DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts
from the prepare-to-be-memoed-at,-hackers dept
The National Association of Secretaries of State (NASS) [yes, there's an association for everything] has just announced its selections to head up a DHS "working group" tackling "election infrastructure cybersecurity." Like any committee formed in response to a hot-button topic, the appointees are better known for their years of tenure in government positions than their technical acumen, as the ACLU's Chris Soghoian points out.
4 state gov officials, 0 tech experts, appointed to new DHS Election Infrastructure Cybersecurity Working Group. https://t.co/jKH3SScpd4
— Christopher Soghoian (@csoghoian) September 1, 2016
4 state gov officials, 0 tech experts, appointed to new DHS Election Infrastructure Cybersecurity Working Group.
About the only thing the appointees have going for them is that they fit the description: all four are state-level secretaries of state. Beyond that, there's very little to indicate they're qualified to take on cybersecurity issues.
The working group's president, Denise Merrill, is Connecticut's Secretary of State. At least her bio contains some initiatives loosely-related to the task at hand.
As Connecticut's chief elections official and business registrar, Merrill has focused on modernizing Connecticut's elections, business services and improving access to public records.
[...]
Secretary Merrill has worked to expand voter participation through Election Day and online voter registration. She has also improved Connecticut's democratic accountability and integrity with a series of rapid response processes to Election Day problems.
Indiana's Connie Lawson also appears focused on voter security, albeit in equally vague terms.
Connie Lawson is Indiana’s 61st Secretary of State. As Indiana’s Chief Elections Official, she is focused on ensuring the integrity and security for our state’s elections. Since taking office, Secretary Lawson has championed sweeping election reforms, and has led the effort to clean Indiana’s voter rolls.
[...]
Secretary Lawson is not just an advocate for election security. She is also working to modernize elections through vote centers. As a state Senator, Secretary Lawson authored legislation allowing any county in the state to move to the vote center model. As Secretary of State, she has worked to educate voters and elected officials on the cost saving benefits and convenience of the vote center model.
There's not much to be said about the other appointees -- Georgia's Brian Kemp and California's Alex Padilla -- in terms of cybersecurity. However, there's plenty to be said about safeguarding elections. Padilla has been sued twice over alleged election fraud. And Kemp's office mistakenly released the personal information of six million registered voters.
But there's one thing they can all agree on: there's nothing to worry about.
From Connie Lawson's home state:
Indiana's voter system is safe from hackers according to the Indiana Election Division.
“We are confident that the security features of our statewide voter registration system protect against hacks described in the FBI alert sent last week,” says Angie Nussmeyer, co-director of the Indiana Election Division.
Working group president Denise Merrill on the possibility of election-related hacking in her state:
She explained that Connecticut has perhaps the most decentralized voting and registration system in the country with 169 cities and towns that act as their own districts. Built into that system is an entirely paper based trove of voter cards, ballots, and backups.
“When you go into vote and you go to register on the list, it’s all still on paper so there is no simple database that’s containing all of the information," Merrill said.
From Alex Padilla's office:
A spokesman for California secretary of state said the agency, which oversees elections statewide, was aware of the cyber attack reports.
"We have no evidence of any breaches or hacks of our system,” agency spokesman Sam Mahood said.
The best statement of self-assurance comes from appointee Brian Kemp, who just a few days earlier was claiming vote-hacking fears were an Obama-led attempt to federalize state voting.
The federal government wants to help states keep hackers from manipulating the November election, amid growing fears that the U.S. political system is vulnerable.
But Georgia’s top election official is balking at the offers of assistance — and accusing the Obama administration of using exaggerated warnings of cyberthreats to intrude on states’ authority.
[...]
“It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked — they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp, a Republican, told POLITICO in an interview. “And that’s just not — I mean, anything is possible, but it is not probable at all, the way our systems are set up.”
It appears Kemp is worried more about preserving the integrity of his opposition status than he is about protecting the integrity of the presidential election. One day prior to the NASS press release, Kemp was claiming to have turned the position down.
Kemp recently declined an offer by the Department of Homeland Security for cyber security assistance, raising concerns about the federal government’s intrusion.
Fortunately, this lack of technical prowess won't prevent the working group from achieving the DHS's goal, which appears to have little to do with actual cybersecurity.
"Secretaries of State are committed to working with our federal partners to increase awareness of federal government cybersecurity resources and services that are available to election officials," said NASS President Denise W. Merrill, Connecticut Secretary of the State. "We look forward to sharing state best practices and technical advice that will strengthen understanding and collaboration between state and federal agencies."
"Increasing awareness" is one of those goals that sounds lofty, but generally materializes as mass emails and the occasional mandatory Powerpoint presentation most attendees will doze through. Every person listed here is a figurehead appointee to a figurehead working group -- one likely formed in response to a similar, higher-level "increase awareness" mandate handed down by administration officials. The lack of tech experts isn't going to cause much harm because the point of this committee is to be a committee. No one expects any sort of cybersecurity breakthroughs to be generated by something that will do little more one more line to these politicians' bios.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, dhs, e-voting, election, secretaries of state
Companies: nass
Reader Comments
Subscribe: RSS
View by: Time | Thread
SOS Kemp
[ link to this | view in thread ]
National Association of Secretaries of State
[ link to this | view in thread ]
Run by the DHS huh?
Disclaimer: You still may be searched, strip searched, or bodily cavity searched upon demand.
America, land of the fools that believe themselves to be free.
[ link to this | view in thread ]
[ link to this | view in thread ]
Will being crotch-groped is the new form of secure ID?
[ link to this | view in thread ]
Re:
...or maybe just to grab my crotch.
[ link to this | view in thread ]
sharing ... "technical advice"
[ link to this | view in thread ]
[ link to this | view in thread ]
It's the DHS
It's no surprise they are the lowest ranked cabinet position, behind even interior and veterans affairs.
[ link to this | view in thread ]
Pots and kettles..
WHAT are they setup to do??
redo the election system?? dont think so..
3-4 people setup to do NOTHING..they have little to NO power, except to give suggestions INSIDE their own states..
If they would like abit of computer knowledge, Give me 2-5 hours...Or 2 years, to get basic knowledge and understanding into THEIR HEADS..
NO MATTER, what these fol;ks decide, it WONT happen, and wont change anything..
REALLY, if you want to..I would figure a few of us could Whip up a Good computer system to do the job in a few days..
[ link to this | view in thread ]
Re: SOS Kemp
[ link to this | view in thread ]
WHAT are they setup to do?
[ link to this | view in thread ]
[ link to this | view in thread ]
Consequences for Dozing Off
[ link to this | view in thread ]
Perhaps its time we express more outrage about wasting tax money on creating useless panels & demand better value for our dollars. But then we keep electing people who lie to our faces about representing us, while pocketing millions from 'donors' and cushy job placements in the future....
[ link to this | view in thread ]
As Secretary of State, she has worked to educate voters.
Educate voters?
Excuse me, but when I vote I do it of my own volition, it's my choice.
I do not require any "education".
But thanks for the offer
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: SOS Kemp
[ link to this | view in thread ]
NASS: We're looking into the problem...
NASS: "Oh, right, then we'll look into that as well. Now if you'll just slide that envelope into this desk drawer here..."
These guys can't know what the problem is. Nobody does. We haven't done that science yet:
The concern over vote corruption stems from the apparent decay of the role of the fourth estate. Similarly the trend towards greater use of strong cryptography is a response to intrusions into constitutionally protected communications. In both cases, fixing the latter minimizes the former.
But nobody has CLEAR evidence that these relationships even exist in a broad way, though anecdotal evidence suggests that they do. We suspect how bad it is, but nobody really knows. A means of measuring it has not yet been invented.
We can guess at the perverse intent coming out of the unholy trinity of cabal news. And we know that it is integrated with other facets of our communications (without consent) just based on frequency analysis.
What we don't have is a way to collate and reverse engineer the collective effects of domestic propaganda. Which IMHO is achievable, but computationally speaking, a daunting prospect.
Clandestined approaches are likely effective in individual cases. But small truths are easily refuted by propaganda. Indeed that is the whole point. So this problem has to be revealed in a way that would be such a broad piece of work as to be irrefutable... The resources required would be immense.
My thoughts turn to John Nash and Aaron Schwarz.
[ link to this | view in thread ]
How to fix the election
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: how hard
[ link to this | view in thread ]
They could at least try is all I'm saying
[ link to this | view in thread ]