In This Issue
Week of 1/27/2020
Vol. 25 Issue 4
What the Federalism: The Election Machines Are Broken
A Discussion With Harri Hursti and Thomas Aidan Curran
Moderated by Jody R. Westby
- About Harri Hursti
- About Thomas Aidan Curran
- About Jody R. Westby
Publisher’s Note: Given that this is the week of both Brexit and the US Senate impeachment hearings over whether the president is trying to rig his own re-election (and, if so, whether it requires his removal from office), it just seemed to be the perfect time for a technical dive, in the company of real experts, into the subject of vote rigging and election tampering.
Most of us already knew that hacking into election equipment is possible – some of us saw it being demo’d for Congress a few years ago, in a break-in that took just minutes. But for some reason, we tend to accept our officials’ assurances that the system has withstood efforts by everyone with the means to actually change vote totals.
OK, that’s silly.
In this week’s issue, you’ll feel you were onstage with them as cyber expert (and Forbes contributing editor) Jody Westby interviews Harri Hursti, perhaps the world’s foremost expert on this subject, who brings a neutral (and cold) view from Finland; and Thomas Curran, longtime SNS member, past CTO of Deutsche Telekom, and CTO of Ory, an identity management system with applications to this problem.
Ready to vote on paper again? – mra
What the Federalism: The Election Machines Are Broken
Harri Hursti, Hacker & Founding Partner, Nordic Innovation Labs
Thomas Aidan Curran, Co-Founder and CTO, Ory
Moderated by Jody R. Westby, CEO, Global Cyber Risk
FiRe 2019 Conference
Thursday, October 10, 2019 – The Lodge at Torrey Pines – La Jolla, California
Jody R. Westby: Election security … Election security has dominated our news for the past two years. We’ve heard a lot about Russian interference, the Mueller investigation, and also issues with voting machines.
The public thinks about election security in two ways: they think about it, one, as the disinformation campaign; and two, they think about it as issues with the voting machines.
On the disinformation campaign, that’s a very separate issue. It’s important to understand that when Russia interfered in our election by using social media and fake news to change a person’s mind and get them to vote a certain way, that was illegal. We don’t have any proof that anybody changed their mind because of something that Russia put out there, but that’s illegal.
When the Trump campaign used the Cambridge Analytica data to sway people to vote for Trump, that was legal. It’s only illegal to use data to try to influence an election if it’s a foreign entity.
So, that is a distinction that I think is important to understand. We’re going to focus our panel today on problems with election security with the voting systems and the voting machines, and we have two terrific experts here.
First, to my left, is Harri Hursti, who is the world’s foremost expert in election security. Harri has conducted tests and studies on the vulnerabilities of election systems and machines in five countries, including the United States. These studies were done at the request of officials and legislators and policymakers, both at the [states] and federal level here in our country. He starred in Hacking Democracy, which you can find easily on the internet. That movie was a documentary that was nominated for an Emmy award. Harri’s been right smack in the middle of all this stuff going on in Washington, and in the US, about election security, so we’re really happy we have him with us.
And Thomas Curran many of you know because he’s been a FiRe guy for a while, but he [also] has deep expertise. He’s now currently the CTO of Ory and founder of Ory. But he has deep expertise in identity management and open-source systems and is currently building an open-source platform for identity management and application program interface applications. He’s here because he’s looked quite a bit at how you could use open-source software for a voting system.
So let’s start off with the compromises of voting process discussion with Harri.
Harri, first, it’s important for the audience to understand the role of private-sector companies. It’s frustrated me that you keep telling me all this stuff. Every time [you tell me one] my jaw’s on the floor, going, “What?” And we can’t get the press to really talk about it the way they should. What is the role that private-sector companies play in the whole election process?
Let’s start off with … There’s voter registration, there’s the machine voting, there’s the tabulation of the votes, and the reporting of the votes. So let’s start with voter registration. Tell us a little bit about what are the big bugaboos with voter registration.
Harri Hursti: Let me first start by stating what is the reality in the United States. A lot of us, we think there is an election office, and the election office has an IT department, and the IT department will do something with, you know, elections.
With our current system, it’s very common that the election department has zero permanent staff in IT. They might have one part-time. They have zero people in security. Everything is outsourced.
If there would be a foreign nation invading, a land invasion, you wouldn’t ask your local sheriff to defend the port. But this is what happens in the elections. You have a single person who is running the election, with no IT experience, no security expertise, and yet they have to defend the country against a foreign nation-state. In reality, how much technology has been poured into the election? You should have an IT department which happens to be doing the elections. There’s a massive amount of technology coming in, and it’s all coming from the private sector.
Voter registration in the United States is a particularly … Every single country has a different flavor of democracy. What is particularly interesting in voter registration in the United States is that you actually are telling your party affiliation as part of the registration process. Also, the voter registration databases are open. So if you go to the Secretary of State for Ohio website, you can download every voter who has registered. And from there, you can see how long they have been living in the same building … It’s actually identity theft in a box. If you want to be doing something bad, download the voter registration data.
Also, voter registration databases are purged. The Brennan Center for Justice just recently had a report coming out that 16 million Americans have been removed from the voter registration databases between 2014 and .
Westby: What do private-sector companies do with voter registrations?