Voting Machines Are Still Absurdly Vulnerable to Attacks

analytics anywhere

While Russian interference operations in the 2016 US presidential elections focused on misinformation and targeted hacking, officials have scrambled ever since to shore up the nation’s vulnerable election infrastructure. New research, though, shows they haven’t done nearly enough, particularly when it comes to voting machines.

The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference’s Voting Village event. All of the models are in active use around the US, and the vulnerabilities—from weak password protections to elaborate avenues for remote access—number in the dozens. The findings also connect to larger efforts to safeguard US elections, including initiatives to expand oversight of voting machine vendors and efforts to fund state and local election security upgrades.

“We didn’t discover a lot of new vulnerabilities,” says Matt Blaze, a computer science professor at the University of Pennsylvania and one of the organizers of the Voting Village, who has been analyzing voting machine security for more than 10 years. “What we discovered was vulnerabilities that we know about are easy to find, easy to reengineer, and have not been fixed over the course of more than a decade of knowing about them. And to me that is both the unsurprising and terribly disturbing lesson that came out of the Voting Village.”

Many of the weaknesses Voting Village participants found were frustratingly basic, underscoring the need for a reckoning with manufacturers. One device, the “ExpressPoll-5000,” has root password of “password.” The administrator password is “pasta.”

Like many of the vulnerabilities detailed in the report, that knowledge could only be used in an attack if perpetrators had physical access to the machines. And even the remotely exploitable bugs would be difficult—though certainly not impossible—to leverage in practice. Additionally, election security researchers emphasize that the efforts of countries like Russia are more likely to focus on disinformation and weaponized leaks than on actively changing votes. Those turn out to be more efficient ways to rattle a democracy.

But nation states actors aren’t the only people who might be tempted to hack the vote. And a detailed accounting of just how bad voting machine security also underpins a number of broader election security discussions. Namely, state and local election officials need funding to replace outdated equipment and employ specialized IT staff that can update and maintain devices. Voting machines also need stronger security to protect against criminal activities. And election officials need failsafes for voting machines in general, so that a glitch or technical failure doesn’t derail an election in itself.

“For those of us who have followed the state of our nation’s election infrastructure, none of this is new information,” Representatives Robert Brady of Pennsylvania, and Bennie Thompson of Mississippi, co-chairs of the Congressional Task Force on Election Security, said in a statement on Thursday. “We have known for years that our nation’s voting systems are vulnerable.”

Analyzing voting machines for flaws raises another important controversy about the role of vendors in improving device security. Many of the machines participants analyzed during the Voting Village run software written in the early 2000s, or even the 1990s. Some vulnerabilities detailed in the report were disclosed years ago and still haven’t been resolved. In particular, one ballot counter made by Election Systems & Software, the Model 650, has a flaw in its update architecture first documented in 2007 that persists. Voting Village participants also found a network vulnerability in the same device—which 26 states and the District of Columbia all currently use. ES&S stopped manufacturing the Model 650 in 2008, and notes that “the base-level security protections on the M650 are not as advanced as the security protections that exist on the voting machines ES&S manufactures today.” The company still sells the decade-old device, though.

“At its core, a voting machine is a computer which can be compromised by skilled hackers who have full access and unlimited time,” the company said in a statement. “While there’s no evidence that any vote in a US election has ever been compromised by a cybersecurity breach, ES&S agrees the cybersecurity of the nation’s voting systems can and should be improved.”

Congress has worked recently to investigate voting machine vendor accountability, but progress has been slow. In July, for example, only one of the three top vendors sent a representative to a Senate Rules Committee election security hearing, prompting an outcry from lawmakers.

“This report underscores that when you’re using technology there can be a variety of problems, and with something as important as election results you want to get it right,” says David Becker, executive director of the Center for Election Innovation and Research. “The question I hear from the states and counties, though, is just ‘how are we going to pay for it?’ They would love to have skilled IT staff, they would love to hold trainings for their workers, they would love to replace their old equipment. But you can’t just wave a magic wand and do that, you need significant funding.”

Elections officials have made significant progress on improving election infrastructure defenses and establishing channels for information-sharing, but as the midterm elections loom, replacing vulnerable voting machines—and finding the funding to do it—remain troublingly unfinished business.

Source: Wired

Advertisements

Driverless car makers could face jail if AI causes harm

AI technologies which harm workers could lead to their creators being prosecuted, according to the British government.

analytics anywhere

Makers of driverless vehicles and other artificial intelligence systems could face jail and multi-million pound fines if their creations harm workers, according to the Department of Work and Pensions.

Responding to a written parliamentary question, government spokesperson Baroness Buscombe confirmed that existing health and safety law “applies to artificial intelligence and machine learning software”.This clarifies one aspect of the law around AI, a subject of considerable debate in academic, legal and governmental circles.

Under the Health and Safety Act of 1974, directors found guilty of “consent or connivance” or neglect can face up to two years in prison.

This provision of the Health and Safety Act is “hard to prosecute,” said Michael Appleby, a health and safety lawyer at Fisher Scoggins Waters, “because directors have to have their hands on the system.”

However, when AI systems are built by startups, it might be easier to establish a clear link between the director and the software product.

Companies can also be prosecuted under the Act, with fines relative to the firm’s turnover. If the company has a revenue greater than £50 million, the fines can be unlimited.

The Health and Safety Act has never been applied to a case of artificial intelligence and machine learning software, so these provisions will need to be tested in court.

Source: Sky.com

3 ways to make better decisions by thinking like a computer

If you ever struggle to make decisions, here’s a talk for you. Cognitive scientist Tom Griffiths shows how we can apply the logic of computers to untangle tricky human problems, sharing three practical strategies for making better decisions — on everything from finding a home to choosing which restaurant to go to tonight.

How Virtual Reality Will Drive The Future Of Business

analytics anywhere

In 1961, the first minicomputer, called the PDP-1, arrived at the MIT Electrical Engineering Department. It was a revolutionary machine but, as with all things that are truly new and different, no one really knew what to do with it. Lacking any better ideas, a few of the proto-hackers in residence decided to build a game. That’s how Spacewar! was born.

Today, the creation of the Spacewar is considered a seminal event in computer history. Because it was a game, it encouraged experimentation. Hackers tried to figure out how to, say, simulate gravity or add accurate constellations of stars and by doing so would push the capabilities of the machine and themselves.

Tech investor Chris Dixon has said that the next big thing always starts out being dismissed as a toy. Yet it’s because so many technologies start out as toys that we are able to experiment with and improve them. As virtual reality becomes increasingly viable, this human-machine co-evolution will only accelerate because, to create a new future, we first have to imagine it.

From Spacewar! To Real War

Growing up in Australia, Pete Morrison always thought he’d be a plumber like his father. His mother, however, had other plans. She noticed his interest in computers and how, from a young age, he spent hours tinkering on the family’s primitive Commodore 64. She pushed him to go to college. Lacking funds to do so, Pete entered the Army to finance his education.

As a Signal Corps Officer, he put his technical skills to good use, but much like the MIT geeks four decades earlier, he soon found himself preoccupied with video games. The military had commissioned a study of simulations at the Australian Defence Force Academy, where he was a student and Pete got involved with testing games. One was Operation Flashpoint, developed by some young geeks at a Prague based company called Bohemia Interactive.

“It quickly became clear that the game could be effective for training military personnel,” Morrison told me. “Before Operation Flashpoint, to train a soldier you had to go out into the field, which was expensive and time consuming. We realized that with this type of computer game, you could design training that would allow them to hone cognitive skills, which would make the in-the-field training that much more effective.”

“Also,” he continued, “because the game was so engaging we got a much deeper level of immersion, which made the training more effective and led the Australian Military to ramp up investments in video games as training tools.”

The Simulation Economy

In the industrial age, experimentation was expensive and unwieldy. Thomas Edison famously observed that if he tried 10,000 things that didn’t work, he didn’t see them as failures, but stepping stones to his next great invention. It was, of course, an ultimately effective process, but incredibly gruelling and time consuming.

Today, however, we increasingly live in a simulation economy where we can test things out in a virtual world of bits and avoid much of the mess of failing in the real world. Consider how today we battle-test different business models and scenarios in Excel. That was much more cumbersome and time consuming when spreadsheets were on paper, so we rarely did it. Now, it’s a routine activity that we do all the time.

As computers have become exponentially more powerful and software algorithms has become much more sophisticated, the usage of simulations have expanded. We use CAD software to design products and structures as well as high performance supercomputers to model weather and even invent advanced materials. When you can try out thousands of possibilities easily and cheaply, you are more likely to identify an optimal solution.

The next era of simulation will be powered by virtual reality and it is almost upon us. Just as Pete Morrison found that ordinary video games could improve tactics in the real world, virtual reality offers the possibility to take training to an entirely new level.

Enter Virtual Reality

In 2005, Morrison left the military and started working directly with Bohemia Interactive. Together, they launched a new company in 2007, Bohemia Interactive Simulations, to focus on the military business. In recent years, the firm has been increasingly focused on applying its expertise to virtual reality platforms like Oculus Rift and Magic Leap.

“The advantage of virtual reality is that we can potentially replace dome projection systems, which cost hundreds of thousands dollars, with a VR system that costs hundreds of dollars and achieve the same or greater level of immersion,” Morrison says. “That can be a huge cost saver for militaries worldwide and revolutionize how we train soldiers”

Yet, like most technologies, virtual reality is quickly moving from high-end early adopters to more mainstream markets. Strivr, for example, got its start by designing virtual reality systems to train $20 million NFL quarterbacks. It now helps train employees at companies like Walmart, United Rentals and Jet Blue by simulating real-life work environments.

Training your employees in a classroom can help teach them basic principles and, in some cases, help build important skills. With virtual reality, however, you can put them in a realistic environment of, say, a sales floor on Black Friday, a construction site or a $50 million airplane at a fraction of the cost. In some cases, training efficiency rates have increased by as much as 40%.

How Humans And Technology Co-Evolve

In recent years, we have come to think of technology in opposition to humanity. We hear that robots are going to take our jobs, that tablets and smartphones are eroding our children’s skills and so on. Yet we often fail to take note of the potential for machines to make us better, to enhance our skills and to make us smarter.

For example, as the digital age comes to an end, we need to invent new computing architectures, like quantum computing, to drive advancement forward. The problem is that, although the technology is progressing rapidly, very few people know how to program a quantum computer, which works fundamentally differently than classical machines.

It was with that in mind that IBM created Hello Quantum, a video game that helps teach the principles of quantum algorithms. “We thought, what better way for those unfamiliar with the principles of quantum mechanics to dip their toe into the topic than through a game? The puzzles are fun, so even those who don’t necessarily plan to study quantum physics will come away with a better understanding of it.” Talia Gershon at IBM Research says.

All too often, we see playing games as just “goofing off,” in order to escape from the “real world.” The truth is that, by allowing us to go beyond our immediate context, games allow us to learn skills that would be difficult, and in some cases impossible, for us to experience directly. That has the potential to enhance not only our skills, but our lives.

The truth is that humans don’t compete with machines, we co-evolve with them. Yes, they make some skills obsolete, but they open the door for us to learn new ones and that can enhance and enrich our lives. As the skills we need to learn increasingly exceed our everyday experience, we’ll find ourselves playing more games.

Source: Digital Tonto