further erode the trust we have in our election systems.

This essay previously appeared in the Washington Post.

Edited to Add: Green-party candidate Jill Stein is calling for a recount in the three states. I have no idea of a recount includes forensic analysis to ensure that the machines were not hacked, but I doubt it. It would be funny if it wasn't all so horrible.

Also, here's an article from 538.com arguing that demographics explains all the discrepancies.

Securing Communications in a Trump Administration

https://www.schneier.com/blog/archives/2016/11/securing_commun.html

Susan Landau has an excellent essay on why it's more important than ever to have backdoor-free encryption on our computer and communications systems.

Protecting the privacy of speech is crucial for preserving our democracy. We live at a time when tracking an individual -- ­a journalist, a member of the political opposition, a citizen engaged in peaceful protest­ -- or listening to their communications is far easier than at any time in human history. Political leaders on both sides now have a responsibility to work for securing communications and devices. This means supporting not only the laws protecting free speech and the accompanying communications, but also the technologies to do so: end-to-end encryption and secured devices; it also means soundly rejecting all proposals for front-door exceptional access. Prior to the election there were strong, sound security arguments for rejecting such proposals. The privacy arguments have now, suddenly, become critically important as well. Threatened authoritarianism means that we need technological protections for our private communications every bit as much as we need the legal ones we presently have.

Unfortunately, the trend is moving in the other direction. The UK just passed the Investigatory Powers Act, giving police and intelligence agencies incredibly broad surveillance powers with very little oversight. And Bits of Freedom just reported that "Croatia, Italy, Latvia, Poland and Hungary all want an EU law to be created to help their law enforcement authorities access encrypted information and share data with investigators in other countries."