Our Insecure Democracy

I happen to be a rather political person, but I try to keep my politics out of my work in the security and privacy arena because these issues must transcend politics. Our democracy in many ways depends on some basic level of computer security and personal privacy. In no place is this more obvious than the security and privacy of the voting booth.

With the 2016 US election fast approaching, it’s important to call attention to the sorry state of affairs that is the US voting infrastructure. There are plenty of other problems with the US election system, but there’s hardly anything more fundamental to our democracy than the method by which we vote. (I’ll be focusing on the US election system, but these principles should apply to any democratic voting system.)

At the end of the day, the basic requirements are as follows (adapted from this paper):

  1. Every eligible voter must be able to vote.
  2. A voter may vote (at most) one time.
  3. Each vote is completely secret.
  4. All voting results must be verifiable.

The first requirement may seem obvious, but in this country it’s far from guaranteed. For many reasons, many eligible and willing voters either cannot vote or have serious obstacles to voting: inability to get registered, lack of proper ID, lack of nearby voting sites, lack of transportation, hours-long waits at polling places, inability to get out of work, and so on. Voting should be as effortless as possible. Why do we vote on a Tuesday? We should vote on the weekend (Saturday and Sunday). For people that work weekends, they should be given as much paid time off as necessary to vote. We should also have early voting and support absentee voting.

The second requirement has become a hot-button political issue in this country, though in reality, in-person voter fraud has been proven again and again to be effectively non-existent. We’ve got this covered, folks. We don’t need voter ID laws and other restrictions – they’re fixes for a problem that doesn’t exist, and they end up preventing way more valid voters from voting than allowing invalid voters to vote (see requirement #1).

Now we get to the meat of the matter, at least in terms of security and privacy. The third requirement is that every vote is completely secret. Most people believe this is about protecting your privacy – and to some extent, this is true. You should always be able to vote your conscience without worrying how your boss, your friends, or your spouse would react. You should be to tell them or not, lie or tell the truth – there should be no way for them to know. However, the real reason for a secret ballot is to prevent people from selling their vote and to prevent voter intimidation. If there is no way to prove to someone how you voted, then that vote can’t be verifiably bought or coerced. I think we had this pretty well figured out until smartphones came along. What’s to prevent you from taking a picture of your ballot? Depending on what state you live in, it may be a crime – but as a practical matter, it would be difficult to catch people doing this. However, I’m guessing this isn’t a big problem in our country – at least not yet.

Which brings us to the fourth and final requirement: verifiability. This is really where the current US voting system falls flat. In many states, we have voting systems that are extremely easy to hack and/or impossible to verify. We live in the era of constantly connected smartphones and tablets – a touchscreen voting system just seems like a no-brainer. But many electronic voting systems leave no paper trail – no hard copy of your vote that you can see, touch, feel and verify, let alone the people actually counting and reporting the vote tallies. The electronic records could be compromised, either due to a glitch or malicious tampering, and you probably wouldn’t even know that it happened. But regardless of how you enter your vote, every single vote placed by a voter must generate a physical, verifiable record. That may seem wasteful in this digital age, but it’s the only way. There must be some sort of hard copy receipt that the voter can verify and turn in before leaving the polling place. Those hard copy records must be kept 100% safe from tampering – no thefts, no ballot box stuffing, no alterations. And every single election result should include a statistical integrity audit – that is, a sampling of the paper ballots must be manually counted to make sure the paper results match the electronic ones. If there is any reason to doubt the electronic results, you must be able to do a complete manual recount. That’s the key.

Unfortunately, according to that same MIT paper, we have a hodge-podge of voting systems across the country, many of which have at least some areas where they use electronic voting systems (Direct Reporting by Electronics, or DRE) without a paper trial (Voter Verified Paper Audit Trail, or VVPAT).

voting systemsThis map pretty much says it all to me. It’s time that we adopt national standards for our voting infrastructure. You can leave it up to each state to implement, if you’re a real “states rights” type, but honestly I think we should just hand this over to the Federal Election Commission and have a single, rock solid, professionally-vetted, completely transparent, not-for-profit, non-partisan voting system. Of course, we’d need to revamp the current FEC – give it the budget, independence and expertise they need to do their job effectively. It should be staffed with non-political commissioners (never elected to office and no direct party affiliation) and they should be completely free from political and financial influence. This is much easier said than done, but if we can just agree that our democracy is more important than any party or ideology, just long enough to do this, then maybe we can make it happen. Of course, there’s no way any of this will happen before this year’s elections, but we should be able to get this in place for 2018 if we start now.

What can YOU do? As always, get educated and get involved. Write your congress person and vote for people that have vowed to reform our election and voting systems. If nothing else, give money to organizations that are doing the right things, and ask your friends and family to do the same. I’ve given some examples below for you to consider. Note that it’s very hard to find completely unbiased organizations because these issues have been so politicized and our country right now is very polarized. But whatever your political leanings, you can’t have a true democracy if you can’t have fair, open, and verifiable elections.

If you’re interested, here are a couple more good articles to check out.

UPDATE: Another interesting story on the security of our voting system.

CONTEST: Spread the Word!

I would like to enlist your aid in getting the word out! I’m doing my best to reach as many people as I can – I feel strongly that people need to have a basic understanding of computer security and online privacy. Obviously my book is one way of reaching people, but right now I’m focused on expanding the readership of my free weekly newsletter.

To that end, I’m announcing my first-ever contest! (I’ve never done this before, so bear with me on this.) For the next two weeks (until 11:59pm Eastern on July 24th), I will be asking you to help me sign up as many new people as possible – and to make it worth your while, I’ll be giving out prizes!

Share my newsletter sign-up link (below) with as many people as you can over the next two weeks. Make sure they note your email address on the form, as well, so that you get proper credit! Here are the prizes!

  • If you sign up FIVE new people, I will answer one custom question about security or privacy for you!
  • If you sign up TEN new people, I will send you a free link to download a color PDF version of my book!
  • Whoever signs up the MOST new people (at least ten) will receive a free, signed copy of my book by mail!! (restricted to US, Canada, UK and Europe)

Again, this contest ends at 11:59pm on Sunday, July 24th! Note that all new subscribers are eligible for this contest, as well!!

Now go spread the word!! Here is the link you need to send out for people to sign up:

CONTEST SIGN-UP LINK: http://eepurl.com/bUDnij

I will use the “referrer” email addresses to determine who gets prizes, and I’ll email you directly to let you know if and what you win! (If you have any questions, please email me: carey@wawaseemedia.com.)

Don’t Reuse Passwords

I’ve been focusing most of my efforts on my new weekly newsletter. But I wanted to make sure some of this info is making it out to my blog, as well. Here’s a little taste of my newsletter. To get this yummy goodness automatically every week, sign up here!

 

This tip is one of the most basic and yet most important pieces of advice I can give you, and lately is has become critically important. There has been a rash of “mega-breaches” this year – hackers have compromised a large number of high-profile corporate servers to steal tens of millions of account credentials (ie, email addresses and passwords). In some ways, this isn’t new – this has been going on for a while now, though it’s been getting worse. It’s also not new that they are taking these credentials and trying to use them on other online accounts. However, the scale of these attacks has markedly increased. This report talks about a recent attack involving 1 million attacking computers against almost half a billion accounts at two large web sites – a “financial” company and a “media/entertainment” company. Another article notes that Carbonite accounts were attacked in a similar way.

What this tells you is that the bad guys know that most people reuse passwords – that is, people use the same password on multiple sites. Passwords are hard to remember – I get it. But if you want to be secure, you need to use unique passwords for every website – at the very least, for the important web sites. These include not just your financial accounts, but your email and social media accounts, and any site that has your credit card information.

How do you do this? YOU don’t… humans are not capable of remembering dozens or even hundreds of unique, strong, random passwords. You need a password manager, like LastPass or 1Password or KeePass. I personally recommend LastPass (see Tip #2 in the Top Five Tips pamphlet I sent you). LastPass offers a Security Challenge (which you can find at the left in your password vault) which will tell you which passwords are bad and highlight any places where you’ve reused the same password. You can also use LastPass to automatically change your password on many sites

Regardless of how you do it, you need to set aside some time in the very near future to generate unique, secure passwords for your key online accounts. While you’re at it, turn on two-factor authentication wherever you can.

 

Again, sign up here to receive helpful tips like this every week, delivered to your inbox! (And no, I will never give your info to anyone else.)

Sign up for new newsletter!

I’ve officially launched a weekly newsletter called Carey’s Weekly Security Tips. Every week, I’ll send out a short blurb on something you can do to improve your cybersecurity and/or protect your online privacy. By signing up, you will also receive a free copy of my booklet Carey’s Top Five Security Tips.

I will probably be posting fewer blog entries, putting most of the quick small stuff into the weekly newsletter. I’ll save blog posts for longer topics. So sign up now to make sure you don’t miss anything!

Teaser: I will be interviewing someone from LastPass (the company that makes my recommended password manager) in the coming weeks! Stay tuned!

Second edition available on Amazon!

The second edition of Firewalls Don’t Stop Dragons is now available on Amazon.com! I’ve updated the book for Windows 10 and Mac OS X El Capitan, expanded the coverage on mobile security and child safety, and updated much of the other content. It’s now over 30% longer than the first edition!

Thanks to support from my KickStarter backers, I’ve completely updated the cover art and will be launching a marketing campaign in the coming weeks – thanks so much to everyone that contributed!

Pageflex Persona [document: PRS0000424_00022]

Apple vs the FBI

I’ve been waiting to comment on this because more information seems to be coming out every day. Also, there has been so much written about this already that I wasn’t sure what I would have to add. But I’m not being hyperbolic when I say that this is a pivotal moment in our democracy, so I couldn’t just ignore it. One thing I haven’t seen is a good summary of what’s really going on here, so let’s start with that.

Just the Facts: What’s Really Going On Here?

First, let’s establish what’s really going on here, because it’s been very muddy. The FBI recovered an iPhone 5c that was used by one of the shooters in the San Bernardino attacks last year. This phone was issued to the shooter by his employer, and therefore was not his private cell phone – meaning that the data on that phone was technically not private. Nevertheless, that data was encrypted by default because that’s how Apple sets up every modern iPhone. The FBI believes there may be information on that iPhone that could help them perhaps find other co-conspirators or maybe uncover clues to some future plot.

This phone was backed up using Apple’s iCloud service, and it’s worth noting that Apple was willing and able to provide the FBI with the backed up data. However, for some reason, the backups to iCloud stopped about 6 weeks before the shooting – so the FBI wants to get to the data on the device itself to see what’s missing. Due to some sort of screw-up, the FBI instructed the local law enforcement to change the user’s iCloud password, which prevented it from doing another backup. If they had taken the device to a Wi-Fi network known to that device, the device might have backed up on its own, and then the FBI would have had the 6 weeks’ worth of data that was missing. But because the password was changed, we’ll never know.

The FBI is not asking Apple to break the encryption on the phone. That’s actually not possible. Encryption works. When done right, it can’t be broken. However, if you can unlock the device, then you can get to all the data on it. Unlocking the device means entering a PIN or password on the home screen – it could be as simple as a 4-digit number, meaning there are only 10,000 possible codes. With a computer-assisted “guesser”, it would be trivial to go through all the 10,000 options till you found the right one to unlock the phone.

To combat this “brute force” attack, Apple added some roadblocks. First, it restricted how often you could try a new number – taking progressively longer between guesses, from minutes up to a full hour. That would make guessing even 10,000 options take a very long time. Second, Apple gave the user the option to completely erase the device if someone entered an incorrect password ten times in a row. This feature is not enabled by default, but it easy to turn on (and I highly recommend that everyone do this).

The FBI is basically asking Apple to create a new, custom version of it’s iPhone operating system (iOS) that disables these two features and allows a connected computer to input its guesses electronically (so that a human wouldn’t have to try them all by hand). This would allow the FBI to quickly and automatically guess all possible PIN codes until the phone was unlocked. It’s not breaking the encryption, it’s allowing the FBI to “brute force” the password/PIN guessing. It’s not cracking the safe, it’s allowing a robot to quickly try every possible safe combination till it opens.

That’s just a thumbnail sketch, but I felt it was necessary background. This article from the EFF goes into a lot more depth and answers some excellent questions. If you’d like to know more, I encourage you to read it.

Why Is This Case So Important?

Both the FBI and Apple are putting heavy spin on this issue. The FBI has always disliked Apple’s stance on customer privacy (encrypting iPhone data by default) and picked this terrorism case to invoke maximum public sympathy. Apple is using this opportunity to extol its commitment to protecting its customers’ private data, particularly as compared to Android (which does not encrypt data by default). Despite what the FBI claims, this is not about a single iPhone and a single case; despite what Apple claims, creating this software is not really comparable to creating “software cancer”. We have to try to set all of that aside and look at the bigger picture. This is not a black and white situation – these situations rarely are. However, the implications are enormous and the precedent set here will have far-reaching effects on our society.

In this country, we have the the Fourth Amendment which prevents unreasonable search and seizure, and basically says that you need a warrant from a judge if you want to breach our right to privacy. In this case, the FBI has done its job in this regard. And it’s technically feasible for Apple to create a special, one-time version of it’s iOS that would allow the FBI to unlock this one iPhone – and this special software would not run on any other iPhone. This is due to a process called “signing”, which is another wonderful application of cryptographic techniques. So in this sense, it’s not a cancer – this special software load can’t be used on other devices. However, if Apple does this once, it can do it again, and there are already many other iPhones waiting at the FBI and in New York that will be next in line for this treatment. There is no doubt that this will set a precedent and will open the flood gates for more such requests in cases – not just from US law enforcement, but from repressive regimes around the globe. Furthermore, the very existence of such a tool, even though guarded heavily within Apple’s walls, will be a massive target for spy agencies and hackers around the globe.

So the issue is much deeper than simply satisfying a valid warrant (even without all the arcane All Writs Act stuff from the late 1700’s that the FBI claims should compel Apple – a third party – to help them satisfy this warrant.) The outcome of this case will have severe implications for privacy in general – and that’s why Apple is fighting back.

My Two Cents

I’ve read a lot of good articles on this issue, and I’ll point you to a couple of them shortly. But the bottom line is that we, as a society, need to figure out how we handle privacy in the age of digital communications and ubiquitous monitoring. Like it or not, you are surrounded by cameras and microphones, and it’s getting worse rapidly. You carry with you a single device that can simultaneously record video and audio, track your position anywhere on the planet, track many of your friends and family, record your physical movement, and store your personal health and financial data, as well as untold amounts of other personal information. That device is your smartphone. That one device probably has more information about you than any other single thing you own. Beyond that, all of our communications are now digital and can therefore be perfectly preserved forever. And in the grand scheme of things, any person or group of people that can gain surreptitious access to this information – regardless of their intentions – will have unimaginable power over us. This was not envisioned by the Founding Fathers – we’re in new territory here.

It’s long since time that we have an informed, open and frank discussion – as a nation – about how we balance the need for basic human privacy versus the need for discovery in the pursuit of safety. It’s also about targeted surveillance versus mass surveillance, and creating an open, transparent system of checks and balances to govern both. If nothing else, I hope this case leads to a more informed public and some rational, thoughtful debate that thinks about the broader issues here – not just this one, highly-emotional case.

As promised, here are some links with some excellent info and perspectives around these topics:

Here are some links to more general but related topics:

 

Pre-Sales of the Second Edition!

I’ve launched a KickStarter campaign for the second edition of Firewalls Don’t Stop Dragons! This second edition will cover Windows 10 and OS X 10.11 (El Capitan), along with a host of other updates. This KS campaign is basically pre-sales of the book, with the idea of taking the proceeds and investing them in marketing and launching the second edition. Investors will also have the opportunity to review drafts of the book and provide input on the content. Help me spread the word!!