An anonymous reader quotes a report from The Verge: Sheera Frankel and Mike Isaac [write from The New York Times]: "Sandwiched between Building 20 and Building 21 in the heart of Facebook's campus, an approximately 25-foot by 35-foot conference room is under construction. Thick cords of blue wiring hang from the ceiling, ready to be attached to window-size computer monitors on 16 desks. On one wall, a half dozen televisions will be tuned to CNN, MSNBC, Fox News and other major cable networks. A small paper sign with orange lettering taped to the glass door describes what's being built: "War Room."

Set to open next week, the conference room is in keeping with Facebook's nick-of-time approach to midterm election preparedness. (It introduced a "pilot program" for candidate account security on Monday.) It's a big project. Samidh Chakrabarti, who oversees elections and civic engagement, told the Times: "We see this as probably the biggest companywide reorientation since our shift from desktops to mobile phones." Of course, the effort extends beyond the new conference room. Chakrabarti showed the Times a new internal tool "that helps track information flowing across the social network in real time," helping to identify misinformation as it goes viral or a surge in the creation of new (and likely fake) accounts.

An anonymous reader quotes a report from PBS NewsHour: Sen. Ron Wyden, an Oregon Democrat, said in a Wednesday letter to Senate leaders that his office discovered that "at least one major technology company" has warned an unspecified number of senators and aides that their personal email accounts were "targeted by foreign government hackers." Similar methods were employed by Russian military agents who leaked the contents of private email inboxes to influence the 2016 elections. Wyden did not specify the timing of the notifications, but a Senate staffer said they occurred "in the last few weeks or months." But the senator said the Office of the Sergeant at Arms, which oversees Senate security, informed legislators and staffers that it has no authority to help secure personal, rather than official, accounts. "This must change," Wyden wrote in the letter. "The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays."

A number of Slashdot users have shared a leaked Google video from Breitbart, revealing the candid reactions of company executives to Donald Trump's unexpected victory in 2016. The Guardian summarizes: In an hour-long conversation, Google co-founders Sergey Brin and Larry Page, chief executive Sundar Pichai, and executives Kent Walker, Ruth Porat and Eileen Noughton offered their reflections on the election, sought to reassure employees about issues such as immigration status and benefits for same-sex partners, and answered questions on topics ranging from filter bubbles and political polarization to encryption and net neutrality. The executives' reactions ranged from the emotional to the philosophical to the purely pragmatic. Porat appeared near tears in discussing her open support for Hillary Clinton and her father, who was a refugee. Walker discussed global political trends toward nationalism, populism and xenophobia. Pichai noted that the company was already "thoughtfully engaging" with Trump's transition team. While Breitbart argues the video shows evidence of Google's inherent bias against Republicans, Google says the executives are simply sharing their "personal views" and that it has no political bias. It does beg the question, should politics be discussed in the workplace? Longtime Slashdot reader emil writes in response to the video: [...] Disregarding the completely inappropriate expression of partisan views in the workplace, the video claims that "history is our side." These executives appear to have forgotten the incredible tumult in the distant past of the U.S. The last election was not an electoral tie that was thrown into the house of representatives (as was the election of 1800). The last election did not open a civil war as happened in 1861 when Lincoln took office. The last election did not open war with Great Britain, and will likely not precipitate a new set of proposed constitutional amendments to curb presidential power as did either of James Madison's terms in office (War of 1812, Hartford Convention). There may be a time for tears, and a time for hugs, but that time cannot be in the workplace. Most Fortune 500 employees took the news of the latest president elect with quiet perseverance in their professional settings regardless of their leanings, and it is time for Google to encourage the same. "At a regularly scheduled all-hands meeting, some Google employees and executives expressed their own personal views in the aftermath of a long and divisive election season," Google said in a statement. "For over 20 years, everyone at Google has been able to freely express their opinions at these meetings. Nothing was said at that meeting, or any other meeting, to suggest that any political bias ever influences the way we build or operate our products. To the contrary, our products are built for everyone, and we design them with extraordinary care to be a trustworthy source of information for everyone, without regard to political viewpoint."

An anonymous reader shares an exclusive report from Reuters: President Donald Trump plans to sign an executive order as soon as Wednesday that will slap sanctions on any foreign companies or people who interfere in U.S. elections, based on intelligence agency findings, two sources familiar with the matter said. Trump's decision to sign an executive order coincides with intelligence agencies, military and law enforcement preparing to defend the Nov. 6 congressional elections from predicted foreign attacks even as Trump derides a special counsel investigation into Russian interference in the 2016 elections.

Sanction targets could include individual people or entire companies accused of interfering in U.S. elections by cyber attacks or other means, a U.S. official told Reuters. The order will put a range of agencies in charge of deciding if meddling occurred, led by the Office of the Director of National Intelligence, and including the CIA, the National Security Agency and the Homeland Security Department, the sources said. Based on a recent draft of the order reviewed by the U.S. official, it will require any federal agency aware of election interference by foreigners to take the information to the office of Director of National Intelligence. Election interference will be defined in the order as hacking attempts against "election infrastructure," and efforts to sway public opinion through coordinated digital propaganda or systematic leaks of private political information. UPDATE: The story has been updated with additional information from Reuters.

Speaking at the TechCrunch Disrupt tech conference this week, former Facebook chief security officer Alex Stamos reflected on his time dealing with fake news and Russian intelligence interference ahead and after the 2016 US presidential election. From a report: The former Facebook security head said "it [was] pretty clear the GRU's goal was to weaken a future Hillary presidency. Putin has a [you know, it's been well-documented] like a personal antipathy towards her and believes that she was behind the protests against him in the 2012 Russian election, and so, the GRU activity was specifically focused on weakening her."

"I think it was less about actually electing Trump," Stamos added. "I find it unlikely that the Russians are better than Nate Silver at predicting elections." What kind of attacks could we expect in the near future? Per Stamos, "Throwing an election one way or another is going to be very difficult for a foreign adversary but throwing any election into chaos is totally doable right now."

The National Academies Press has released a 156-page report, called "Securing the Vote: Protecting American Democracy," concluding that blockchains are not safe for the U.S. election system. "While the notion of using a blockchain as an immutable ballot box may seem promising, blockchain technology does little to solve the fundamental security issues of elections, and indeed, blockchains introduce additional security vulnerabilities," the report states. "In particular, if malware on a voter's device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration."

The report goes on to say that "Blockchains do not provide the anonymity often ascribed to them." It continues: "In the particular context of elections, voters need to be authorized as eligible to vote and as not having cast more than one ballot in the particular election. Blockchains do not offer means for providing the necessary authorization. [...] If a blockchain is used, then cast ballots must be encrypted or otherwise anonymized to prevent coercion and vote-selling." The New York Times summarizes the findings: The cautiously worded report calls for conducting all federal, state and local elections on paper ballots by 2020. Its other top recommendation would require nationwide use of a specific form of routine postelection audit to ensure votes have been accurately counted. The panel did not offer a price tag for its recommended overhaul. New York University's Brennan Center has estimated that replacing aging voting machines over the next few years could cost well over $1 billion. The 156-page report [...] bemoans a rickety system compromised by insecure voting equipment and software whose vulnerabilities were exposed more than a decade ago and which are too often managed by officials with little training in cybersecurity.

Among its specific recommendations was a mainstay of election reformers: All elections should use human-readable paper ballots by 2020. Such systems are intended to assure voters that their vote was recorded accurately. They also create a lasting record of "voter intent" that can be used for reliable recounts, which may not be possible in systems that record votes electronically. [...] The panel also calls for all states to adopt a type of post-election audit that employs statistical analysis of ballots prior to results certification. Such "risk-limiting" audits are designed to uncover miscounts and vote tampering. Currently only three states mandate them.

Earlier today, The New York Times published an op-ed from an anonymous staffer in the Trump administration, who has "vowed to thwart parts of [President Trump's] agenda and his worst inclinations," citing the president's amorality. The staffer writes: "We want the administration to succeed and think that many of its policies have already made America safer and more prosperous. But we believe our first duty is to this country, and the president continues to act in a manner that is detrimental to the health of our republic. That is why many Trump appointees have vowed to do what we can to preserve our democratic institutions while thwarting Mr. Trump's more misguided impulses until he is out of office." An anonymous [coward] shares the response from the White House: White House Press Secretary Sarah Sanders ripped the anonymous senior White House staffer who wrote an op-ed for The New York Times slamming President Trump's conduct. "The individual behind this piece has chosen to deceive, rather than support, the duly elected President of the United States," she said in a statement. "He is not putting country first, but putting himself and his ego ahead of the will of the American people. This coward should do the right thing and resign," she added. Trump himself called the op-ed's author "gutless." He tweeted: "Does the so-called 'Senior Administration Official' really exist, or is it just the Failing New York Times with another phony source? If the GUTLESS anonymous person does indeed exist, the Times must, for National Security purposes, turn him/her over to government at once!"

The New York Times op-ed page editor Jim Dao described the process behind publishing the op-ed, telling CNN that the official contacted him "through an intermediary." He said that the New York Times also spoke with the anonymous individual but there are only a "very small number of people within the Times who know this person's identity." Dao didn't provide a gender for the person, but the author was described in a New York Times tweet as a "he" earlier Wednesday. [The Times later said that the tweet was a mistake and that it "was drafted by someone who is not aware of the author's identity."] Furthermore, Dao "said there was no special effort to disguise the person's writing style, for example by rewriting the piece in some fashion," reports CNN. "'There's editing in everything we do,' he said, but it's based on making the person's views 'clearer' and adhering to style standards."

A separate CNN article highlights 12 senior Trump administration officials who may be behind the op-ed.

Openly recognizing their companies' past failures in rare displays of modesty, Facebook and Twitter executives touted new efforts to combat state-sponsored propaganda across their platforms before the Senate Intelligence Committee on Wednesday, acknowledging that the task is often "overwhelming" and proving a massive drain on their resources. Gizmodo: In opening remarks on Wednesday, Facebook's chief operating officer, Sheryl Sandberg, acknowledged that Facebook had been "too slow to act" in 2016 against the Kremlin-backed campaign that was designed to sow discord among American voters. "That's on us," she said, describing Moscow's meddling as "completely unacceptable" and a violation of Facebook's values "and of the country we love." "We're investing for the long term because security is never a finished job," Sandberg added, noting that Facebook has increased its security and communications staff to 20,000 people, doubling it over the past year. "Our adversaries are determined, creative, and well-funded," she said. "But we are even more determined -- and we will continue to fight back."

Twitter CEO Jack Dorsey, meanwhile, portrayed the matter as not just a threat to democracy, but as a threat to the overall health and security of his business, saying that above all else, Twitter's goal is to serve a "global public conversation." Dorsey also acknowledged a range of threats faced by his company, including widespread abuse, manipulation by foreign powers, and "malicious automation" (i.e., bots). "Any attempts to undermine the integrity of our service is antithetical to our fundamental rights," he said, calling freedom of expression a "core tenant" upon which the Twitter is based. Google, which was also asked to appear before the committee, chose not to do so. An empty chair was left at the table next to Sandberg and Dorsey to signify Google's absence.

An anonymous reader quotes Motherboard: Less than 24 hours after a software developer revoked access to Lerna, a popular open-source software management program, for any organization that contracted with U.S. immigrations and Customs Enforcement, access has been restored for any organization that wishes to use it and the developer has been removed from the project... The modified version specifically banned 16 organizations, including Microsoft, Palantir, Amazon, Northeastern University, Johns Hopkins University, Dell, Xerox, LinkedIn, and UPS... Although open-source developer Jamie Kyle acknowledged that it's "part of the deal" that anyone "can use open source for evil," he told me he couldn't stand to see the software he helped develop get used by companies contracting with ICE.

Kyle's modification of Lerna's license was originally assented to by other lead developers on the project, but the decision polarized the open-source community. Some applauded his principled stand against ICE's human rights violations, while others condemned his violation of the spirit of open-source software. Eric Raymond, the founder of the Open Source Initiative and one of the authors of the standard-bearing Open Source Definition, said Kyle's decision violated the fifth clause of the definition, which prohibits discrimination against people or groups. "Lerna has defected from the open-source community and should be shunned by anyone who values the health of that community," Raymond wrote in a blog post on his website.
The core contributor who eventually removed Kyle also apologized for Kyle's licensing change, calling it a "rash decision" (which was also "unenforceable.")

Eric Raymond had called the decision "destructive of one of the deep norms that keeps the open source community functional -- keeping politics separated from our work."

Eric Berger writes via Ars Technica: The Apollo missions that flew to the Moon during the 1960s were designed and controlled by what is now known as Johnson Space Center, the home of the famous "Mission Control." Moreover, the astronauts that flew to the Moon all lived in Houston. It would stand to reason, therefore, that as NASA gears up to return to the Moon, major elements of this program would likewise be controlled from the Texas metropolis that styles itself "Space City." Times change, however. In recent months, the politically well-positioned Marshall Space Flight Center, in Huntsville, Alabama, has been quietly pressing leaders with NASA Headquarters for program management of mid- to large-size landers to the lunar surface, which would evolve into human landers. Sources indicated this effort was having some success.

However, Texas legislators have now begun to push back. On Tuesday, both of Texas' senators (John Cornyn and Ted Cruz), as well as three representatives with space-related committee chairs (John Culberson, Lamar Smith, and Brian Babin), wrote a letter to NASA Administrator Jim Bridenstine. "We support NASA's focus on returning to the Moon and using it as part of a stepping stone approach to place American boots on the surface of Mars in the 2030s," the Texas Republicans wrote. "As NASA reviews solicitations for lunar landers, we write to express our strong support for the establishment of NASA's lunar lander program at the Johnson Space Center." The letter reminds Bridenstine of Houston's strong spaceflight heritage.

An anonymous reader quotes a report from The Verge: President Donald Trump intensified his criticism of Google today, posting a native video of unknown origin to his Twitter account this afternoon claiming the search giant stopped promoting the State of the Union (SOTU) address on its homepage after he took office. It turns out the video he posted is not only misleading, but also contains what appears to be a fake screenshot of the Google homepage on the day in question. It has since been viewed more than 1.5 million times. In a statement given to The Verge, a Google spokesperson clarifies that the company promoted neither former President Barack Obama nor Trump's inaugural SOTU addresses in 2009 and 2017, respectively. That's because they were not technically State of the Union addresses, but "addresses to a joint session" of Congress, a tradition set back in 1993 so that new presidents didn't have to immediately deliver SOTU addresses after holding office for just a few weeks. Google resumed promoting Obama's SOTU address in 2010 and continued to do so through 2016, as he held office for all six of those years.

With regards to the 2018 SOTU, Google says it did in fact promote it on its homepage. "On January 30th 2018, we highlighted the livestream of President Trump's State of the Union on the google.com homepage," reads Google's statement. "We have historically not promoted the first address to Congress by a new President, which is not a State of the Union address. As a result, we didn't include a promotion on google.com for this address in either 2009 or 2017."

Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child's play. Articles reported that teenage hackers at the event were able to "crash the upcoming midterm elections" and that it had taken "an 11-year-old hacker just 10 minutes to change election results." A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, "bringing the election to a screeching halt." But now, elections experts are raising concerns that misunderstandings about the event -- many of them stoked by its organizers -- have left people with a distorted sense of its implications. From a report: In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as "replicas" or "exact clones." (The language was scaled back after the conference to simply say "clones.") Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter. Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites "fake." "When I learned that they were not using exact copies and pains hadn't been taken to more properly replicate the underlying infrastructure, I was definitely saddened," Franklin said. Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.

Four US senators, members of the US Senate Select Committee on Intelligence, sent a letter on Wednesday to Election Systems and Software (ES&S), the largest voting machine vendor in the US, asking for clarifications on why the vendor is trying to discourage independent security reviews of its products. From a report: The four senators who signed the letter are Kamala D. Harris (D-CA), Mark Warner (D-VA), Susan Collins (R-ME), and James Lankford (R-OK). The senators sent the letter to ES&S following the conclusion of the Voting Village at the DEF CON 26 security conference held in Las Vegas at the start of the month, where security researchers found several security vulnerabilities in the company's products. "We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing," the letter reads. "Many of the world's leading electronics and software companies have opened their arms to the research community, maintaining active presences at the largest security research conferences and inviting 'white hat' hackers to probe their products to identify how they can improve product security," the letter continued. At DEF CON, security researchers found vulnerabilities in the voting machines of other vendors. Only ES&S is mentioned in the senators' letter because of the company's dismissive approach to external security research.

U.S. President Donald Trump accused social media companies on Friday of silencing "millions of people" in an act of censorship, but without offering evidence to support the claim. From a report: "Social Media Giants are silencing millions of people. Can't do this even if it means we must continue to hear Fake News like CNN, whose ratings have suffered gravely. People have to figure out what is real, and what is not, without censorship!" Trump wrote on Twitter, not mentioning any specific companies. Trump also criticized social media outlets last week, saying without providing proof that unidentified companies were "totally discriminating against Republican/Conservative voices." Mr. President's Friday remarks comes days after he expressed concerns over Twitter and Facebook regulating the content on their own platforms. He found such practice "very dangerous."

A former government contractor who pleaded guilty to leaking U.S. secrets about Russia's attempts to hack the 2016 presidential election was sentenced Thursday to five years and three months in prison. From a report: It was the sentence that prosecutors had recommended in the plea deal -- the longest sentence ever given for a federal crime involving leaks to the news media -- for Reality Winner, the Georgia woman at the center of the case. Winner was also sentenced to three years of supervised release and no fine, except for a $100 special assessment fee. The crime carried a maximum penalty of 10 years. U.S. District Court Judge J. Randal Hall in Augusta, Georgia, was not bound to follow the plea deal, but elected to give Winner the amount of time prosecutors requested. Winner, 26, who contracted for the National Security Agency, pleaded guilty in June to copying a classified report that detailed the Russian government's efforts to penetrate a Florida-based voting software supplier. Further reading: How a Few Yellow Dots Burned the Intercept's NSA Leaker.

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

A new voting system that uses open-source software for counting ballots has been approved by California elections officials. "The certification of the new tally system for the county paves the way for other improvements, including redesigned absentee ballot packets, in the Nov. 6 election," reports Los Angeles Times. "It is the first election system of its kind, using publicly available source code that has been certified for use in California." From the report: The ballot-counting equipment is part of a broader redesign of Los Angeles County's voting system, which will include new equipment while relying on a traditional paper ballot. The county's existing system, portions of which are now decades old, has been targeted for replacement for several years.

The Democratic National Committee contacted the FBI on Tuesday after it detected what it believes was the beginning of a sophisticated attempt to hack into its voter database, a Democratic source tells CNN. From a report: The DNC was alerted in the early hours of Tuesday morning by a cloud service provider and a security research firm that a fake login page had been created in an attempt to gather usernames and passwords that would allow access to the party's database, the source said. The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details. The source said the DNC is investigating who may have been responsible for the attempted attack, but that it has no reason to believe its voter file was accessed or altered.

From a report: On Tuesday, nine Senators introduced a bill that would require state and local governments to use paper ballots in an effort to secure elections from hackers. The bill would also require rigorous audits for all federal elections to ensure that results match the votes. "Leaving the fate of America's democracy up to hackable election machines is like leaving your front door open, unlocked and putting up a sign that says 'out of town,'" Sen. Ron Wyden, a Democrat from Oregon, said in a release. "Any failure to secure our elections amounts to disenfranchising American voters." The Protecting American Votes and Elections Act of 2018 was drafted amid intense scrutiny of voting systems ahead of the mid-term elections in November. Russian interference in the 2016 presidential election has elevated concern over the security of the country's voting systems. The senators said rigorous audits will ensure votes are legitimate. Currently, 22 states don't require post-election audits, according to the release.

retroworks shares a report: Hackers linked to Russia's government tried to target the websites of two right-wing U.S. think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft said. The software giant said it thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords. There was no immediate comment from Russian authorities, but the Kremlin was expected to address the report later on Tuesday. It has regularly dismissed accusations that it has used hackers to influence U.S. elections and political opinion. Casting such allegations as part of an anti-Russian campaign designed to justify new sanctions on Russia, it says it wants to improve not worsen ties with Washington. Further reading: Microsoft Reveals First Known Midterm Campaign Hacking Attempts, and Microsoft Launches Pilot Program To Provide Cybersecurity Protection To Political Campaigns and Election Authorities.