6 C
London
Tuesday, November 21, 2017
Home Tags Election Results

Tag: Election Results

DAILY VIDEO: States starting to implement audits to bolster election integrity; North Korea getting ready wage a global cyber war, Experts Say; Google Job Search results now include salary data or estimates; and there's more.
Gage Skidmorereader comments 16 Share this story In a statement issued less than a half hour after being briefed by the heads of US intelligence agencies, President-elect Donald Trump thanked them for their work. “I had a constructive meeting and conversation with the leaders of the Intelligence Community this afternoon,” he said in the published statement. “I have tremendous respect for the work and service done by the men and women of this community to our great nation.” But in his next breath, Trump in essence dismissed the substance of their findings. “While Russia, China, other countries, outside groups and people are consistently trying to break through the cyber infrastructure of our governmental institutions, businesses, and organizations, including the Democratic National Committee,” Trump said, “there was absolutely no effect on the outcome of the election including the fact that there was no tampering whatsoever with voting machines.” Trump added that there “were attempts to hack the Republican National Committee, but the RNC had strong hacking defenses and the hackers were unsuccessful.” In a congressional hearing yesterday, Director of National Intelligence James Clapper said that there was no evidence that election results were tampered with through tapping. But he had also said there was no way to measure what sort of impact information operations alleged to have been carried out at the direction of the Russian government had on how US citizens voted. Clapper described a “multifaceted” campaign that included the use of state-owned media, as well as “disinformation and fake news.” Trump repeated his commitment to taking a broad look at cyber-security when he took office. “Whether it is our government, organizations, associations or businesses,” he said, “we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” But that plan will remain secret, he said. “The methods, tools, and tactics we use to keep America safe should not be a public discussion that will benefit those who seek to do us harm.”
President-elect backs his belief on WikiLeaks founder's statement, will meet heads of intel agencies tomorrow to discuss report. In a series of recent tweets, US President-elect Donald Trump expressed doubts over US intelligence agencies’ allegation that Russia was involved in last year’s cyberattacks on political entities and individuals in order to sway election results, Reuters reports.

Trump backed his belief on proclamation from WikiLeaks founder Julian Assange that leaked documents were not provided by Russia and that US media coverage had been “very dishonest.” Trump’s tweets invited comments from White House spokesperson Josh Earnest who said "There's a pretty stark line that's been drawn, and the President-elect will have to determine who he's going to believe." Vice President-elect Mike Pence came to his leader’s defense saying: "Given some of the intelligence failures of recent years, the President-elect has made it clear to the American people that he's skeptical about conclusions from the bureaucracy." While the Obama administration has launched a probe into the hacks, several Democrats and Republicans have called for independent investigation of the matter. Meanwhile, Trump’s spokesperson has said the President-elect will be meeting heads of the CIA, FBI and DNI tomorrow to discuss their findings, adds Reuters. Click here for more details. Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights
US senators demand top probe before Electoral College vote President-elect Donald Trump has dismissed a report by the CIA claiming that there is proof that Russian government hackers smoothed his route to the White House. On Friday, representatives from the CIA told US Congress that it had evidence that the Russians had hacked the servers of both the Democrats and Republicans, but had only released data from the former in order to help Trump win the election.
Senators on both sides of the political spectrum immediately called for an inquiry. "Recent reports of Russian interference in our election should alarm every American," said Senators John McCain (R‑AZ), Lindsey Graham (R‑SC), Charles Schumer (D‑NY), and Jack Reed (D‑RI). "This cannot become a partisan issue.

The stakes are too high for our country. We are committed to working in this bipartisan manner, and we will seek to unify our colleagues around the goal of investigating and stopping the grave threats that cyberattacks conducted by foreign governments pose to our national security." But in an interview Sunday on Fox News, Trump dismissed the CIA's report as ridiculous and said that any hacking could be by Russia, China, or just someone doing this in their basement. "They have no idea," he said, taking to Twitter later on the topic. Can you imagine if the election results were the opposite and WE tried to play the Russia/CIA card.
It would be called conspiracy theory! — Donald J.

Trump (@realDonaldTrump) December 12, 2016 Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election? — Donald J.

Trump (@realDonaldTrump) December 12, 2016 To muddy the waters further, senior FBI officials reportedly told a closed session of the House Intelligence Committee that the CIA's claims are "direct and bald and unqualified." They said that although Russia had interfered on one side of the election, it wasn't clear what its intentions were. Meanwhile, members of the Electoral College, which meets on December 19 to vote and confirm Trump into office, have asked for an intelligence briefing on the matter before they vote.

The College, made up of 538 members, could – in theory – change the course of the election by refusing to elect Trump. On Friday, President Obama added his voice to calls for an investigation, saying the facts need to be ascertained and protections put in place to avoid this sort of kerfuffle happening again. However, Craig Murray, the UK's former man in Uzbekistan and WikiLeaks insider, says that the hacking claims are wrong.

The Democratic emails didn't come from hacking, but from an individual in the campaign who leaked the data to WikiLeaks. "The worst thing about all this is that it is aimed at promoting further conflict with Russia," Murray said. "This puts everyone in danger for the sake of more profits for the arms and security industries – including of course bigger budgets for the CIA.

As thankfully the four-year agony of Aleppo comes swiftly to a close today, the Saudi and US armed and trained ISIS forces counter by moving to retake Palmyra.

This game kills people, on a massive scale, and goes on and on." ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub
EnlargeT-Mobile USA reader comments 88 Share this story T-Mobile USA is looking forward to fewer regulations and more mergers in the telecom market under President-elect Donald Trump. With net neutrality rules possibly being overturned, the company says mobile Internet providers will have a lot more leeway for "innovation and differentiation." The election results will lead to a regulatory environment that is "more positive for my industry," T-Mobile CFO Braxton Carter said in a Q&A session at a UBS investors conference yesterday. "You look at some of the earlier decisions that Trump has already made [in choosing advisors], I think it's very clear there is going to be less regulation, and regulation often destroys innovation and value creation in bringing benefits to the consumer.

And the trick is bringing a benefit to the consumer while you're also benefiting your shareholders." Under President Obama, the Federal Communications Commission reclassified fixed and mobile ISPs as common carriers and imposed net neutrality rules that forbid blocking, throttling, and paid prioritization.

Carter seems confident the Title II decision will be reversed. "With Title II being overturned there are a lot of really interesting things you could potentially do, but we'll see what happens.
It's going to be an interesting year next year," he said. Carter is also hoping for tax reform that reduces the amount T-Mobile has to pay, he said. T-Mobile was nearly purchased by AT&T in 2011 and Sprint in 2014, but it remained a separate entity as US regulators objected to mergers that would reduce the number of major nationwide wireless carriers from four to three. Under Trump, Carter said he expects the US government to have "more openness to consolidation." On the specific question of whether the four major wireless carriers will be reduced to three, Carter said that it's too early to tell. Carter didn't detail exactly what "innovation" there would be if net neutrality rules are eliminated. Recently, the main controversy has been over zero-rating, the practice of exempting some online services from data caps.

Carter said that T-Mobile structured its Binge On video zero-rating carefully to avoid regulatory problems—the T-Mobile program zero-rates video from third-party services while reducing video resolution to about 480p.

But T-Mobile made the program open to any content provider and doesn't charge them for zero-rating, and it lets consumers opt out of the video quality reductions. AT&T and Verizon Wireless took a more risky approach, zero-rating their own video content while charging other companies for the same data cap exemptions.

The FCC has said this practice may violate net neutrality rules, but such plans will likely be allowed to proliferate when Republicans control the FCC. If the ban on paid prioritization is overturned, ISPs could also charge online service providers for faster access to consumers than online services that don't pay for prioritization. The end of Title II rules would "provide the opportunity for significant innovation and differentiation," Carter said. Carter also discussed cable companies' impending entry into the mobile market.

Cable firms such as Comcast and Charter would be resellers since they haven't built cellular networks, and Carter said this will put the cable companies at a disadvantage. When you control the wireless network, as T-Mobile does, "the power is you know what the individual consumer is doing and what the individual consumer is looking at, because it's purely a personal device," Carter said. "The cable industry now knows who the household is, but the household is very diverse.

The value creation you can get from understanding that intelligence down to the individual is very powerful, and you'll never get that type of integration with a resale-type agreement."
Enlarge / Dr. Jill Stein, Green Party presidential candidate, speaking at Old South Church in Boston on October 30, 2016.Pat Greenhouse/The Boston Globe/Getty Images reader comments 430 Share this story Update, November 24: As of 10am EST on Thursday, Stein's campaign had raised more than $3 million—a new goal to raise $4.5 million by Friday has now been set. Original story (November 23) Citing the dangers of hacked voting machines, Green Party presidential candidate Jill Stein said on Wednesday that she intends to raise more than $2 million by Friday to initiate vote recounts in Wisconsin, Michigan, and Pennsylvania. "After a divisive and painful presidential race, reported hacks into voter and party databases and individual e-mail accounts are causing many Americans to wonder if our election results are reliable," Stein said. "These concerns need to be investigated before the 2016 presidential election is certified. We deserve elections we can trust." In her statement, Stein claims that some election machines used in Wisconsin were banned in California because they were "highly vulnerable to hacking and malicious reprogramming." The statement describes the US election as being "surrounded by hacks," but it's unclear exactly what hacking is being referred to. High-profile hacks of the Democratic National Committee did take place during the campaign, leading to news articles based on e-mails sent by Clinton associates. However, there's no evidence that votes or voting machines in any of the three states Stein has targeted were subject to hacking.

Despite that, Stein's campaign has already raised more than $700,000 from those who are interested in double-checking the three states' ballot totals. Stein says her Green Party campaign is in a good position to be "election integrity advocates" because she doesn't have "a personal conflict of interest in the outcome." Stein's campaign won 1.1 percent of votes in Wisconsin, 1.1 percent in Michigan, and 0.8 percent in Pennsylvania. Preliminary vote totals show Republican Donald Trump won all three states, beating Hillary Clinton in Wisconsin by a 1 percent margin; in Pennsylvania by 1.2 percent; and in Michigan with a slimmer 0.3 percent lead. Her move comes after discussions related to computer hacking took place between members of the Hillary Clinton campaign, election attorneys, and computer scientists including J.

Alex Halderman.

Following reports of that call, Halderman published a blog post explaining his view that election hacking remains a real danger, even on election machines not connected to the Internet. Halderman writes: The only way to know whether a cyberattack changed the result is to closely examine the available physical evidence — paper ballots and voting equipment in critical states like Wisconsin, Michigan, and Pennsylvania. Unfortunately, nobody is ever going to examine that evidence unless candidates in those states act now, in the next several days, to petition for recounts. The deadline for filing for a recount in Wisconsin is Friday, and running a recount in that state alone will cost $1.1 million. An article today in The Hill lays out just a few of the many problems with the theory that Wisconsin's election was altered by hacking.

Clinton's totals line up similarly with the 2014 losing Democratic gubernatorial candidate. Wisconsin has 1,800 election municipalities, many of which have multiple voting machines.

And with no Internet connection, those machines would need to be hacked in person.

Finally, any potential hacker would have presumably wanted to account for the 200,000 votes that Clinton was expected to win by, according to the final polls. Wisconsin's Elections Commission says the state uses 90 percent optical-scan ballots, 5 percent hand-count paper ballots, and 5 percent DRE voting machines with a paper trail.
ProtonMail suggests fear of the Donald prompting lockdown "ProtonMail follows the Swiss policy of neutrality. We do not take any position for or against Trump," the Swiss company's CEO stated on Monday, before revealing that new user sign-ups immediately doubled following Trump's election victory. ProtonMail has published figures showing that as soon as the election results rolled in, the public began to seek out privacy-focused services such as its own. CEO Andy Yen said that, in communicating with these new users, the company found people apprehensive about the decisions that President Trump might take and what they would mean considering the surveillance activities of the National Security Agency. "Given Trump's campaign rhetoric against journalists, political enemies, immigrants, and Muslims, there is concern that Trump could use the new tools at his disposal to target certain groups," Yen said. "As the NSA currently operates completely out of the public eye with very little legal oversight, all of this could be done in secret." ProtonMail was launched back in May 2014 by scientists who had met at CERN and MIT. In response to the Snowden revelations regarding collusion between the NSA and other email providers such as Google, they created a government-resistant, end-to-end encrypted email service. The service was so popular that it was "forced to institute a waiting list for new accounts after signups exceeded 10,000 per day" within the first three days of opening, the CEO previously told The Register when ProtonMail reopened free registration to all earlier this year. ProtonMail new user signups doubled immediately after Trump's election victory Yen said his service was now "seeing an influx of liberal users" despite its popularity on both sides of the political spectrum. "ProtonMail has also long been popular with the political right, who were truly worried about big government spying, and the Obama administration having access to their communications. Now the tables have turned," Yen noted. "One of the problems with having a technological infrastructure that can be abused for mass surveillance purposes is that governments can and do change, quite regularly in fact. This demonstrates that privacy isn't just a liberal or conservative issue, it is something that we all need to champion, regardless of our political leanings. This is why ProtonMail is committed to building a safe haven for all people in the world, regardless of nationality, political views, or religious beliefs. "The only way to protect our freedom is to build technologies, such as end-to-end encryption, which cannot be abused for mass surveillance," Yen added. "Governments can change, but the laws of mathematics upon which encryption is based are much harder to change." ® Sponsored: Customer Identity and Access Management

American political think tanks and NGOs were targeted by a well-known hacking group called The Dukes.

Russian hackers wasted no time this week, attacking American political think tanks and non-government organizations (NGOs) on Wednesday.

A round of targeted phishing campaigns (attempts to obtain sensitive information by pretending to be a trustworthy entity) came less than six hours after Donald Trump was named President-elect of the US.

According to cyber incident response firm Volexity, the hackers belong to a Russian gang best known for infiltrating computer networks at the Democratic National Committee and the Democratic Congressional Campaign Committee.

The group—often referred to as APT29, Cozy Bear, or The Dukes—began targeting research organizations and NGOs in July 2015.

"This represented a fairly significant shift in the group's previous operations and one that continued in the lead-up to and immediately after the 2016 United States Presidential election," Volexity founder Steven Adair wrote in a blog post.

The Dukes in August launched several waves of highly targeted spear-phishing attacks, sending spoofed email messages to specific individuals at US-based organizations via backdoor malware dubbed PowerDuke.

The same malware, which allows the hackers to examine and control a system, was used again in this week's post-election invasions.

As reported by Volexity, two of the attacks purported to be messages forwarded from the Clinton Foundation, two posed as eFax links or documents regarding rigged election results, and the last claimed to be a link to a PDF download on "Why American Elections Are Flawed."

Last month, federal officials said they are "confident" that the Russian government is behind recent attacks of US political organizations, like the DNC. Russian President Vladimir Putin has denied any involvement in said hacks.

"The Dukes continue to launch well-crafted and clever attack campaigns.

They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels," Adair wrote on Wednesday. "Volexity believes that The Dukes are likely working to gain long-term access into think tanks and NGOs and will continue to launch new attacks for the foreseeable future."

Less than six hours after Donald Trump was named President-Elect of the US, Cozy Bear/APT29/CozyDuke nation-state hackers kicked off waves of spearphishing attacks. Russia's cyber-spying machine was in full force within six hours of the final US Presidential election results with at least five different waves of spear-phishing campaigns targeting users associated with US think-tanks and non-governmental organizations. Researchers with Volexity posted their findings surrounding a jump in spearphishing activity by the so-called Russian hacking group known as Cozy Bear, APT29, and CozyDuke, best known for its recent breach of the Democratic National Committee (DNC).

There were five different spearphishing campaigns spotted by Volexity, including attacks posing as emails forwarded from the Clinton Foundation, and two others posing as eFax URLs or documents. "These e-mails came from a mix of attacker-created Google Gmail accounts and what appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS).

These e-mails were sent in large quantities to different individuals across many organizations and individuals focusing in national security, defense, international affairs, public policy, and European and Asian studies," said Steven Adair, founder at Volexity, in a post yesterday. Think-tanks and NGOs have been common targets of the group, also known as The Dukes, since July of 2015. "The Dukes continue to launch well-crafted and clever attack campaigns.

They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels," Adair wrote. The group employs anti-VM macros and PowerShell scripts that help them bypass sandboxes that could detect them, for instance. "This combined with their use of stenography to hide their backdoor within PNG files that are downloaded remotely and loaded in memory only or via alternate data streams (ADS) is quite novel in its approach," he said. "Volexity believes that the Dukes are likely working to gain long-term access into think tanks and NGOs and will continue to launch new attacks for the foreseeable future." The first spear-phishing attack wave uses a lure of the "The Shocking Truth About Election-Rigging in the United States." The email is purportedly an electronic fax from Secure Fax Corp., and contains a link to a ZIP file.

That file has a Microsoft .LNK file that houses PowerShell commands, which execute anti-virtual machine checks and install a backdoor onto the victim's machine. "The PowerDuke backdoor boasts a pretty extensive list of features that allow the Dukes to examine and control a system.
Volexity suspects the feature set that has been built into PowerDuke is an extension of their anti-VM capabilities in the initial dropper files," Adair wrote. "Several commands supported by PowerDuke facilitate getting information about the system."  Dark Reading's all-day virtual event Nov. 15 offers an in-depth look at myths surrounding data defense and how to put business on a more effective security path.  In the second attack wave, the hackers uses a Word document with a malicious macro that checks for anti-VM features, and appears to come from [email protected] The subject line is "Incoming eFax: Elections Outcome Could Be revised [Facts of Elections Fraud]." The most widespread attack was the third one, which uses an email purportedly from Harvard's "PDF Mobile Service," which doesn’t actually exist. (There appears to be a typo in the message as well, calling it "PFD Mobile Service" as well).

The subject line: "Why American Elections Are Flawed." This one uses a ZIP file to mask the malicious executable. The Clinton Foundation is the lure for the fourth and fifth waves of spearphishing campaigns by the hacking group.

The first one uses "Clinton Foundation FYI #1" in its subject line, and deploys a Word document with a malicious embedded macro.

The macro checks for anti-VM features.

The email purportedly comes from the fictitious Harvard PDF Mobile Service. Then there's the "Clinton Foundation FYI #2" email wave from the same "Harvard" email address, which contains a link to a ZIP file with an LNK file embedded.
It contains the signature PowerShell commands that look for anti-VM, and installs a backdoor on the victim's machine. "Like Attack Wave #3, this e-mail message also purported to be forwarded from Laura Graham at the Clinton Foundation.

The message body contained dozens of e-mail addresses to which the message originally claims to have been sent, with organizations similar to Attack Wave #3," Adair wrote. Volexity's post includes screenshots of the emails and code snippets. Related Content: Save Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights
Economic uncertainty about a Trump presidency appears to be good for cyber currencies. The economic anxiety of a Donald Trump presidency is giving cyber currencies like Bitcoin a short term boost, with their value rising substantially following Trump...
Philip Stark with his boxes of ballotsCyrus Farivar reader comments 114 Share this story Today is Election Day in the United States, so we are resurfacing this story on auditing election results that originally ran in 2012. NAPA, CALIFORNIA—Armed with a set of 10-sided dice (we’ll get to those in a moment), an online Web tool, and a stack of hundreds of ballots, University of California-Berkeley statistics professor Philip Stark spent last Friday unleashing both science and technology upon a recent California election. He wanted to answer a very simple question—had the vote counting produced the proper result?—and he had developed a stats-based system to find out. On June 2, 6,573 citizens went to the polls in Napa County and cast primary ballots for supervisor of the 2nd District in one of California’s most famous wine-producing regions, on the northern edge of the San Francisco Bay Area. The three candidates—Juliana Inman, Mark van Gorder, and Mark Luce—would all have liked to come in first, but they really didn't want to be third. That's because only the two top vote-getters in the primary would proceed to the runoff election in November; number three was out. Napa County officials announced the official results a few days later: Luce, the incumbent, took in 2,806 votes, van Gorder got 1,911 votes, and Inman received 1,856 votes—a difference between second and third place of just 55 votes. Given the close result, even a small number of counting errors could have swung the election. Vote counting can go wrong in any number of ways, and even the auditing processes designed to ensure the integrity of close races can be a mess (did someone say "hanging, dimpled, or pregnant chads"?). Measuring human intent at the ballot box can be tricky. To take just one example, in California, many ballots are cast by completing an arrow, which is then optically read. While voters are instructed to fully complete the thickness of the arrow, in practice some only draw a line. The vote tabulation system used by counties sometimes do not always count those as votes. So Napa County invited Philip Stark to look more closely at their results. Stark has been on a four-year mission to encourage more elections officials to use statistical tools to ensure that the announced victor is indeed correct. He first described his method back in 2008, in a paper called “Conservative statistical post-election audits,” but he generally uses a catchier name for the process: “risk-limiting auditing.” Napa County had no reason to believe that the results in this particular election were wrong, explained John Tuteur, the County Assessor, when I showed up to watch. But, anticipating that the election would be close, Tuteur had asked that Napa County be the latest participant in a state-sponsored pilot project to audit various elections across the Golden State. While American public policy, particularly since the 2000 Bush v. Gore debacle, has focused on voting technology, not as much attention has been paid to vote audits. If things continue to move forward, Stark could have an outsized effect on how election audits are conducted in California, and perhaps the country, for years to come. “What this new auditing method does is count enough to have high confidence that [a full recount] wouldn't change the answer,” Stark explained to me. “You can think of this as an intelligent recount. It stops as soon as it becomes clear that it's pointless to continue. It gives stronger evidence that the outcome is right.” The process has been endorsed by numerous academics and voting officials, and by the American Statistical Association (PDF), the League of Women Voters (PDF), the Brennan Center for Justice (PDF) and many others in recent years. And it begins with those 10-sided dice. A ballot from the audit; note the use of a thin connecting line. Cyrus Farivar Audit day To kick off the process, all 6,573 votes tallied in the 2nd District supervisor contest were re-scanned by county elections officials in the City of Napa. They sent the scans to a separate computer science team at Berkeley, led by Professor David Wagner. Along with a group of graduate students, Wagner has developed software meant to read voter intent from ballots. His system, for instance, will flag even ballots where the arrow was not filled in according to the instructions, and it takes a different approach to filtering out stray marks. The Wagner team created a spreadsheet containing each ballot (they also created a numbering system to identify and locate individual ballots) and how that person cast his or her vote. One problem that cropped up early on was the discrepancy between the number of ballots cast and the number of ballots scanned. While 6,573 total votes were recorded in this particular contest, the Wagner team scanned a total of 6,809 ballots, while Napa County recorded 7,116 votes cast in the election as whole. (Not every voter in the election chose to vote in this particular contest.) In short, there were over 300 ballots missing. While that seems problematic, the margins stayed more or less the same. "If both systems say 'Abraham Lincoln won' then if the unofficial system is right, so is the official system, even if their total votes differ and even if they interpreted every vote differently," wrote Stark in an e-mail on Tuesday. "That's the transitive idea. A transitive audit is really only checking who won, not checking whether the official voting system counted any particular ballot correctly. That said, we do compare the precinct totals for the two systems to make sure they (approximately) agree, which they did here." He added that to deal with the missing ballots, to confirm the winner, he treated them as if they were votes for the runner-up—so even with 300 additional votes, Luce still was the victor. "To confirm the runner-up, we could not do that; instead, I treated them two different ways, neither completely rigorous," he added. "In other audits, I've been able to deal with any mismatches between the ballot counts completely rigorously, so that the chance of a full hand count if the reported result was wrong remained over 90 percent." With that out of the way, the first step in the actual audit was to randomly select a seed number that would be used to feed a pseudo-random number generator found on a website that Stark created. For this, Stark had some high-level help in the form of Ron Rivest, one of America’s foremost experts on cryptography and voting systems, a professor of computer science at MIT who had also helped create the RSA crypto algorithm. Using 20 store-bought ten-sided dice, Rivest and Stark rolled out a 20-digit number. (73567556725160627585, for those keeping score at home.) Risk-limiting auditing relies on a published statistical formula, based on an accepted risk limit, and on the margin of victory to determine how many randomly selected ballots should be manually checked. “The risk limit is not the chance that the outcome (after auditing) is wrong,” Stark wrote in a paper (PDF) published in March 2012. “A risk-limiting audit amends the outcome if and only if it leads to a full hand tally that disagrees with the original outcome. Hence, a risk-limiting audit cannot harm correct outcomes. But if the original outcome is wrong, there is a chance the audit will not correct it. The risk limit is the largest such chance. If the risk limit is 10 percent and the outcome is wrong, there is at most a 10 percent chance (and typically much less) that the audit will not correct the outcome—at least a 90 percent chance (and typically much more) that the audit will correct the outcome.” Enlarge / Ron Rivest, an MIT cryptographer, helped Stark use 10-sided dice to produce a random seed. Cyrus Farivar To decide how many ballots should be sampled in the Napa County audit, Stark used his own online tools and calculated that it should be 559. With that number in hand, Napa County's John Tuteur supervised a team of temporary ballot counters in another room. They sorted through stacks of ballots in numbered boxes, affixing a sticky note to the individual ballots in question, preserving the order in which all ballots were kept. After locating the individual ballots, the team delivered the boxes containing them back to Stark, Rivest, and a few observers (including me). Each marked ballot was then pulled from its box and displayed to the room. Once everyone agreed that the ballot showed a vote for a particular candidate, an undervote (e.g., no vote at all), or an overvote (an uncounted and unauthorized vote for multiple candidates), the result was tallied on Wagner's spreadsheet. After a given set of ballots, those results were then compared to what the Wagner image-scanning team had recorded. "You want cast as intended, and counted as cast, and verified,” Stark said. Enlarge / Temporary elections workers sifted through stacks of voted ballots to locate which ones needed to be audited. Cyrus Farivar Statistically significant audits Over a dozen counties have now participated in a California-wide pilot project to provide a real-world test of what had previously been an academic theory. The pilot was authorized under California Assembly Bill 2023, which passed in 2010. Including audits conducted before the bill’s passage, 23 contests have been audited across several county-level elections in the state in recent users, and other counties, including Orange, Marin, and Yolo, will have additional audits in the coming weeks. California already has a mandatory audit law, which stipulates that a public manual tally of 1 percent of the precincts, chosen at random, must take place. But in Stark's view, this is the wrong way to proceed. “There is no statistical justification for the 1 percent tally,” Stark explained. “It is a check on the accuracy of the system, but it is not well tied to ensuring that outcomes are right. It doesn't require more counting for small margins than for large ones, and it does not require a full hand count, even if something is obviously wrong.” “In a contest I audited in Orange County," Stark added, "the chance the 1 percent count might not find any errors at all even if the outcome had been wrong could have been as large as 88 percent." Risk-limiting auditing, by contrast, takes into account the margin of victory. A wider margin of victory means there's less risk that something went wrong, so the system requires fewer votes to audit—sometimes dramatically fewer. Some vote registrars appreciate the new system. “Academics like Professor Stark bring an unbiased, fact-based approach to solving problems, unlike some election reform activists that promote changes based on superstition and emotion,” said Marin County’s registrar of voters, Elaine Ginnold, in a 2010 UC Berkeley news release. “It is the more objective approach that will result in meaningful election reform such as the proposal in this election audit bill.” Rivest, who has published academic papers with Stark on this issue, also lauded the process, which until last week he had not witnessed in person. “Post-election auditing is a great way of making sure that the voting system is working as it should,” he said. “Given the difficulty of checking the election outcome by looking at the paper ballots, I’d like to see a lot more post-election auditing. The work here is based [on] having a foundation in paper ballots. Assuming you have a solid paper trail, you can confirm the election outcome with the process that we're seeing today.” And the impact of Stark's work is spreading. Around the country, counties in Colorado and Ohio have used Stark’s methods to conduct similar audits, though he has not participated in them. Starting in 2014, all elections in Colorado will use risk-limited auditing. As for California's pilot project, its audits will continue through the November 2012 election. Enlarge / Stark's spreadsheet compared the scanned vote (right-hand name column) with the votes as human-read on each audited ballot (left). Cyrus Farivar The results are in But risk-limiting auditing does have one real downside: time. A full recount can sometimes take days, of course, but even doing a risk-limiting audit on a relatively small Napa County contest of around 5,000 votes took four hours (including a lunch break) and collectively involved around 15 people, to say nothing of the prep work required to set up the process. “At the moment, I think that until and unless we get [officials] to report [votes] at the ballot level, it is going to be a lot of trouble to do it this way,” Stark said. “For large jurisdictions, it's just hard—it's hard to do quickly enough.” He has ideas for speeding up the process, but they don't align well with the current crop of voting machines, which don't record their per-ballot vote interpretations. The Napa recount encountered a few minor discrepancies, such as when a numbered ballot (for example, Ballot 32 from a stack of 50) was not properly marked because the human worker mis-counted. Those glitches, however, were all corrected by the Stark and Rivest team. In the end, all 559 audited votes the team examined matched the votes as they were recorded by the Wagner scanning software. As the day wound down, the original results stood—and Napa County could have confidence in its election. “I am committed to having the right count,” Napa County's Tuteur said on Friday. “My goal is to make sure that the people of Napa County, those who voted and those who didn't, have full confidence in our system.”
Security experts monitoring cyber-chatter for virtual and real-world threats against U.S. Election Day targets say so far, so good. They don’t believe there will be cyberattack or al-Qaeda terror attack come Election Day. That’s not to say the U.S. government isn’t ready for the worst. The White House has ordered the Department of Homeland Security, the National Security Agency, the Defense Department and the CIA to prepare for a possible cyberattack. According to news reports, those agencies are on “high alert.” But Ian Gray, intelligence analyst at Flashpoint, said despite hack-the-vote chatter “vote tampering during the upcoming election is highly unlikely and confidence in the U.S. voting system will remain strong.” When it comes to Internet-based discussions from within the jihadi community, Flashpoint researchers said that over the weekend ISIS’s official al-Hayat Media released a special-issue article titled, “The Murtadd Vote,” focused on the upcoming U.S. elections. But after examining the contents of the latest propaganda, Flashpoint said their didn’t appear to be any overt calls for violence. “Despite recent media reports citing an al-Qaida terrorist threat to New York, Texas, and Virginia on the day before the 2016 U.S. elections, Flashpoint analysts have seen no specific threats from official terrorist groups nor sources in the online jihadi community to this effect,” authors Alex Kassirer, senior counterterrorism analyst at Flashpoint and Evan Kohlmann, chief innovation officer at Flashpoint wrote in a recent security bulletin. According to Kassirer and Kohlmann, online sympathizers of al-Qaida, as well as ISIS, are taking to social media and closed forums and are expressing “moderate interest” in striking U.S.-based polling stations. “There is nonetheless a tradition within the jihadi community of promoting the U.S. electoral process and polling stations as valid targets. Broadly speaking, jihadi activists view attacks targeting the U.S. election as beneficial not merely for their symbolic value, but also the logistical advantages they present,” according to the report. Flashpoint says jihadists aren’t promoting physical attacks, rather they are encouraging their U.S.-based sympathizers not to vote. “Despite an abundance of rhetoric asserting that ISIS favors Trump, the group denounced both sides of the Presidential election as a means of further discouraging Muslims from voting,” Flashpoint wrote. “The only differences between Trump and Clinton are that Clinton is more skilled in ‘political correctness,’ giving her leverage in the sorcery of hypocrisy, that she is a female feminist – and the Prophet said, ‘Never shall a people who give their leadership to a woman be successful’ – and that Trump is impulsive and unpredictable,” according to al-Hayat Media’s special-issue focused on the US elections that came out Nov. 5, 2016. Flashpoint said it has not observed any specific online threats of physical attacks on Election Day. As for cyberattacks, despite worries of Mirai-fueled IoT botnet attacks and reports of foreign governments meddling with U.S. elections, Flashpoints says threats are less than urgent. Flashpoint’s has been focusing attention “independent” Romanian hacker dubbed “Guccifer 2.0,” who claims to have provided WikiLeaks with a significant data dump of sensitive Clinton Foundation documents. Gray credits Guccifer with to some degree “disrupted the track of the U.S. election.” Despite Guccifer 2.0’s insistence of independence last month, the U.S. Office of the Director of National Intelligence (ODNI) released a statement saying that it was confident that the Russian Government was tightly linked to Guccifer 2.0. Flashpoint concurred stating, “The tactics recently employed by WikiLeaks, DC Leaks and Guccifer 2.0 were noted for their resemblance to similar campaigns employed against democracies in Europe and Eurasia.” Russia has vehemently denied any links to cyberattacks tied to various WikiLeak email revelations. “WikiLeaks’s continued provocations against the United States’ Democratic Party have likely led the Ecuadorian Embassy to restrict Assange’s Internet access,” wrote Gray in his Election Day cybersecurity forecast. In his report, Gray points out that the FBI has confirmed that malicious actors have been scanning and probing state voter databases for vulnerabilities stretched across 9,000 separate state and local jurisdictions. “Though the actors were operating on servers hosted by a Russian company, those attacks are not, for the moment, being attributed to an actual Russian state-sponsored campaign,” he wrote. In response to the potential of cyberattacks, the FBI has asked state election systems to reinforce security protections. Gray, paraphrasing the FBI, said: “Due to the decentralized nature of the voting system and state and local protections, it would be difficult for a state actor to alter ballot counts or election results… This environment is a formidable challenge to any actor — nation-state or not — who seeks to substantially influence or alter the outcome of an election. Doing so would require mastering a large number of these disparate cyber environments and finding a multitude of ways to manipulate them. An operation of this size would require vast resources over a multi-year period — an operation that would likely be detected and countered before it could come to fruition.” Nevertheless, U.S. adversaries wishing to sway election results, Gray said, will find more success via an organized disinformation campaign. “This logic also seems to be echoed in the latest Guccifer 2.0 message posted on November 4, which alleges that U.S. Federal Election Commission (FEC) ‘software is of poor quality, with many holes and vulnerabilities,'” Gray wrote. Part of Guccifer 2.0’s message included allegations of potential electoral fraud and a warning that “Democrats may rig the elections.” “The resilience in our election system currently rests within the plurality and structure of the current systems, but as information technology continues to connect more devices to the Internet, this may not always be true for future elections,” Gray concluded.