Bipartisan US Election Group Issues Security Tips

An anonymous reader quotes Reuters: A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year.

Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta, have succeeded because basic security practices were not followed... "We heard from campaigns that there is nothing like this that exists," said Debora Plunkett, a 31-year veteran of the National Security Agency who joined the Belfer Center this year. "We had security experts who understood security and election experts who understood campaigns, and both sides were eager to learn how the other part worked."
The group includes "top security experts" from both Google and Facebook.

Re:

[Zontar The Mindless]

You and your transparent attempts at reverse-trolling can fuck right off.

(And Melania is from Slovenia, not Russia.)

"notorious attack" - LMAO at that

[Anonymous Coward]

notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta

Someone who wants to be one of the most powerful persons in the world falling for a simple phishing attempt is now a "notorious attack".

If someone on your company network did that, you'd call him a foolish idiot and take away his computer.

Re:

[Zontar The Mindless]

*And* you'd go after the criminals that did it.

Re:

[HornWumpus]

He's dead, so done.

You approve of assassinating whistle blowers? Think fixing the primary was 'just fine'?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[HornWumpus]

Just ignore what the conduit for the information said...it disagrees with your chosen narrative.

Re:

[DNS-and-BIND]

Donna Brazile is claiming that after the murder of Seth Rich she was so afraid of assassins that she kept her blinds closed. That seems like a strange reaction to a random mugging gone wrong. Hmmm...So you're one of those weirdo coincidence theorists, huh?ï

Re:

[rtb61]

I look at this story and see only one thing, a corrupt bipartisan effort to digitally corrupt upcoming elections behind the lies of securing it and surprise, surprise with the help of killing net neutrality, the 99% are all trolls to be censored and full of nothing but lies and propaganda and the 1% are descended from Gods and are to be believed in everything they say. They are still carrying on with this shit with zero public evidence, they are corrupt and fucking lying and about to try to get a whole lot

Re:

[Rockoon]

*And* you'd go after the criminals that did it.

They did. They shot him dead.

Re:

[Z00L00K]

To fix the election you need to fix the election system.

Re:Another Tip

[psycho12345]

Funny. When Obama is in office "Stock Market is a fraud" "Unemployment numbers are a lie"

When Trump gets elected "Stock market baby" "Unemployment record low".

People think "Trump is doing well, market hit a new high of 23k". But no one said anything when it hit 15, 16, 17, 18, 19, 20, 21 and 22 under Obama...

Re:

[Anonymous Coward]

But no one said anything when it hit 15, 16, 17, 18, 19, 20, 21 and 22 under Obama...

Maybe because the Dow didn't hit 20k [google.com] until after Obama left office? Not that I'm a fan of the stock market, its nothing without the Federal Reserve printing trillions out of thin air.

Re:

[HornWumpus]

No, it's IOS 'smart punctuation' unicode.

Think of it as a single earring on the right side.

Re:

[DontBeAMoran]

They're Bajorans?

Who needs hacking and propganda?

[Anonymous Coward]

Between the meandering redistricting and Fox News [businessinsider.com] - that goes out of its way to misinform their viewers - who needs foreign hacking?

And an electorate that refuses to actually learn the issues but instead listens to only what it wants to hear, we are just headed towards an "Idiocracy".

The election of a reality TV show host is the start. Trump just shows how stupid we've become as a society.

Dwayne Elizondo Mountain Dew Herbert Camacho is coming.

Re:

[HangingChad]

Dwayne Elizondo Mountain Dew Herbert Camacho is coming.

I would vote for him over Trump. Ironically, we'd still have a more qualified president.

Now hand me a beer...and get yourself one. Woooo!!!!

Re:Who needs hacking and propganda?

[DNS-and-BIND]

Media shows why it's so mistrusted after falsified Trump fish-feeding 'story' [thehill.com]. Here are several credible mainstream media outlets and Jezebel reporting the story.

Bloomberg's White House reporter: Trump and Abe spooning fish food into a pond. (Toward the end, @potus decided to just dump the whole box in for the fish)

New York Magazine: Trump Under Fire for Improper Fish-Feeding Technique

Jezebel: Big stupid baby dumps a load of fish food on Japanese koi pond http://bit.ly/2zAyCD6 [bit.ly]

CNBC's Christina Wilkie (in a now-deleted tweet): "Trump and Japanese PM Shinzo Abe were scheduled to feed koi spoonfuls of food. Until Trump poured his entire box of fish food into the pond."

New York Daily News: Photo of Donald Trump dumping fish food into koi pond during Japan visit draws Obama comparisons

The Guardian: "White House reporters, keen perhaps to pick up on a Trump gaffe, captured the moment when he upended his box on their smartphones and tweeted evidence of his questionable grasp of fish keeping. Some speculated that a poor palace employee would be dispatched to the scene to clean up the mess as soon as the two leaders disappeared inside."

CNN: Trump feeds fish, winds up pouring entire box of food into koi pond

The media was not only blatantly overt, but intentional in its deception. The greatest danger to our nation comes from a free press that chooses sides in the political process. And that has openly and unapologetically taken place.

Re:

[Picodon]

It’s not just the gross distortion. It’s also the choice of topic. Even if Trump had, in fact, blundered, focussing a news article on that entirely unimportant instant of the visit is quite revealing about the state of the press in this country.

Not that it’s the first time, of course. I will never forget the 1992 press conference in Japan, shortly after Bush (H.W.) fell sick during dinner. It was eerie to watch American and Japanese journalists taking turns, asking questions:
10 Jap

Re:

[cmseagle]

Right wing media - *chooses to ignore/misrepresent attempts by foreign powers to influence American elections, possibly colluding with associates of the candidate in said election*

Left wing media - *misrepresents a story about feeding fish, making the president look silly*

Slashdot: "Left wing media is a threat to democracy!!"

Re:

[DNS-and-BIND]

Media deliberately lying in order to serve a political point of view is indeed a threat to democracy. Our entire system depends on the media to report, not take sides. It is devastating that the media is on the Democrat side and against the side of the people. It's far more of a threat than blaming the dirty foreigners for all our troubles.

Bipartisan vs Google and Facebook

[RedK]

So which was it ? Because it seems to be a DNC thing to me. Which makes sense considering the DNC internal leak and Podesta phishing, wouldn't want your voters to know you're colluding with CNN for debate questions and rigging your primary.

Re:Bipartisan vs Google and Facebook

[HornWumpus]

False dichotomy. She lost. Enough of her dirt got out. Get over it.

CNN will never fully recover. Credibility is very slow to come back. They aren't even trying yet, more like doubling down. CNN is with MSNBC now, the stink won't wash off.

Re:

[Anonymous Coward]

CNN will never fully recover. Credibility is very slow to come back. They aren't even trying yet, more like doubling down. CNN is with MSNBC now, the stink won't wash off.

Or you can be like Sean Hannity and not have any in the first place, so there's nothing to lose. :)

Re: Bipartisan vs Google and Facebook

[Sergio]

Everyone knows the questions. Aren't the questions obvious at any given time?

Re: Bipartisan vs Google and Facebook

[DNS-and-BIND]

No, the questions are not revealed to the candidates ahead of time. Unless you're Donna Brazile, and you leak the questions to Hillary Clinton and let her prepare answers ahead of time, while forcing Donald Trump to think on his feet. Hey, that's totally OK to do in a democracy that prides itself on fair debates.

The organization that fervently opposes checking ID to vote in elections did just that during its election for party chairman. [theamericanmirror.com]

"We have to make sure that we can not just count the ballots but verify every name and signature," Brazile said as party members began applauding.

Donna Brazile said after Seth Rich was killed, she kept the blinds down to protect from snipers, possibly Russian. LOL. The Russians break every rule of engagement to start a possible WWIII with us to kill a man who...according to the DNC, didn't leak any emails.

Re:

[Anonymous Coward]

Seems like it should be #1 to protect elections.

Non-whites can't be expected to be able to get an ID, you RAAACIST prick!

Heaven forbid the US should actually follow the UN's standard for free and fair elections [ipu.org]:

4. The Rights and Responsibilities of States

...

Ensure the integrity of the ballot through appropriate measures to prevent multiple voting or voting by those not entitled thereto;

...

Re:

[guruevi]

They closed the entire DMV for several years in order to prevent people from acquiring an ID? The freaking blog you pointed to is a lie, there are a lot of other things going on into making those decisions, you can get an ID at the post office, from the DMV through the mail or online. You need an ID to buy booze, medicine and cigarettes, you're saying no black person buys booze, medicine or cigarettes?

If you close 31 DMV offices you do not "save only $100,000" ... argh, there is just so much wrong with this

Re:

[Anonymous Coward]

They closed the entire DMV for several years in order to prevent people from acquiring an ID?

No, they focused heavily on the offices that minorities could conveniently use, which was kinda revealing.

The freaking blog you pointed to is a lie,

Identify one falsehood in it. Go ahead.

there are a lot of other things going on into making those decisions, you can get an ID at the post office, from the DMV through the mail or online.

Yes, racists are practiced at finding excuses for their behavior, literacy tests and poll taxes were usually defended under those same terms. Including you know, misinforming [madison.com] the public [mystatesman.com] about the situation.

But hey, if you want the state to mail out ID to everybody, go ahead and propose it.

You need an ID to buy booze, medicine and cigarettes, you're saying no black person buys booze, medicine or cigarettes?

Actually, I've found that sales clerks will rarely bother me about booze or

Re:

[king neckbeard]

No, because stuffing meatbags into polling booths is the least effective, most costly and the most easily detected form of electoral fraud. Might as well be defending democracy from unicorns.

Re:

[king neckbeard]

Hey dumb shit, what you are wanting is VOTER ROLLS, not voter ID. If you want, i can explain the math, or you can keep your /. card by understanding that the chances of getting caught increases exponentially as more and more fraudulent votes are cast.

Paper

[DontBeAMoran]

Look at how Canadian elections are handled. You can't hack paper ballots via viruses or computer networks.

Re:

[DNS-and-BIND]

Oh, pff. The PRI in Mexico rigged elections for 80 years using nothing but paper ballots.

Re:

[Zero__Kelvin]

This isn't about how to secure the voting machines. Perhaps you should read the summary at least?

Re:

[DontBeAMoran]

We all agreed years ago that reading the article was too much work. And now you're telling me we can't post anything without reading the summary?

I didn't sign up for this!

Identification

[jrmcferren]

If they don't recommend photo ID for voters the whole thing is worthless. There is voter fraud on both sides of the political spectrum and the arguments against voter ID are actually quite racist.

Re:

[king neckbeard]

Voter fraud doesn't exist and has never existed in the way described. Stuffing meatbags into polling booths is the least effective, most costly and the most easily detected form of electoral fraud. Might as well be defending democracy from unicorns.

Re:Identification

[DNS-and-BIND]

The Democrats have a long history of doing precisely that.

"We loaded up all 13 of our buses with maybe 70 people on each bus, and we had those buses rolling nonstop up and down the coast into San Francisco the day before the election," recalled Jim Jones Jr. "We had people going from precinct to precinct to vote. So could we have been the force that tipped the election to Moscone? Absolutely! Slam dunk. He only won by 4,000 votes. I'm sorry, but I've got to give my father credit for that. I think he did the right thing. George Moscone was a good person; he wanted what was best for San Francisco."

Yes, that Jim Jones. Of Jonestown. The one we got the phrase "drink the Kool-aid" from (even though it was actually Fla-Vor-Aid). Full confession viewable at: http://www.salon.com/2012/05/0... [salon.com]

Re:

[king neckbeard]

And by long time, you mean one example that would be incredibly easy to spot and stop, had anyone in SF been sober/competent at the time? This plan would be thwarted by voter rolls long before voter ID would have been needed.

Re:

[HornWumpus]

Voter rolls are setup to make it easy to identify registered voters that haven't voted in multiple elections.

Re:

[king neckbeard]

I'm not sure exactly what your point is. Do you care to clarify what you mean?

Re:

[HornWumpus]

'The plan' has not been thwarted by voter rolls. Now or anytime in the last 100 years. In fact, voter rolls are just lists of registered nonvoters to be used in 'the plan'.

Re:

[king neckbeard]

Okay, I think I could vaguely agree with you. But you haven't explained what that has to do with voter ID. If I control the polling place, voter ID will not stop me from committing electoral fraud.

But voter rolls, properly administered and checked for duplicates (in an intelligent way, like with a hash of SSN+Name), could prevent voters from voting in multiple districts, which is the only type of meatbag fraud that has occurred in any significant fashion.

Voter ID, btw, does nothing to prevent this. I

Re:

[Anonymous Coward]

Voter fraud doesn't exist and has never existed in the way described. Stuffing meatbags into polling booths is the least effective, most costly and the most easily detected form of electoral fraud. Might as well be defending democracy from unicorns.

BULLSHIT

Pure unadulterated mendacious BULLSHIT

1,088 cases of provable voter fraud [heritage.org].

And that wonderful supporter of women? Al Franken?

Al Franken May Have Won His Senate Seat Through Voter Fraud [usnews.com]

When 1,099 felons vote in race won by 312 ballots [washingtonexaminer.com]

Oh, yeah. "Mendacious" means you're a lying sack of shit.

Re:

[king neckbeard]

You should try reading your own source, dipshit. "In the way described" is voter impersonation, and your own source [heritage.org] puts that at a whopping 13 cases, mostly impersonating family members.

Re:

[Zero__Kelvin]

Throw the baby out with the bathwater much?

More tips:

[king neckbeard]

1. "Stop breaking the law, asshole!"
2. Instant Runoff Voting
3. Blockchains
4. Purging instead of promoting the worst people within a party
5. Hiring security professionals based on qualification, not on their connections to your bribery machines.

But I suspect that none of these will be implemented because they aren't interested in secure elections, just holding power.

It's painfully obvious

[rsilvergun]

that the security issues in our election system are intentional, so any 'tips' are really just pissing in the wind. Our elections are rigged, I'll leave it as an exercise for the reader on who and why. But ask yourself who's running our government and who as been for most of the last 30 years.

Step 1: Voter ID

[DNS-and-BIND]

If those that demand no Voter Identification were concerned for the poor, they'd facilitate the acquisition of ID, not seek ways to avoid it. After all, what's the best job you ever had where you didn't need to identify yourself? I'm just confused how anyone buys beer or cold medicine without an ID. WTF?

Only ONE party disapproves of measures to make our elections secure. Voter ID is NOT a function of America's "racist past" EVERY COUNTRY THAT'S not a dictatorship has some form of assuring that the person voting is entitled to. EVERY COUNTRY.

California liberals allege voter fraud, demand voter ID. [townhall.com] LOL. Democrats think voter identification laws are important for their party elections, but think they're not important when it comes to our elections.

Maxine Waters, an advocate against voter ID, requires an ID to attend her town hall meeting. [theamericanmirror.com]

Hillary Clinton's Book Tour. Valid Photo ID Required. [kxan.com] Wait, isn't this suppressing minority turnout? Why's it racist when we do it in our super-important elections, but Hillary does it for her book-signing and suddenly it's not racist? Someone want to take a stab at this one?

Re:

[king neckbeard]

Yes, there should be efforts on making IDs more accessible. But until that happens, Voter ID laws are light racist intimidation. And just for the record, Hillary Clinton should be shot into the sun, along with most of her cronies.

Re:

[DNS-and-BIND]

So what you're saying is the Democrats are racist because they require voter ID to vote in their elections. Huh?

Re:

[king neckbeard]

Yeah, the Democrats as a party need to be shot into the sun. Same with the GOP.

Easier Solution

[Anonymous Coward]

Just disallow the GOP from winning elections. After all, none of this was ANY concern before Trump was elected, in fact Obama had stated numerous times that the election couldn't be hacked, that it was fair, that voter id wouldn't help, there is absolutely nothing wrong with how votes happen, etc.

This week we are being told that even if Judge Moore WINS his election in Alabama, he will not be seated as a Senator because the Senate does not allow sexual molesters to be members. He was never convicted nor a

Re:

[doom]

Only ONE party disapproves of measures to make our elections secure. Voter ID is NOT a function of America's "racist past"

Every attempt at finding examples of the fraud that voter ID is supposed to prevent have come up empty. Question: why would someone push a fix for a non-existent problem? Answer: they've got a different agenda.

The existing system in much of the US is you show up at the polls, tell 'em who you are, and sign off on the register. If you think about it for a minute, you can see how dif

Re:

[DNS-and-BIND]

Look at all the other countries laughing their asses off at us. Quote:

This, as a Spaniard it always amuses me how can people vote without an official ID and how try to enforce that is considered racist.

Sorry guys if it sounds rude, but it makes your Election look as the election from some African cheap dictatorship. In here (Spain) you have to bring a national Country-provided ID, national driver's license or passport. All of them have a picture on them to easily figure out if you're that person or not.

Y

Google and Facebook are part of the problem

[schwit1]

Their political partisanship and profit motive should call into question any contributions they make.

Computers==insecure for elections

[Tangential]

As long as computers are involved in the tabulation or transmission of election results the concept of secure elections is laughable.

Political tips

[AHuxley]

Someone who has not spoken down to and lectured large parts of the USA would be a good start.
A person who can talk and keep talking to most average people in their state and all over the USA.
Not have a political party machine that induces US campaign staff and party workers to walk out with lots of internal party documents and give them to the US media.

Support charming, charismatic, honorable, ethical political leadership.
The Amercian voting public will find out what their political leadership like to

Those recommendations seem rather generic and...

[Picodon]

A few things bother me in the recommendations (not to say that they are not sensible, just that the need for them annoys me):

- Policy of email deletion, etc. I know I’m naïve (and perhaps unreasonable), but I feel that political campaigns should have nothing to hide. It would be more sensible (I feel) to train people to be fair, courteous, clear, unambiguous, etc., rather than training them to keep their dirty laundry secure or promptly eliminated. Even when they mention “the theft

Oh come on: "Use the cloud"?

[doom]

https://www.belfercenter.org/c... [belfercenter.org]

2. Use the cloud: A big, commercial cloud service will be much more secure than anything you can set up. Use a cloud-based office suite like GSuite or Microsoft365 that will provide all your basic office functions and a safe place to store information.

That's completely ridiculous, short-sighted crap. We're all supposed to trust our entire voting system to a tiny handful of companies? "We're completely invulnerable to any sort of subversion, because Technology. Trust us!"

Re:

[swillden]

https://www.belfercenter.org/c... [belfercenter.org]

2. Use the cloud: A big, commercial cloud service will be much more secure than anything you can set up. Use a cloud-based office suite like GSuite or Microsoft365 that will provide all your basic office functions and a safe place to store information.

That's completely ridiculous, short-sighted crap. We're all supposed to trust our entire voting system to a tiny handful of companies?

OTOH, said companies actually have a really good security track record, in spite of being among the most attractive targets on the planet. When was the last time someone compromised GMail?

Re:

[doom]

When was the last time someone compromised GMail?

You mean besides google?

We don't know.

But what the fuck, let's entrust the democratic process for the entire United States to google. What could go wrong?

Re:

[swillden]

When was the last time someone compromised GMail?

You mean besides google?

What does that even mean?

We don't know.

But what the fuck, let's entrust the democratic process for the entire United States to google. What could go wrong?

Oversight would be easily arranged. The FTC already does regular reviews, per the requirements of the Buzz consent decree.

And in any case the question isn't whether or not some company would be a perfect choice, it's whether it would be a better choice than what parties have been doing. And the answer is clearly that it would be better than what the DNC has been doing.

Re:

[doom]

When you entrust your information to google, google gets to know about it. (Yeah, I know, encryption. Like anyone encrypts their gmail.) Google is not shy about using your information. Strictly for advertising purposes, you understand. At present. We hope.

Further, anyone who has placed a plant inside of google-- or subverted someone already there-- has the potential to know about it.

"Propaganda"?

[eric_harris_76]

From "propaganda"? WTF does that mean, in this context?

Foreign propaganda rather than domestic propaganda, I would assume. Maybe I'll RTFA to confirm/correct that.