- This event has passed.
TA3M Seattle for March 2018: Securing the 2020 Election Process
March 19, 2018 @ 6:30 pm - 9:00 pm
March 19 @ 6:30 pm – 9:00 pm
999 3rd Ave Suite 700
Seattle, 98104 United States
6:30 – 7 Casual chat, Cryptoparty / PGP key exchange / Signal
Verification, Intro slide(s)
We’ll have pizza! **
Speaker: Dave Dittrich
The United States Intelligence Community has published their assessment that Russia interfered in the 2016 federal election cycle including compromise of campaign communications in key Senate, House of Representatives, and Presidential races. These compromised communications resulted in public leaks that were amplified on social media using the same kinds of botnets that we have seen used for years for distributed denial of service (DDoS), spamming, and “dropper” attacks distributing malware of all types.
While the Department of Justice has now indicted thirteen Russians for conspiring to manipulate voters’ perceptions, the response by those in the U.S. to date to harden aspects of the 2018 election has focused primarily on two key areas: “fake news” and botnet amplification, and replacement of electronic vote recording and tabulation systems with more secure systems or going back to paper ballots (as was done in the March 2018 Dutch parliamentary election.)
This talk looks at two aspects of the election process that are not
getting as much attention or mitigation activity, and how a software platform familiar to the operational security community (who use it on a daily basis for fighting cyber-crime) can serve as the foundation for addressing this gap.
A call for action!
* Help identify sources of funding, or organizations who would be interested in supporting deployment of a system as described in the articles above, and in the talk.
* Help identify or create a non-profit organization in your voting district to get involved in implementing, managing, and supporting an instance of the system described above. This includes programmers, site reliability engineers, people who understand operational security (OPSEC) techniques (e.g., the Surveillance Self Defense guides published by the Electronic Frontier Foundation) and can help others learn how to improve their security posture while getting their jobs done.
* Get involved in assembling, writing, editing, and organizing the kind of documentation described by the Verified Voting Foundation and NIST to prepare for contingencies.
* Call your legislators at both the state and federal levels and urge them to extend (not reduce) periods of early voting and simplify voter registration so that there is more time during an active election to identify problems with voter roles, or deal with disruptions to voter sign-in operations, ensuring that every U.S. citizen can cast their vote and trust their vote is counted.
Dave has been deeply involved in cyber-crime investigation and response since the mid-1990s. His motto is “Dealing with the Advanced Persistent Threat before it was even a thing.” His last project at the UW was a Department of Homeland Security contract to assemble open source software components that can be used by State, Local, Territorial and Tribal government groups to build small-scale distributed systems for monitoring security events. The products of this project were released as open source Ansible playbooks, software repositories, and extensive documentation. Dave is currently working on a Comcast grant project that uses this platform as a working example of how to deal with secrets (passwords, API tokens, private keys) in open source software development projects.
Pizza sponsored by Cloudflare.
Be prepared that there will be an opt-out group photo, taken from the back of the room to fulfill the sponsorship requirements.