Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK
iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK

IT News

Aug 23
The consultancy said a modular computing system will enable hands-on testing of the distributed ledger technology by enterprises hoping to get a grasp on what it can, or cannot, do.
Aug 23
The project uses Rust and WebAssembly to allow playback of Flash media more securely than the original Adobe player
Aug 23
JavaScript, database support also get nods
Aug 22
Microsoft on Tuesday launched a Beta build of its browser for all supported editions of Windows, including 7 and 10, and macOS.
Aug 22
Big Switch's new products include a version of its Big Cloud Fabric (BCF) for Amazon Web Services virtual private cloud (VPC) management, adding support for Global VPCs (G-VPCs), and a cloud-based version of its Multi-Cloud Director...
Aug 22
The WebKit team has unveiled a new Tracking Prevention Policy that could help bolster privacy for users of Apple's Safari browser.
Aug 22
With citizens' PII at risk, some federal agencies like the IRS are moving away from knowledge-based verification. It's time for them all to follow suit.

Categories

Why getting election security right for 2020 matters

How much election security is enough? The answer: Enough to convince a losing candidate that they lost. Will that happen for the 2020 elections? Probably not.

"Is it enough? How much is enough?" Herb Lin, Senior Research Scholar at the Center for International Security and Cooperation at Stanford University, and co-author of the Stanford Cyber Policy Center's "Securing American Elections" report, asks. "Unfortunately it's not a technical answer. Enough means you've done enough so that you can persuade the loser of an election that in fact the voting machines weren't hacked."

"You have to take into account the possibility that the loser will rally his troops and complain about the result," he adds. "The election machinery, both organizational and technical, all of that has to be of sufficiently high quality, and resistant to attack, that you can persuade the loser of an election that they fairly lost."

That makes election security as much of a political problem as it is a technical problem. Voters must have confidence that the voting was fair, regardless of how much money is spent or what security controls are put in place. That makes securing election infrastructure categorically different than almost any other information security challenge today.

At present many jurisdictions are struggling to escape the bottomless pit of despair paperless voting, and that's a no-brainer. But once we raise the bar from wow-crazy-bad to meh-just-not-great, how do we reach a plateau of sustainably trustworthy voting security?

Like all political problems, that boils down to trade-offs.

Election security trade-offs

A consensus among election security experts is that human-readable paper ballots are the way to go. Are hand-marked paper ballots superior to machine-marked human-readable paper ballots? Or vice-versa?

Voters are notorious for making mistakes. Instead of an 'X' in the box, maybe they circle the box. Or they partially fill in the box. Or scratch out a mistake and mark a different square. Voter error of this sort has been with us since the beginning of paper ballots.

One proposed--and deployed--alternative is to use touchscreen voting machines that print out a paper ballot the voter can review before dropping the paper ballot into a ballot box. The touchscreen machine does not count votes; only the paper ballot matters. But how many voters will scrupulously review every ballot choice, especially on long ballots, to ensure the machine did not make a mistake? A hacked ballot-marking machine could potentially display the voter's choice on screen but print out a different voting choice. The gaslighting possibilities are troublesome.

That's a trade-off, with pros and cons each way. All it takes is a voter or two screaming bloody murder that the machine mismarked their ballot--whether true or not--to call the results of an election into question. Ensuring every voters' intention when voting is counted is also important.

Another trade-off is speed of counting. One major drawback of paper ballots is they take a long time to count by hand. That counting, even by good-faith poll workers, can be prone to error. Counting using optical scanners with risk-limiting audits--widely viewed as a suitable compromise between speed and accuracy--is faster, but still not instantaneous. Risk-limiting audits take time as well. That can be a problem when there's pressure to know the result.

"In Europe they wait," Lin says. "They wait until they get it right. We [in the U.S.] don't have the patience."

Another trade-off involves ensuring voting machines are accessible to citizens with disabilities. "Blind people are entitled to vote, and entitled to voter privacy," Lin points out. "Maybe you give them a special machine. Now they're being singled out and feel stigmatized. That's a political decision, somebody has to decide that, and they [politicians] will take flak for it either way."

"There are trade-offs to be made, and that's the fundamental point," Lin says. "How you decide to resolve the trade-offs is a question of public policy."

Stanford report calls for pen testing, code review of voting machines

As most CSO readers know, compliance does not equal security. The Stanford report slams checkbox-ticking compliance as a completely inadequate means of ensuring the security of voting machines, writing "the assurance of security by checklist compliance-a requirement of the certification process-provides a baseline level of security, but by itself is known to be inferior to security assessed through an adversarial process."

The report also casts shade on the closed-source, proprietary nature of for-profit voting machine vendors' products, although stops short of calling for open-source voting systems. "Vendors, who provide the hardware and software for elections, generally resist third-party inspection of source code on the grounds that allowing outsiders such access compromises their intellectual property."

The report calls for pen testing of voting infrastructure to become a regular, ongoing part of the electoral process to ensure the integrity of voting results. The report also calls for third-party source code review under both non-disclosure and non-compete agreements.

Close watchers of the election security space will be familiar with the National Academies 2018 report on election security, which offered specific, concrete recommendations by a number of security experts on how to bolster voting infrastructure. The Stanford report goes one step further, urging not only pen testing and third-party code review, but also multi-day voting periods (to give people time to vote when the inevitable computer glitches happen), and also recommends making it easier for political parties to provide funding and staffing resources to help candidates secure their campaigns.

So how much security, exactly, is enough to secure an election? The answer to that question is a constantly moving target. As technology continues to evolve, new threats will emerge, some we haven't even imagined yet. But in all cases the final test is the same: Are the voting results so airtight that even a bad-faith losing candidate has to admit they fairly lost? Then our elections are secure.

Otherwise not.

This story, "Why getting election security right for 2020 matters" was originally published by CSO.