Today’s BradCast kicks of with the breaking news of the announcement, just minutes before air, that Special Counsel Robert Mueller has finally wrapped up his two year investigation into alleged Russian interference in the 2016 Presidential election, cooperation in the effort by Team Trump and any obstruction of that probe by the President of the United States. Though that may be the least troubling news on today’s show. [Audio link to complete shows is posted below article.]

Mueller’s confidential report has now been delivered to Attorney General William Barr, as per statute, and Trump’s new AG promptly notified Congress [PDF] to say he plans to release a summary of the report as soon as possible, potentially as early as this weekend. We share what we know (and don’t) from that freshly breaking news at the top of today’s program. Then it’s back to, at least some of, our previously scheduled program…

On the day that Jimmy Carter officially becomes the longest living President in U.S. history, we’re reminded of a warning he issued while serving as co-Chair, with Bush Family consigliere James Baker, of the so-called “Commission on National Election Reform” formed by a group of Republican operatives after the highly disputed 2004 Presidential election in Ohio. The Blue Ribbon panel was, ostensibly, formed to make recommendations on how to improve elections after the second disastrous Presidential election in a row, following the 2000 debacle in Florida. But while the Republicans who created the private commission had hoped for a recommendation for photo ID voting restrictions at the polling place, the one we’ve cited most often over the years is the Commission’s unambiguous finding that the greatest threat posed to elections comes from insiders, such as election officials and private voting system vendors. “There is no reason to trust insiders in the election industry any more than in other industries,” the Carter/Baker panel warned in their final report.

That warning is particularly trenchant today, with, as we recently reported, the Democratic National Committee now calling for some form of remote or online voting during their 2020 Presidential nominating caucuses next year and what has just happened with the online voting system that Switzerland has used for some time in parts of the country.

The Swiss had planned to roll out their system nationally this year, but as longtime cybersecurity and voting system journalist KIM ZETTER of MotherBoard and the New York Times reports, things did not go as well as planned.

Zetter joins us to discuss the alarming story of what happened when Switzerland, last month, opened up a month-long public hack challenge for the system which, they previously boasted, had easily passed many regular internal security checks and even several they had contracted from KPMG, an international auditing giant.

But, as Zetter recently detailed at MotherBoard, the Swiss system, designed by Barcelona-based Scytl — “a leader in developing various internet and other voting solutions for national or regional elections in 42 countries, including at least 1,400 counties in the US” — was almost immediately found by independent researchers to feature “a critical flaw in the code that would allow someone to alter votes without detection … in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast.” That flaw, Zetter details, “could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection.”

As she tells me today, the failure is even more troubling than that, as it allows for a single insider to exploit a “back door in the cryptography scheme, that would allow someone to alter votes but make it look like the votes haven’t been altered at all.” In other words, “the system is supposed to have a check in it that’s designed to ensure that the ballots that go into that encryption process and come out of that de-cryption process are the exact same ballots. But there’s a flaw in that proof that verifies that those ballots are the same. Therefore, that would allow someone to swap out the votes and ballots while the proof still seemed to show that the ballots were the same.”

Swiss Post, which runs the system, and Scytl who sells it, claim the exploit could “only” be carried out by an insider, so why worry?

So how are those plans coming for remote voting in the DNC’s 2020 Presidential caucuses next year? And how can it be that we keep attempting these same unworkable electronic and online voting schemes from private vendors and election officials who swear by the “certified” security of their systems, only to find they are anything but secure once independent experts are allowed to test them in any way?

“We should have a voting system where we’re not required to trust anyone — we’re not required to trust election officials, we’re not required to trust the vendors, we’re not required to trust the voting machine itself,” Zetter, who has been covering electronic voting and tabulation systems on her national cybersecurity beat for more than a decade, tells me. “We should have a system that can be audited independently of all of those parties in order to verify the election results. That’s really in the best interests of everyone.” What such a system should be, of course, is another matter, which we also discuss, and even debate a bit, on today’s important program…

The BradCast with Brad Friedman 3/22/2019

Insider ‘Backdoor’ Discovered During ‘Public Hack Test’ of Vaunted Swiss Internet Voting System: ‘BradCast’ 3/22/2019  |  Guest: NatSec, cybersecurity and voting system journalist Kim Zetter; AND BREAKING: MUELLER GIVES REPORT TO ATTORNEY GENERAL...   · · · · ·   Insider ‘Backdoor’ Discovered During ‘Public Hack Test’ of Vaunted Swiss Internet Voting System: ‘BradCast’ 3/22/2019  |  Guest: NatSec, cybersecurity and voting system journalist Kim Zetter; AND BREAKING: MUELLER GIVES REPORT TO ATTORNEY GENERAL...

30s 30s

0:00 0:00

Download Episode Link to this page Embed on your site! Subscribe RSS/Podcast