Microsoft offers software tools to secure elections

May 6, 2019

By FRANK BAJAK

Microsoft has announced an ambitious effort to make voting secure, verifiable and subject to reliable audits by registering ballots in encrypted form so they can be accurately and independently tracked long after they are cast.

Two of the three top U.S elections vendors have expressed interest in potentially incorporating the open-source software into their voting systems.

The software is being developed with Galois, an Oregon-based company separately creating a secure voting system prototype under contract with the Pentagon’s advanced research agency, DARPA. Dubbed “ElectionGuard,” it will be available this summer, Microsoft says, with early prototypes ready to pilot for next year’s U.S. general elections.

CEO Satya Nadella announced the initiative Monday at a developer’s conference in Seattle, saying the software development kit would help “modernize all of the election infrastructure everywhere in the world.”

Three little-known U.S. companies control about 90 percent of the market for election equipment, but have long faced criticism for poor security, antiquated technology and insufficient transparency around their proprietary, black-box voting systems.

Open-source software is inherently more secure because the underlying code is easily scrutinized by outside experts but has been shunned by the dominant vendors whose customers — the nation’s 10,000 election jurisdictions — are mostly strapped for cash.

None offered bids when Travis County, Texas, home to Austin, sought to build a system with the “end-to-end” verification attributes that ElectionGuard promises to deliver.

MORE

 

How Facebook stands to profit from its ‘privacy’ push

March 8, 2019

By FRANK BAJAK

At first glance, Mark Zuckerberg’s new ”privacy-focused vision ” for Facebook looks like a transformative mission statement from a CEO under pressure to reverse years of battering over its surveillance practices and privacy failures.

But critics say the announcement obscures Facebook’s deeper motivations: To expand lucrative new commercial services, continue monopolizing the attention of users, develop new data sources to track people and frustrate regulators who might be eyeing a breakup of the social-media behemoth.

Facebook “wants to be the operating system of our lives,” said Siva Vaidhyanathan, director of media studies at the University of Virginia.

zuck hearing

Zuckerberg’s plan, outlined Wednesday, expands Facebook’s commitment to private messaging, in sharp contrast with his traditional focus on public sharing. Facebook would combine its instant-messaging services WhatsApp and Instagram Direct with its core Messenger app so that users of one could message people on the others, and would expand the use of encrypted messaging to keep outsiders — including Facebook — from reading the messages.

The plan also calls for using those messaging services to expand Facebook’s role in e-commerce and payments. A Facebook spokesperson later said it was too early to answer detailed questions about the company’s messaging plans.

Vaidhyanathan said Zuckerberg wants people to abandon competing, person-to-person forms of communication such as email, texting and Apple’s iMessage in order to “do everything through a Facebook product.” The end goal could be transform Facebook into a service like the Chinese app WeChat , which has 1.1 billion users and includes the world’s most popular person-to-person online payment system.

MORE

 

Ahead of court ruling, Census Bureau seeks citizenship data

March 7, 2019

By GARANCE BURKE and FRANK BAJAK

As the U.S. Supreme Court weighs whether the Trump administration can ask people if they are citizens on the 2020 Census, the Census Bureau is quietly seeking comprehensive information about the legal status of millions of immigrants.

Under a proposed plan, the Department of Homeland Security would provide the Census Bureau with a broad swath of personal data about noncitizens, including their immigration status, The Associated Press has learned. A pending agreement between the agencies has been in the works since at least January, the same month a federal judge in New York blocked the administration from adding the citizenship question to the 10-year survey.

On Wednesday, a federal judge in California also declared that adding the citizenship question to the Census was unconstitutional, saying the move “threatens the very foundation of our democratic system.”

The data that Homeland Security would share with Census officials would include noncitizens’ full names and addresses, birth dates and places, as well as Social Security numbers and highly sensitive alien registration numbers, according to a document signed by the Census Bureau and obtained by AP.

Such a data dump would be apparently unprecedented and give the Census Bureau a view of immigrants’ citizenship status that is even more precise than what can be gathered in door-to-door canvassing, according to bureau research.

Supreme Court Census

 

Experts: US anti-Huawei campaign likely exaggerated

February 28, 2019

By FRANK BAJAK

Since last year, the U.S. has waged a vigorous diplomatic offensive against the Chinese telecommunications giant Huawei, claiming that any nation deploying its gear in next-generation wireless networks is giving Beijing a conduit for espionage or worse.

But security experts say the U.S. government is likely exaggerating that threat. Not only is the U.S. case short on specifics, they say, it glosses over the fact that the Chinese don’t need secret access to Huawei routers to infiltrate global networks that already have notoriously poor security.

State-sponsored hackers have shown no preference for one manufacturer’s technology over another, these experts say. Kremlin-backed hackers, for instance, adroitly exploit internet routers and other networking equipment made by companies that are not Russian.

If the Chinese want to disrupt global networks, “they will do so regardless of the type of equipment you are using,” said Jan-Peter Kleinhans, a researcher at the Berlin think tank Neue Verantwortung Stiftung.

One of the most common U.S. fears — that Huawei might install software “backdoors” in its equipment that Chinese intelligence could use to tap into, eavesdrop on or interrupt data transmissions — strikes some experts as highly unlikely.

Priscilla Moriuchi, who retired from the National Security Agency in 2017 after running its Far East operations, does not believe the Huawei threat is overblown. But she called the odds of the company installing backdoors on behalf of Chinese intelligence “almost zero because of the chance that it would be discovered,” thus exposing Huawei’s complicity.

MORE

 

Georgia governor’s race roiled by election security charges

November 5, 2018

By BILL BARROW and FRANK BAJAK

ATLANTA (AP) — The bruising race for governor of Georgia has been roiled by unsupported, eleventh-hour allegations from Republican candidate Brian Kemp, who is also the state’s chief election official, that Democrats sought to hack the voter registration system.

His Democratic opponent, Stacey Abrams, said he is making a baseless accusation to deflect attention from an apparently severe security flaw in the system Kemp is responsible for overseeing.

Here’s a look at the dispute, how it unfolded and what’s at stake.

THE ALLEGATION

Kemp asked the FBI on Sunday to investigate the Democratic Party, accusing it of trying to hack the system he controls as secretary of state. He offered no evidence in support of his request for a probe of the opposition.

The FBI declined to comment.

Kemp leveled the allegation after an attorney for election-security advocates notified the FBI and Kemp’s office on Saturday that a private citizen alerted him to what appeared to be a major flaw in the database used to check in voters at the polls.

Independent computer scientists told The Associated Press that the flaw would enable anyone with access to an individual voter’s personal information to log on to Georgia’s MyVoter registration portal and alter or delete any voter’s record, potentially causing havoc.

MORE

US election integrity depends on security-challenged firms

October 29, 2018

By FRANK BAJAK

It was the kind of security lapse that gives election officials nightmares. In 2017, a private contractor left data on Chicago’s 1.8 million registered voters — including addresses, birth dates and partial Social Security numbers — publicly exposed for months on an Amazon cloud server.

Later, at a tense hearing , Chicago’s Board of Elections dressed down the top three executives of Election Systems & Software, the nation’s dominant supplier of election equipment and services.

The three shifted uneasily on folding chairs as board members grilled them about what went wrong. ES&S CEO Tom Burt apologized and repeatedly stressed that there was no evidence hackers downloaded the data.

Election Vendors Image

The Chicago lapse provided a rare moment of public accountability for the closely held businesses that have come to serve as front-line guardians of U.S. election security.

A trio of companies — ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas — sell and service more than 90 percent of the machinery on which votes are cast and results tabulated. Experts say they have long skimped on security in favor of convenience, making it more difficult to detect intrusions such as occurred in Russia’s 2016 election meddling.

The businesses also face no significant federal oversight and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.

In much of the nation, especially where tech expertise and budgets are thin, the companies effectively run elections either directly or through subcontractors.

“They cobble things together as well as they can,” University of Connecticut election-technology expert Alexander Schwartzman said of the industry leaders. Building truly secure systems would likely make them unprofitable, he said.

MORE

ICE shutters detention alternative for asylum-seekers

June 9, 2017

By FRANK BAJAK

HOUSTON (AP) — The Trump administration is shutting down the least restrictive alternative to detention available to asylum-seekers who have entered the U.S. illegally in what it calls a cost-cutting measure that will favor programs with higher deportation rates.

Immigration activists consider the move a callous insult to migrants fleeing traumatic violence and poverty — nearly all the program’s participants are Central American mothers and children — by a White House that has prioritized deportations that break up families over assimilating refugees.

“This is a clear attempt to punish mothers who are trying to save their children’s lives by seeking protection in the United States,” said Michelle Brane of the nonprofit Women’s Refugee Commission. “I think it’s crazy they are shutting down a program that is so incredibly successful.”

The overwhelming majority of asylum-seekers that U.S. Immigration and Customs Enforcement spares confinement at family detention centers — about 70,000 —have been placed in an intrusive “intensive supervision” program as they await court hearings on whether they can stay in the U.S.

GPS ankle monitors are strapped on three in seven. The wearers, mostly women, complain of bruises and public ostracism.

The Family Case Management Program that is being shuttered had 630 families enrolled as of April 19. Essentially a counseling service, it has operated in Chicago, Miami, New York, Los Angeles and Baltimore/Washington, D.C., since January 2016 and the contract was renewed in September for one year. Social workers help participants find lawyers, navigate the overburdened immigration court system, get housing and health care, and enroll the kids in school.

Women who previously would have been eligible can now expect to be put on ankle monitors, said Lilian Alba, program manager at the International Institute of Los Angeles, one of the community-based agencies running the program.

MORE

Mobile carriers cut off flow of location data to brokers

By FRANK BAJAK

Verizon, AT&T, Sprint and T-Mobile have pledged to stop providing information on U.S. phone owners’ locations to data brokers, stepping back from a business practice that has drawn criticism for endangering privacy.

The data has apparently allowed outside companies to pinpoint the location of wireless devices without their owners’ knowledge or consent. Verizon said that about 75 companies have been obtaining its customer data from two little-known California-based brokers that Verizon supplies directly — LocationSmart and Zumigo.

Verizon was the first major carrier to declare it would end sales of such data to brokers that then provide it to others. It did so in a June 15 letter to Sen. Ron Wyden, an Oregon Democrat who has been probing the phone location-tracking market. AT&T, T-Mobile and Sprint followed suit Tuesday after The Associated Press reported the Verizon move.

None of the carriers said they are getting out of the business of selling location data. The carriers together have more than 300 million U.S. subscribers

FULL ARTICLE

Wiring the Planet – 1993

Thanks to Patrick Kroupa for keeping this story alive online – From a package I wrote introducing folks to an erstewhile invention of the military-industrial complex _ later hijacked by telecommunications conglomerates and the micro-targeting advertising industry _  called the Internet:

Wiring the Planet — MindVox!

Sunday, May 23, 1993

By Frank Bajak

Somewhere in the ether and silicon that unite two workstations 11 floors above lower Broadway, denizens of the cyberpunk milieu are feverishly debating whether anyone in government can be trusted. Elsewhere amid the colliding electrons, people read a rock musician’s rage about the computer information service that somehow obtained and posted his lyrics without permission. This is the 12-by-20-foot bare-walled home of MindVox, today’s recreation hall for the new lost generation’s telecomputing crowd. You can enter by phone line or directly off Internet.

Patrick Kroupa and Bruce Fancher are the proprietors, self-described former Legion of Doom telephone hackers who cut the cord with computing for a time after mid-1980s teen-age shenanigans. But back they came, deciding to take the code-writing prowess of their circle, write some real idiot proof software” on top of a Unix operating system and build a primo thoughtspace for meetings of minds. ‘We just saw that a lot of interesting technologies were not being used for anything but file-servers,’ says Kroupa, describing the thousands of dial-up bulletin board systems in which callers often find little more than downloads of software and dirty pictures.

Kroupa is a towering 25-year-old high school dropout in a black leather jacket with long hair gathered under a gray bandanna, three earrings and a hearty laugh. “America online looks pretty, but is pretty devoid of intellectual content,” Kroupa says of the popular information service. His chronicle of an angst-ridden odyssey from an adolescent hacker known as ‘Lord Digital, to cyberspace saloon-keeper is suggested reading for MindVox newcomers. Fancher is 22 and more businesslike, but equally in love with this dream he left Tufts University for.

READ MORE

APNewsBreak: US cites cellphone spying devices in DC

For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages.

stingray

The use of what are known as cellphone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies — which use such eavesdropping equipment themselves — have been silent on the issue until now.

In a March 26 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation’s capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.

The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.

The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.

READ MORE