Hacker News new | comments | ask | show | jobs | submit login
The Security of Our Election Systems (schneier.com)
95 points by yarapavan on July 30, 2016 | hide | past | web | favorite | 86 comments



There's a strong moral argument in favor of the DNC leaks: the American people ought to know that its political process was corrupted by powerful actors within its own institutions.

Schneier said, "This kind of cyberattack targets the very core of our democratic process. " In this case, though, the attack targeted actors who prevented democratic process.

Were we exposed to fictitious narratives intended to advance pro-Russian agendas? Was truth revealed, without manipulation of content? It seems to be the latter.

Attacking the polls would be unacceptable and deserve retaliation, but it hasn't happened yet. Attacking a whistle blower who has helped to reveal a corrupt political process isn't something I'd agree with. Schneier speculates that foreign influence will continue into the polls -- I guess we had better strengthen the election process and ensure transparency, then.


> Schneier said, "This kind of cyberattack targets the very core of our democratic process. " In this case, though, the attack targeted actors who prevented democratic process.

Parties choose their candidates. While it is democratic in the sense that people cast ballots; the process was never guaranteed to be a level playing field. Sanders was an outsider from the democratic party. The party has rules and systems to keep people like Sanders out. That is what super delegates are for. You and I may both have preferred Sanders, but we don't have a right to the DNC's private email.

As for the polls, in Canada we do a simple pencil and paper system that works extremely well. You might be able to get an extra vote or two here or there, but the process is essentially unbreakable.


The process was guaranteed to be a level playing field by the DNC charter (Article 5, Section 4):

In the conduct and management of the affairs and procedures of the Democratic National Committee, particularly as they apply to the preparation and conduct of the Presidential nomination process, the Chairperson shall exercise impartiality and evenhandedness as between the Presidential candidates and campaigns. The Chairperson shall be responsible for ensuring that the national officers and staff of the Democratic National Committee maintain impartiality and evenhandedness during the Democratic Party Presidential nominating process.


Is there any evidence that the bias of the DNC in this particular case is so uncommon as to be egregious? Candidates in both parties have cried foul that the process is 'rigged' (possibly with good reason) but only the Democrats are being accused of corruption.


I think it is always egregious, regardless of whether it happens all the time or not. For example, the USG is known to meddle with other countries elections. I don't think that's excusable. I assume the RNC played all kinds of tricks as well and that this is SOP for both parties. Wrong in every case.


We're talking about different meanings of the word "guaranteed". I'm talking about guaranteed in the sense that supports leaking private emails to the public by people outside the organisation (as opposed to an unbiased whistle blower). Article 5, Section 4 is the type of thing parties put in, but only as a way of making sure the backroom politicking doesn't become so egregious that it leaks into public view.

Again, I prefer Sanders, or even Johnson or Stein over Clinton; but with Trump on the other ticket this election is far too serious to let Russian fuck around with the other main side. We need to fall in line and support Clinton. Pulling the not-an-idiot vote three more ways between Sanders stay-at-homes, Johnson / Stein protest votes is going to lead to a disaster.


Paper votes makes a lot of sense, as it is possible to verify for non-experts.


I hate that he used the "Russians are coming" argument, but at the same time, he probably wouldn't have gotten even 1/4 of the attention if he just said "our voting machines aren't secure and anyone in the world, including our own government, could hack them."

He's playing on the Russian fear, which is what the Democratic party is really pushing right now (by the way, isn't this something the Republican party used to do - what's happening here?!). If this leads to a ban on electronic voting machines, then the methods may be excused by the outcome, but I have a feeling that's not going to happen, so this just ends up helping one party over another politically.


> He's playing on the Russian fear, which is what the Democratic party is really pushing right now (by the way, isn't this something the Republican party used to do - what's happening here?!).

During the USSR times, the project of Russia as a communist country was to be egalitarian and inclusive. It was a terrible place to live, but in the most abstract sense, lefties could identify with that goal, while righties saw it as fundamentally going against the social order. Thus the threat of "Russians" became a gloss for helping the poor, taxing the wealthy, minority rights, women's rights, etc.

Now that Russia is an oligarchy, the basic social structure appeals to righties, and has become a boogeyman to lefties. "Russians" are now a gloss for gangster/crony capitalism, oligarchs, etc.


Your argument might make sense in the abstract, but I think Bruce has a uniquely credible position with which to comment on the relative dangers posed by Russian hacking specifically.


>Were we exposed to fictitious narratives intended to advance pro-Russian agendas? Was truth revealed, without manipulation of content? It seems to be the latter.

Why assume the " narratives intended to advance pro-Russian agendas" need to be fictitious in order to be effective? You're presenting a false dichotomy that either the Democrats are corrupt, or Russia had nothing to do with the hacks. It can be the case that Russia exposed Democratic party corruption in order to advance their own agenda.


Just releasing a large number of hacked emails at the right/wrong time, even if they contained absolutely nothing of note could affect the candidate negatively if it distracts from their planned talking points and supports others.

Some might say that's exactly what happened.


Yeah. This is another moral question along the Snowden/Manning lines.

Here's the thing: breaking into somebody's house is illegal. If you do it, you're a criminal and should face some kind of legal proceeding.

If you break into their house and leave some personal items along the curb, like nude photographs? I'm probably going to gawk at them as I drive by. I don't like the fact that I do it, but I am human. You are still a criminal, and as long as I don't start sharing your personal items, I'm not. I'm just a schmuck.

If, however, you leave evidence of moral or criminal wrongdoing out on the curb for everybody to see? Then the community has an obligation to take action both against the robber and the person who's house was broken into. Simply because you were robbed doesn't mean that you get out of consequences for your actions once they become public.

I'm tempted to view the ramifications of the leaked emails as a purely internal DNC affair. Having said that, I am reading partisan attacks that say there are illegal activities in there. If so? Well, somebody needs to face some kind of legal proceeding. And somebody else is still a robber.

Whatever our views, it's important to come up with standards that apply no matter who's "side" you're on.


If you break into someone's house and find evidence of a murder or sexual assault, should you reveal those details? I would say yes, the crime of breaking and entering (and theft of the evidence) is still a crime, but a smaller one in the grand scheme of things. I would say both parties should be charged.

It's not so clear cut though; if I break into your house and find a few joints should that be treated the same way? I suppose it boils down to where on the continuum of severity you place corruption of the democratic process.

Encouraging someone to break into private property looking for evidence would still be a crime, IMO.


Note that you are answering a different question. I approached this issue framed as "what should society do?". My answers were about whether criminal proceedings should occur. How should the rest of us react when we see something like this?

Your question is of a moral nature: what should I do if I break in your house and find out that you are abusing your kids?

This is why they write fiction :) Not so easy to figure out, and it could easily vary by individual and circumstance.

As to advocating for people to become robbers, would I advocate for another Snowden to appear? I think that's impossible for me to answer without answering your moral question, without knowing what sorts of things would be revealed by the crime. Whether I advocated or not, though, it'd still be a crime. Not sure if my advocacy is a crime. If so, then I'm a criminal and the law is an ass.


My comment wasn't so much a direct response to the points you raised, and I wasn't disagreeing, the things I discussed were ideas which were inspired by your comment.

I hadn't considered whether I would advocate for another Snowden, but assuming being 'another Snowden' implies exposing corruption I would have to say that I would. I personally think that corruption in any form is one of the things holding us back as a species. See Africa for a wealth of examples.


"If you break into their house and leave some personal items along the curb, like nude photographs? I'm probably going to gawk at them as I drive by. I don't like the fact that I do it, but I am human. You are still a criminal, and as long as I don't start sharing your personal items, I'm not. I'm just a schmuck."

What you've just unknowingly (I hope) done is encouraged continuously violating people's privacy, property, and physical health using powers of state just in case something is found. Given most are innocent enough, that means innocent people will be hurt constantly to find some extra guilty ones. That's ridiculous from a moral perspective.

It also assumes the cops are all good: an assumption that's countered by existence of Bill of Rights itself. Not to mention steady stream of corruption cases, misrepresented evidence, lying to get fake confessions, and so on. Definitely not the kind of people that need any "right to ignore rights" if that should ever exist. Their incentive is to lock people up, not keep them free. So, the system should give us protection against that to force them to do it only when they have strong justification.


> Then the community has an obligation to take action both against the robber and the person who's house was broken into.

No. This is exactly what's wrong with parallel construction and why any evidence like this should always be treated like it simply does not exist.

The only times when you should be able to break that rule is if there is overwhelming social advantage to breaking it. And I'm not sure the case posted here is one of those.


I don't think so. In my response, if somebody used parallel construction? They'd be guilty of a crime. This is what we want, right?


No, it would be akin to anonymous tips leading to miraculous discoveries. After all, if the penalty would be to only be slapped on the wrist for the 'lesser' crime then that would up-end the whole system in place for evidence gathering, which is supposed to be lawful at all times.

Parallel construction is sneaky in that it allows otherwise in-admissible evidence into a case or allows one to jump-start a case that would otherwise not have existed in the first place.


Don't we already allow anonymous tips? Surely you're not saying we should disallow anonymous tips about crime, right?

I apologize. You must be making some point that I'm missing. If somebody breaks into your house, they are guilty of a crime. Period.

I didn't say anything about "slaps on the wrist" For all I care, you can make discovering a crime while breaking into the house the same as being complicit in the crime.

Along this entire subthread, there seems to be several topics conflated. Punishment is a separate matter from culpability, as is the state breaking the law during a criminal investigation, which you seem to be focusing on by bringing up parallel construction. The only thing I am addressing is how society should treat the discovery of random bits of information put into the public domain by thieves. That's it. Not how criminal investigations should be conducted, not the relative punishment for various crimes, not how a robber's personal morals should affect his decisions, and not whether it's okay to publish such information once it is made public.

These are all great topics. I'm just not talking about them.


"Don't we already allow anonymous tips? "

We allow anonymous tips that can get police's attention on something. Our rights then apply to restrict their behavior to what's sensible. Parallel construction is them violating our rights, producing (forging?) evidence, lying about the methods that produced it, then faking/finding a new route to convict us, and then we're convicted on weight of that and/or secret evidence. This poses extra risk due to (a) damage from parallel construction activities themselves, (b) ability to target dissenting/unpopular groups as FBI has long history of doing with permissive powers, and (c) inability to challenge the quality or effectiveness of their selection & evidence gathering process vs more open processes.

" The only thing I am addressing is how society should treat the discovery of random bits of information put into the public domain by thieves."

What's you've done is force the situation to be an extremely narrow case that doesn't represent how parallel construction is used at all. It's normally LEO's focusing on specific groups with surveillance, subversion, and informants. What they focus on vs what harms society most has a disconnect that reveals more political than protective reasons. One of reasons we have accountability measures in the first place. Analysis stemming from thieves breaking into a house & dumping evidence is a very, uncommon case.

Let's look at it anyway. Regular process usually involves searches that you would know about so you can make sure nobody plants evidence. Thief breaks into your house, leaves child porn there, delivers anonymous tip to authorities that you possess child porn, they search you, they find it, and you're convicted. Still trust public safety via thieves method?

Alternatively, a politician wants to be insanely powerful. All he has is parallel construction, police authority, and some surveillance tech. Starts using it selectively on key members of Congress, judges, media people, and so on. Finds dirt on them, but doesn't act on it: extorts them for appropriations, expanded legal powers, hushing on bad stories, and so on. Might be able to pull this stuff off for a long time with untold damage. Wait, why speculate: I'm talking about how J Edgar Hoover amassed power for him and his FBI. Process could be repeating with NSA's surveillance power & Congress constantly ignoring their corruption but we won't know because all of that is secret. ;)

Shifting power to executive branch for secret accusations against people with less and less protections only results in predatory behavior. Both U.S. and foreign history are pretty clear that this is what usually happens. So, it shouldn't be allowed. Our prior system worked well enough. Too well given number of wrongful convictions and false confessions. Reforming it is a better idea.


His point is that there are actors trying to influence the process by compromising technology, details of the DNC incident aside. In and of itself that is a very concerning threat to have and in general we have to take that into consideration when evaluating the role of technology in the election cycle, even if this time the hack seemingly had net positive benefit to the citizens. Next time we may not be so lucky.

As he pointed out, Schneier has been beating this drum for years. Computer security is not a high enough priority in politics, and with what we know is possible and see happening we can't assume elections will be free of tampering by default.


Not at all really. The leaks revealed the frustrations, biases, egos and banality of functionaries in a big political party.

There was no scandal -- everyone knew, including Sanders, that the party didn't like him or his candidacy. You can be sure that the RNC and associated actors had similar communications about Trump and Cruz.

What the leaks did is perpetuate the circus atmosphere of this election cycle. The longer and more absurd that atmosphere gets, the better for Trump. Trump is great for Putin, as Putin no doubt sees him as easier to manipulate for a variety of reasons.


If we care about foreign influence, shouldn't we be concerned about all the foreign money the Clinton's have taken?

Millions to their foundation (just while she was SoS):

https://www.washingtonpost.com/politics/foreign-governments-...

Millions in speaking fees outside the US (just while she was Sos): http://www.washingtonexaminer.com/bill-doubled-speaking-fees...

And it's doubly-ironic how much the left suddenly cares about Email security after getting let off by FBI.


The subject of this thread is the vulnerability of the networks and IT infrastructure involved with our democratic process, but fair enough.

We should be concerned about all the foreign money the Clintons have taken, and all the foreign money Trump has taken. We should be concerned about foreign influence in our elections in general, regardless of which party it benefits.


actually, if you read the article and the post, the subject is about foreign influence in elections, so my comment is on point.


I did read the article. Bruce Schneier didn't mention financial influence or the Clinton Foundataion anywhere. His entire post is, as would be expected, focused on network security, hacking and the vulnerability of our infrastructure.

Given that your comment exclusively refers to Clinton, when it could just as well apply to Trump or any number of candidates in either party and still be relevant, it appears your purpose was to polarize the topic for the sake of pushing your political bias. I agree with your comment in the general case, but derailing the thread into a discussion of how corrupt Hillary Clinton and the Democrats are is not on topic.


Actually, I didn't say financial influence, I said foreign influence and the article refers back to foreign influences in multiple places, just one example below:

If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don't see.

I'm not derailing a thread if I'm reminding the readers that much of the foreign influence we are threatened by comes about through the complicity / corruption of domestic political actors.


Note that it's also very relevant to comment I replied to. Not being argumentative (or don't mean to be.) I'll admit when I'm wrong, but I feel this comment was relevant to the original comment in the thread and article and these are my reasons why.


In fact, I probably should have brought up another threat to fair elections, which is the lack of any voter ID requirement. Also very partisan, but essential for security.


"There's a strong moral argument in favor of the DNC leaks: the American people ought to know that its political process was corrupted by powerful actors within its own institutions."

Actually, the moral argument would be in favor of both DNC and RNC leaks. Selectively leaking a ton of dirt on one dirty party but not the other is not aiding democracy. Instead, it gives one the moral, high ground immediately. That one might be accused of facilitating the leak but many parties available to scapegoat in day & age where hacks and leaks happen all the time. So, this could be a setback for U.S. "democracy."


The thing is about the leaks, is that there's isn't anything there that anyone paying attention didn't already know. Of course DWS was putting the thumb on the scales for Hillary, who schedules something you want people to see on a Saturday night? [0]

As far as "corrupted" and "preventing" democratic process where's the evidence? Seriously. What votes were not counted?Where's the voter fraud? I'll tell you. Nowhere. It didn't happen. As Bernie Sanders's former press secretary, Symone Sanders, said, "We weren't cheated. We lost."[1]

Look, we know what a stolen election looks like. This ain't it. There's no reason to be an election truther.

[0] http://www.uspresidentialelectionnews.com/2016-debate-schedu... [1] http://gawker.com/former-sanders-spokeswoman-we-lost-1784282...


"Putting the thumb on the scales" is itself a violation of the DNC's own charter, under which they are obligated to treat every Democratic candidate for president with impartiality and evenhandedness. There was a massive amount of coordination with the Hillary campaign, anti-Bernie stories were crafted and distributed from inside the DNC, and planting audience questions designed to undermine him was floated as an idea (even if it was never acted upon, that's an egregious misuse of DNC resources and an egregious breach of the charter). You don't have to hack a voting machine to "corrupt" the democratic process, you just have to violate the terms of your own party's charter.

I also wonder why you think the fact that DWS scheduled debates for low-visibility nights in order to help Hillary is so "obvious". I mean, maybe to us, but a few months ago bringing that up would get you labeled as a conspiracy theorist. It probably would even now.

And just one last thing -- on Symone Sanders. What else is she going to say? That they got cheated? She was the press secretary. If she wants any kind of future in politics she's going to take a graceful L.


I'm not saying that DWS and the rest weren't biased. They were. I'm saying that it didn't matter, because of both the strengths and weaknesses of candidates' campaigns, and the fact that biases were pretty minor league.

The reason why I said the Saturday debates were obvious, because they were reported that way at the time.[0] They were opposite NFL playoff games for crying out loud.

[0] https://www.washingtonpost.com/news/the-fix/wp/2015/12/19/ho...


I think you're right that people paying attention already knew. But there were denials from DWS that she was being unbiased. The same thing happened with the Snowden leaks. Most paying attention knew, but it was still upsetting when the proof came out.

Concerning election fraud, there are separate reports on that. For example the one from Election Justice USA http://www.dailykos.com/story/2016/7/29/1554022/-Election-Ju...


You seem to equate "democratic process" with having a properly counted vote. There were elections with proper votes in East Germany, there just never was any actual choice in who you could vote for.


What's your point? I ask, because we were talking about a competitive two person race, where the non-establishment candidate won several contests, and had a major role in shaping the party platform and changing the narrative of the election. Are you saying that was all a grand charade?


The sheer banality of the "sabotage" found in the emails is honestly pretty good proof to me that there isn't anything truly horrible to be found- if there was, Sanders' folks would be trumpeting it, not "Sanders doesn't understand Democratic politics".


Yeah. My favorite of the truther conspiracies is that the DNC somehow called MSNBC up on the phone and had them kill a live segment. "Pull" means "get a copy" in this context.

It's as bad calling a cisco wifi repeaters a "white noise device".


I agree that folks are latching onto any "proof" they can find even when it's not true. I don't know what those devices were, but there are white noise devices that look like that. Also, it's not unheard of for these devices to be used by Clinton. Take a listen to these before/after videos. http://www.huffingtonpost.com/entry/hillary-clinton-static-n...


You comment sounds a lot like the reaction to Snowden. There is a difference between allegations and evidence. I hope you can understand that difference.

By the way, controlling the media is a form of corruption.


There's a difference between mountains and molehills. I hope you can understand that difference.

By the way, controlling the media has been intrinsic to politics since drum signals.


Funny that the left all of a sudden cares about security in our elections.

Try to implement the most basic security that is common even in poor foreign countries, such as an ID requirement and the left is up in arms.

The truth is, the left doesn't care about election security, it just cares about the left.


What left? DNC is to the left of GOP, at best, but not left in any real sense.


Well, I would agree with you if the DNC leaks were accompanied by equivalent GOP leaks. Personally, I didn't find the DNC leaks that damning to be honest - I don't think the same standards of impartiality that you need for the general election need to be applied to how parties select their candidates. However if other people do find them damning it is information they should have. The rub is that I would be very surprised if there weren't similarly shenanigans from the GOP side, and if that's the case then if you let foreign actors select what gets leaked that's giving them a lot of power...


It wasn't just the open (amongst themselves) desire to keep Bernie out that was disturbing. The hypocrisy of the racist and homophobic comments from the people who are supposedly their champions is as smelly and toxic as creosote.


If you leak tens of thousands of emails by hundreds of people that the senders expected to remain private you are pretty much guaranteed to find some that you can read as racist, sexist, homophobic, or whatever you want.

In an ideal world we'd have leaks of every group involved in the election: DNC, GOP, Hillary campaign, Bernie campaign, Trump campaign, Trump's tax records, Clinton foundation donor list, etc. However, having a subset, which was selected by some actor with ulterior motives, leaked is IMHO strictly worse than no leaks at all.


The OP is a shameful blot on Bruce Schneier's record [imo].

For "evidence" we are directed to The New York Times -- a political organization. This sort of evidence certainly suffices for the non-technical set but that HN is accepting this without subjecting the assertion to the rigor that we apply to topics that are not conflated with emotional and psychological triggers is disconcerting.

I would like to pose the question here to my fellow geeks: Do you really think Russians are so incompetent that they would not avail themselves of e.g. Tor to cover their tracks?

[edit: take courage & answer the question instead of downvoting.]


"The OP is a shameful blot on Bruce Schneier's record [imo]. For "evidence" we are directed to The New York Times -- a political organization."

I originally skipped that blog entry but all these anti-Schneier comments make it worth reading. Reading it shows the opposite of the claims I'm seeing on HN. It's in the style of his other reporting on stuff, like Sony situation, where he lists the official position on it in non-committal way (note the "if"), optionally lists alternative theories (apparently has none or doesn't care), focuses on meat of situation (election insecurity), optionally notes prior warnings/work (his and others), and then delivers recommendations to reduce or eliminate the risk. Common pattern on his blog very evident from a guy reading it for about eight years.

Far as personal bias, I've regularly counterpointed him on his own blow & even wrote a character assessment of him based on reading many claims:

https://www.schneier.com/blog/archives/2013/10/can_i_be_trus...

Schneier's moderation style is so permissive we get the thoughtful and trolling alike. Yet, far as political or technical points, he doesn't expect lip service from anybody. Let's the "yay," "nay," and "screw you all" posts all stand. So, I speak for myself noting he's not pushing New York Times, the main theory, anything but the topic of elections security & recommendations to get it on track. Those recommendations also reflect both his own research and tons of discussion on those topics on his blog that came to same conclusions. They're the blog's consensus.


Of course you cover your trails if you do a hack.

As a minimum you get a server to work from (and have your backdoors point back to) that does not directly link back to you. Typically another hacked machine - not necessarily hacked by you - you can buy them cheaply on dark net market places.

DNC has an obvious interest in spinning this and they seem to have done this very successfully.

What bothers me is that no-one seems to be able to separate politics from technical assessment. Even people with deep technical insights such as mr. Schneier.

I think the chance of Trump's presidency scares a lot of people and that scare clouds judgement.

I don't have any say in the american election but I think that people overestimate what the presidential post means and underestimate the check-and-balances of the rest of democratic system (congress, legal system, existing GOP apparatus, press and so on).


"What bothers me is that no-one seems to be able to separate politics from technical assessment."

What bothers me is that anyone thinks their emails are private.


Well, even if it wasn't Russia that hacked the DNC (and now the Clinton campaign) it is still the case that someone did, and that's still reason enough to take the measures Bruce Schneier's advocates.


Please answer the question. Leaks may also be from disgruntled staffers whose idealism shattered on encountering the hard realities of American political system.


The question about about TOR? Sure, they could have used TOR, but that doesn't make them automatically untraceable. I am definitely not an expert on this kind of forensics, but in past cases the "smoking gun" pointed to by experts tends to be some sort of metadata (i.e., text files encoded using cyrillic character set), not an ip.

Also, there's been some claims that NSA and other agencies are running TOR exit nodes. Not sure if there's anything to it, but the point is state level actors have resources that nobody else does.

Besides, I am not sure what is your point. "Russian hackers would have covered their tracks, therefore it must not have been Russian hackers"?


A political party's computers are not part of the "critical election infrastructure" unless the party [or parties] has become the state.

Exceptionalism is political crack. States seek to influence elections in other states. Always have, always will. Having a candidate aligned explicitly aligned with the interests of a foreign state is quite common in Americas. As is having a foreign state explicitly align themselves with a candidate.


Not to mention that the US has a particularly awful history of subverting other countries' elections.


I think you would be quite silly to just outright accept intelligence agency declarations of "it was Russia". As history shows, not only are these people frequently ignorant to technical realities, but political reasons at every single layer of these organizations obscure and pervade the truth.


Of course it's not just intelligence agencies saying this. There's plenty of independent investigations [0] and they are pointing the same direction.

There's the metadata on the leaked files indicating that at least the metadata was modified with a cyrillic computer. There's reports from two separate security firms implicating the same two Russian based actors. There's the fact that "Guccifier 2.0" had no online presence until after the the Crowdstrike report implicating Russian intelligence services. There's the fact that "Guccifier 2.0" claims to Romanian, but can't type fluent Romanian (I've heard this independently from a Romanian I know), and drops smilies typical in Russian forums, but not Romanian.

None of this is fire, but there's plenty of smoke.

[0] https://www.wired.com/2016/07/heres-know-russia-dnc-hack/


I think this a good article explaining why there is not enough evidence in the public linking the DNC hack to Russian secret service:

https://medium.com/@jeffreycarr/can-facts-slow-the-dnc-breac...

The IP-address (176.31.112.10) that links the DNC hack to the Bundestag hack is a machine in France (appearantly) controlled by a Pakistani hosting company. This article says the machine was closed because of abuse over a year ago. The material in the DNC hack is just one month old:

https://netzpolitik.org/2015/digital-attack-on-german-parlia...


I agree with this very much. The WMDs are an example of intelligence errors as casus belli. It's important to keep in mind the political context as well, with Cold War II emerging from the last NATO summit http://www.salon.com/2016/07/12/the_west_escalates_with_russ...


Schneier is weaving two problems into one.

Yes, our election systems could be compromised by foreign (or domestic) attackers. This is something we should all fight against. I don't think any voter would agree that our votes shouldn't count. Computer security is hard and the companies running and making voting machines have time and again been proven incompetent. We should work to fix that.

The separate issue is that in our two party system it's come out that one party was proven to have worked to influence an election for one of the candidates of that party. Sure, Bernie was an outsider. Sure, Hillary was practically anointed from the start. Sure, it was fairly obvious that the DNC was favoring HRC and working harder for her than for Sanders. But there's actual proof now. If it came from a lone-wolf domestic hacker, or from Snowden, or from Putins own laptop I don't think it matters. It matters that it happened and the people need to know it did. No media is talking about that at all. Not even NPR.

I think any organization that's working to get someone elected by the people, in order to work for the people should want it's emails to be public. Why wouldn't it want that? Why shouldn't the media have the option to investigate and shine a bright spotlight on everything regarding our elections? They just had this opportunity and they're wasting it to instead talk about Russia influencing our elections. Since we're internally influencing our own elections maybe we should worry about that first.


What influence? It's called exposing lies and corruption within the DNC. If anything, I praise Putin for it. Let's not lose perspective of reality thinking about tech security.


There's no reason why you can't do both: worry that another country could influence the electoral process via hacking and see the value in having this information exposed. The media and the Democrats only want people to focus on the former.


"This means voting machines with voter-verified paper audit trails..."

I've attended "audits" of VVPATs. They merely verify that the printer still worked as expected. Nothing more.

This turf has been hashed and rehashed. The Election Verification Network (academics, administrators, activists) have covered this many times. Auditing electronically mediated elections is impractical and adds little more certainty in the results.

No, crypto voting doesn't help.


This is a WHISTLE BLOWER situation.

First identify who is trying to persecute the whistleblower.

There, you've found the party that has committed untoward acts who is now trying to SILENCE THE WHISTLEBLOWER/CHANGE THE SUBJECT.

I was a Bernie supporter. A LOT of people were/are. Not at all happy with the DNC.

Having a whistleblower confirm our idea that the DNC was trying to hurt Bernie --

-- now I know how a parent feels when they finally solve the tragedy of a missing family member.

REALLY CATHARTIC.

And really depressing.


Possibly related [1] Seth Conrad Rich, DNC's Data Director [2]. And the late Mr. Rich was not Russian.

[1]: http://www.nbcwashington.com/news/local/Man-Shot-Killed-in-N...

[2]: https://www.reddit.com/r/The_Donald/comments/4v34fk/this_is_...


Why is this not flag killed like all the other (politically biased) articles on the DNC hack?


Because it is Bruce Schneier who tends to have a technical rather than an outright political angle.


Well - not here.


Where is the political bias on Schneier's part here? Perhaps you simply just disagree with his position?


Are we supposed to ignore that the media is 100% unified in stopping Trump from becoming president? I'm against Trump (who I believe to be a fascist and psychologically unstable) but I'm not going to pretend that it is honest to say that Trump literally asked Russia to hack Hillary's emails. I watched the entire press conference btw. If the election pitted Sanders against Bush the media would not hesitate to be this dishonest when attacking Sanders, it just so happens that by far the biggest outsider this year happens to be the biggest asshole too.


I'm surprised most all comments latch onto the political nature of the DNC hack vs. the point Bruce is making: the act demonstrates overt attempts of a foreign government to mess with our election system, and the ___voting portion of the system ___ is what remains vulnerable despite many years of warnings from industry experts. We ignore this at our peril.


Timely, well-reasoned, and excellent article by Schneier.

But there's a problem.

Elections are managed by state governments by design. This is to prevent centralized political corruption. Having the feds "take the lead" is a little too nebulous to be practical.

What could be done is a certification system for electronic voting that requires a paper audit trail and individualized printed receipts for each voter. (Which would be encrypted to prevent others from determining which votes were cast)

The big leap is that electronic-only systems are never going to work. For various reasons, I don't think most folks are ready to go there. That is the major problem that must be solved. After that's fixed, the other stuff will at least be easier to address.


> Timely, well-reasoned, and excellent article by Schneier.

I thought it was pretty breathless. He says

>> Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ­ politically, economically or in cyberspace ­ and make it clear that we will not tolerate this kind of interference by any government.

(my emphasis)

I don't see that the New York Times, releasing the same information, would come in for criticism, much less this level of demonizing. If other countries want to interfere in our elections by giving us accurate information, what's the problem supposed to be? That's the whole point of having elections.


To be clear, my complaint was that it skimmed the surface. Your "breathless" was my "you missed some important parts"

I'm willing to cut him slack for adding his own politics in to the article. With the election approaching, it's like the Ponn Farr here in the states. If anything, it was a bit reserved.

His over-arching points are important and need attention. 1) We are basically in an ongoing cyber-war with other major international powers, and 2) we've been busy buying electronic voting systems that are terribly insecure.

It's a message that needs to be transmitted, and he's one of the best folks to transmit it.

I don't think there's any demonizing going on. This is the state of affairs. We must be aware of it and act accordingly.


> It's a message that needs to be transmitted, and he's one of the best folks to transmit it.

> I don't think there's any demonizing going on.

Ok, what is it that we're not supposed to tolerate from Russia? They spied on our documents and released them for public review. Schneier himself would be the first to tell you that they're not going to stop spying on us and we shouldn't expect them to. The phrase "attack against our democracy" can only refer to making accurate public representations to our electorate. That's not an attack against democracy.


Accurate or not, foreign influence is something to worry about. Let's be honest here. Governments don't release intelligence on foreign leaders in some sort of magnanimous and innocent gesture to help inform the foreign populace. No. They do it for influence. They choose what to release and when.

For the sake of argument, let's say that your had evidence that a major candidate for office in a strategically important foreign country was engaged in, or had recently engaged in some tawdry or perhaps illicit affair. What do you do with it? Realpolitik dictates that all that matters is that if it's more advantageous for the candidate to lose or not. If you want the candidate to lose, but he's winning, you release it. If not, you don't. Sure, it's transparency, but it's outside influence, for your gain, not the foreign country's.


So what? You appear to be defending the idea I originally mocked, that this is a good thing when the New York Times does it and a bad thing when Pravda does it. You won't ever be able to make that argument coherently; all information releases serve the goals (or are intended to) of the person releasing the information, and those goals are never your goals. Why are Russia's US federal policy goals more nefarious than Salt Lake City's US federal policy goals? If they are, how does it matter?


I am defending the idea you mocked.

Why does it matter who's releasing the information? Because they're not us. It's that simple. It's same reason why you can talk shit about your proverbial sister, but no one else gets to.

If you don't understand the concepts of national sovereignty and self-determination, I can't help you.


Your argument here is not compatible with your argument two levels up. You've retreated from the idea that foreigners talking to us is bad by any metric, and gone to the more defensible (?) idea that it makes you personally indignant.

Good luck.


If you think ice changed position, you never understood it to begin with.

Thanks for playing!


VVPATs just demonstrate that the printer is working. Nothing more. Receipts remove voter privacy.

The Australian Ballot, private voting / public counting, remains the gold standard for election integrity.

(Forgive the repetition.)


For once in my life, I am glad we have the Electoral College.


And yet a Democratic Party IT administrator was shot and killed in DC two weeks ago. The media is trying to attribute it to a mugging, but no items were found taken off of his body.

http://www.nbcwashington.com/news/local/Man-Shot-Killed-in-N...


I don't own a tinfoil hat, but... man, that incites all sorts of ideas.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: