An anonymous reader quotes a report from Ars Technica: If you talk to experts on election security (I studied with several of them in graduate school) they'll tell you that we're nowhere close to being ready for online voting. "Mobile voting is a horrific idea," said election security expert Joe Hall when I asked him about a West Virginia experiment with blockchain-based mobile voting back in August. But on Tuesday, The New York Times published an opinion piece claiming the opposite. "Building a workable, scalable, and inclusive online voting system is now possible, thanks to blockchain technologies," writes Alex Tapscott, whom the Times describes as co-founder of the Blockchain Research Institute. Tapscott is wrong -- and dangerously so. Online voting would be a huge threat to the integrity of our elections -- and to public faith in election outcomes.

Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.

A look at VoteWithMe and OutVote, two new political apps that are trying to use peer pressure to get people to vote. From a story: The apps are to elections what Zillow is to real estate -- services that pull public information from government records, repackage it for consumer viewing and make it available at the touch of a smartphone button. But instead of giving you a peek at house prices, VoteWithMe and OutVote let you snoop on which of your friends voted in past elections and their party affiliations -- and then prod them to go to the polls by sending them scripted messages like "You gonna vote?" "I don't want this to come off like we're shaming our friends into voting," said Naseem Makiya, the chief executive of OutVote, a start-up in Boston. But, he said, "I think a lot of people might vote just because they're frankly worried that their friends will find out if they didn't."

Whom Americans vote for is private. But other information in their state voter files is public information; depending on the state, it can include details like their name, address, phone number and party affiliation and when they voted. The apps try to match the people in a smartphone's contacts to their voter files, then display some of those details. The data's increasing availability may surprise people receiving messages nudging them to vote -- or even trouble them, by exposing personal politics they might have preferred to keep to themselves. Political campaigns have for years purchased voter files from states or bought national voter databases from data brokers, but the information has otherwise had little public exposure outside of campaign use. Now any app user can easily harness such data to make inferences about, and try to influence, their contacts' voting behavior.

An anonymous reader shares a report: In Idaho, Nebraska, and Utah, voters will directly decide whether their states should expand their Medicaid programs. In Wisconsin, they could elect a candidate for governor who has pledged to sharply curtail drug prices. And across the country, Democratic congressional candidates are running on platforms highlighting their support for protecting insurance coverage for those with pre-existing conditions and lowering drug prices. Health care is on the ballot across the country, with issues ranging from medical marijuana to abortion rights to insurance coverage dominating the conversation.

An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

An anonymous reader quotes a report from ProPublica: As recently as Monday, computer servers that powered Kentucky's online voter registration and Wisconsin's reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky's was accessible from other Eastern European countries.

The service, known as FTP, provides public access to files -- sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server's operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their states' infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica's inquiries. Kentucky left its password-free service running and said ProPublica didn't understand its approach to security. "FTP is a 40-year-old protocol that is insecure and not being retired quickly enough," said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., and an advocate for better voting security. "Every communication sent via FTP is not secure, meaning anyone in the hotel, airport or coffee shop on the same public Wi-Fi network that you are on can see everything sent and received. And malicious attackers can change the contents of a transmission without either side detecting the change."

Twitter has deleted over 10,000 disinformation bots discouraging Americans from voting in Tuesday's midterm elections.

An anonymous reader quotes CNN: Twitter said that the Democratic Congressional Campaign Committee had brought the accounts to their attention. "For the election this year we have established open lines of communication and direct, easy escalation paths for state election officials, DHS, and campaign organizations from both major parties," the spokesperson said. The company said it believes the network of accounts was run from the United States.
The 10,000 accounts were deleted in late September and early October, Reuters reports: The number is modest, considering that Twitter has previously deleted millions of accounts it determined were responsible for spreading misinformation in the 2016 U.S. presidential election. Yet the removals represent an early win for a fledgling effort... The DCCC launched the effort this year in response to the party's inability to respond to millions of accounts on Twitter and other social media platforms that spread negative and false information about Democratic presidential candidate Hillary Clinton and other party candidates in 2016, three people familiar with the operation told Reuters... The DCCC developed its own system for identifying and reporting malicious automated accounts on social media, according to the three party sources.

Apple, Amazon, Facebook and Google, and dozens of other tech companies have come together to condemn discrimination against transgender people in the face of actions President Donald Trump is reportedly considering to reduce their legal protections. From a report: The move is a response to an Oct. 21 New York Times report that the Trump administration is considering limiting the definition of gender to birth genitalia. "Sex means a person's status as male or female based on immutable biological traits identifiable by or before birth," the Department of Health and Human Services proposed in a memo obtained by the Times. If legislation were to move forward, it would jeopardize legal protections for an estimated 1.4 million Americans who identify as a gender other than the one they were assigned at birth, the Times said.

The statement from the companies, which have nearly 4.8 million employees, said diversity and inclusion are good for business. "Transgender people are our beloved family members and friends, and our valued team members," the statement said. "What harms transgender people harms our companies."

From a report: Facebook's new political ad transparency tools allowed Business Insider to run adverts as being "paid for" by Cambridge Analytica, the political consultancy that dragged Facebook into a major data scandal this year. The investigation demonstrates that political advertising on Facebook is still open to manipulation by bad actors, even with greater efforts at transparency. This is despite commitments from chief executive Mark Zuckerberg to solve the company's misinformation problem. Vice first reported last week that the Facebook political ads tool could be manipulated, with the publication securing approval to buy fake Facebook ads on behalf of US Vice President Mike Pence, terrorist group ISIS, and 100 US senators. Business Insider carried out a similar test, setting up false political ads that were captioned as being "paid for by Cambridge Analytica," the defunct political advertising firm which harvested Facebook data and weaponized it during the 2016 US election. Cambridge Analytica is banned from Facebook and has gone into administration.

William Turton, reporting for Vice News: One of Facebook's major efforts to add transparency to political advertisements is a required "Paid for by" disclosure at the top of each ad supposedly telling users who is paying for political ads that show up in their news feeds. But on the eve of the 2018 midterm elections, a VICE News investigation found the "Paid for by" feature is easily manipulated and appears to allow anyone to lie about who is paying for a political ad, or to pose as someone paying for the ad. To test it, VICE News applied to buy fake ads on behalf of all 100 sitting U.S. senators, including ads "Paid for by" by Mitch McConnell and Chuck Schumer. Facebook's approvals were bipartisan: All 100 sailed through the system, indicating that just about anyone can buy an ad identified as "Paid for by" by a major U.S. politician. What's more, all of these approvals were granted to be shared from pages for fake political groups such as "Cookies for Political Transparency" and "Ninja Turtles PAC." VICE News did not buy any Facebook ads as part of the test; rather, we received approval to include "Paid for by" disclosures for potential ads.

President Donald Trump has accused Twitter of targeting his followers for removal from the social media platform, amid complaints by conservatives that social media companies have been discriminating against right-wing voices. From a report: "Twitter has removed many people from my account and, more importantly, they have seemingly done something that makes it much harder to join -- they have stifled growth to a point where it is obvious to all," Trump said in a tweet Friday. "A few weeks ago it was a Rocket Ship, now it is a Blimp! Total Bias?" Trump and some other Republicans have complained that Facebook, Alphabet's Google and Twitter have censored or suppressed conservative voices. Democrats have called that a diversion from concern over Russia's use of social-media platforms to influence the 2016 presidential election and over the proliferation of offensive content. In his opening remarks during a meeting with state attorneys general in September, Attorney General Jeff Sessions raised concerns that social media companies have a political agenda and have the power to manipulate public opinion, according to Maryland Attorney General Brian Frosh.

"According to CNET, TechCrunch and others, the Trump administration reportedly wants tech giants to make it easy for workers to take leaves of absence to help the government modernize," writes Slashdot reader kimanaw. From a report: White House officials on Monday planned to meet with tech giants including Google, Microsoft, Amazon and IBM, to discuss ways to make it easier for employees to take leaves of absence to help with government projects, according to The Washington Post. The administration reportedly hopes tech industry workers will be able to help modernize state and federal agencies and tackle challenges such as upgrading the veterans' health care system. Attracting tech talent may prove difficult for the Trump administration, which hasn't always seen eye to eye with Silicon Valley on issues such as the president's ban on travel from predominantly Muslim countries. However, White House officials believe tech workers are willing to "put politics aside." "This event on Monday is not just about our efforts, it's about our successor, and their successor after that," said one unnamed official, according to the Post. The White House didn't respond to a request for comment.

TechCrunch reports: A major new campaign of disinformation around Brexit, designed to stir up U.K. 'Leave' voters, and distributed via Facebook, may have reached over 10 million people in the U.K., according to new research. The source of the campaign is so far unknown, and will be embarrassing to Facebook, which only this week claimed it was clamping down on "dark" political advertising on its platform. Researchers for the U.K.-based digital agency 89up allege that Mainstream Network -- which looks and reads like a "mainstream" news site but which has no contact details or reporter bylines -- is serving hyper-targeted Facebook advertisements aimed at exhorting people in Leave-voting U.K. constituencies to tell their MP to "chuck Chequers." Chequers is the name given to the U.K. Prime Ministers's proposed deal with the EU regarding the U.K.'s departure from the EU next year.
ABC News reports: When the Justice Department unsealed criminal charges detailing a yearslong effort by a Russian troll farm to "sow division and discord in the U.S. political system," it was the first federal case alleging continued foreign interference in U.S. elections. Earlier Friday, American intelligence officials released a rare public statement asserting that Russia, China, Iran and other countries are engaged in ongoing efforts to influence U.S. policy and voters in future elections. The statement didn't provide details on those efforts. That stood in contrast with the criminal charges, which provided a detailed narrative of Russian activities...

The criminal complaint provided a clear picture that there is still a hidden but powerful Russian social media effort aimed at spreading distrust for American political candidates and causing divisions on social issues such as immigration and gun control.... Court papers describe how the operatives in Friday's case would analyze U.S. news articles and decide how they would draft social media messages about those stories. They also show that Russian trolls have stepped up their efforts with a better understanding the U.S. political climate and messages that are no longer riddled with misspellings.
CNN notes that one week before America's 2016 presidential election, "one of the Kremlin-backed accounts denied that Russian meddling, saying: 'Russia's Putin says Moscow not trying to influence U.S. election.'"

"Facebook will ban false information about voting requirements and fake reports of violence or long lines at polling stations in the run-up to and during next month's U.S. midterm elections," reports Reuters. The latest efforts are to reduce voter manipulation across its platform. From the report: The world's largest online social network, with 1.5 billion daily users, has stopped short of banning all false or misleading posts, something that Facebook has shied away from as it would likely increase its expenses and leave it open to charges of censorship. The ban on false information about voting methods, set to be announced later on Monday, comes six weeks after Senator Ron Wyden asked Chief Operating Officer Sheryl Sandberg how Facebook would counter posts aimed at suppressing votes, such as by telling certain users they could vote by text, a hoax that has been used to reduce turnout in the past.

The information on voting methods becomes one of the few areas in which falsehoods are prohibited on Facebook, a policy enforced by what the company calls "community standards" moderators, although application of its standards has been uneven. It will not stop the vast majority of untruthful posts about candidates or other election issues.

Catalin Cimpanu, reporting for ZDNet: The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered. "To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data," said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad.

The two companies said they've reviewed a sample of the database records and determined the data to be valid with a "high degree of confidence." Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.

Facebook is purging hundreds of accounts and pages in the U.S., many of which spread political misinformation, for breaking the company's terms against "inauthentic" content and spam. The Verge reports: The company said in a blog post that 559 pages and 251 accounts would be removed. While the accounts used "sensational political content," Facebook did not say that was the reason for the purge. Instead, the accounts and pages will be taken down after they had "consistently broken" the company's rules against gaming its platform. Facebook noted that many used strategies like posting on fake or multiple accounts to generate traffic, or to inflate their popularity. Still, Facebook noted the proximity to the U.S. midterm elections, and said that networks like the ones it removed today are "increasingly" promoting political content that is "often indistinguishable from legitimate political debate." The company said this was the reason it has turned to "behavior" instead of "content" when searching for bad actors.

An anonymous reader quotes a report from GeekWire: Democrats in the House of Representatives are promising to push for federal regulation of tech companies if they retake the House in November. Rep. Ro Khanna, who represents Silicon Valley, has drafted an Internet Bill of Rights and shared it with influential tech journalist Kara Swisher. It includes liberties like the right to access and transport personal data collected about you, an opt-in framework for data collection, and net neutrality protections. Rep. Nancy Pelosi charged Khanna with drafting the principles, according to an essay by Swisher published in the New York Times.

The list includes the right to obtain, correct, or delete personal data "where context appropriate and with a fair process." That's not nearly as sweeping as the "right to be forgotten" included in Europe's landmark General Data Protection Regulation, which took effect earlier this year. The Bill of Rights would also require companies that collect personal data to notify users of breaches in "a timely manner" and mandate "reasonable business practices and accountability to protect your privacy." Swisher calls it "an admirable list" but is concerned that codifying the principles "will be like pushing back the ocean." Many big tech companies have business models built entirely on collecting as much user data as possible.

Google CEO Sundar Pichai has agreed to testify before the House Judiciary Committee in November, following the midterm elections. He met with House Majority Leader Kevin McCarthy and other senior Republicans Friday to discuss accusations that Google is biased against conservatives (a charge the company has denied). From a report: "I think we've really shown that there is bias, which is human nature, but you have to have transparency and fairness," McCarthy said. "As big tech's business grows, we have not had enough transparency and that has led to an erosion of trust and, perhaps worse, harm to consumers." Alphabet's Google unit has repeatedly denied accusations of bias against conservatives. Pichai left the meeting without comment. Pichai wrote in an internal email last week that suggestions that Google would interfere in search results for political reasons were "absolutely false. We do not bias our products to favor any political agenda." [...] Asked if Republicans will push to break up Google, McCarthy said: "I don"t see that." He said the hearing will look at privacy, bias issues, China and other matters.

Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, WSJ reported, citing a report which will be made public Thursday on Capitol Hill. From the report: The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation's leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S machine stood out because it was detailed in a security report commissioned by Ohio's secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. "There has been more than plenty of time to fix it," he said.

While the Model 650 is still being sold on the ES&S website, a company spokeswoman said it stopped manufacturing the systems in 2008. The machine doesn't have the advanced security features of more-modern systems, but ES&S believes "the security protections on the M650 are strong enough to make it extraordinarily difficult to hack in a real world environment," the spokeswoman said via email. The machines process paper ballots and can therefore be reliably audited, she said. The Def Con report is the latest warning from researchers, academics and government officials who say election systems in the U.S. are at risk to tampering.

An anonymous reader quotes a report from Motherboard: Surya Raghavendran of Ann Arbor, Michigan isn't your average 17-year-old. Not only does the high school senior run a small business repairing iPhones when he's not in class, but he's raising awareness about people's right to fix their own devices without paying companies like Apple exorbitant fees. "People should be able to choose where they want to get their devices repaired," Raghavendran told me over the phone. "Right to repair will decrease the amount of e-waste and people will retain their devices much longer with suitable repair networks." Raghavendran is doing more than just talking about right to repair, he's become one of the leading advocates for a right to repair law in the state by pushing his lawmakers to introduce legislation that would protect a consumer's right to repair.

Raghavendran started researching the laws around repairing electronics, and he joined up with Environment Michigan -- an environmental activist group -- and started going to Lansing, the state capitol, to ask politicians what they were doing to protect people's right to repair their own devices. Raghavendran sent an email to state senator Rebekah Warren who called him in for a meeting and told him to start a petition. Since July, he's been asking for stories from the public about why the right to repair is important. The right to repair fight is happening all across the country at the local level and Raghavendran's petition has drawn support from people like like Nathan Proctor, the Director of the Campaign for the Right to Repair at US PIRG. Repair.org, a group pushing for right to repair laws all over the country, has draft legislation it wants to get in front of Michigan's state legislature. Proctor has been working with Raghavendran, Environment Michigan, and Michigan legislators to draft right to repair legislation. Proctor wants to pass a right to repair bill that is similar to the one passed in Massachusetts that forced automotive companies to share diagnostic information with third party repair shops. The law passed in 2012 "set a precedent and the industry rolled out the changes nationally," reports Motherboard.

An anonymous reader quotes a report from The Verge: Google CEO Sundar Pichai will be present at a private meeting with top Republican lawmakers this Friday to discuss the company's controversial plans to relaunch a search product in China and perceived liberal bias of search results, according to a report from The Wall Street Journal. According to the WSJ, Attorney General Jeff Sessions plans to meet with state attorneys general on Tuesday to discuss Google's alleged censorship of conservatives. Tech firms have denied the existence of liberal bias in products, and Google has pushed back against key Trump inaccuracies, but it sounds as if Pichai will be forced to answer questions nonetheless. The meeting is being organized by House Majority Leader Kevin McCarthy (R-CA). Late last week, Pichai sent an email to employees, which was obtained by The New York Times, in which he stated outright that Google has never influenced search results for political purposes and has no plans to do so in the future.

Pichai also plans to attend a public hearing later this year held by the House Judiciary Committee following the November midterm elections, after Google co-founder and Alphabet CEO Larry Page notably declined to show up to a Senate Intel Committee hearing on election interference earlier this month. In addition to mending relationships over Page's absence, Pichai will also be addressing Google's plans to relaunch a search product for the Chinese market, a move that has resulted in widespread criticism given the likelihood such a product would be heavily censored and would aid in China's use of information control to maintain social and political order.