Aug 1, 2019

Inside election security's biggest event

Illustration: Rebecca Zisser/Axios

The DEF CON hacker conference's Voting Village event has become a testing ground for our national debate over voting security, referenced by Senate reports, several congressmen and even a presidential candidate (albeit incorrectly, see below). This year's version, happening next week, comes with some upgrades.

The big picture: Now in its third year, the event is traditionally one of the only places where many security researchers get a chance to audit the security of election systems.

Background: Voting Village burst onto the scene in 2017, when it took hackers only a matter of minutes to discover serious problems with machines.

  • That was despite it being the first time many of the hackers had seen the systems.
  • Restrictive contracts with states bar public third-party audits, but Voting Village beat the contract rules by purchasing flood-salvaged equipment from an insurance company.

This year, Voting Village has expanded its range of equipment, including election software researchers have not had a chance to audit and the first test of equipment designed specifically for security and public testing.

  • Cybersecurity firm Galois will demonstrate a project funded by DARPA, the Pentagon's advanced research arm, to develop hardware that defends against hackers that target memory.
  • Galois is publicly revealing system internals to try to aid DEF CON's hackers.

What they're adding: While in previous years state election officials bristled at even well-meaning hackers intruding on their turf, this year Voting Village will launch the "Unhack the Ballot" initiative, pairing state officials with researchers who can offer nuts and bolts advice.

  • The conference is also expanding from one day of talks to three days.

For the kids: In last year's DEF CON, Voting Village helped with the conference's program for kids, developing faux election registration websites with errors previously seen on real sites for children to learn to hack.

  • This tale got garbled in the media as children hacking actual election websites or exact facsimiles of the sites (they didn't). Presidential candidate and representative Tulsi Gabbard (D-Hawaii) regularly notes that "an 11 year old girl at DEFCON hacked a replica of Florida’s voting system in 10 minutes."

Voting Village is working with kids again, although this year trying to be clearer about what the kids are actually doing.

  • This year's faux websites will be campaign finance reporting portals, where kids will create fake news to unleash using bots on a fake version of Twitter.
  • They'll also learn about how to use machine learning to create filters that can block the fake news they've spread on that fake network.

Go deeper

Updated 11 mins ago - Politics & Policy

George Floyd protests: Unrest continues for 6th night across U.S.

A protest near the White House on Sunday night. Photo: Alex Wong/Getty Images

Most external White House lights were turned off late Sunday as the D.C. National Guard was deployed to assist and authorities fired tear gas at hundreds of protesters nearby, per the New York Times.

What's happening: It's one of several tense, late-night standoffs between law enforcement and demonstrators.

Updated 4 hours ago - Politics & Policy

Journalists get caught in the crosshairs as protests unfold

A man waves a Black Lives Matter flag atop the CNN logo outside the CNN Center during a protest in response to the police killing of George Floyd, Atlanta, Georgia, May 29. Photo: Elijah Nouvelage/Getty Images

Dozens of journalists across the country tweeted videos Saturday night of themselves and their crews getting arrested, being shot at by police with rubber bullets, targeted with tear gas by authorities or assaulted by protesters.

Driving the news: The violence got so bad over the weekend that on Sunday the Cleveland police said the media was not allowed downtown unless "they are inside their place of business" — drawing ire from news outlets around the country, who argued that such access is a critical part of adequately covering protests.

Updated 4 hours ago - Politics & Policy

Tanker truck plows into Minneapolis protesters

The tanker after plowing into protesters on the shut-down bridge in Minneapolis on Sunday evening. Authorities said it appeared protesters escaped injury. Photo: Jeff Wheeler/Star Tribune via Getty Images

Minnesota authorities said in a statement they're investigating as a criminal matter what happened with a truck that "drove into demonstrators" on a Minneapolis bridge Sunday evening while the eight-lane road was closed for a protest.

What they're saying: Minnesota Department of Public Safety tweeted, "Very disturbing actions by a truck driver on I-35W, inciting a crowd of peaceful demonstrators. The truck driver was injured & taken to a hospital with non-life threatening injuries. He is under arrest. It doesn't appear any protesters were hit by the truck."